Addressing a Chief Priority among Chief Procurement Officers: Third-Party Risk Management

Procurement leaders – you have many responsibilities, and need to achieve multiple goals. You must evolve, innovate, and optimize, all while keeping cost reduction and risk management as top priorities.

One specific aspect of risk management gaining increased attention from your C-suite is third-party risk management. Third-party risk management is a critical component of an organization’s overall risk management framework as these relationships continue becoming more involved in all aspects of operations, and third-parties are increasingly relied upon for crucial deliverables.

Risk mitigation in third-party relationships is gaining more attention because while you can outsource work, you can’t outsource the associated risk. In fact, the number of CPOs who view managing third-party risks as a top priority has risen by nearly 20 percent since 2014.

So then, in a world of competing priorities for procurement, how can you lead the charge in mitigating risk while maximizing value after your third-parties have been integrated into operations? It begins with contract compliance.

Contract Compliance: A Mechanism to Effectively Manage Third-Party Risk

Contracts are the foundation of each third-party relationship, and define responsibilities, compensation, and risk. And while you aren’t supervising or interacting with outsourced providers on a daily basis, you do own and manage the corresponding contracts – and the related risk.

So then, how can you monitor these relationships on an ongoing basis, and make sure they are operating as intended to hold all parties accountable and limit your exposure?

An alarming statistic from Deloitte’s 2018 Global Chief Procurement Officer Survey is that 65% of respondents stated they have little to no visibility into relationships beyond their tier 1 suppliers.

Contract compliance programs can reduce the risk of negative consequences in third-party relationships. The core function of a contract compliance audit is to ensure that third-party performance and invoices align with your contractual agreements. Key factors in reducing risk align with the end-goals of contract compliance audits: communication, transparency, collaboration, and trust between companies and their third parties.  

A formal contract compliance audit program strengthens your organization’s enterprise risk management function—as well as supply chain and financial performance. Audits provide a unique opportunity for an organization to obtain third-party data, and get a true sense of how diligent that party is in honoring the terms of their agreement.

By ensuring that your requirements and goals are fully aligned with third-party expectations and assumptions, audits improve mutual understanding, minimize mistakes, and support the successful delivery of products and services. Procurement gains assurance that the contract terms are being followed, while the third party confirms the relationship is operating as intended.

Three Signs of Potential Third-Party Risk

With competing objectives and limited bandwidth, it’s often difficult to take a step back and recognize signs that a third-party relationship can benefit from an audit. Contract compliance audits are particularly valuable when you have third-party relationships with signs of high risk, such as:

  • Complex terms: With the intricate nature of some contracts, compensation methodologies, and pass-through practices, an audit can ensure compliance with commercial terms and the use of effective operating procedures. Further, they can strengthen third-party relationships and help clarify or reduce assumptions that can lead to potential exposure and losses to the organization.
  • Operational challenges: If your third party is not meeting operational objectives such as KPIs and SLAs, pricing compliance may also be lacking. An audit can help identify root causes of the operational challenges and contribute to improved operations, adding to the value of any non-compliance identified.
  • Informal controls: Small, private companies tend to lack the internal controls to prevent or detect non-compliance. These risks become particularly evident when small companies experience revenue growth that outpaces system and control development. An audit can reduce the risk of engaging small companies and help those third parties understand the value of investing in control development.

Significant financial, legal, operational, and strategic risks can stem from non-compliant relationships with outside entities. Contract compliance audits can often lead to healthier and more productive third-party relationships while mitigating potential risks.

By understanding the purpose of a contract compliance program, realizing the benefits of an audit, and recognizing common signs of high-risk relationships, procurement leaders can effectively use this tool to help manage third-party risks while also maximizing value.

Contract compliance audits shouldn’t be disruptive, antagonistic, or even difficult, but rather, seamlessly integrated into your organizational culture. To discuss how our team can help seamlessly integrate a contract compliance audit program into your organization’s enterprise risk management framework, and address one of your chief priorities as a CPO, please contact us here.