Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions
Organizations are increasing their usage of third parties to cut costs and focus on core operations so they can improve margins and increase their competitive advantage in the market. But working with third parties can introduce risks that lead to breaches or compliance violations. That’s why it’s essential to have a mature and agile third-party risk management program in place to govern those relationships.
However, most companies are stuck with manual, inefficient programs that don’t enable them to even assess all their vendors much less properly score and remediate the risks they find. This blog utilizes results from a research study conducted with TechValidate in June 2020 to review why current TPRM practices are so inefficient and identify best-practice return on investment (ROI) metrics delivered in the Prevalent solution.
Prevalent asked certain customers why they were unable to meet their assessment goals prior to using Prevalent. The chart shows the answer: not enough resources and time.
Looking into the problem a little deeper, however, showed that companies typically struggle with three primary challenges in their programs, with each relating to resources and time.
A recent Forrester Research study showed that 50% of companies still rely on spreadsheets alone to do their auditing and controls. Since a spreadsheet-driven process inherently involves emailing them back-and-forth over email ad nauseam with limited or no version control, it ends up taking way too much time to get the accurate and complete answers you need from your vendors in order to make good risk-based decisions.
In our definitive TPRM study released in April, we learned that 34% of companies say that it takes more than a month to complete an assessment of a top-tier vendor. With all that time spent on simple collection of due diligence, when does the analysis happen? What about remediation?
According to Ponemon, the average company shares data with 583 third parties. How many third parties can an assessor or risk manager reasonably manage? How can an organization ensure there are no gaps or errors that will inevitably arise from such a manual people-intensive process?
The bottom line is that teams are struggling with reactive, resource-intensive approaches. That is why they turn to Prevalent – for the proactive, process-driven model we deliver.
In the June TechValidate customer study, we asked select customers to quantify the benefits their companies are realizing by using Prevalent to automate their TPRM programs. We believe these are best-in-class metrics. How do they stack up?
When asked how much time they spend managing vendor assessments now versus before they began using Prevalent, customers report a 50% time savings. Because Prevalent automates the collection and analysis of vendor assessments, teams can spend less time on rote activities such as collecting data and more time on true business value-added activities such as remediating risks.
When we asked how much turnaround time for completed vendor assessments has decreased since they began using Prevalent for their vendor risk assessment services, customers reported a 44% drop in the number of days. That equated to a savings of 8.3 days per vendor. Imagine what your team can accomplish with more than 8 additional days available in the third-party risk management lifecycle!
We asked customers to report on how many assessments they are now able to complete per year with Prevalent. Customers have improved their team productivity by a factor of nearly 3 as a results of the automation, workflow and reporting available in the Prevalent solution.
64% of customers responded that, with the same resources, they are now able to spend time mitigating risks as opposed to validating information; they are focused on the right things. As well, some customers report requiring fewer resources than before they used Prevalent and some have even re-directed savings toward other more strategic projects. If that isn’t ROI, we don’t know what is.
If your team is struggling to keep up with manual assessment practices or too few resources to be effective, Prevalent can help. But don’t take our word for it – read what Wright Express had to say:
Benchmark your own third-party risk management practices against your peers by registering for your own full, free maturity assessment. We even have a 10-question online version that will provide you with a quick score to provide some direction.
TPRM Business Case Kit: The Value of a Third-Party Assessment
Use this free report and calculator to quantify the impact of automating your third-party assessments.
Continually maturing your TPRM program is key to staying on top of ever-evolving third-party risks.
07/24/2023
Leverage these best practices to build a more proactive vendor risk management (VRM) program this year.
07/02/2023
Expand the scope of your TPRM program with these top sources of third-party risk intelligence.
06/22/2023