Undertaking effective due diligence and ongoing assurance throughout the life cycle of a contract whilst balancing efficiency and cost constraints

Undertaking effective due diligence and ongoing assurance throughout the life cycle of a contract whilst balancing efficiency and cost constraints

By Nimesh Patel, Head of Supplier Lifecycle Due Diligence, Barclays.

 Nimesh, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

My professional focus is currently on the identification of third party suppliers through the entire lifecycle to ensure that they meet our design and operating effectiveness. This is a key area of concern for most financial services providers due to the increasing as the landscape is changing with an increasing focus on innovative technologies.

What are the key components to balancing efficiency and cost constraints?

Prioritizing what will be the next thematic issue across the industry, we are constantly facing change and must be able to move in an agile manner to ensure that both costs and efficiency are kept at the forefront of our minds.

At the Vendor & Third Party Risk EMEA 2018 Summit, you will be speaking on your insight regarding ‘Undertaking effective due diligence and ongoing assurance throughout the life cycle of a contract whilst balancing efficiency and cost constraints’. Why is this a key concern right now? And what are the essential things to remember?

When considering ongoing assurance and due diligence, organisations need to ensure that they are considering what are the underlying risks that they need to address along with the ability to prioritise the highest threats to ensure that costs are kept under control whilst meeting its risk appetite.

Why is it important to undertake assessment throughout the lifecycle of a contract?

From the initial onboarding of a supplier, an organization would want to have assurance that they are not purchasing a service with known defects, this from a contractual point of view could put an organization on the back foot from day one. Throughout the lifecycle of a relationship if for an example if your supplier moved from its own infrastructure to a public cloud, how would this impact on your internal security controls and regulatory requirements. And finally when you terminate a relationship, it is important that a thorough scrub down and cleanse of information, connections etc. takes place, would your organization want to leave its assets in an organization it no longer has any control over?

What are some of the top challenges of pre-contract risk assessment?

Some of the key challenges facing pre-contract risk assessments are the balance between taking assurance through a desktop assessment/questionnaire vs an actual physical review. On the first option, how much assurance can an organization take in an attestation made by supplier personnel without knowing who this person is and what role they hold within the company? for example, if a non-technical person completed an attestation for technology controls how comfortable would your internal teams be on the accuracy of information provided?, also there may be instances where there is a key business driver for a supplier to be contracted with, however security and regulatory requirements may be prohibitive. How does an organization strike a happy balance.

How do you see the risk landscape evolving over the next 6-12 months?

Over the next 6-12 months, in my opinion there will be a number of possible changes in in this space with an increasing focus on technology to assist with due diligence breaking away from the traditional methods undertaken, for those that embrace it will allow more pro-active assurance to be undertaken rather than having to wait for an incident to trigger reactive due diligence activities.

 


 

You may also be interested in…