Allows to carry out adequate third-party evaluation (suppliers, customers …) based on controls of business continuity management, performance, viability, security and data protection, etc.
Today's third parties are increasingly working with their own third parties, which multiplies the size and complexity of the third-party network.
Controls focus on regulatory compliance, information security, and vendor performance risks which are arising from your Organization’s increased use of and reliance on suppliers and service providers.
The module enables risk assessment, risk monitoring and/or risk scoring.
Further increase team efficiency by connecting your existing software and unstructured data to the solution, and by adopting other cross-functional integrated risk management modules to help coordinate actions across departments in charge of other risks and avoid redundancies.
Increase team efficiency by up to 60% and get a real-time view of third-party risk.
Situation
- A fragmented view of third-party risks.
- Obligations, risks, opportunities and an ever-increasing workload with teams and budgets growing relatively slower than obligations.
- Manual and repetitive tasks are still very present.
- Operational staff with little autonomy.
- Frequent use of spreadsheets and specialized software operating in silos, unsuitable for consolidation constraints and information updates.
- Third-party studies are totally or partially redundant between subsidiaries and departments.
Impact
- Risks are sometimes poorly identified and prioritized.
- Teams are overworked.
- Redundant actions.
- Too much time spent on low value-added tasks, risks of errors and omissions in essential obligations.
Solution
The Third-Party Risk Module helps your Organization meet third-party risk management obligations by:
- Empowering operational staff to allow compliance teams to manage only exceptions, have more time for analysis and controls.
- Coordinating teams and information systems and making the most of existing and untapped information and avoiding multiple analyses for the same third-party.
- Intelligently collecting external information.
- Automating time-consuming manual processes.
To achieve this, in addition to the powerful features common to the entire Smart Global Governance solution
| Governance. | Training and awareness plan. |
| Framework Manager. | Dashboards and reports. |
| Planning. | Automated gap analysis. |
| Dynamic risk mapping. | Documentation, Central Source of Evidence. |
| Reliable audit trail. | Monitoring, messaging, alerts, notifications. |
| Continuous monitoring. | Collaborative remediation (tasks, exceptions, insurance, …) |
| Policy management. | Translations. |
| Integration of existing information and data into the solution. |
Collaborative evaluation.
|
- Third-party classification request: from your ERP or an ad hoc form, transmission of the information to the solution allowing third-party identification.
- Federation: check if the third-party has an existing evaluation that is still valid according to your criteria throughout your Organization.
If yes, immediate response to the classification request.
You benefit from configurable sub-modules to address the specificities of this risk and of your Organization
Otherwise:
- Pre-screening : based on the information provided in the classification request, application of your evaluation criteria (e.g. country, business industry, …)
You will get, for example, a red, orange or green classification.
If it’s green, the request’s response is sent to the applicant. Otherwise:
- Arbitration screening : If this is part of your third-party evaluation process, the solution queries external market content /data feeds based on arbitration rules that we previously defined together. The consultation costs for these queries are invoiced directly to you by the concerned databases or by Smart Global Governance depending on your preference.
We have partnerships with leading third-party data/content feeds providers (Bureau Van Dijk, Moodys…). Without any manipulation on your part, our Solution allows you to benefit from the most adapted and efficient content according to the type of third party and the geography concerned by your research.
In addition, we have partners to entirely outsource the management of false positives.
Arbitration is recommended because these databases do not have the same quantity and quality of information available depending on the geographical area.
Arbitration enables the information required for screening to be retrieved at the best price and in the shortest time possible. All information made available by content/ data feeds is reintegrated into the solution.
Depending on the response obtained from the databases (classification or completeness of information), response to the classification request, otherwise:
Third-party self-assessment questionnaire: to collect missing information from the screening and keep it up to date by alerting third parties. This sub-module covers a set of ready-to-use and editable questionnaires :
| Compliance and ethics | Imports/exports and international sanctions |
| Investigations and sanctions | Fight against money laundering |
| Finance and credit | Antitrust |
| Conflicts of interest | Quality |
| Personal data and cybersecurity | Fight against corruption |
You can also integrate your own questionnaires and associate rules for automatic response analysis and the creation of remediation tasks.
Escalation : final validation / invalidation: according to the classification obtained through the execution of previous steps, a third-party validation workflow is launched by the decision-makers, then this information goes back into your information systems to inform the people concerned.
