Third parties are critical to business today. But they can also bring big risks.
Given the sheer number of third parties on which companies rely and with whom they collaborate it’s important to evaluate and manage the related risks. Corporate boards can play an important role by ensuring management has established effective third-party risk management programs.
What Role Should the Board Play?
While the full board should understand management’s process for addressing this risk, it’s common to delegate regular oversight to a committee.
-
Boards with risk committees commonly task that group with oversight
- Many other boards allocate risk oversight responsibilities in general to the audit committee
This might highlight the significant third parties that are integral to the company’s delivery of their business strategy. While the company will be responsible for establishing third-party diligence processes and monitoring risk, the board should understand what that entails. To do this effectively, the board needs to understand:
- The risk landscape and get comfortable with the program and the processes
- The challenges involved in managing third-party relationships
- What an effective third-party risk management program might include
Boards can ask if internal audit should perform an annual review of the key controls associated with a third-party risk management program. Boards should also think about whether the company requested and/or received any additional assurance by external parties over controls and processes in place at the third parties.
The nature and depth of reporting from management to the board will look different from company to company. The goal is for boards to understand the third-party risk landscape for their companies and to get comfortable with the related programs and processes.
How Boards Can Stay Ahead of the Curve
Using third parties is a natural part of business. Third parties provide companies with many benefits, but they also bring risks. The sheer number of third-party relationships companies often have makes it difficult to oversee the risks involved. That’s why having an efficient and effective third-party risk management program—including oversight from the board—is critical.
The article was first published here.
Photo by janilson furtado on Unsplash.