Guest blog by Michael Rasmussen, The GRC Pundit, GRC 20/20
Organisations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organisation is comprised of a mixture of third party relationships that often nest themselves in complexity, such as with deep supply chains. Two decades ago the term insider was synonymous with employee, now over half of the insiders in many organisations are not employees; they are contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more.
The extended enterprise of third party relationships brings on a range of risks that the organisation has to be concerned about. Managing third-party risk has risen to be a significant regulatory, contractual, and board-level governance mandate. Organisations need to be fully aware of the risks in third-party relationships and manage this risk throughout the lifecycle of the relationship, from on-boarding to off-boarding of a third party.