Get it Right with Third Party Risk Manager

Automating your third party vendor risk management program on MyComplianceOffice will deliver a clearer picture of the risks you face from vendors and third parties, regardless of the depth or scale of their relationship with you. 

Management of third parties and their inherent risk has become an increasingly important and complex activity. Studies have shown that share price can be negatively impacted by up to 2.5% when a company‚Äôs vendor is prosecuted by an enforcement authority. 

Most companies performs due diligence before contracting with a service provider. But the key to effective risk management is ongoing follow-up, to ensure the controls that were in place when the relationship began, remain in place over time, and change as necessary to manage new risks. With MCO's vendor risk management software we automate this entire process, thus reducing the complexity of managing these third party contracts and relationships.

Features of MCO's Third Party Risk Manager:

  • Easy on-boarding of new third parties
  • Centralized data; Single integrated view of all third parties and contracts
  • Seamless integration with existing systems
  • Efficient due diligence using electronic questionnaires
  • Alert-based system actively informs the right person and the right time
  • Escalation procedures and related workflows for review of issues

Third Party Risk Management Framework

Click to expand and learn more about each step.

Third party data and contracts repository

Overcoming data dispersion to create a single integrated data pool is vital.

One of the principal challenges initiating the process to more effectively manage your third parties is the probable dispersion of third party data across the firm.  This is exacerbated if there are multiple divisions, departments, countries and if they are stored in multiple data repositories. 

To learn more click here.

Missing third party data

It is highly probable that you will not have all the data you need from internal sources to conduct your risk assessment on the third parties. You will need to be sure that your platform is capable of gathering data from multiple external data sources.

To learn more about the different external data sources you will need, click here.

Risk scoring and risk assessment

Consistent risk assessment, scoring and classification are foundation activities.

Once you have your initial data about the third party, it is time to assess the risk and assign a risk classification to each vendor or third party. You will need to be methodological in your approach as regulators are expecting to see a robust, well-designed structure.

Click to learn more.

Third party due diligence

This part of the process requires deeper dives into areas of risk such as IT security, financial stability, corruption and bribery etc.

This is accomplished through multiple activities including the use of in-depth questionnaires, the screening of third parties against external databases such as World-Check, Dun and Bradstreet for financial standing and the scheduling and documenting of activities such as on-site visits, phone interviews etc. 

To learn more click here.

Onboarding and terminating third parties

Onboarding of new third parties is a key process for the firm and implementing procedures to ensure that the correct third parties are on-boarded is critical.

It is an important part of your third party risk management program. 

To learn more click here.

Oversight, reporting and analytics of third parties

Good oversight delivers better management and program control.

Once your third party risk management program is up and running, oversight of the program and the ability to conduct analytics of the program is very important. An automated solution should enable firms to quickly see the risk classifications of their third parties, the risk assessment and due diligence activities that are upcoming and past due. 

To learn more click here.

Issue and case management of third parties

A robust solution must be able to handle and help you to resolve your issues and cases.

When you are classifying the risks and conducting due diligence you also need a robust system that can manage those occasions when a supplier or third party does not meet the standards set out in your policy documents.

Click to learn more.

Have questions? Speak to our experts Download Brochure