Issue and Case Management of Third Parties

Building a framework for a third party vendor risk management program.

A robust solution must be able to handle and help you to resolve your issues and cases.

When you are classifying the risks and conducting due diligence you also need a robust system that can manage those occasions when a supplier or third party does not meet the standards set out in your policy documents.

The majority of third party risk management systems are dealing with thousands of partners on a regular basis and need to process a very large volume of data related to their interactions with and on behalf of the organization.

When you establish your program, you will write the rules for engagement with all external partners and suppliers. These rules are intended to bring your policy to life and ensure you meet your regulatory responsibilities, so it is critically important to success that all partners understand and meet them throughout their engagement with the organization.

You will need a robust case management solution to manage all the cases and issues related to each third party. The software will translate policy into rules and each rule will have limits, threshold values or triggers associated with them. The system must be capable of identifying the vendor or third party whose profile, circumstances, activities and other actions are not in keeping with your program rules. Once a rule is broken or a potential match with a name on a screening check is found, an alert should be generated.  Robust systems will help you manage these alerts by creating automatic workflows and routing the alert for review to defined personnel in the organization.

Alerts can then be reviewed by the responsible individuals and if they require further investigation a case can be created.

Cases can be assigned to an owner and should have the capacity to have multiple individuals associated with them, with privileges to add comments or documents as well as being able to resolve and close the case where appropriate. Cases may need to be routed through multiple people on the journey to resolution and close, and have due dates associated with their resolution.

Once a system is up and running and data begins to flow, your rules will be constantly running, checking and verifying data from all third parties. There is a certain peace of mind and confidence that comes from the ‘always-on’ functionality of an automated third party vendor risk management solution.

Issue and case management is only one part of an effective third party risk management program.

Click below to learn more about the other essential elements of a third party vendor risk management framework.

Third party data and contracts repository

Overcoming data dispersion to create a single integrated data pool is vital.

One of the principal challenges initiating the process to more effectively manage your third parties is the probable dispersion of third party data across the firm.  This is exacerbated if there are multiple divisions, departments, countries and if they are stored in multiple data repositories. 

To learn more click here.

Missing third party data

It is highly probable that you will not have all the data you need from internal sources to conduct your risk assessment on the third parties. You will need to be sure that your platform is capable of gathering data from multiple external data sources.

To learn more about the different external data sources you will need, click here.

Risk scoring and assessment

Consistent risk assessment, scoring and classification are foundation activities.

Once you have your initial data about the third party, it is time to assess the risk and assign a risk classification to each vendor or third party. You will need to be methodological in your approach as regulators are expecting to see a robust, well-designed structure.

Click to learn more.

Third party due diligence

This part of the process requires deeper dives into areas of risk such as IT security, financial stability, corruption and bribery etc.

This is accomplished through multiple activities including the use of in-depth questionnaires, the screening of third parties against external databases such as World-Check, Dun and Bradstreet for financial standing and the scheduling and documenting of activities such as on-site visits, phone interviews etc. 

To learn more click here.

Onboarding and terminating third parties

Onboarding of new third parties is a key process for the firm and implementing procedures to ensure that the correct third parties are on-boarded is critical.

It is an important part of your third party risk management program. 

To learn more click here.

Oversight, reporting and analytics of third parties

Good oversight delivers better management and program control.

Once your third party risk management program is up and running, oversight of the program and the ability to conduct analytics of the program is very important. An automated solution should enable firms to quickly see the risk classifications of their third parties, the risk assessment and due diligence activities that are upcoming and past due. 

To learn more click here.

Have questions? Speak to our experts gifts-iconExplore Gifts & Hospitality

Would your organization benefit from implementing a third party risk management software?
Click here to learn more about our robust third-party risk management solution.

Or click below to organise a call with one of our experts

Speak to our experts Learn More About KYTP