Why Is Third Party Risk Management Important?

Similar documents
Risk Advisory Services Developing your organisation s governance for competitive advantage

Transforming authentication for a digital age

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise

Managing Tax. Balancing current challenge with future promise Session 5. The Grand Hyatt, Singapore 16 February 2017

Accounting for revenue under MFRS 15 Achieving a head start

Global Treasury Advisory Services Creating Value with Innovation

Internal Audit of the Future Evolution of Internal Audit Due to Digitisation. Cheryl Khor Asia Pacific Operational Risk Leader Deloitte

Model Risk Management A Southeast Asia Perspective

Business advisory services Business solutions that bring you forward. Malaysia

Asia Pacific Life Sciences Compliance Survey 2018 Executive Summary

Sustainability Services Driving responsible growth

Managing employee mobility in Southeast Asia Global perspective. Local insight.

DICA Corporate Governance Workshop. Separation between Board and Management: Good Practices and Benefits 12 July 2017

Third Party Risk Management ( TPRM ) Transformation

2017 Tax Management Consulting Conference Tax technology. Deloitte, Kuala Lumpur 12 July 2017

Deloitte Forum 2017: Global and Thailand Economic Outlook and How Disruptive Innovations Affect Your Competitive Landscape

Turning risk into opportunity Third Party Governance & Risk Management

Anti Money Laundering (AML) Advisory Services Effective solutions for complex issues Deloitte Malta, 2017

Going beyond risk and compliance: Legal functions embracing digital

Extended enterprise risk management: New perspectives on a growing imperative The Dbriefs Governance, Risk, & Compliance series

Extended Enterprise Risk Management

Are you getting the Software Asset Management services you pay for? Conducting a contractual compliance inspection of your SAM third party suppliers

How to build construction management processes

Shared Services Trend Workshop Timothy Ho 20 July 2017

Taking labs to the next level with cloud and IoT VELP Scientifica tightens the customer connection

Shine a light on media accountability

MANAGEMENT. STARTUP-ify your HR Infuse your HR and Talent Management with the agile spirit of start-ups! DEPARTMENTS PUSH-START TALENT MANAGEMENT

Internal Audit Procurement Policies and Controls

EMEA TMC client conference Tax Operating Model defining your tax resourcing, governance and technology approach. The Crystal, London 9-10 June 2015

Health care professionals payment transparency in Ontario Prepare for province s version of Sunshine Act

Deloitte Legal Department Health Review Approach to Strategic Planning

Generating value within the Risk Ecosystem Risk powers performance

Day 2: Session 5 Invoice Management

The digital fund lifecycle

The Robots Are Here! RPA Services in Greece

IFRS 16 Technologies 12 June 2018

The past, present and future of service organization control reporting

Global Trade Radar How to leverage what tax authorities and forward-looking companies are doing in customs and global trade. Global Trade Radar

Financial Advisory. Valuation Services. Life Science Industry

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Third Party Vendor Management and FDR Compliance

Human Capital Business led. People driven.

Software Asset Management Reducing costs, mitigating risk, gaining control. Ninety years in the Middle East

Enabling SAP Extended Warehouse Management Retail goods distribution reimagined

Audit quality Independent Audit

Deloitte Consolidation & Close Transform your financial consolidation and close.

Millennials and the future of financial planning. March 3, 2017

Ensuring Organizational & Enterprise Resiliency with Third Parties

CAPITA PLC SUPPLIER REQUIREMENTS STANDARD

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

HR Metrics and Model for Modern Times

Mitigating compliance risk Implications for global supply chains

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

ISACA San Francisco Chapter

Deloitte Forensic Capability Statement

Author: Mark Casey Additional Contributors: Mariana Carroll Jon Hoehler

Transforming lives in Africa. Deloitte s African Footprint

Modern slavery. New reporting obligations on large companies to ensure supply chains are slavery free. October 2015

Q1 Please select the primary industry in which your company operates.

Key Considerations in Payroll Management: The View from APAC

Key Considerations in Payroll Management: The View from APAC

Enterprise compliance Acting on today s risks to avoid tomorrow s crises

Effective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter:

Capital Projects in Africa Achieving successful delivery using effective tools

Are Containers the New Golden Hammer? Tracy Bannon Lori Olson

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

Chemical industry Deloitte CIS Research Centre 2018

Contract Risk and Compliance & Warranty Fraud. David Maberry Chief Risk Officer American Fidelity Assurance Company

Internal audit insights High-impact areas of focus

Risk Advisory Services Our common storefront. Risk Advisory Services Our common storefront

The Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation

Infrastructure and Capital Projects

Deloitte in Kazakhstan Sharing your aspirations of growth. Deloitte Kazakhstan, 2015

