The uncertainty triggered by COVID-19 has made it imperative for organizations to recalibrate business risks. As they evolve, businesses progressively employ various third parties, particularly vendors and suppliers, to reduce costs, increase efficiency and exercise specialization. Demand for external parties may arise across various groups within an organization, creating a need to review and manage new risks that the organization will be exposed to. While these risks persist, businesses should focus on aligning such risks with their own strategies and culture to establish a system of co-existence.
A dominant part of any third-party review is preparing or updating the vendor master to determine the volume of third parties contracted by the organization to identify critical business areas that employ such vendors and understanding the extent of dependence on them. An eventual grading of such dependencies may allow the organization to better allay risks associated with them. Grading may be based on certain parameters including business continuity and sustainability in a post COVID-19 ecosystem, ability to service requirements in the long term, impact on delivery timelines, harnessing untapped potential and evaluating exposure to each organization third party suppliers.
In the aftermath of COVID-19, as organizations, including third parties seek to reorganize their businesses, there will be instances of staff retrenchment, reduction in salary and realigning capabilities. Where such factors may limit the vendors’ ability to service their clients at optimal capacity, key questions that will arise include: will your organization be prioritized and serviced if third-party service providers downsize; is it time to diversify the pool and onboard new vendors; and could there be a potential fraud risk due to sub-optimal internal processes? The answers to these questions could lead to organizations either bearing the obligation of onboarding additional vendors or assessing existing ones to mitigate risks and ensure effective internal controls to enable businesses to operate smoothly.
Most offices have moved to remote working platforms, creating an ideal opportunity for cyber criminals leading to higher intensity of cyber frauds, phishing attacks, data theft, ransomware, etc., which affects the entire ecosystem, including your vendors and suppliers. This has raised several important questions: do organizations know the extent to which their vendors are exposed; are third parties able to provide their employees relevant infrastructure to enable them to work remotely or are employees constrained due to this displacement; will this displacement impact services affecting both the vendors and their customers; and do cyber security protocols of companies also include third-parties?
The pandemic brings along multiple challenges for organizations across the globe, with the key priority of ensuring business continuity. Being mindful of risk management techniques and aligning them with the organization’s goals, security and governance may not only ensure effectiveness but also help focus attention to critical business activities. Key points to note:
- Communication – In times like these, continuously communicating with your third parties and proactively addressing their challenges will go a long way to building and maintaining trust.
- Review – Update third-party contracts, keeping in mind clauses pertaining to data security and confidentiality.
- Security – Subject your third parties to your organization’s standards. This should be a critical element of onboarding for any new vendor.
- Invest – Organizations should treat third parties as an extension of the business and invest in them through training on governance, culture, risks and security.
This article was first published on CNBCTV18.com on July 21, 2020.