Third Party Risk
March 05, 2013
By Alan Frank, CPA
Do you recall that feeling when you used to tinker with your old car? Remember the days when you used to lift up the hood and you could see and work with all the parts of the engine? Translate this to today’s business world. Not long ago, you could go to a company, perform services and talk to the people responsible for the company’s various business processes; nowadays, finding such a company is becoming a rarity. The reality in today’s business world is that companies outsource and place a greater reliance on third parties to provide critical business functions. Given this shift, companies need to be aware that they have less control over their control environment.
One risk that increases when outsourcing critical business processes is the potential breach of sensitive, confidential data. Companies are now sharing such information with various parties, such as cloud providers, consultants, outsourcers and transaction processors. Companies need to take steps to determine and mitigate potential risks with items such as proprietary information, intellectual property, and client data.
To do this, companies need to:
- Define roles, responsibilities and accountabilities to the key personnel that oversee third party relationships
- Proactively monitor and manage third party relationships
- Prepare a third party risk assessment and implement strategies to mitigate any significant risk exposures
- Create a due diligence process before entering into a new third party business relationship
- Determine the existence and adequacy of a third parties Service Organization Control (SOC) report to address the company’s proper controls