2016 3P Benchmark Webinar
•Download as PPTX, PDF•
0 likes•746 views
2016 3P Benchmark Webinar
Recommended
Recommended
More Related Content
Similar to 2016 3P Benchmark Webinar
Similar to 2016 3P Benchmark Webinar (20)
Recently uploaded
Recently uploaded (20)
2016 3P Benchmark Webinar
- 1. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Benchmarking Your Third Party Risk Management Program October 26, 2016
- 2. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com P R E S E N T E D B Y CEO & Owner The Volkov Law Group Randy Stephens Vice President, Advisory Services NAVEX Global Michael Volkov
- 3. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Agenda • Third Party Risk Management in Your Compliance Program • NAVEX Global’s 2016 Third Party Risk Management Benchmark Report • State of Third Party Risk Management Today • Approach to Third Party Due Diligence • Third Party Risk Management Program Maturity • Program Performance and Satisfaction • Take-Aways and Recommendations • Q&A
- 4. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com In This Webinar You Will Learn… • How your program stacks up against 394 of your peers • Top objectives and challenges for third party risk managers • Trends in how organizations like yours are screening and monitoring third parties • How mature programs approach third party risk management and their performance improvements • How to leverage our findings to increase program effectiveness
- 5. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Survey Question How concerned are you about your third party risk management program?
- 6. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Agenda • Third Party Risk Management in Your Compliance Program • NAVEX Global’s 2016 Third Party Risk Management Benchmark Report • State of Third Party Risk Management Today • Approach to Third Party Due Diligence • Third Party Risk Management Program Maturity • Program Performance and Satisfaction • Take-Aways and Recommendations • Q&A
- 7. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com The NAVEX Global Compliance Ecosystem NAVEX Global offers a comprehensive suite of solutions that support each element of your ethics and compliance program: • Establish and Manage Policy • Train and Engage • Report and Resolve • Assess and Monitor • Expert Guidance
- 8. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Agenda • Third Party Risk Management in Your Compliance Program • NAVEX Global’s 2016 Third Party Risk Management Benchmark Report • State of Third Party Risk Management Today • Approach to Third Party Due Diligence • Third Party Risk Management Program Maturity • Program Performance and Satisfaction • Take-Aways and Recommendations • Q&A
- 9. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com 2016 Third Party Risk Management Benchmark Report • Facilitated by a third party research firm in August and September, 2016 • 394 respondents completed the survey • Respondents represent: 21 industries 54% Senior managers and C-level 28% Management 18% Non-managers and other roles • Respondents include: 40% Large organizations (5,000+ employees) 31% Medium sized organizations (500-4999 employees) 29% Small organizations (<500 employees)
- 10. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com State of Third Party Risk Management Today B E N C H M A R K I N G Y O U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
- 11. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Survey Question What is your top third party risk management program objective?
- 12. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Top Objective is to Protect the Organization From Risk
- 13. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com This Year, the Top Challenge is Conflicts of Interest
- 14. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Top Internal Program Challenges Focused on Resources
- 15. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Budgets Remaining Steady or Growing
- 16. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com An Increase in Third Party Legal Action • There has been an increase in legal or external regulatory action (32% in 2016 vs. 21% in 2015), representing a 34% increase.
- 17. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Legal and Regulatory Action Frequency Increasing
- 18. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Fear of third party failure tops fear of corruption this year. • Top objectives reveal a fear that lack of control over third parties can negatively impact the organization • Conflicts of interest are top of mind, bribery and corruption in the number two spot. Conflicts of interest can be an indicator of a broader set of issues • Cyber security concerns are top of mind, especially in banking and healthcare • Internal program concerns focus on a lack of resources and desire to create and deliver comprehensive coverage, yet budgets are not growing to match demand • The frequency of legal and regulatory actions related to third parties has increased, adding urgency to program performance Slight Changes in Priorities
- 19. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com B E N C H M A R K I N G Y O U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M Approach to Third Party Due Diligence
- 20. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Survey Question How do you evaluate your third parties before you engage with them?
- 21. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com A Drop in Risk-Based Pre-Engagement Evaluations
- 22. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Less Than Half of Programs Screen and Monitor Well
- 23. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com In 2016, An Increase in Screening ALL Third Parties
- 24. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com But, Only 22% Monitor All of Their Third Parties
- 25. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Multiple Sources for Discovering Red Flags
- 26. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com NAVEX Global strongly suggests a risk-based approach to third party risk management • While more companies are screening all of their third parties, too few continuously monitor them • The FCPA Resource Guide* suggests organizations “should take on some form of ongoing monitoring of third party relationships” • To cover all your potential third party risks, best practices are to do continuous monitoring of all of your third parties • Organizations deploying continuous monitoring can deal with issues immediately and appropriately. It also provides transparency and offers the most defensible position. • Tools are available to optimize your third party screening and monitoring program Approach to Due Diligence is Often Incomplete * A Resource Guide to the U.S. Foreign Corrupt Practices Act. See references slide.
