This part of the process requires deeper dives into areas of risk such as IT security, financial stability, corruption and bribery etc. This is accomplished through multiple activities including the use of in-depth questionnaires, the screening of third parties against external databases such as World-Check, Dun and Bradstreet for financial standing and the scheduling and documenting of activities such as on-site visits, phone interviews etc.
It is estimated that 90% of the risk management team’s time will be spent on activities around existing vendors and third parties. This on-going due diligence is essential to the success of the program and an area where automation can make a significant contribution.
The priority Is to execute your defined monitoring program to protect against reputational and regulatory risk. Any vendors or business partners who are classified as high risk must be monitored more closely and an automated system allows you to do this efficiently.
Now that your ongoing due diligence program is active, you can start to look at specific tasks such as certifications and attestations to ensure your policies are being followed through by all parties.
For more information on the other elements of a third party vendor risk management framework, click on the links below.
Identifying the risks created by your firm’s use of third parties
Defining your policies and procedures for monitoring third parties