SlideShare a Scribd company logo

Third-Party Risk Management

M
Mark Scales

This document discusses managing risks associated with third party relationships. It begins by highlighting media stories about issues with government outsourcing contracts, such as overbilling. A survey found that reducing costs is the top business driver for using third parties. The document then examines case studies of the Australian Department of Defense's Air Warfare Destroyer project and Collins Class submarines, which experienced delays, cost overruns, and replacement of contractors due to third party issues. It concludes by outlining a framework for initiating, formalizing, performing, and monitoring third party relationships to better manage associated risks.

1 of 14
Download to read offline
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial AdviceAudit | Tax | Advisory | Financial Advice Managing Third Party Risk Robyn Cooper and Mark Scales 29 January 2015
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Don’t get yourself in the headlines! “Outsourcing and procurement in Audit Commission crosshairs” “Horror stories of gov’t outsourcing to greedy private companies” “Taxpayers are getting fleeced” “Government exposed to fraud after serious failings on managing outsourcing contracts” “Australia: Outsourcing responsibility: risks of giving government contractors too much autonomy” “National Audit Office finds five contracts are being investigated and warns there could be more cases of overbilling”
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Third Party Risk Research Study Results – CFO Magazine 3% 14% 17% 17% 19% 24% 36% 51% Other Providing on the ground resources in new markets or geographies Providing inputs to support our own production or operations Reducing or managing my company's risk Providing goods/ services that are unrelated to our core business Adding capacity to expand the business Providing core service capabilities or expertise that we currently lack Reducing costs What do you expect to be the top business drivers for your company’s use of third parties over the next two years?
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Case Study – Department of Defence “Collins Class submarines put Australian defence in ‘dark place’ not being able to deploy for five months.” “Royal Australian Navy is facing a massive cost blowout of about $800 million for three powerful Air Warfare Destroyers.”
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lateline Report on Air Warfare Destroyer Project http://www.abc.net.au/lateline/content/2014/s3952302.htm
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Consequences Air Warfare Destroyer: §  Project 2 years behind schedule and $350M over budget, an improvement from the $800M midway through the project. §  Key contractor ASC replaced by BAE Systems. Collins Class Submarines: §  Australia to buy submarines, likely from Japan, rather than utilising Australian manufacturing industry.
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lessons Learned §  “A more commercial approach to contracting, risk management and risk transfer is required” §  More comprehensive due diligence and risk assessment §  More clearly articulated service level expectations §  More investment in monitoring third party performance to identify issues in a timely manner
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform Monitor Managed Third Party Risk InitiateFormalise Managed Third Party Risk §  Need identified §  Evaluation of relationships §  Due diligence & risk assessment §  Performance §  Risk §  Organisational changes §  Contracts and agreements reviewed §  Service levels and expectations set §  Exchange of data, goods and services §  Invoicing and payment
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Initiate §  Needs identification (e.g. technical specification, information requirements, resource skills and expertise, budget) §  Due diligence (e.g. financial, historical and legal records of incidents and issues) §  Risk Assessment (e.g. defined risk appetite, inherent risk of third party, risk mitigation activities / controls) §  Evaluation of relationships (e.g. conflicts of interests, links to criminal or terror groups)
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Formalise §  Training your Third Party (e.g. code of conduct, policies and procedures, etc.) §  Undertaking an upfront systems review to assess internal control environment of the third party §  Health Check over systems and processes to ensure alignment between parties §  Contracts and agreements established in consultation with experts where required (e.g. legal) §  Service levels and expectations set and reflected in the contract
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform §  Monitoring of changes to legal and regulatory environments “Even successful business relationships experience issues and incidents.” §  Mechanisms for reporting issues or incidents §  Processes and systems for investigation and resolution of issues that arise §  Collaboration and communication between both sides of the relationship §  Collection and management of all communications to provide a historical record
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Monitor §  Performance of independent audits on an ongoing basis §  Regular reviews performed by the Commercial team to ensure compliance with the contract §  Annual attestation by Third Party of compliance with code of conduct and established policies §  Ongoing monitoring of risk indicators (e.g. scoring of risks, tracking of risk action plans)
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Build Risk Expertise Defined Responsibilities Perform Health Checks Monitor and Test Compliance Standardised Processes and Agreements Better Practice – Third Party Risk Management Train your Third Party Extend your ‘speak-up’ culture
Audit | Tax | Advisory | Financial Advice For further information Disclaimer Crowe Horwath (Aust) Pty Ltd is a member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath is a separate and independent legal entity. Liability limited by a scheme approved under Professional Standards Legislation (other than for the acts or omissions of financial services licensees) in each State or Territory other than Tasmania. ABN 84 006 466 351 Robyn Cooper Principal, Internal Audit Brisbane Tel +61 7 3233 3496 robyn.cooper@crowehorwath.com.au Mark Scales Associate Principal, Internal Audit Brisbane Tel +61 7 3233 3500 mark.scales@crowehorwath.com.au Tel 1300 856 065 www.crowehorwath.com.au The relationship you can count on

