Are you a Swiss-based company interested in quantifying your third-party risk? Or would your company be interested in developing the third-party risk management tool together with us?
Contact us for more details and become part of our Innosuisse application team!
From Dr. Sandra Stupar, Lecturer and researcher at the CC Risk & Compliance, Institute of Financial Services Zug, Prof. Dr. Imke Keimer, FRM, Professor at the CC Accounting & Controlling, Institute of Financial Services Zug, and Prof. Dr. Stefan Hunziker, Professor for Risk Management and Internal Control and leader of the CC Risk & Compliance, Institute of Financial Services Zug.
Numerous companies nowadays are constantly faced with problems that need to be solved fast and reliably. Often internal resources are missing, or one-off problems appear, for which the knowledge in the company is lacking. Solving problems externally has become part of business as usual, in both SMEs as well as large enterprises. The size of the consulting market in 2019 was 160 billion USD, with some decrease in the subsequent year due to the corona pandemic (Statista, 2022).
Outsourcing to third parties occurs in many ways, some examples including:
Outsourcing, however, comes with risks that should not be overlooked. Third-party risk management (TPRM) has become an ever more important topic in recent years (see e.g., (Deloitte, 2022), (Baumann & Hunziker, 2022)). Risks involved when deciding on an external/vendor solution can include (not exclusively) the following:
Our goal is to help companies reach a decision and quantify their risk when trusting a third-party with a certain task. With our Third-Party Risk Calculator framework, we will aim to, qualitatively and quantitatively, map risks a company is taking by outsourcing a product or a service solution. The risk output type is still to be determined depending on the model used – risk on a scale, as a category, or as a probability. A third-party grading tool could be a possible implementation.
Benefits for your company
How will the project be conducted
In the first part, we will collect the data by conducting pools, questionnaires, and conversations with the stakeholders. This will have the aim of defining the risk factors required to make a predictive analysis. Risk factors involved could include (see e.g., (Onetrust, 2021)):
In the second part of the project, we will use risk factors previously defined to build a model that rates the final risk. By interviewing the companies and vendors, and getting access to historical information, we will aim to collect enough data to be used in our training and testing sample. We will consider a few models, depending on the amount and quality of data. Simple machine learning techniques like regression or decision trees, weighted averages with SMEs weights, and similar models would be considered.
Get in touch to find out more!
The following could also be of interest to you: