GRC 20/20 Quantifies Return on Investment with ProcessUnity Vendor Risk Management

GRC 2020 Quantifies ROI with ProcessUnity Vendor Risk Management

Independent research examines the measurable benefits of ProcessUnity VRM

Imagine what business results you could achieve if your third-party risk management (TPRM) program ran as smoothly as possible. At its most efficient, your program could capture complete visibility into third-party risk to protect organizational assets and sensitive data. This insight allows you to proactively manage risk, maintain operational resiliency and demonstrate results to senior leadership.  

Many organizations would like to generate these results with their TPRM program but lack the correct solution to support them. The two biggest challenges that stand in their way are either fragmented, manual processes or rigid legacy platforms. Both approaches limit TPRM maturity, leaving teams struggling with siloed information and reactive processes.  

To help organizations build a business case for a TPRM tool, GRC 20/20, an independent research firm led by GRC analyst Michael Rasmussen, evaluated ProcessUnity Vendor Risk Management (VRM). In interviewing ProcessUnity users across financial services, clinical research, life sciences and professional services, the research found that ProcessUnity allows organizations to achieve an efficiency gain of at least 50% on third-party risk management.  This means that organizations spend less time caught in silos and more time assessing and monitoring their third-party risk. 

The GRC 20/20 research breaks down the top challenges organizations face at every stage of the vendor lifecycle. The results lay out the quantifiable benefits ProcessUnity users gain in overcoming these challenges with automation. 

Third-Party Risk Management and Oversight  

When organizations perform third-party risk oversight and management in manual processes, they spend approximately twice as much time in these activities as they do with ProcessUnity VRM. Key processes are often disconnected, forcing organizations to spend valuable time reconciling documents and communication across disparate systems. 

ProcessUnity delivers all the information organizations need in one application with views into third-party risk processes, outstanding tasks, and status readily available. This allows them to spend 50% less time on third-party risk management and oversight.  

ProcessUnity users report the following benefits to their third-party risk management and oversight processes:  

  • Improved access to accurate information 
  • Elimination of shadow/rogue third-party relationships 
  • Agility in ad-hoc needs 

Third-Party Onboarding

Onboarding is a labor-intensive process; organizations need to not only find the right vendor but must also perform the right level of pre-contract due diligence.  

According to GRC 20/20, onboarding typically can involve 20 hours of staff time per third-party onboarded, bringing it down to 3 hours with the automation within ProcessUnity VRM.  Organizations cut this time significantly with ProcessUnity as the solution provides a standardized way to onboard, log and manage third parties. The process prevents important data from slipping through the cracks, eliminating the need to chase down missing information. Additionally, ProcessUnity integrates into other business and third-party intelligence systems to pull in information to automate risk oversight in onboarding and increase efficiency. 

ProcessUnity users report the following benefits to their onboarding processes:  

  • Configurable risk assessment templates 
  • Preliminary risk triage 
  • Issue prioritization 

Third-Party Risk Assessment and Ongoing Monitoring

GRC 20/20 finds that each third-party annually requires about 20 hours of time on average utilizing manual processes with documents, spreadsheets, and emails. Some assessments take significantly longer, which may involve hundreds of hours if onsite inspections and audits are required. Twenty hours is the average time per third-party assessment when done in manual processes.    

With ProcessUnity VRM, GRC 20/20 finds organizations spend 85% less time on ongoing assessments via the centralization of all information, assessments, tasks and workflows. The ProcessUnity Assessment Engine automatically scopes the depth and frequency of risk assessments, reducing analyst and vendor fatigue. 

ProcessUnity users report the following benefits to their risk assessment and ongoing monitoring processes:  

  • Prepopulated information and flagged preferred/non-preferred responses 
  • Reduction in assessment analysis time 
  • Adaptability and collaboration with vendors 

Third-Party Risk Reporting, Metrics and Analytics

Third-party risk reporting and metrics can be one of the costliest areas of third-party risk management. On top of this, TPRM teams face pressure to prove the value of their program to senior leadership. Organizations have a significant amount of staff time that goes into manual reconciliation of hundreds to thousands of assessment records, pulling specific information out of each third party, and putting it into periodic reports for the board, regulators, relationship owners, and other stakeholders.   

With ProcessUnity VRM, the time spent on case reporting and metrics is estimated at only 10% of the time organizations used to spend on manual processes. In fact, one organization stated that what once took two hours per vendor/third-party to produce a report on investigations is now less than one minute with ProcessUnity VRM.  According to GRC 20/20, this average is a conservative estimate; the savings can be much more significant than what the firm model. 

ProcessUnity users report the following benefits to their risk reporting, metrics and analytics processes:  

  • Reduced individual and year-end reporting times 
  • Regulatory and stakeholder assurance 
  • Contextual awareness of program status 

ROI Benefits

The GRC 20/20 research calculated the average time-to-value and return on investment that ProcessUnity VRM provides: 

  • “Large organizations can see a return on investment in 29 days. Over five years, they can expect a total return on investment of $14,855,000.” 
  • “Medium organizations can see a return on investment in 33 days. Over five years, they can expect a total return on investment of $5,917,500. 
  • “Small organizations can see a return on investment in 37 days. Over five years, they can expect a total return on investment of $2,915,250.” 

Final Perspective

The GRC 20/20 analysis concludes that ProcessUnity Vendor Risk Management equips organizations with the tools they need to develop an efficient, effective and agile TPRM program. The solution enables rapid program maturity and enterprise-wide benefits by adding value at every stage of the vendor lifecycle. ProcessUnity users gain holistic insight into their program status with the confidence to meet issues as they arise. Unencumbered by manual processes, teams drive proven business results that extend throughout the enterprise. 

For a deeper look at how organizations benefit from ProcessUnity VRM, download the GRC 20/20 Value Perspective here.