Among organizations that engage third parties to provide business services, 83% identified third-party risks after conducting due diligence and before recertification, according to Gartner.

Gartner’s survey of more than 250 legal and compliance leaders reveals that the standard point-in-time approach to risk management is no longer effective in today’s landscape of fast-paced, rapidly changing business relationships.

With an increasing number of third parties performing new-in-kind and noncore services for organizations, material risks cannot always be identified prior to the start of a business relationship. Modern risk management must account for ongoing changes in third-party relationships and mitigate risks in an iterative way — that is, on a continual basis, rather than at specified intervals.