- 27. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Third Party Risk Management Program Automation and Maturity B E N C H M A R K I N G Y O U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
- 28. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Only 8% Use an Automated and Purpose-Built Solution
- 29. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Survey Question How do you evaluate your program’s maturity?
- 30. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Most Programs are Maturing Maturing programs either screen all of their third parties but don’t continuously monitor all of them, or screen the majority of their third parties and have some level of structured and continuous monitoring in place.
- 31. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Automation and Maturity Often Overlap • Organizations that use automated systems and those with Maturing / Advanced programs tend to have a greater number of FTEs and higher budgets assigned to manage third party risk management. Those that do not use automatic systems and those with Reactive / Basic programs also tend to have one or zero FTEs assigned to manage their third party risk.
- 32. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Mature Programs are More Likely to Screen All Third Parties
- 33. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Mature Programs Also Monitor More Aggressively
- 34. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Both options enable better risk management • Mature programs are more likely to have invested in automation, which extends program capabilities • Mature programs tend to screen and monitor all of their third parties. This delivers visibility unavailable in less centralized and consistent programs Program Automation and Maturity
- 35. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Program Performance and Satisfaction B E N C H M A R K I N G Y O U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
- 36. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Automated Systems Improve Program Satisfaction
- 37. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Mature Programs Show Even More Program Satisfaction
- 38. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Use of Due Diligence Vendors Enhance Satisfaction
- 39. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Use of a Due Diligence Vendor Helps Identify More Red Flags
- 40. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com With an increase in legal and regulatory actions, those with mature programs are better positioned to mitigate risks • Maturing programs have operationalized their efforts and are screening and monitoring most or all of their third parties • Automated systems enable risk managers to focus on critical tasks rather than basic program management (aka, internal resources or Internet searches) • A combination of automation and maturity leads to the best program results Performance and Satisfaction Tied to Program Investment
- 41. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Agenda • Third Party Risk Management in Your Compliance Program • NAVEX Global’s 2016 Third Party Risk Management Benchmark Report • State of Third Party Risk Management Today • Approach to Third Party Due Diligence • Third Party Risk Management Program Maturity • Program Performance and Satisfaction • Take-Aways and Recommendations • Q&A
- 42. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Most organizations indicate they could be doing a better job managing their risk. • 58% indicate they do a good job complying with laws and regulations and less than 25% rate their overall program as Good • 30% indicate they expect their organizations will increase third party engagements in the next year • Less than half conduct due diligence screening on ALL their third parties • 22% continuously monitor ALL their third parties • One-third of organizations have faced legal or regulatory issues that involved third parties • 50% of these involved average costs of $10,000 or more per incident There are strong indications that programs that screen, monitor and use automated third party management platforms see better program performance Key Take-Aways
- 43. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Program sophistication is the differentiator. • As organizations realize the amount of work and resources required to adequately manage their third party engagements, automation can deliver clarity, program completeness, and confidence • Program sophistication supersedes organization size, budget, FTEs and the number of third parties managed in terms of program performance and satisfaction • Organizations of all sizes should approach third party risk management with purpose and focus: • Measurement, milestones, and outcomes • Program efficiency, effectiveness, structure and performance Recommendations
- 44. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Attend the NAVEX Global Virtual Conference
- 45. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Third Party Risk Management Program • Third Party Risk Management Tools and Thought Leadership: www.navexglobal.com/Resources WHITEPAPER: How to Automate Third Party Due Diligence Monitoring: Ten Steps to Success WHITEPAPER: A Prescriptive Guide to Third Party Risk Management Visit Our Website to Access More Benchmarking Resources From NAVEX Global: • E&C Hotline Benchmark Report • E&C Training Benchmark Report • E&C Policy Management Benchmark Report • Consulting Solutions: Learn how our Advisory Services team can help you identify and address program gaps with risk and culture assessments, in-person training and more. Request a consultation today. • Department of Justice Resource Guide
- 46. © 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved. www.navexglobal.com Thank You! Randy Stephens Vice President, Advisory Services NAVEX Global rstephens@navexglobal.com Michael Volkov Chief Executive Officer The Volkov Law Group mvolkov@volkovlaw.com
Editor's Notes
- NAVEX provides a comprehensive suite of compliance solutions, including policy management solutions, training solutions, hotline and incident management resources, third party risk applications and advisory services. This is a major differentiator for NAVEX Global. We not just a training vendor; we are a trusted partner that has the resources and capabilities to support the entirety of your compliance program. Today, we’re going to focus on your training program, but I’d welcome the opportunity to discuss any of these other solutions with you when appropriate. Nonetheless, all of these are relevant to today’s discussion on training, as each provides insights into the challenges facing our clients, allowing us to produce the very best in training. For example, we work with companies every day on developing and defining policies and Codes – which helps us keep a tab on emerging risks. As the world’s largest third-party ethics hotline provider, we have unique insights into the issues your employees are identifying as problems. And our advisory services teams work everyday on benchmarking and needs analysis – helping us understand where the gaps in knowledge are. Included in our solutions is our award winning client support, implementation and professional services.
