Outsourcing is a strategic approach for profitability but using a third party service provider has risks beyond operational issues as companies are held accountable for the actions and standards of suppliers. Third party risk management is critical in mitigating such risks.
The advantages of outsourcing include expertise and efficiency. Some common processes which businesses outsource include IT, creative work, logistics, manufacturing, customer support, and more. When tasks are outsourced to vendors, companies can better focus on their core business competencies by leveraging the resources and learning curve of the service providers.
Risks Associated with Outsourcing
However, outsourcing comes with corresponding risks such as breaches of third party data and contracts, lack of quality control, hidden costs, and more. Companies have discovered that third party risk management is necessary to protect their reputation and other aspects of the business from the consequences of suppliers’ poor operational standards and negligence.
One example of a calamity resulting from supplier negligence is the collapse of the Rana Plaza in Bangladesh in 2013 which resulted in the loss of 1,100 worker lives – a disaster which led major clothing retailers in developed nations to re-examine third party vendor risk management as customers began to associate luxury brands with “sweatshops”, pushing supply chain sustainability issues into the spotlight.
Closer to home, the monthly statements of nearly 650 Standard Chartered Private Bank clients were discovered to have been stolen in December 2013 – a full 10 months after the incident. It was discovered that the data theft occurred through a third party printer. This fiasco was one of the contributing factors that led the Monetary Authority of Singapore (MAS) to overhaul existing outsourcing guidelines and risk management policies for financial institutions.
Third Party Risk Management
Third party risk management is becoming increasingly critical in today’s business environment where many processes that were traditionally carried out in-house, are increasingly outsourced.
A robust third party risk management should include:
- Due diligence, such as vetting third party ownership, qualifications, capability to service, etc. Third Party Risk Management
- Risk assessment, including analyses of risks in relation to various service providers. Following this, strategies to minimise or share risks to optimise third party outsourcing arrangements, are recommended.
- Contracting, where third party responsibilities are formalised, and critical risks elements are examined and incorporated into contractual documentations.
- Monitoring, such as performing audits on third party service providers to ensure compliance with agreements and that risks to the organisation have been adequately managed.
There is no ‘one-size-fits-all’ approach for third party risk management. Organisations should seek to develop their own third party risk management programmes using a mix of internal and external resources to meet their requirements after performing a thorough evaluation of their outsourcing risks.
DISCLAIMER: All opinions, conclusions, or recommendations in this article are reasonably held by Baker Tilly at the time of compilation but are subject to change without notice to you. Whilst every effort has been made to ensure the accuracy of the contents in this article, the information in this article is not designed to address any particular circumstance, individual or entity. Users should not act upon it without seeking professional advice relevant to the particular situation. We will not accept liability for any loss or damage suffered by any person directly or indirectly through reliance upon the information contained in this article.
Related content
