Third party risk management & assurance
Companies are increasingly relying on third parties to drive efficiencies, reduce costs and improve performance. However working with external organisations comes with an entire set of risks that did not exist in the past. We can help you to evaluate and manage risks associated with third parties so you can focus on meeting your business objectives.
Our approach
Management of third party risks has become more vital as companies outsource progressively critical operations. The move to cloud infrastructure, for instance, means that the failure of an outside contractor can leave a business unable to perform even its most basic functions.
Yet while core tasks have been outsourced, the responsibilities have not. Regulators in sectors such as finance have made clear that failings cannot be blamed on contractors and that companies must take a rigorous, formal approach to assessing and managing the risks created by reliance on third parties.
We offer a robust approach to third party risk management and assurance to clients who require an effective control framework for their relationships. Our international team of specialists has broad sector experience and can draw upon extensive experience to ensure you mitigate risks and continue to meet your objectives.
Managing third party risk requires three stages:
- Conducting third party operational risk reviews and creating a risk framework.
- Carrying out a third party risk assessment.
- Regular risk audit reports to provide assurance.
Your internal audit will depend on the nature, scale and complexity of your organisation and the range of its operations. We do not believe in a 'one size fits all approach' - every business is unique.
Our tailored internal audit work can include:
- reviewing your existing internal audit function to ensure compliance and best practice
- advising on the options and arrangements available for your internal audit
- acting as your outsourced internal audit function
- developing risk based internal audit strategies and work plans
- advising on how to improve your internal audit methodology
We get to know your business with a thorough understanding of:
- your organisation’s objectives and performance targets
- your organisation’s operations, systems, structures and regulatory environment
- your organisation’s risk assessment process
- your internal control system and risk response mechanisms
- the sources by which the board receives assurance over risk management, internal control and governance
- the board’s immediate priorities
We can provide the following levels of service:
Fully outsourced Internal Audit functions
We can complete entire assignments for you. We will plan and prepare for each review, complete the on-site fieldwork and provide the findings of our work.
Team substitutions and secondment of staff
Prior to audit planning we can provide a team of specialists, including a partner and managers. We can also provide you with individuals experienced in carrying out internal audits to complement your in-house team and take direction and guidance from your managers. The grade and experience of staff will be tailored to your needs.
Review and recommend
Where your management time is limited, we can manage your team, review draft reports and communicate the reported issues to your audit committee.
Quality assurance reviews
We can assist with both readiness reviews as well as full reviews of your internal audit function to assess its effectiveness and refine it to suit your business.
Our internal audit team is highly experienced in both the public and private sectors and utilises a risk-based approach to internal audit. You can choose the level of input you need from us: we can work at a consultancy level or alongside your in-house team.
The benefits of outsourcing or co-sourcing your internal audit, other than allowing management to manage and focus on their business, are:
- value for money and peace of mind
- on-going improvements in your service
- identification and elevation of potentially 'hidden' risks
- compliance with legislation, regulation and best practice
- contributing to sound governance
- strengthening overall controls to manage risk
- enhanced early warning mechanisms
- removal of unneeded systems
- positive effects on your shareholder value
In addition to assisting management to ensure compliance, continuous improvement is also embedded in our approach. We understand that you are running a business and want more than just compliance. Using tried and tested approaches, our team can identify ways to add value to your business and advise on implementing changes through a process that is consultative while causing minimal disruption to your operation.