Think about how much third-party risk management has changed over the past 25 years. The methods used for vendor screening have evolved—remember, the spreadsheet-based assessment was once considered a bold, and helpful, step. And risk itself has changed; the average person in 1991 would never have guessed a portable phone would be the primary way people access the Internet in 2016, much less know that something like the Internet would even exist. Vendor screening has evolved along the way, and risk professionals have become adept in evolving to the changing landscape as well.
Depending on your point of view, 2020 is either amazingly or finally just four years away. For vendor screening, more change is on the way—the progress made in the past couple decades won’t stop simply because today’s solutions and concerns are more advanced than ever. Here is what screening will look like in 2020:
Bye-Bye Spreadsheets
Spreadsheet-based assessments - once such a godsend but now generally seen as inefficient— will never completely disappear. But by 2020, the shortcomings of spreadsheets will be even more pronounced. New risk emerges so quickly these days that you cannot wait weeks for a vendor screening to be completed, and you can’t cross your fingers and hope the data from an assessment is accurate and secure. Automated solutions have become the preferred screening method of choice over the past few years and will continue to push out—and greatly improve upon—spreadsheets in the years ahead.
The Metrics System
As technology has evolved, the ways that businesses quantify progress, efficiency, and success have become more pinpointed. Risk metrics have revolutionized vendor screening in that you are no longer guessing how much risk a third party is presenting but instead can have concrete numbers at your fingertips. These ratings can be compared over time, can be compared among vendors in your portfolio to see which are less risky, and can even be incorporated into contract language. As general technology has evolved this last decade, data and results are expected sooner rather than later. Risk Scoring achieves that goal during the assessment process.
Fourth Parties and Beyond
Although a few organizations are pulling important functions in house with a goal of reducing risk, the trend is for companies to outsource more in an effort to save money and improve efficiency. Proactive risk management can keep tabs on vendors, but who then is keeping tabs on the vendors’ vendors—the so-called fourth parties? Vendor screening in the next few years will place a greater emphasis on subcontractors, particularly as companies strive to avoid a data breach of their systems caused by a supplier they didn’t know they were indirectly contracting.
An Emphasis in IoT
The Internet of Things, or IoT, is a hot topic in technology circles today, with no signs of slowing down anytime soon. More and more devices are interconnecting, which creates great opportunity, but also creates new risk. At some point in the future, smart hackers will figure out how to access company systems through a IoT-enabled coffee maker, and security experts and risk professionals will then try to figure out how to protect against such a previously unthinkable cyber attack. From a vendor risk management standpoint, accounting for these new threats will be imperative—you don’t want a vendor’s coffee maker being the point of intrusion to your servers.
A Walk in the Clouds
Automated vendor risk management software is the best way to gather the maximum actionable intelligence about the threats your suppliers pose. However, directly installing that software onto your servers and computers is so 2010. Software-as-a-Service (SaaS), which is establishing itself in so many industries and solutions, is the wave of the future for vendor screening. SaaS saves your company (especially IT) time by foregoing time-consuming installation and unexpected compatibility issues. Moreover, a cloud-based solution makes vendor risk management truly portable, which will be important next decade as more people work remotely, either from home or on site.
What do you think 2020 has in store for vendor screening?