When it comes to third-party risk management (TPRM), organizations will generally use one of three primary operating models . A decentralized model is often the least effective, as functions are distributed across various teams without a single authority to oversee the activities. Fortunately, this model is the least used, according to results from our 2022 State of Third-Party Risk Management survey.