Deloitte Poll Finds Room for Improvement in Third-Party Assurance Programs

The use of outsourcing is steadily increasing, driving a growing need for the sharing of risk and performance reporting between outsource service providers (OSP) and customers.

Yet, results from a recent Deloitte poll show there may be a lack of clarity within OSPs around the ways that their third-party assurance (TPA) programs are managed. As the athletes of the world converge on Rio to test the results of their practice and process, organizations can similarly aspire to an Olympic standard for the management of third-party programs.

“OSPs are situated in a challenging environment,” said Dan Kinsella, partner, Deloitte Advisory and national third-party risk management leader at Deloitte & Touche LLP. “Heightened exposure to risk across business areas has led to a tremendous increase in demand for custom TPA reports from customers. When combined with a rise in requests for information and on-site audits, that number can be staggering. While many OSPs recognize that an optimized TPA program can lead to proficiency, we’re seeing a concerning amount of uncertainty around who is ultimately responsible for which areas of the program.”

A majority (48.2 percent) of poll respondents are unsure whether their organization is taking what they believe is the best approach toward improving the TPA reporting process. An open line of communication with customers and the salesforce, management, IT and other key personnel is the first step that can help push outsourcers out of the blocks as they think about putting together a TPA optimization approach.

“I was most surprised by the wide variety of participants that were impacted by third parties and associated risks, and subsequently are looking for efficient solutions in managing those risks while achieving the benefits that third parties can provide,” said Kinsella in an interview with SCMR

Organizations should invest in the customers’ first point of contact in order to get a full picture of the risk environment, identify gaps and overlap in current reporting processes, and uncover and meet customer needs. How OSPs empower the salesforce to effectively and efficiently communicate TPA capabilities can strengthen the communication channel between the customer and vendor, ultimately moving the needle toward an optimized TPA program.

“When you think about the risks facing your own organization, you also have to think about managing the myriad of risks faced by your clients,” said Chad Phillips, managing director, Deloitte & Touche LLP. “Many companies zero in on security and compliance instead of focusing on value creation based on risk tolerance. Fully transparent discussions between vendors and customers are needed to understand the risks and the compliance expectations, and to continually stay on top of the ever-changing risk landscape.”

Optimization of an existing TPA framework and approach can create value for both OSPs and their customers. Here are five considerations for vendors when going for the gold in their own TPA program:

Understand the outsourcing environment that you are working in, know the internal and external reporting requirements, and take a holistic view at what types of reporting can satisfy the diverse needs of clients. Analyze risk to drive down costs throughout the entire process.

Integrate control testing requirements across the enterprise and use a “test once, satisfy many” approach. Identifying the overlap in a reporting program is key to optimization.

Rationalize reporting requirements and control frameworks into non-duplicative, efficient mechanisms to better fit the needs of all parties.

Enhance reporting methodologies and transparency, and empower the salesforce to sustain more efficient and effective communication streams with customers.

Monitor TPA processes and outsourcing relationships proactively by regularly revisiting the approach and considering process automation such as risk sensing. View this a “living document” where the risk process is ongoing and evolving over time.

“A podium finish for a TPA program would be one that drives performance through good risk management and value through strengthening trust between parties, managing costs, and sustaining relationships through effective compliance management,” concluded Kinsella.

SC
MR