Recommended

Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
EDR
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk Managment
PivotPointSecurity
 

Recommended

Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
EDR
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk Managment
PivotPointSecurity
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
Compliance Consultant
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
EC-Council
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
Sam Carr
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programme
Quan Risk
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
Max Neira Schliemann
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
3Sixty Insights
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020
Richard Swartzbaugh
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
Manoj Agarwal
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
it grc
it grc it grc
it grc
9535814851
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
ethiXbase
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation Slides
SlideTeam
 
10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management
Colleen Beck-Domanico
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
Invensis Learning
 
Organization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesOrganization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesChris Garbett
 
12JA-ISPE
12JA-ISPE12JA-ISPE
12JA-ISPEGeert Crauwels
 

More Related Content

What's hot

Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
Compliance Consultant
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
EC-Council
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
Sam Carr
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programme
Quan Risk
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
Max Neira Schliemann
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
3Sixty Insights
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020
Richard Swartzbaugh
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
Manoj Agarwal
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
it grc
it grc it grc
it grc
9535814851
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
ethiXbase
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation Slides
SlideTeam
 
10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management
Colleen Beck-Domanico
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
Invensis Learning
 

What's hot (20)

Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programme
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
it grc
it grc it grc
it grc
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation Slides
 
10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 

Viewers also liked

Organization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesOrganization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesChris Garbett
 
Superheroes are real
Superheroes are realSuperheroes are real
Superheroes are real
abdulg99
 
Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01
kuntapradeepreddy
 
Property Times October 2014
Property Times October 2014Property Times October 2014
Property Times October 2014
Media Labs LLC / Propertyonline.ae / Property Times Magazine
 
Rencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le ProgrammeRencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le Programme
Guillaume Barucq
 
Debate
DebateDebate
Debate
kpFasna
 
Property Times Media kit 2014
Property Times Media kit 2014Property Times Media kit 2014
Property Times Media kit 2014
Media Labs LLC / Propertyonline.ae / Property Times Magazine
 
Ponce De Leon Vocabulary
Ponce De Leon VocabularyPonce De Leon Vocabulary
Ponce De Leon VocabularyShauna McCarthy
 
chuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcmchuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcmshizuko401
 
Healthcare considerations in Ramadan
Healthcare considerations in RamadanHealthcare considerations in Ramadan
Healthcare considerations in Ramadan
abdulg99
 
Identitatealuipascal1
Identitatealuipascal1Identitatealuipascal1
Identitatealuipascal1
colceralina
 
Property Times eMagazine November 2014
Property Times eMagazine November 2014Property Times eMagazine November 2014
Property Times eMagazine November 2014
Media Labs LLC / Propertyonline.ae / Property Times Magazine
 
Tree of Business
Tree of BusinessTree of Business
Tree of Business
treeofbusiness
 
E learning
E learningE learning
E learning
nisaiims
 
Faith needs for detainees in police stations
Faith needs for detainees in police stationsFaith needs for detainees in police stations
Faith needs for detainees in police stations
abdulg99
 

Viewers also liked (19)

Organization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesOrganization Chart & Project Responsibilities
Organization Chart & Project Responsibilities
 
12JA-ISPE
12JA-ISPE12JA-ISPE
12JA-ISPE
 
Superheroes are real
Superheroes are realSuperheroes are real
Superheroes are real
 
Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01
 
Property Times October 2014
Property Times October 2014Property Times October 2014
Property Times October 2014
 
Rencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le ProgrammeRencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le Programme
 
Debate
DebateDebate
Debate
 
Property Times Media kit 2014
Property Times Media kit 2014Property Times Media kit 2014
Property Times Media kit 2014
 
Ponce De Leon Vocabulary
Ponce De Leon VocabularyPonce De Leon Vocabulary
Ponce De Leon Vocabulary
 
chuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcmchuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcm
 
Healthcare considerations in Ramadan
Healthcare considerations in RamadanHealthcare considerations in Ramadan
Healthcare considerations in Ramadan
 
