Third-Party Risk in Research: A Literature Review

Third-party risk management is crucial for organizations to manage potential risks associated with outsourcing and supply chain operations. While the topic of third-party risk management has been widely discussed in professional literature and regulatory papers, it remains an emerging area of research in scientific literature.
The purpose of this theoretical paper is to examine the overall landscape of research devoted to the third-party risk topic and to answer key questions: 1. What is the definition of third-party risk in scientific research? 2. What types of risks are managed within third-party risk management frameworks, and 3. What is the essential difference between third-party risk, vendor risk, and supplier risk concepts?
To achieve this goal, a systematic literature review using the PRISMA 2020 methodology was conducted. A total of 107 unique publications were identified in the Scopus and Web of Science databases using the keyword "third-party risk" and analyzed using a two-stage approach: first through an abstract review, followed by a full-text analysis. The papers included in the final set were further analyzed using bibliometric and content analysis methods. From a theoretical perspective, the research findings provide a comprehensive overview of previous work on the topic of third-party risk, highlighting future research opportunities. From a practitioner's perspective, this research helps clarify the conceptual differences between vendor risk, supplier risk, and third-party risk, supporting the development of a more effective organizational risk management program.

Keywords: Third-party risk, Operational risk, Supplier risk, Vendor risk, Risk management, Systematic literature review, Risk governance.