Across many organizations, there is an outstanding need to baseline what, if any, activities are taking place to manage third-party due diligence proactively. From my specific experience, Procurement's role is only sometimes well established and often has limited involvement in third-party risk management. The lack of engagement with the Procurement team introduces unnecessary risk and exposure for an organization.
Incorporating Procurement in third-party risk management and analysis will increase visibility, broaden awareness, and reduce risk by ensuring consistent sourcing, contracting controls, management, and monitoring processes. The standard practice for most Procurement teams includes evaluating new third parties, facilitating the sourcing and contract negotiations, and primarily being responsible for ensuring appropriate terms are in place. However, without a clearly defined path of communication and standardized processes, there's still potential for the organization to be exposed to unknown risks when bringing on a new critical third.
Anna Sgro, Procurement Category Manager of IT, Maxar