EY Third Party Risk Transcript - Ernst & ?· EY Third Party Risk – Transcript Diana - ‘Third parties…
Post on 28-Jun-2018
Embed Size (px)
EY Third Party Risk Transcript Diana - Third parties are the vendors, agents or business partners who interact with, or in certain ways, on behalf of the organizations. And they become the extension of a companys business and brands. Chris - Third party risk is very important as companies increasingly use third parties, agents and intermediaries to help them to enter into new markets, into new geographies. Weve seen increased regulation and enforcement in relation to fraud and corruption in Asia Pacific. And quite often this is scrutinizing the action of third parties. Within the US, ninety percent of corruption investigations have involved scrutiny of third party actions. Diana - Any breach of third party performance may not only cause financial damages, but that would also mean a loss of new business opportunities while the company is undergoing investigation, there will be diversion of management time and effort to deal with the crisis, or there may be risk of class action litigations and cost of remediation. The CFOs should work with the executive team to invest and develop due diligence procedures prior to any engagement of any high-risk third parties and also to develop monitoring procedures such as conducting regular compliance audits. Chris - In undertaking the due diligence process around the retention of third parties, CFOs need to know what the business rationale is for the retention of that third party. They need to know that the due diligence goes deep enough and looks beyond simply the financials of the third party but also the business relationship, the beneficial ownership of that third party and its reputation in the market. Diana There are other questions that we need to consider - who else are these third parties doing business with, what does their data protection look like, is there any prior record of misconduct? Chris - CFOs need to ensure that the companys ethical compliance standards are extended to the operations of third parties working on behalf of the company. Diana - Forensic data analytics can be deployed to rank thousands of third parties in an efficient way, to focus their efforts to deal with the high risk third parties and to consider whether more in-depth due diligence should be done, and whether any audit risks should be incorporated into the arrangement with the third parties.
Chris Companies that are successful in monitoring the activities of third parties use technology, using the data they have available to them across the enterprise. Diana Risk can come from new or existing partners. So a company needs to assess third party relationships on a continuous basis. If issues are not happening today, it doesnt mean that they wont happen tomorrow.