Over the last few decades, more and more functions that used to be done internally are now done by third parties. This includes everything from IT to customer service, payroll, logistics, quality, manufacturing, HR, facilities management, security, sales, marketing, R&D, legal, accounting, sourcing and procurement"”you name it. If someone else can do it better, faster, and cheaper, then it is a candidate for outsourcing. But along with the explosion of outsourced services, risk has increased for many corporations, as visibility and control have decreased.
Suppliers and service providers exist to serve the enterprise, but they may also cause harm to the enterprise. This can happen in many different ways: A manufacturer's representative or third-party sales agent takes a bribe, exposing your company to huge FCPA fines (some have been in the hundreds of millions of dollars). A supplier engages in fraud or theft. You entrust a trading partner with valuable intellectual property and they inadvertently share it, sell it to a competitor, or use it to make competing or counterfeit product. One of your trading partners who has trusted access to your systems is hacked, and subsequently your systems end up infiltrated. An uninsured contractor has an accident on your premises and sues your company for millions.
The list of real-life incidents is practically endless.