PSD2 DATA FINTECH MARKETPLACE AISP CUSTOMER AWARENESS ALLIANCES MOBILE ECONOMY PISP API DIGITAL COMPLY REVENUE RTS SCORING BANKING STRATEGIC

Summary of disclosures Global Reporting Initiative (GRI) Content Index

Insight on financial crime: Challenges facing financial institutions

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Conquering complexity in the customer experience

Global Trade Advisory M&A Deloitte Tax LLP

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

Board Evaluation Is your Board ready for SREP governance reviews? Deloitte Malta Risk Advisory - Banking

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

Mining Solutions Driving innovation in mining

IFRS 17 Vendor Solutions Event. 4 October 2018

The modern solution for insurance carriers Designed for the insurance industry

Internal Business Review The Deloitte methodology. Deloitte Malta Risk Advisory - Banking

Employment law services in Kazakhstan

Supplier Risk Management. Do You Really Have the Right Level of Visibility to Minimise Risk?

Due for a transformation Accounts payable optimization with machine learning

Fabrice BRECHET, Founder and Managing Director

It's your business Take control. Controlling services

Global payroll management. February Tax

Logistics & Distribution: Revenue driver or necessary evil? Deloitte Introduction. Logistics & Distribution A source of competitive advantage

Growing opportunity, growing business. EY s financial services practice in ASEAN

Sourcing Trend Management Evaluating and Optimizing the Sourcing Operating Model

Automotive Industry Outlook 2017 Survey

Cultivating a Risk Intelligent Culture A fresh perspective

Extended Enterprise Risk Management

VENDOR RISK MANAGEMENT FCC SERVICES

Transcription:

Third Party Risk Management Managing Risks in Your Extended Enterprise

Why Is Third Party Risk Management Important? It is not a new concept for organisations to engage with third parties for the provision of products and services, so why has third party management become so important? Organisations in regulated industries continue to rely on the extended third parties to enable mission critical services, which in turn, can increase business exposures. With heightened and reinforced regulatory expectations in third party management, it is imperative to have capabilities at hand to continuously monitor and manage third party risk and performance. There are a number of factors driving organisations to place increased importance on third party risk which can be broadly grouped into the following areas: Regulation Market condition Reputational impact Technology Overseas providers Specialist supplier 2

More Than Enterprise Risk Management Your enterprise risk goes beyond the ecosystem in which your organisation operates. A network within a network Your enterprise risk goes beyond the ecosystem in which your organisation operates, because your success is dependent upon a complex network of your third-party relationships. Fourth parties Tier 1-N suppliers Contract manufacturing Inventory planning Shipping Brokers/ Agents Infrastructure and application support Hosted vendor solutions Ceritification bodies Labs Logistics Sourcing Legal Technology Disaster recovery Licensing R&D Franchise Joint ventures Organisation Licensed vendor soulutions Insurance Sales agents Marketing Hardware lease Distributors Distribution and sales Customer Facilities Human Resources Loyalty partners Customer support Recruiting Benefits providers Payroll processing Advertising agency Media ad sales Call center Warranty processing Office products Waste disposal Cleaning Contractors 3

Why are third party risks important? There are a number of factors driving organisations to place increased importance on third party risks. Regulation Increased focus on third party risk by global regulators Market Condition Global recession driving outsourced operations of core and non-core activities Reputational Impact Required ability to proactively identify potential supplier/ vendor delivery/ performance/ contractual failure before they happen Technology Enhancements in technology, leading to data being shared and/ or stored in the cloud Overseas Providers Increasing use of offshore outsourcing and supplier networks, leading to increased level of regulatory risk Specialist Suppliers Organisations reliance on products/services from specialist suppliers 4

Engaging Third Parties in Your Critical Services Third parties engaged to enable your mission critical services can increase your business exposures. Heightened regulatory expectations require you to continuously monitor and manage your third party risk and performance. Common third party risk drivers Types of third parties Regulatory non-compliance Non-performance by third parties Supply side Sourcing & procurement Vendor management Lack of ownership internally Lack of visibility Contract s lack key clauses Revenue Cost base Operations Income R&D IT Facilities management Licensees Your organisation Distribution Sales 5

Third Party Risk Categories Risks associated with third party relationships are scattered across the various segments of your business. Non-compliance of financial terms Third party integrity Financial/ reputational Weak financial terms Tariffs and taxes Foreign exchange and currency Violation of labour rights Bribery and corruption Resilience Insolvency Failure to supply product or service Operational Substandard quality Information risk (accuracy, timeliness relevance) Data breach Shortfall in quantity Missed delivery dates Risks Categories Financial/ Reputational Operational Legal and regulatory Risk that the third party will have a detrimental effect on the financial success or reputation of the entity Risk that the third party will cause disruption to the operations of the entity Risk that the third party will impact the entities and/or the third parties compliance with local legislation, regulation or the agreements in place between the parties Unenforceable contract clauses Legal and regulatory Excessive contract complexity Fraud Unauthorised or improper use of IP Contracts do not reflect regulatory environment 6

