Third Party Risk and Compliance: Screen potential partners effectively with policyIQ Forms

The subject of third party risk and compliance continues to be a hot topic for our clients and for companies around the world. This past spring, third party risk was one of the key topics at the 2014 Compliance Week conference, and continues to be top of mind. One way that our clients have been using policyIQ to help mitigate third party risk is by utilizing policyIQ forms for the screening of new potential partners, vendors, suppliers and other third parties.

Almost every organization requires these third parties to go through some level of screening process before beginning a business relationship. Sometimes this process is decentralized and informal, leading to poor decisions or poorly documented decisions that cannot stand up to an audit review. Other times the process is highly bureaucratic and complex, which slows down the ability for the business to move forward with important partnerships.

policyIQ can help you to create a process for screening third parties that is consistent, sustainable, and takes a risk-based approach.

Typically we have seen this process administered by a compliance or legal team, however each organization can choose how much of the footwork is pushed down to the business owner of the proposed relationship. If your compliance “team” consists of just one or two individuals, the compliance role will be to review the information gathered and the decisions made by your business owners.

Use policyIQ Forms to quickly issue a questionnaires to:

  • Third party contact person.
  • Internal relationship owners.

The third party questionnaire might ask for company details, as well to request documentation, such as:

  1. W-9 or other formal supplier profile;
  2. policy documents related to key issues such as information security/privacy, supply chain compliance, or anti-corruption;
  3. references for other customers with similar relationships; and
  4. financial reports.

Internal questionnaire should capture information such as:

  1. the purpose of the relationship,
  2. the benefit to be derived,
  3. the options (or lack of options) for other third parties to fill the same need, and
  4. due diligence documentation, such as
    1. background check,
    2. credit check, or
    3. financial reports.

These questionnaires may be submitted to your compliance team, often along with an initial assessment by the relationship owner of any potential risks.  For specific types of partnerships – or those that are expected to involve more than a defined threshold of transactions – additional detail may be required.  After a thorough review, compliance can confirm the viability of the relationship. To finalize the process, a final attestation may be sent out to the newly approved third party to let them know of their approval – and to require their formal sign-off on a statement of compliance. (This may include signing off on key policies or agreeing to standard terms.)

Let us help you to build a process that works for you!

The process outlined above is just one example of how you can use policyIQ for third party screening. We can help you to build your process, or to define a more efficient process.  If you need a little help confirming that your third party screening process is truly managing your risks and will hold up to regulatory audits, our RGP consultants can help you to review and refine that process, as well. Contact us today and let’s get started!

This entry was posted in Industry News, Solutions and tagged by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s