There is little doubt that automated third party due diligence systems are in the future for many companies. An automated approach to third party due diligence is a critical risk mitigation tool to help employers avoid lawsuits, dismissal of key personnel, eliminating a supplier or vendor or receiving a fine from a government agency.
After seeing a number of clients moving forward with the transition from manual to automated due diligence processes, I wrote a white paper, How to Go From Manual to Automated Third Party Due Diligence: Ten Steps to Success, to provide some guidance on the process.
The goal of integrating technology into the third party or vendor due diligence process is to make compliance as a whole more efficient and effective. If the transition is handled poorly, a company’s due diligence system may not become embedded properly in their infrastructure. With a thoughtful implementation strategy, the possibilities are nearly endless.
Step One: Creating a Third Party Due Diligence Process Map
The first step for organizations considering automating their third party due diligence processes is to clearly define and document their current processes. In many cases, a diagram is worth a thousand words.
Creating a Third Party Due Diligence Map like the sample one below will help you get your arms around automation possibilities and benefits. As you create your map, ask yourself:
- Which business units complete which tasks?
- Are we duplicating efforts?
- Which components of our process require input from third parties or vendors?
- What approvals are required from whom and at what point in the process?
Step Two: Identify Elements That Could Be Automated
Third party due diligence providers are increasingly leveraging technology to automate due diligence processes and procedures. The reduced complexity, time and cost savings are significant. More importantly, automation forces you to set clearly defined standards. Enforcing adherence to those standards in turn helps organizations avoid bias and error.
Identify processes that could be automated by considering:
- What third party due diligence processes require input from multiple people, such as approval by a committee?
- What third party due diligence processes require information from external parties, such as questionnaires from potential business partners?
- How are updates conducted, such as checking third party business partners against watch lists, politically exposed persons (PEP) databases, etc.?
Additional areas you could consider for automation are: organizing and archiving documents; certification of acceptance of policies (using an automated policy management system like NAVEX Global’s PolicyTech solution); data collection from potential third party business partners; and document access (taking your processes off email). Utilize your Third Party Due Diligence Map to think about each component of your current approach step by step.
Step Three: Evaluate the ROI of Automation
In evaluating the cost-benefit of automation, consider how much time and money is spent on each process. Automation allows you to rebalance the equation, trading monetary resources to save time that may be better spent elsewhere.
- How well are we protected from risk related to all of our third parties and vendors—not just a select few?
- Are our processes being adequately documented so that records can be easily obtained should a government inquiry arise?
- Do human errors result in a slower or inaccurate process? What is the cost of this over time?
- Do logistical delays caused by manual processes reduce the speed of business?
Having a comprehensive, effective third party due diligence program in place is critical in helping organizations avoid costly fines, as well as other non-monetary penalties. Government and industry agencies around the world are scrutinizing organizations’ activity related to their party vendors and ignorance is no longer an excuse. Don’t wait until your organization is in the crosshairs: embrace change and start moving on the path toward automation today.
To schedule a demo of NAVEX Global’s Third Party Due Diligence solution, contact us here or call us at +1 866 297 0224.
Have questions about your third party risk management program or due diligence processes? Comment on this post and we’ll address them here—or feel free to contact us at any time for a consultation.