Third Party Risk Assessment: Third-parties expose you to a broad range of risks. As much as you would like to onboard that vendor fast and get things moving, if sufficient diligence is not done, it could damage your reputation, financial position, invite unwarranted litigations and expose you to fraud. Being able to quickly ascertain credibility of counterparties is essential for any fast moving business today to innovate quickly, create value and remain competitive.
If you look at the data, 87% of companies surveyed recently by Deloitted have reported that their operations disrupted in some way because of a third party. 11% of them had a complete breakdown in at least one of their vendor relationships.
Before we provide you the roadmap to incorporate risk assessment within your vendor onboarding process, let’s understand what ‘Risk’ means?
Let’s take Apple’s example.
In the early 2000s Apple faced huge activist pressure and embarrassing media coverage following a rash of worker abuse at the factory of one of its major suppliers.
So what went wrong in the risk assessment?
Apple is publicly committed to good employment practice. Its supplier code of conduct demands that employees in its supply chain are treated with respect and dignity. The supplier’s Chinese factories, however, didn’t follow suit. In 2011 seven young Chinese workers producing Apple iPads for consumers across the globe took their own lives, prompting an investigation into working conditions at the factory in Shenzhen, southern China.
Many workers claimed that they were regularly required to work far in excess of the 36 hours of overtime per month than Chinese law.
Suppliers can stain a company’s image and put them at ‘risk’, just like the Apple case. So what is a good framework when it comes to thinking about third-party risks? We see leading enterprises break this down into 4 phases.
- Understand Risk
Companies need to evaluate what their appetite is for risk. Companies need to ask: What is their company-wide understanding about the tolerance of risk? For example, while oil and gas companies undertake long-term investments in distant countries, they might be willing to tolerate more risk than more retail-oriented industries, such as hotel chains and theme parks, that face customers on a daily basis.
Here are 3 types of risks your company may run into –- Financial/reputational: Risk that a third party could damage your revenue or reputation. For instance, your reputation is on the line after a supplier provides you with a faulty component for your goods.
- Legal and regulatory: Risk that a third party will impact your compliance with legislation or regulation. For example, if your supplier violates labor or environmental laws, your organization can still be found liable. Outsourcing doesn’t mean the end of responsibility.
- Operational: Risk that a third party could disrupt your operations. For instance, your software vendor is hacked leaving you with a downed system.
- Analyze Risk
Getting good information about risks and conducting objective reviews and analyses of those challenges is important. That research can be used to make wiser business decisions grounded in reality. “Getting managers to use rigorous risk analyses — of any variety — to defend investments can significantly improve decision-making.” - Reduce Risk Exposure
Organizations need to ask themselves how they can decrease their susceptibility to identified aforementioned risks. Do good processes, systems and teams exist that can react and handle situations on a timely basis? Also, managers can take steps to minimize potential damage long before a crisis unfolds if they plan properly and foresee the likely risks. - Respond to Risks
Organizations can learn from incidents where something may have gone wrong. They can use such knowledge to respond more effectively to future crises.
“Leaders must react and correct for the human tendency to ascribe close calls to a system’s resiliency when it’s just as likely the near-miss occurred because of a system’s vulnerability.”
How does SignalX fit this equation?
Being able to onboard vendors and suppliers quickly is essential to remain competitive and innovative in the market today. Building trust with third-parties requires a robust internal system to ascertain their credibility, identify third-party risks and proactively mitigate them.
SignalX’s risk intelligence platform is built to make it easy for enterprises to elevate their vendor and supplier onboarding process by incorporating risk assessment, due diligence and monitoring. Your company can get better insights into third party relations with SignalX’s third-party risk management systems.
This not only helps with faster and effective decision making, but helps greatly in reducing risky deals with non-compliant third-party suppliers.