- Note cyber security up near the top
- Respondents indicated… In the last two years, non-compliance with laws and regulations – often a top concern among compliance and legal officers – is not as important as the program protecting the organization from harm. Cyber security is a top concern for those in several key industries including finance and healthcare. This is not surprising, given the high number of recent cyber security breaches and the impact they’ve made in these industries. Understanding the objectives of your third party risk management program is a critical first step in deciding where to focus your resources and efforts. While almost all programs will have multiple objectives, only so much can be accomplished. Therefore, prioritizing objectives can inform next steps. To accomplish these top objectives every organization that uses third parties should have a clear, written policy on the use of and business conduct of these third parties. This policy, along with the controls designed inform third parties of what’s expected of them, should be shared within the organization and with the third parties. The comparison of the 2015 and 2016 results show a somewhat surprising move of conflicts of interest to the top concern, slightly overtaking the perennial front runner, bribery and corruption. It may be a reflection of the risk assessments made by the 2016 respondents or a maturing of the third party programs to the point where they are beginning to address new, yet troublesome concerns which are not as readily solved. Complexity, training and information management continue to be challenges while a lack of resources and processes continue to frustrate reductions to these concerns. As with 2015, we see only around one-third of survey respondents reacting to these challenges with additional resources.
- The top two approaches to third party due diligence are a risk-based approach (47%) and evaluating third parties before engaging with them (43%). Close to one-third (31%) of organizations conduct due diligence only after an issue arises, while 13% rarely conduct and 4% do not conduct due diligence at all. While the relative frequency of approaches has remained the same, it is noteworthy that fewer organizations are assessing all third parties before engagement or employing a risk-based approach.
- More respondents see their programs as complying with laws and regulations over how well they screen third parties. Very few see their programs as monitoring third parties adequately. It is interesting that while companies may feel like they are complying, they’re not confident that they’re actually covering their bases.
- Don’t we have 2015 data too??
- Organizations discover “red flags” or other potentially negative third party information through multiple channels. Most common is through internal due diligence monitoring (55%). Programs are more likely to have identified red flags through internal due diligence monitoring (71%), a third party due diligence provider report (36%), or during a re-assessment or agreement while considering an expansion of relationship (33%).
- The percentage of programs that evaluate third parties before they are engaged significantly decreased (35%) from 2015. This means more programs may be taking a risk by evaluating third parties after they have already been engaged and after liability has already occurred. Also concerning is the increase in the percentage of programs in which no due diligence is conducted (13%). This is not what was intended by a risk-based evaluation.
- The largest number of respondents do not use any form of automated system to manage any element of their programs. This may be manageable with a very small number of third parties, who are primarily domestically based or in some cases have long tenures with the organizations. Using internal resources to attempt this, such as using Google-type searches or questionnaires, could result in critical issues or red flags being missed. Performing these searches manually is difficult enough, but operationalizing them for continuous alert-monitoring is nearly impossible. Some respondents in this category recognize the value on automation but they told NAVEX Global that they may have resisted the move to an automated system because of concerns about costs or concerns around siloed ownership of the program where there is no strong champion for program advancement. The findings on ROI and effectiveness ratings which follow could offer these program respondents ammunition for further consideration of automation.
- Reactive: We address issues as they arise, but do not have a formal program in place. Basic: We do initial screening of some high risk or key third parties at the start of our engagement, but don’t dig into their own partnerships or continuously monitor third party engagements. We are adopting a set of processes and capabilities. Maturing: We do initial screening of all of our third parties at the start of our engagements with them, but don’t monitor them beyond those initial screenings, OR we screen the majority of our third parties and maintain a structured monitoring program on them (once a year, once every two years). We are operationalizing our third party program. Advanced: We screen and continuously monitor all of our third parties. We use an automated system to help manage these processes, and we measure performance to allow us to continuously optimize our program. We conduct enhanced levels of due diligence for higher risk third parties. Our third party systems integrate with other operational systems (such as Finance, Procurement, Legal, etc.).
- Organizations with Maturing / Advanced programs are much more likely to use automated systems than those with Reactive / Basic programs. While not surprising, the combination of these two is a trend that we expect to see in coming years, especially as organizations expand their third party engagements and legal and regulatory risks increase. Automation is almost a given to effectively manage the thousands or tens of thousands of third parties headquartered and deployed around the globe, to ensure risk-based due diligence, obtaining and tracking certifications, managing documentation and continuous monitoring recommended by The Resource Guide and others.
- More importantly, it identifies the RIGHT red flags. Fewer false positives, more accurate, consistent and centralized reporting.
- Here are some additional resources from NAVEX Global - if you download the slides, these links will be live and you can click to go to these resources. Also, if you hover over the icons in your console below, you’d find links to some of these resources as well.