Identitatealuipascal1
Identitatealuipascal1Identitatealuipascal1
Identitatealuipascal1
 
Property Times eMagazine November 2014
Property Times eMagazine November 2014Property Times eMagazine November 2014
Property Times eMagazine November 2014
 
Africa Academic Paper 2016
Africa Academic Paper 2016Africa Academic Paper 2016
Africa Academic Paper 2016
 
Tree of Business
Tree of BusinessTree of Business
Tree of Business
 
E learning
E learningE learning
E learning
 
Bab7 software
Bab7 softwareBab7 software
Bab7 software
 
Faith needs for detainees in police stations
Faith needs for detainees in police stationsFaith needs for detainees in police stations
Faith needs for detainees in police stations
 
Bab9 prosedur
Bab9 prosedurBab9 prosedur
Bab9 prosedur
 

Similar to Third-Party Risk Management

ch01_ppt_leung_1e.ppt
ch01_ppt_leung_1e.pptch01_ppt_leung_1e.ppt
ch01_ppt_leung_1e.ppt
AbuBakrSiddique22
 
Due Diligence For Transactions
Due Diligence For TransactionsDue Diligence For Transactions
Due Diligence For Transactions
Piyush Bhandari
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
LexisNexis Benelux
 
1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FA1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FAZowie Murray
 
Creative Accounting and Forensic Accounting
Creative Accounting and Forensic AccountingCreative Accounting and Forensic Accounting
Creative Accounting and Forensic Accounting
DikshyaMahapatra
 
Kiguru and associates company profile
Kiguru and associates company profileKiguru and associates company profile
Kiguru and associates company profile
Vincent Kadima
 
Chap001.ppt
Chap001.pptChap001.ppt
Chap001.ppt
ZeeshanHaider252119
 
Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1
JRA & Associates
 
Dawgen Global Services
Dawgen Global ServicesDawgen Global Services
Dawgen Global Services
auditandassurance
 
Audit _Chapter 1.ppt
Audit _Chapter 1.pptAudit _Chapter 1.ppt
Audit _Chapter 1.ppt
ZimMuhammadJunaeidHo
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013Nidhi Gupta
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013Nidhi Gupta
 
Forensic Audit.pptx
Forensic Audit.pptxForensic Audit.pptx
Forensic Audit.pptx
mainuddinbhuiyan4
 
Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015
Fernandes Anthony
 
Steelbridge Compliance Brochure
Steelbridge Compliance BrochureSteelbridge Compliance Brochure
Steelbridge Compliance Brochuredniknejad
 
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...Rachel Hamilton
 
2015 SEC National Examination Program Priorities
2015 SEC National Examination Program Priorities2015 SEC National Examination Program Priorities
2015 SEC National Examination Program PrioritiesCliff Busse
 

Similar to Third-Party Risk Management (20)

ch01_ppt_leung_1e.ppt
ch01_ppt_leung_1e.pptch01_ppt_leung_1e.ppt
ch01_ppt_leung_1e.ppt
 
Due Diligence For Transactions
Due Diligence For TransactionsDue Diligence For Transactions
Due Diligence For Transactions
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
 
1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FA1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FA
 
Creative Accounting and Forensic Accounting
Creative Accounting and Forensic AccountingCreative Accounting and Forensic Accounting
Creative Accounting and Forensic Accounting
 
conferences.aicpa.org
conferences.aicpa.orgconferences.aicpa.org
conferences.aicpa.org
 
Kiguru and associates company profile
Kiguru and associates company profileKiguru and associates company profile
Kiguru and associates company profile
 
Chap001.ppt
Chap001.pptChap001.ppt
Chap001.ppt
 
Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1
 
Dawgen Global Services
Dawgen Global ServicesDawgen Global Services
Dawgen Global Services
 
Audit _Chapter 1.ppt
Audit _Chapter 1.pptAudit _Chapter 1.ppt
Audit _Chapter 1.ppt
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Forensic Audit.pptx
Forensic Audit.pptxForensic Audit.pptx
Forensic Audit.pptx
 
Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015
 
Steelbridge Compliance Brochure
Steelbridge Compliance BrochureSteelbridge Compliance Brochure
Steelbridge Compliance Brochure
 
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
 
2015 SEC National Examination Program Priorities
2015 SEC National Examination Program Priorities2015 SEC National Examination Program Priorities
2015 SEC National Examination Program Priorities
 

