Unforeseen benefits of a third-party program: Applying analytics to aid decision-making

CorporateGovernor newsletter [download PDF]

How many third parties has your company engaged? Where are they located? What are they doing on your behalf?

The importance of a third-party program
If you are like many businesses striving to succeed in today’s global marketplace, you use a combination of employees and support from third parties. But oftentimes, third parties acting on your behalf are involved in improper or unlawful conduct, such as bribery or data breaches. These actions can lead to large fines, imprisonment and damaged reputations — for your business, not just the third party.

To reduce these risks, companies should implement a third-party program to understand the third party’s controls, policies and procedures, as well as verify that the representative has a positive reputation in the market. This program should include the following points of review to assess the risks associated with the relationship:

  • Review of publicly available sources for any derogatory media associated with the third party
  • Identification of owners/principals
  • Business justification of the third party being engaged
  • Typical services provided by the third party
  • Verification of licensees, clearance, and/or permits
  • An understanding of access to sensitive data and corresponding data security policies

A significant benefit of a well-established third-party program is a standard onboarding and renewal process — before a contract is signed — across the globe and across all functions. From there, you can develop process efficiencies to identify dedicated teams to review a specific risk or specific relationship and proactively address any risks and/or red flags.

There are also unforeseen benefits that can be realized from establishing a third-party program across all functions of an organization. Often the establishment and management of these programs are driven by compliance; however, viewing your third-party population through an analytical lens can benefit the organization as a whole. In addition to helping set up a legally defensible position to continue the fight against fraud, bribery and corruption, a robust third-party program will also help to identify areas for process efficiencies and increased revenue.

Ask the right questions
During the onboarding/renewing stage of a third-party life cycle, you’re collecting a large amount of data to address the risks of a particular vendor or customer. With little modification to the program, intake forms and questionnaires can include additional data points to provide further visibility into each relationship. These data points can include:

  • Discounts
  • Commissions
  • Annual sales
  • Data security practices and policies
  • Key contract terms (e.g., start date, end date)
  • Supported product and service lines
  • Territories served

This additional data provides a risk and business perspective to the various stakeholders as they decide to engage a third party or renew a third-party relationship. A comprehensive view can prompt questions, such as whether it makes sense to add another distributor in an already saturated region. Collecting these additional data points not only answers compliance questions, but also provides valuable insight into the revenue-generating side of the business.

Apply analytics
By asking the right questions upfront, you’ll collect data for rich, robust reporting that can be used for various purposes throughout the business. Establishing a central repository of third-party relationships allows for a one-stop shop for reporting and analytics. You can then develop standard reports to provide the number and classifications of third parties in a given country and region. You can create relevant reports for various stakeholders, both within compliance and the business.

  • Increase revenue: Third-party data can be used to provide visibility and insight into discounts and commissions across the entire third-party population. For example, after implementing a third-party program, a large manufacturing client developed a report showing all distributors who purchase branded products and resell those products in the market. A second report was generated to show all distributors receiving a discount greater than 25% in a given region. By applying additional data points collected as part of the process, this report also included the specific product lines being sold. Taking it a step further, this client examined all other distributors in that region reselling similar product lines. They found that there was one distributor in that region that receives less than the 25% discount and has similar market coverage. As such, this client decided to funnel more product through the distributor who receives a lesser discount, thereby increasing profit. This visibility would not have been possible without the third-party data.

  • Vendor/customer rationalization: Visibility into the number and types of service providers may also lend itself to cost savings and other operations synergies. By analyzing the third-party data collected, another Grant Thornton LLP client identified that over 250 intellectual property firms were being used across the organization to protect their trademarks and patents. This large population of firms created an administrative burden for the team due to multiple engagement letters and keeping track of which firm represented which country and/or trademark. Using the data collected from the third-party program, this company successfully consolidated this population to a more manageable number and realized better rates for services, achieved operational efficiencies, and gained comfort in knowing that those vendors had been thoroughly vetted.

  • Improve vendor performance management and sourcing: A key risk management practice includes an understanding of the services your organization requires, as well as an up-to-date mapping of the third parties that perform those services. This includes the agreed-upon service level agreements, especially for these services deemed critical to your organization. A strong third-party program includes a review of the risks of engaging these external parties, and should also include the ability to monitor performance and quality. Having a comprehensive view of your third parties, the costs incurred and the quality achieved greatly improves an organization’s ability to negotiate more favorable rates, especially for your most critical suppliers.

  • Visibility: Dashboards and at-a-glance reporting provide insight for stakeholders from the business and compliance perspectives. Using the data collected from a third-party program can create some unique visibility into the population of third parties. Examples include:
          –– Market penetration reports, which outline the number and types of distributors/resellers (along with product lines                being represented) in a given territory
          –– Contract-expiration summaries, which summarize the number and type of upcoming contracts requiring renewal
          –– Discount and commission summaries by country, which provide visibility into the customers/sales agents and their                associated discounts and commissions
          –– High-risk relationship summaries, which outline high-risk relationships across the organization, helping to guide                investigation, audit and other compliance-related teams

  • Fight fraud and corruption: Data from a third-party program can also help unveil fraud, conflicts of interest and other corrupt activities. For example, clients can cross-reference HR files against the data from a third-party program (including phone numbers, addresses, owners/ key principals) to identify potential conflicts of interest or fraud. If you spot employees that have addresses or phone numbers matching that of a third party, you know something is not right.

  • Access to sensitive data: Businesses in every industry depend upon information systems for nearly all aspects of their financial and operational functions. Organizations must comply with myriad industry standards while managing the security of their proprietary data, customer data and data transmitted to third parties, as well as the possibility of unknown breaches and leaks. Having visibility into which third parties have access to sensitive data and the types of data accessed by each vendor will aid in identifying, protecting, detecting and responding if a data breach is identified.

  • Improve audits: Audit teams can also benefit from the data collected. Before an audit team is deployed to a certain country, third-party data can be extracted and analyzed to provide a roadmap for the audit team relating to high-risk customers and vendors, or those relationships that may have certain attributes. Clients have reported seeing increases in efficiency as these reports help to guide efforts and maximize productivity while audit teams are on the ground conducting investigations.

  • Support renewal process: Legal and contracting teams can have access to a summary of contracts expiring in the upcoming months, helping to maximize efficiency and conduct business under the protection of contractual terms. Additionally, centralizing this process will assist in ensuring that all relationships have a contract with the most up-to-date terms and that adequate safeguards are in place.

Make the data work for you
A successful third-party program can protect your company from the risks of conducting business through the use of third parties. Although these programs are often driven by the compliance functions, the pertinent data collected is the foundation for more visibility; improved processes; and better decision-making across all functions within the organization to make better, informed decisions and help drive revenue growth.

Matt Ruble
Senior Manager
Business Advisory Services
T +1 215 814 4063