Jun 18, 2020 SOURCE: PR NewsWire

Third-Party Risk Management Leader Reveals the Maturity of Today's TPRM Programs is Severely Inadequate

PHOENIX, June 18, 2020 /PRNewswire/ -- Prevalent, Inc., the company that takes the pain out of third-party risk management, today released the results of a study, titled "The Path From Reactive to Proactive Third-Party Risk Management" that details findings from in-depth maturity assessments conducted for companies in the last six months. The results were astounding with an average score of 2.53 on a scale from 1 (low maturity) to 5 (high maturity). The study illustrates that the majority of third-party risk management programs remain manual and spreadsheet-driven resulting in a low maturity score. These programs lack speed, scale and intelligence to sufficiently manage third-party risk.

The leader in third-party risk management identified five key areas where third-party management practices lagged:

    --  Content: Are supporting processes in place to ensure questionnaire
        content remains up-to-date and fit for purpose based on the scope of
        entities being assessed? Score: 2.60

    --  Roles & Responsibilities: Are representatives contributing to the
        program aware of their responsibilities and level of involvement within
        operational workflows?Score: 2.88

    --  Coverage: How comprehensive is the scope of the program and is
        visibility of contributing external entities maintained?Score: 2.67

    --  Governance: How is the performance of the program measured, can success
        be demonstrated, and can metrics be used to provide strategic
        direction?Score: 2.14

    --  Remediation: Is remediation carried out in a consistent manner and have
        processes been optimized to improve program efficiency?Score: 2.58

"Organizations have more third-parties to deal with than ever before and innumerable compliance requirements to meet," stated Brenda Ferraro, vice president of third-party risk at Prevalent, Inc. "And most lack the resources and a consistent, repeatable process to assess them - unknowingly allowing vendors to expose them to cyber attacks and other threats to security, privacy and compliance. Fortunately there is only one place to go from here and that is up. The results of the maturity assessment analysis clearly illustrate that there are very specific steps organizations can take to keep from sliding further backward."

Based on detailed analysis, Prevalent identified three risks that stood out among the others:

    --  No remediation guidelines. Without standardized guidelines, the process
        of reviewing risk findings with third parties can be inconsistent,
        leading to misalignment with organizational requirements. 86% of
        companies had inconsistent remediation guidelines.
    --  Ignoring Nth parties. Companies must be prepared to address supply-chain
        disruptions, which include those that third parties face as a result of
        their third parties. Failure to consider fourth parties or Nth parties
        can pose unidentified risks and operational bottlenecks. This was an
        issue for 79% of companies.
    --  Insufficient reporting. It is difficult for organizations to make
        informed decisions without strategic internal conversations about
        emerging threats, areas of concern, change assessment and risk
        remediation. The Prevalent study revealed that 69% of companies failed
        to have important strategic reporting opportunities.

Based on the findings, organizations can improve their third-party risk assessment maturity by easily leveraging existing networks of completed assessments with continuous monitoring, scaling their programs using vendor risk assessment services, and improving consistency with an agile, repeatable model. To learn more about Prevalent's maturity assessment study findings, please read our blog post, "Avoid These 9 Common Third-Party Risk Management Pitfalls," download "The Path From Reactive to Proactive Third-Party Risk Management" white paper and view the "Third-Party Risk Program Maturity: Don't Let it Slide" infographic.

About Prevalent
Prevalent takes the pain out of third-party risk management. Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties. Our customers benefit from a flexible, hybrid approach to TPRM, working closely with each customer to tailor a solution that not only fits their unique needs, but delivers a rapid return on investment. Regardless of where they start, we help our customers stop the pain, make informed decisions, and adapt and mature their TPRM programs over time. To learn more, please visit www.prevalent.net. .

Media Contact
Angelique Faul, 513-633-0897, angelique@silverjacket.net

View original content to download multimedia:http://www.prnewswire.com/news-releases/third-party-risk-management-leader-reveals-the-maturity-of-todays-tprm-programs-is-severely-inadequate-301079254.html

SOURCE Prevalent, Inc.

Related News

Prevalent Named a Leader in the 2020 Gartner Magic Quadrant for IT Vendor Risk Management Tools

Third-Party Risk Management Leader Closes 2020 With Record-Breaking Year

Significant Percentage of Organizations are Drastically Unprepared to Address Supply Chain Disruptions

Third-Party Risk Management Leader Closes First Half of 2020 With Record-Setting Growth and Retention Amid Challenging Environment, Poised for Record-Breaking Year

Third-Party Risk Management Leader Launches Industry's First Vendor Marketplace

Third-Party Risk Management Leader Delivers the Industry's First Comprehensive Cybersecurity Maturity Model Certification (CMMC) Standardized Assessments

Third-Party Risk Management Leader Delivers the Industry's First End-to-End Vendor Intelligence Network

Prevalent Launches First-of-its-Kind Third-Party Risk Management Solution to Help Organizations of Any Size Rapidly Ensure Supply Chain Resilience

View all News

Latest Procurements

Market Sounding - Defence Infrastructure Panel – Construction Major Works

To assist the Commonwealth of Australia (Commonwealth), represented by the Department of Defence, in considering the potential establishment of a standing offer for the undertaking of major construction works described...

ATM 24/2948 drone-mounted Magnetometer

Provision of a drone-mounted Magnetometer to the Australian Antarctic Division

ANSTO Engineering Design Services Panel

The ANSTO Engineering Panel will be established to support the design and development of new facilities, major projects, minor works, and ongoing building renovation and refurbishment needs across many different...

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Miltech Industries Pvt. Ltd.

Solar Industries India Limited

Japan Aircraft Development Corporation - JADC

View All Companies