BDO pushes for AI and automation transition to streamline processes

BDO Australia has said financial services organisations are facing growing challenges in managing third party risks, driving them towards AI, automation and proactive, partnership-driven models.

The professional services firm revealed for many organisations; third-party challenges still persisted despite nearly six years of compliance under APRA’s CPS234 regulation.

The regulation was originally enforced to mandate robust information security standards for third-party service providers, BDO said.

According to Joseph Green, BDO Australia risk advisory director, there was a major shift underway in how third-party assurance activities are approached.

“Organisations are moving away from audit-based relationships and toward more proactive, partnership-driven models,” he said.

“This shift allows companies to not only comply with regulations but also build long-term, strategic relationships with vendors that focus on real-time risk mitigation, continuous improvement, and shared goals.”

Green recommended for organisations to embrace the shift and move towards a proactive, relationship-driven model that helped them better understand and mitigate third-party risks in real-time, rather than “simply ticking boxes”.

To help with this transition to a partnership-driven model, BDO said AI and automation were vital tools, as by automating low-value tasks, organisations could free up resources to focus on higher-value activities, such as deeper vendor engagement and ongoing risk assessment.

“AI is becoming an essential tool for financial services organisations looking to streamline third-party risk management. By automating routine, low-value tasks and low-risk vendors, AI allows teams to focus on higher-risk vendors, enabling a deeper dive into these relationships,” Green said.

“This shift frees up resources to concentrate on more strategic areas such as continuous improvement and more meaningful vendor engagement. Additionally, AI tools can help organisations automate the analysis of vendor risk assessments, flagging anomalies and identifying potential risks that would otherwise require manual review.”

The firm said organisations with lean teams not leveraging AI should consider the included benefits such as, automated routine processes like data entry, vulnerability management and compliance checks.

AI was also pushed by the firm as it could provide real-time insights and predictive analytics, allowing organisations to address emerging risks before they escalated into larger problems.

Green said this level of agility was essential in today’s fast-paced and ever-evolving threat landscape and that AI advancements not only reduced the burden of manual work, but also enabled more proactive risk management.

“Despite significant time and resource investments, traditional methods often fall short, especially when it comes to strategic or material third parties,” he said.

“This industry needs a new approach – one that not only ensures compliance but also promotes ongoing collaboration, continuous improvement, and a deeper understanding of third-party risks.”

BDO warned upcoming CPS230 regulation set to expand requirements beyond information security to include operational risks could further exacerbate challenges, therefore underlining the importance of leveraging AI and automation.

“Organisations must shift toward a more integrated, cohesive approach to risk management, where AI and automation play a key role in streamlining processes and enabling real-time risk mitigation.”