Third-Party & Supply Chain

The Institute of Internal Auditors (IIA) recently released a Public Consultation Draft for its Third-Party Topical Requirement. At first glance, it may seem like a technical set of guidelines, but the stakes are high. As businesses increasingly rely on third-party relationships—whether with vendors, contractors, consultants, or others—internal auditors face growing challenges in managing these complex connections. The IIA’s draft aims to offer a more standardized, comprehensive approach to assessing and managing the risks tied to external partnerships. For organizations that regularly engage with third parties, the draft provides a clear framework designed to ensure that no critical risks go unnoticed.

The European Supervisory Authorities (ESAs)— namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) — have weighed in on the European Commission’s recent changes to the regulatory framework surrounding subcontracting under the Digital Operational Resilience Act (DORA). And in short, they’re on board.

The European Supervisory Authorities (ESAs) are paving the way for a stronger oversight framework. Their latest initiative is a clear and deliberate step towards tackling third-party risk, particularly concerning critical ICT service providers, under the EU’s Digital Operational Resilience Act (DORA).

As the global risk landscape continues to shift, businesses must face the reality of whether the traditional approaches to supply chain risk is no longer enough. In its 2025 Supply Chain ESG Risk Outlook, LRQA doesn’t just confirm what we already know about risks—it reveals deeper, sometimes uncomfortable truths that businesses can no longer afford to ignore. This isn’t just another report filled with jargon, it’s a wake-up call that calls for reflection, action, and a recalibration of how we view supply chain resilience in a rapidly changing world.

The U.S. Department of Labor (DOL) has secured an agreement with JBS USA Food Co., the nation’s largest meat packing processor. The company, which operates across numerous U.S. facilities, has committed to a $4 million fund aimed at assisting individuals and communities impacted by child labor practices. This agreement follows a series of DOL investigations that uncovered unlawful child labor at JBS’s facilities.

For decades, just-in-time (JIT) manufacturing has been the benchmark for operational efficiency. This approach emphasizes delivering products in the fastest, most cost-effective manner while maintaining a highly visible platform for continuous improvement. JIT supply chains minimize resources—such as space, inventory, and workflows—to essential levels, reducing waste and enabling organizations to convert efforts into revenue with remarkable efficiency. By eliminating excess inventory, redundant systems, and systemic bottlenecks, JIT has become a cornerstone of modern manufacturing operations.

In a world where banks depend on third-party vendors for critical services, a new report from SecurityScorecard paints a concerning picture of the vulnerabilities lurking in the financial sector. According to the findings, a staggering 97% of the top 100 U.S. banks were impacted by third-party data breaches over the past year, revealing just how interconnected—and fragile—the banking supply chain has become.