third-party risk management
TRANSCRIPT
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Audit | Tax | Advisory | Financial Advice
Managing Third Party Risk Robyn Cooper and Mark Scales
29 January 2015
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Don’t get yourself in the headlines!
“Outsourcing and procurement in
Audit Commission crosshairs”
“Horror stories of gov’t outsourcing to greedy
private companies”
“Taxpayers are getting fleeced”
“Government exposed to fraud after serious failings on managing outsourcing contracts”
“Australia: Outsourcing responsibility: risks of giving government contractors too much autonomy”
“National Audit Office finds five contracts are being investigated and warns there could be
more cases of overbilling”
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Third Party Risk Research Study Results – CFO Magazine
3%
14%
17%
17%
19%
24%
36%
51%
Other
Providing on the ground resources in new markets or geographies
Providing inputs to support our own production or operations
Reducing or managing my company's risk
Providing goods/ services that are unrelated to our core business
Adding capacity to expand the business
Providing core service capabilities or expertise that we currently lack
Reducing costs
What do you expect to be the top business drivers for your company’s use of third parties over the next two years?
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Case Study – Department of Defence
“Collins Class submarines put
Australian defence in ‘dark place’
not being able to deploy for five
months.”
“Royal Australian Navy is facing a
massive cost blowout of about
$800 million for three powerful Air
Warfare Destroyers.”
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Lateline Report on Air Warfare Destroyer Project http://www.abc.net.au/lateline/content/2014/s3952302.htm
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Consequences
Air Warfare Destroyer:
§ Project 2 years behind schedule and $350M over budget, an improvement from
the $800M midway through the project.
§ Key contractor ASC replaced by BAE Systems.
Collins Class Submarines:
§ Australia to buy submarines, likely from Japan, rather than utilising Australian
manufacturing industry.
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Lessons Learned
§ “A more commercial approach to contracting, risk management and risk transfer
is required”
§ More comprehensive due diligence and risk assessment
§ More clearly articulated service level expectations
§ More investment in monitoring third party performance to identify issues in a
timely manner
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Perform Monitor
Managed Third Party Risk
Initiate Formalise
Managed Third Party Risk
§ Need identified § Evaluation of
relationships § Due diligence &
risk assessment
§ Performance § Risk § Organisational
changes
§ Contracts and agreements reviewed
§ Service levels and expectations set
§ Exchange of data, goods and services
§ Invoicing and payment
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Initiate
§ Needs identification (e.g. technical specification, information requirements,
resource skills and expertise, budget)
§ Due diligence (e.g. financial, historical and legal records of incidents and issues)
§ Risk Assessment (e.g. defined risk appetite, inherent risk of third party, risk
mitigation activities / controls)
§ Evaluation of relationships (e.g. conflicts of interests, links to criminal or terror
groups)
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Formalise
§ Training your Third Party (e.g. code of conduct, policies and procedures, etc.)
§ Undertaking an upfront systems review to assess internal control environment of
the third party
§ Health Check over systems and processes to ensure alignment between parties
§ Contracts and agreements established in consultation with experts where
required (e.g. legal)
§ Service levels and expectations set and reflected in the contract
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Perform
§ Monitoring of changes to legal and regulatory environments
“Even successful business relationships experience issues and incidents.”
§ Mechanisms for reporting issues or incidents
§ Processes and systems for investigation and resolution of issues that arise
§ Collaboration and communication between both sides of the relationship
§ Collection and management of all communications to provide a historical record
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Monitor
§ Performance of independent audits on an ongoing basis
§ Regular reviews performed by the Commercial team to ensure compliance with
the contract
§ Annual attestation by Third Party of compliance with code of conduct and
established policies
§ Ongoing monitoring of risk indicators (e.g. scoring of risks, tracking of risk action
plans)
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice
Colour Scheme for Charts and Banner Bars
R = 4
G = 30 B = 65
R = 253 G = 185 B = 19
Tones of grey
R = 129 G = 142 B = 160
Secondary Colour Palette
Audit R = 174 G = 158 B = 59
Tax R = 118 G = 107 B = 97
Financial Advice R = 136 G = 53 B = 77
Advisory R = 93
G = 126 B = 149
Build Risk Expertise
Defined Responsibilities
Perform Health Checks
Monitor and Test
Compliance
Standardised Processes and
Agreements
Better Practice – Third Party Risk Management
Train your Third Party
Extend your ‘speak-up’
culture
Audit | Tax | Advisory | Financial Advice
For further information
Disclaimer Crowe Horwath (Aust) Pty Ltd is a member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath is a separate and independent legal entity. Liability limited by a scheme approved under Professional Standards Legislation (other than for the acts or omissions of financial services licensees) in each State or Territory other than Tasmania. ABN 84 006 466 351
Robyn Cooper Principal, Internal Audit Brisbane Tel +61 7 3233 3496 [email protected]
Mark Scales Associate Principal, Internal Audit Brisbane Tel +61 7 3233 3500 [email protected]
Tel 1300 856 065 www.crowehorwath.com.au
The relationship you can count on