In today’s day and age, companies are constantly looking for ways to create a competitive advantage over their competitors. One common strategy is to collaborate with various partners such as suppliers, vendors, etc. But the increase in collaborations with partners doesn’t occur without the potential of risk that can significantly damage the company’s brand and reputation, lead to regulatory penalties, and can ultimately miss their customers’ expectations which can impact the health of the business overall.
In order to avoid these pitfalls and to leverage this strategy to deliver maximum value, it’s critical for companies to not only have complete visibility into the potential risks of third-party collaborations but also have a complete understanding of how to best manage risk based on its appetite for risk.
Benefits of a properly management third-party collaboration strategy can result in:
- Enhanced understanding and appreciation of shared business goals;
- Improved alignment of services to business goals;
- Protection against poor service delivery through more fluid relationship management;
- Improved competitive advantage through efficiency gains and knowledge sharing;
- Reduced cost by selecting the right relationships that work cost-efficient and offering the right to audit.
Other than having good internal governance over the third-party relationships by appointing board level ownership and implementing policies and procedures, companies can also consider implementing a Third-Party Audit Program.
The Case for a Third-Party Audit Program
To audit or not to audit? Many companies don’t even consider this question of the perception of audit programs are generally negative, as companies are afraid that these programs will disrupt the normal course of business and hurt vendor and supplier relationships.
However, if executed properly, implementing a third-party audit program to evaluate the compliance of targeted high-risk third-party relationships can bring value to both partners by:
Strengthening of the relationship between the partners, thereby improving trust and agreeing to mutually beneficial improvements in the current way of working;
- Improving the mutual understanding and awareness of relevant contractual clauses and possible underlying interests;
- Resolving potential misalignments or different interpretations of contractual clauses;
- Highlighting opportunities to align contract incentives, allowing both parties to get more value out of the contract and possibly increase more volume as a result.
The Anatomy of the Audit Process
The audit process consists of five phases:
- The third-party, client, and audit partner should first agree to the inspection timeline.
- Then the audit partner should send a data request customized for the risks specific to the third-party and discusses with the third-party to ensure each request is understood and will be provided.
- The third-party should then prepare an information request for the inspection and provide the data to the audit partner.
- The audit partner then analyzes the data prior to any fieldwork is performed to ensure fieldwork time is used as efficiently as possible for both the audit partner and the third-party.
- The audit partner will also ask any questions they have on the data provided to them and may request additional data if needed.
- The third-party provides all remaining requested information onsite.
- The audit partner then performs interviews, analyzes the results, and performs additional onsite inquiries with the third-party.
- The audit partner should then provide preliminary observations at the end of the fieldwork.
4. Follow Up:
Once the fieldwork is completed, the audit partner will wrap up the audit and follow up on remaining open items and requests (if any).
At the end of the audit, the audit partner should provide a draft report to the third-party for review and feedback to ensure they are aware of the third-party’s position before a conference call with all parties takes place.
- The third-party then provides review comments on the draft observations and the audit partner will then send the report to both the client and third-party.
- Finally, the third-party, client, and audit partner should have a conference call to discuss the findings and close out the audit.
Getting Started: Asking the Right Questions
Not all companies require a formal third-party risk management and vendor audit program. Here are some basic questions to ask yourself to determine how dependent you are on your third-party relationships:
- How do you validate information flows within your third-party relationships?
- What contracts include variable elements, e.g., based on activity?
- What is the level of effectiveness of your business controls to evaluate your third parties?
- Do you have business relationships where trust is not where it should be (vendors, distributors, customers, etc.)?
- Have you had revenue leakage or control concerns with business relationships?
- Is your brand reliant upon the behavior of your third-party relationships?
- Does your business model rely on the effectiveness, efficiency, and propriety of others?
A Trusted Partner to Maximize Value from Vendors
At Connor Consulting, our deep experience in compliance and third-party audit allows us to help companies build robust risk management and audit programs that deliver value to all parties involved.
We work with a wide range of vendor compliance audits to identify over-billings, non-compliance with service-level agreements and contractual requirements resulting in recoveries and risk mitigation to the organization. Working with us, clients are able to identify issues and put a plan in place to bring performance in line. The results are an improvement in overall spend, and an ROI ratio between 4:1 and 6:1 from their work with us.
If you’re interested in getting to know more about Third Party Risk Management and Audit at Connor Consulting and how we can help you maximize vendor and supplier value, please contact us today.
Joey Otten is a senior manager at Connor Consulting Corporation. Joey has over 10 years of experience in financial audit and conducting business partner compliance audits across multiple industries. He has managed hundreds of audits and helped numerous companies collect lost revenue and improve their control environment and third-party or vendor base relationships. Connor Consulting has global teams with an average experience of 10+ years that specialize in IP royalty audits, third-party review, contract compliance, and software asset management and license compliance.