As a James Bond fan, I am eagerly awaiting the next James Bond film, “No Time to Die.” However, due to the global crisis (COVID-19), we are all currently facing, we will now have to wait until November 2020 instead of seeing it on the big screen this month. While we patiently wait for this next installment in the 007 sagas, we can still learn lessons and apply them to what makes the master spy so great to our world of business. That is situational awareness.
It is the perception of the details and events around us and the interpretation of how they can or will impact us to determine our course of action. Today’s organization needs situational awareness. James Bond sees all of the little details and looks at the big picture. Situational awareness is needed across the business but, in particular, in the context of risk in third-party relationships.
The days when an organization was defined by brick and mortar walls and traditional employees have gone. Businesses today are as complex web of third-party relationships. Today’s organization is a nested array of vendors, suppliers, outsourcers, consultants, contractors, temporary workers, brokers, service providers, agents, intermediaries, partners, and more. There are no longer hard and fast boundaries to the organization as these relationships nest and extend themselves in deep supply chains and subcontracting relationships.
Organizations manage third-party risk in disconnected silos, which is worrying. Different departments have their own views of the risk a third relationship brings to the organization, but no one sees the full situation. They fail to see the big picture of risk across these silos. This would be like James Bond just looking at one factor of a situation and not all the factors that tell the full story.
Commonly, third-party risk is done in different departments that do not collaborate and see the big picture. In a critical third-party relationship, different departments such as IT operations, data privacy, finance, legal and compliance may myopically view their individual risk concerns as “moderate. All these departments do not raise the alarm on the third-party, because the risk is not setting off alerts or considered high. But if someone actually could step back and aggregate risk exposure across these departments and see the full situation, they might understand that this critical third-party is bringing significant risk exposure to the organization.
The COVID-19 pandemic is an excellent example of the need for 360° situational risk awareness in third-party relationships. Currently, organizations need to realize the operational resiliency and viability of their third parties to ensure they are partnering with firms that can weather the current economic storm. Can you rely on your vendors during these uncertain times?
They need to understand the social accountability focus of third parties to ensure their reputation and brand will not be hurt in partnering with them in how they respond to the crisis. They need to know that their third parties are addressing health and safety concerns within their operations. They need to understand their critical third-parties business continuity capabilities to ensure they can deliver services to the organization in this time of crisis. And they need to understand the security controls and monitoring being done when the third party’s business processes are adapting and could expose the organization’s data and network connections. Seeing all this together gives the organization a 360° situational awareness view of risk in these relationships.
Organizations need to implement technology and processes that measure and evaluate the full scope of risk exposure in a third-party relationship, instead of siloed processes to assess a limited view of risk in a third-party relationship, This risk needs to be assessed during the onboarding process, and regularly throughout the lifecycle of the relationship.
Be like James Bond. Get a complete grasp of your third-party relationships through situational awareness so you can see the big picture across risks that a single external relationship may bring to your organization.