Driving organisational value and resilience from effective third-party management
DOWNLOAD THE BROCHURE >>Third parties (including outsourced service providers) are just as important to the organisation’s risk profile as employees. The integration of third parties into the supply chain introduces significant risks, which if left unchecked have the potential to significantly disrupt operations, result in non-compliance with contractual, legal and regulatory requirements, and cause material financial and reputational damage.
Xcina assists firms with implementing appropriate and effective approaches to third-party risk management and assurance that focus on the key third-party risks and provides a robust framework for assessing compliance with defined expectations.
Xcina brings together procurement expertise, technical compliance knowledge, IT and risk management specialists, supply chain continuity and relationship management experts, to provide an end-to-end third-party management service.
Key third parties include cloud services, software and platforms as a service, payment services, shared service centres, investment management as a service, clients and data centres including recovery services.
Reducing third-party risk is an ongoing process requiring a sound strategy and disciplined approach. There are several components for firms to consider:
Undertake a review of the existing management and assurance framework to ensure a focus on key risks in line with business objectives.
Undertaking due diligence on vendors through risk assessments to establish fit and conformity with documented requirements of the customer.
Execute a comprehensive vendor assurance programme to ensure ongoing compliance with client expectations. This will be undertaken using a variety of approaches including vendor self-assessment, assurance visits etc.
Various regulators including the Prudential Regulation Authority (e.g. SS2/21-outsourcing and third party risk management), Financial Conduct Authority (e.g. SYSC 8), and European Banking Authority (Guidelines on outsourcing – EBA/GL/2019/02) have in recent years implemented regulations for managing outsourced services in the financial services.
Xcina have been supporting us for a few years in successfully meeting our requirement for independent Controls and Compliance attestations. Xcina have always taken a pragmatic and collaborative perspective, which has been a refreshing change from the approach adopted by some auditors, where it feels as though the auditors are working through a pre-defined checklist with little appreciation of the relative importance of the controls themselves. As our company has grown, and our customers have become larger, we have experienced a big increase in the number of Requests for Proposals (RFP’s), Security Questionnaires, Requests from Customers Auditors which all ask for evidence that we have an effective control framework. The work with Xcina has been essential in enabling us to respond to these requests. It has also improved our Control Environment, providing a framework and foundation for growth.
Ian Maddison-Roberts, VP Operations, Kimble
Read how our risk management consulting, auditing and assurance services are helping organisations like yours meet their objectives with increased confidence.
Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.
Subscribe >>