3/8/24, 4:57 PM Third party risk management

Advisory Capabilities and Services Advisory Services Risk, Regulatory and Compliance

Third party risk management

Create an ongoing and enterprise-wide risk management strategy which
ensures third-party providers are a source of strength for your business –
not a weak link.

Third parties are a key component of today’s increasingly complex, digital

business eco-systems. Businesses tend to use a multitude of third parties
in different ways to deliver goods and services and therefore failure of a
third party to deliver is a significant source of risk.

Effective Third Party Risk Management (TPRM) is critical because the organization
remains accountable to its customers and markets when third parties fail to deliver
goods and services. Six in ten of our clients have suffered their largest reputationalPrivacy - Terms
impact because of failures by third parties.1

https://kpmg.com/us/en/capabilities-services/advisory-services/risk-and-compliance/third-party-risk-management.html 1/6
3/8/24, 4:57 PM Third party risk management

Only a technology-enabled, enterprise-wide program can secure the areas of

vulnerability and unite stakeholders across procurement, business, risk oversight and
legal to understand where and how third parties are being used and whether that is
acceptable. These groups must come together in an organized manner to drive a risk-
based selection and management of third parties. Third party risk is a strategic
priority whose success rests on four pillars: governance, process, infrastructure, and
data. Our framework is laid out below:

1
Third Party Risk Management Outlook 2020

Our deep experience supporting the design, implementation and execution of TPRM
programs across industries and regions enables us to provide holistic solutions to
your TPRM needs.

Element KPMG team

Target Operating Model Design

Assessment and design of the
holistic program
Internal Audit review2

https://kpmg.com/us/en/capabilities-services/advisory-services/risk-and-compliance/third-party-risk-management.html 2/6
3/8/24, 4:57 PM Third party risk management

Procurement Function Integration

Supply Chain Integration

Risk Components including:

Cyber Risk
Building block components
Regulatory Compliance Risk
Technology Risk
Tax
Corporate Intelligence

Contract Compliance

GRC Implementation

Technology enablement
Alliances with TPRM technology
providers

Helping execute the program Powered TPRM

On Demand Services

2Our internal audit practice also has experience assisting with audits of the programs and third parties.

Explore more insights

https://kpmg.com/us/en/capabilities-services/advisory-services/risk-and-compliance/third-party-risk-management.html 3/6
3/8/24, 4:57 PM Third party risk management

Insight Insight

Subscribe to Risk and Cyber Insights

The latest news and updates on how organizations can manage risk in today's environment.

Subscribe

Meet our team

Contact Us

Marc Miller Daniel

Partner, Forensic Network Leader, KPMG US Partner,

Read bio

https://kpmg.com/us/en/capabilities-services/advisory-services/risk-and-compliance/third-party-risk-management.html 4/6
3/8/24, 4:57 PM Third party risk management

Explore other services tailored to your business

Service

Regulatory compliance for government contractors

Read more

Service

Regulatory and compliance transformation

Read more

Service

Financial Services Risk, Regulatory and Compliance

Read more

https://kpmg.com/us/en/capabilities-services/advisory-services/risk-and-compliance/third-party-risk-management.html 5/6
3/8/24, 4:57 PM Third party risk management

Learn about us: Subscribe

KPMG. Make the Difference.

Legal
Privacy
Accessibility
Cookie Preferences
Do Not Sell or Share My Personal Information

Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular
individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such
information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon
such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP
does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to
the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2024 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

https://kpmg.com/us/en/capabilities-services/advisory-services/risk-and-compliance/third-party-risk-management.html 6/6