Third party risk management

Create an ongoing and enterprise-wide risk management strategy which ensures third-party providers are a source of strength for your business – not a weak link.


Third parties are a key component of today’s increasingly complex, digital business eco-systems. Businesses tend to use a multitude of third parties in different ways to deliver goods and services and therefore failure of a third party to deliver is a significant source of risk.

Effective Third Party Risk Management is critical because the organization remains accountable to its customers and markets when third parties fail to deliver goods and services.  Six in ten of our clients have suffered their largest reputational impact because of failures by third parties. 1

Only a technology-enabled, enterprise-wide program can secure the areas of vulnerability and unite stakeholders across procurement, business, risk oversight and legal to understand where and how third parties are being used and whether that is acceptable. These groups must come together in an organized manner to drive a risk-based selection and management of third parties. Third party risk is a strategic priority whose success rests on four pillars: governance, process, infrastructure, and data. Our framework is laid out below:


1Third Party Risk Management Outlook 2020

KPMG’s deep experience supporting the design, implementation and execution of TPRM programs across industries and regions enables us to provide holistic solutions to your TPRM needs.

Element KPMG team
Assessment and design of the holistic program

—   Target Operating Model Design

—   Internal Audit review2

Building block components

—   Procurement Function Integration

—   Supply Chain Integration

—   Risk Components including:
          Cyber Risk
          Regulatory Compliance Risk
          Technology Risk
          Corporate Intelligence

—   Contract Compliance

Technology enablement

—   GRC Implementation

—   Alliances with TPRM technology providers

Helping execute the program

—   Powered TPRM

—   On Demand Services

Our internal audit practice also has experience assisting with audits of the programs and third parties.

Our people

Marc Miller

Marc Miller

Partner, Forensic Network Leader, KPMG US

Daniel W. Click

Daniel W. Click

Managing Director, Forensic, KPMG U.S.

Greg Matthews

Greg Matthews

Partner, KPMG US