Common Third Party Risks Third party relationships carry key risks that may have significant impact on your business operations. Resilience There are no checks to ensure that business continuity plans have been completed and tested. Solvency There is no business-wide ongoing monitoring of third parties solvency and therefore there is limited visibility of third party solvency and financial viability. Solvency Resilience Health, safety and environment Health, safety and environment There are limited processes to require contracts to include health and safety standards or requirements, the lack of which may expose the business to HSE claims. Security The business does not have adequate visibility as to whether third parties are compliant with physical and information security policies, some of which are client requirements. This can increase with further outsourcing. Regulatory There is no central visibility of third party compliance with data protection act requirements, this increases the risk of breach by third parties, for which the business may be liable. Security Regulatory Corporate responsibility Risk Areas Corporate Responsibility There are no processes in place to consult with stakeholders from the corporate responsibility department in order to require third parties to protect the business brand and compliance with issues such as the SGX Sustainability Reporting Guide. Integrity Intellectual property Billing and performance Intellectual property Contracts are not consistently passed through IP or legal teams to protect our intellectual property from theft or misuse by third party suppliers. Billing and performance There is limited ongoing monitoring of supplier compliance against contractual terms and conditions. As a result, suppliers may be raising inaccurate charges or failing to meet performance standards through contractual non-compliance. Integrity There are no processes in place to: Ensure AML, KYC, CDD clauses are included within contracts. Conduct supplier due diligence. Ensure audit rights are inserted into third party contracts. Inspect on-going compliance with policies. As a result there is potential exposure to legal prosecution in the event of a breach by a third party supplier. 7

Common Concerns on Third Party Risk Management Affiliates How should affiliate relationships be assessed and managed in the same way as external third parties? Are any risks not relevant/heighted in an affiliate? Can risks posed by affiliates be assessed centrally and use results of IA reports? Subcontracting How do you identify subcontractor relationships? Do you approve the terms of subcontractor engagement? Do you assess a subcontractor directly or get assurance around how a third party assesses its third parties? Criticality How do you define critical? How do you identify critical services/third parties? What is the impact of critical services on your business? Completeness How do you identify the full third party population? How do you identify what services those third parties provide? How do you locate all of the contracts with third parties? Role of Internal Audit What involvement should IA have in framework design? Should IA teams undertake third party inspections? What third party risk audits are on your IA plans? TPRM technologies What are the key requirements for a TPRM solution? How do you determine if we should buy or build a solution? How could external market solutions provide support? 8

How Deloitte Can Help You We are ready to support you in your third party management effort in these areas to enable benefits realisation. Assess the design and implementation of your enterprise risk management program and operating model, incorporating third party risks and responses Conduct due diligence, third-party assessments and proactively review your risks and opportunities, and regular checks on your responses to risks Leverage technology, innovative analytics and tools to transform and continuously enhance your third party risk management practice Review and enhance your third party relationships to identify potential cost savings Benefits More visibility into environment, operation, or performance of third parties Complete understanding of risks associated with third-party relationships More effective means of assessing and monitoring third-party performance, contractual obligations and expected deliverables Ability to manage or reduce dependency on a large number of third parties for business operations across multiple geographies A holistic view of key processes and controls More visibility and effective oversight over third-party More effective control over third-party access to sensitive data Optimised use and integration of data and technology Optimized use of integrated systems, data repositories, or information sources in managing your third party risk management framework and process More effective use of quantitative information in decision-making related to the extended enterprise 9

Contact Us David Chew Executive Director Deloitte Risk Advisory +65 6216 3271 dchew@deloitte.com Suci Ramadhany Director Deloitte Risk Advisory +65 6800 2555 sramadhany@deloitte.com 10

11

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms. Deloitte provides audit, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500 companies through a globally connected network of member firms in more than 150 countries and territories bringing world-class capabilities, insights, and high-quality service to address clients most complex business challenges. To learn more about how Deloitte s approximately 245,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter. About Deloitte Southeast Asia Deloitte Southeast Asia Ltd a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises. Comprising 290 partners and over 7,700 professionals in 25 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities. About Deloitte Singapore In Singapore, services are provided by Deloitte & Touche LLP and its subsidiaries and affiliates. 2017 Deloitte & Touche Enterprise Risk Services Pte Ltd

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback