supplier risk management checklist: what to ask when assessing a vendor solution
DESCRIPTION
The risks posed by third party relationships (vendors, suppliers, agents, distributors, resellers, etc.) are huge – and often unaddressed. Regulations continue to increase as businesses become more global, and more and more companies are looking to address the risks based on the guidance from regulation already in place. But how do you know you’ve found the right solution to address your biggest challenges? It’s important to understand the biggest time expenditure in managing these relationships first. Is it doing a review at the time of onboarding to ensure that these third-parties share a common philosophy with regard to bribery? Is it continuously monitoring for news related to the company to remain informed of adverse events? This checklist will enable you to target the features and functionality you really need before embarking on the path to securing your third party relationships.TRANSCRIPT
July 2013
Third Party Risk Management: What to Ask When Assessing a
Vendor Solution
Compliance Risk Landscape
Third Party Risk Management
Third Party Risk: A Complex Network of Relationships
Source: Compliance and Ethics Leadership Council
SUPPLIERS IN
EMERGING
MARKETS
TEMPORARY
EMPLOYEES
SUBCONTRACTORS
INT’L
INTERMEDIARIES
DOMESTIC
AGENCIES
OFFSHORE
SERVICE
PROVIDERS
DATA
VENDORS
FOREIGN
DISTRIBUTORS
DEALERS /
RESELLERS
LOBBYISTS
AUDITORS
INT’L JOINT
VENTURES
PARTNERSHIPS
SUPPLIERS’
SUPPLIERS
CONTRACTORS
VENDORS DISTRIBUTORS
CONSULTANTS
JOINT
VENTURES
SUPPLIERS
AGENTS
YOUR
CORPORATION
A High Level of Complexity
Corporations need to manage
divergent legal relationships across
a multitude of partners, and
struggle to gain visibility into
often-hidden risks.
Our Approach
Third Party Risk Management
Our Best Practice Approach to Third Party Due Diligence
1. Batch Screen Understand and assess the inherent operational and jurisdictional risk to your organization prior to performing due diligence.
2. Risk Assessment Best-in-class screening process that provides a comprehensive view into complete enterprise risk—financial, regulatory, reputational, and governance.
3. Risk Mitigation and Action Steps
Dictates mitigation activities that must be taken by both the third party and you.
4. Ongoing Monitoring Periodic re-screening process that identifies change in enterprise risk, ensures information is kept current, and continued compliance to client policies.
4. Monitor 3. Mitigate 2. Assess 1. Batch Screen
What to Ask
Assessing Third Party Risk Management Solutions
How Do You Know You’ve Found the Right Solution to Address your Biggest Challenges?
• Risks posed by third party
relationships (vendors, suppliers, agents, distributors, resellers, etc.) are huge – and often unaddressed.
• Regulations continue to increase as businesses become more global.
• More and more companies are looking to address the risks based on the guidance from regulation already in place.
First: Understand the Biggest Time Expenditure in Managing these Relationships
• Is it doing a review at the time of
onboarding to ensure that these
third-parties share a common
philosophy with regard to bribery?
• Is it continuously monitoring for
news related to the company to
remain informed of adverse
events?
Checklist
Using this checklist will enable you to target the features and functionality you really need before embarking on the path to
securing your third party relationships.
Third Party Risk Solution Functionality
List of Must-Haves
Moves Process Online
Can you administer the system yourself?
Can you designate permissions within the system by role?
Are there unlimited users by role?
Is there a specific portal for third parties?
Does the system allow for global collaboration?
Is there a single repository for collected data?
Can third parties upload documents to your portal?
Automates Routine Tasks
Are notifications sent to third parties at the time of review?
Does the system send your third party due diligence questionnaire?
Will it perform the questionnaire scoring?
Can it integrate with your corporate data systems?
What about with your commercial data management tools?
Does the system perform the risk assessment scoring?
And will it create the due diligence report?
Does it constantly monitor for alerts?
Central Control; Regional Input
Does it provide for control at the Corporate office?
What about monitoring at the Corporate level?
And reporting at the corporate level?
Can third party data be entered locally?
And can that data also be maintained locally?
Manage Third Party Relationships
Is there a global third party on-boarding process?
And ongoing management of the relationship?
My Third Parties View By Role
Is the full history of the third party relationship visible?
Is there a dashboard where third party risks can be monitored?
Does the ability to sort or filter by user role exist?
Integrated Due Diligence (DD)
Does the system provide four levels of due diligence reports?
Can you batch screen existing third parties?
Does it provide 24/7 third party risk monitoring?
Is there a watch or sanctions list screening option?
What about screening for adverse media (media reports, regulatory filings,
etc.)?
Is there screening for Politically Exposed Persons (PEPs)?
Are financial background checks available through the system?