Third-Party Risk Management

  • 1. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial AdviceAudit | Tax | Advisory | Financial Advice Managing Third Party Risk Robyn Cooper and Mark Scales 29 January 2015
  • 2. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Don’t get yourself in the headlines! “Outsourcing and procurement in Audit Commission crosshairs” “Horror stories of gov’t outsourcing to greedy private companies” “Taxpayers are getting fleeced” “Government exposed to fraud after serious failings on managing outsourcing contracts” “Australia: Outsourcing responsibility: risks of giving government contractors too much autonomy” “National Audit Office finds five contracts are being investigated and warns there could be more cases of overbilling”
  • 3. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Third Party Risk Research Study Results – CFO Magazine 3% 14% 17% 17% 19% 24% 36% 51% Other Providing on the ground resources in new markets or geographies Providing inputs to support our own production or operations Reducing or managing my company's risk Providing goods/ services that are unrelated to our core business Adding capacity to expand the business Providing core service capabilities or expertise that we currently lack Reducing costs What do you expect to be the top business drivers for your company’s use of third parties over the next two years?
  • 4. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Case Study – Department of Defence “Collins Class submarines put Australian defence in ‘dark place’ not being able to deploy for five months.” “Royal Australian Navy is facing a massive cost blowout of about $800 million for three powerful Air Warfare Destroyers.”
  • 5. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lateline Report on Air Warfare Destroyer Project http://www.abc.net.au/lateline/content/2014/s3952302.htm
  • 6. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Consequences Air Warfare Destroyer: §  Project 2 years behind schedule and $350M over budget, an improvement from the $800M midway through the project. §  Key contractor ASC replaced by BAE Systems. Collins Class Submarines: §  Australia to buy submarines, likely from Japan, rather than utilising Australian manufacturing industry.
  • 7. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lessons Learned §  “A more commercial approach to contracting, risk management and risk transfer is required” §  More comprehensive due diligence and risk assessment §  More clearly articulated service level expectations §  More investment in monitoring third party performance to identify issues in a timely manner
  • 8. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform Monitor Managed Third Party Risk InitiateFormalise Managed Third Party Risk §  Need identified §  Evaluation of relationships §  Due diligence & risk assessment §  Performance §  Risk §  Organisational changes §  Contracts and agreements reviewed §  Service levels and expectations set §  Exchange of data, goods and services §  Invoicing and payment
  • 9. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Initiate §  Needs identification (e.g. technical specification, information requirements, resource skills and expertise, budget) §  Due diligence (e.g. financial, historical and legal records of incidents and issues) §  Risk Assessment (e.g. defined risk appetite, inherent risk of third party, risk mitigation activities / controls) §  Evaluation of relationships (e.g. conflicts of interests, links to criminal or terror groups)
  • 10. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Formalise §  Training your Third Party (e.g. code of conduct, policies and procedures, etc.) §  Undertaking an upfront systems review to assess internal control environment of the third party §  Health Check over systems and processes to ensure alignment between parties §  Contracts and agreements established in consultation with experts where required (e.g. legal) §  Service levels and expectations set and reflected in the contract
  • 11. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform §  Monitoring of changes to legal and regulatory environments “Even successful business relationships experience issues and incidents.” §  Mechanisms for reporting issues or incidents §  Processes and systems for investigation and resolution of issues that arise §  Collaboration and communication between both sides of the relationship §  Collection and management of all communications to provide a historical record
  • 12. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Monitor §  Performance of independent audits on an ongoing basis §  Regular reviews performed by the Commercial team to ensure compliance with the contract §  Annual attestation by Third Party of compliance with code of conduct and established policies §  Ongoing monitoring of risk indicators (e.g. scoring of risks, tracking of risk action plans)
  • 13. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Build Risk Expertise Defined Responsibilities Perform Health Checks Monitor and Test Compliance Standardised Processes and Agreements Better Practice – Third Party Risk Management Train your Third Party Extend your ‘speak-up’ culture
  • 14. Audit | Tax | Advisory | Financial Advice For further information Disclaimer Crowe Horwath (Aust) Pty Ltd is a member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath is a separate and independent legal entity. Liability limited by a scheme approved under Professional Standards Legislation (other than for the acts or omissions of financial services licensees) in each State or Territory other than Tasmania. ABN 84 006 466 351 Robyn Cooper Principal, Internal Audit Brisbane Tel +61 7 3233 3496 robyn.cooper@crowehorwath.com.au Mark Scales Associate Principal, Internal Audit Brisbane Tel +61 7 3233 3500 mark.scales@crowehorwath.com.au Tel 1300 856 065 www.crowehorwath.com.au The relationship you can count on