Third Party Risk Management and Assurance Services
 

Third Party Management and Assurance

Driving organisational value and resilience from effective third party management

An end-to-end third-party risk management service

Third parties (including outsourced service providers) are just as important to the organisation’s risk profile as employees. The integration of third parties into the supply chain introduces significant risks, which if left unchecked have the potential to significantly disrupt operations, result in non-compliance with contractual, legal and regulatory requirements, and cause material financial and reputational damage.

Xcina assists firms with implementing appropriate and effective approaches to third party risk management and assurance that focus on the key third party risks and provide a robust framework for assessing compliance with defined expectations.

Xcina brings together procurement expertise, technical compliance knowledge, IT and risk management specialists, supply chain continuity and relationship management experts, to provide an end-to-end third-party management service.

Key third parties include cloud services, software and platforms as a service, payment services, shared service centres, investment management as a service, clients and data centres including recovery services.

Taking effective control of third party risk management

Reducing third party risk is an ongoing process requiring a sound strategy and disciplined approach. There are several components for firms to consider:

Framework review

Undertake a review of the existing management and assurance framework to ensure a focus on key risks in line with business objectives.

Third Party Risk Management

Third Party Risk Management

Vendor Diligence

Undertaking due diligence on vendors to establish fit and conformity with documented requirements of the customer.

Third Party Assurance

Execute a comprehensive vendor assurance programme to ensure ongoing compliance with client expectations. This will be undertaken using a variety of approaches including vendor self-assessment, assurance visits etc.

Third Party Risk Management

Third Party Risk Management

Address regulatory expectations

Various regulators including the Prudential Regulation Authority (e.g. SS2/21-outsourcing and third party risk management), Financial Conduct Authority (e.g. SYSC 8), and European Banking Authority (Guidelines on outsourcing – EBA/GL/2019/02) have in recent years implemented regulations for managing outsourced services in the financial services.

Protecting your business and clients with third party risk management

  • Greater organisational resilience from an increased understanding of their party risks, the mitigation strategies and alignment with risk appetite.
  • Increased economic benefits including reduced costs, better allocation of resources and increased transparency through consistent application of best practices.
  • More efficient processes through harnessing technology to enable automation of third party management practices, providing the assurance needed for effective supply chain risk management.
  • Ensures a more holistic view of third party risks within the organisation from contracts, procurement, service performance management, risk management and contract lifecycle management.
  • Enables effective mitigation of supply chain risks including data, cyber security, information security, operational continuity. Weaknesses in third party management programmes and environments can be exploited to the detriment of client firms.
  • Better preparedness, providing “playbooks” when the inevitable happens and a third party’s internal controls are breached.
  • Enhanced management and organisational confidence in the adoption and implementation of third parties and outsourcing models.
  • Greater access to skilled and experienced resources necessary to manage an organisation’s third party against a backdrop of increasing complexity, greater dependence and integration and more regular threats.
  • Compliance with regulations issued by PRA, FCA, EBA that could otherwise result in substantial fines and remediation.
Third Party Risk Management

Identify, monitor, mitigate and manage third party risks

Third Party Risk Management

  • Our clients benefit from our deep and extensive knowledge and expertise establishing third party assurance programmes.
  • Our consultants are leaders in third party risk management, having established and managed supplier programmes for multinational companies.
  • We assist our clients to implement assurance frameworks leveraging our deep expertise and extensive experience to implement best practices and assess compliance with regulatory expectations and policy requirements.
  • We share the implementation risk with our clients through our approach and methodology as well as with our pricing.
  • We are not just consultants; we are very much practitioners ensuring that clients benefit from our pragmatic approach to addressing third party risks.
  • We provide training and development to our clients’ staff so they can develop the necessary internal capabilities to maintain and embed the services we deliver. 

What our clients say

Xcina have been supporting us for a few years in successfully meeting our requirement for independent Controls and Compliance attestations. Xcina have always taken a pragmatic and collaborative perspective, which has been a refreshing change from the approach adopted by some auditors, where it feels as though the auditors are working through a pre-defined checklist with little appreciation of the relative importance of the controls themselves. As our company has grown, and our customers have become larger, we have experienced a big increase in the number of Requests for Proposals (RFP’s), Security Questionnaires, Requests from Customers Auditors which all ask for evidence that we have an effective control framework. The work with Xcina has been essential in enabling us to respond to these requests. It has also improved our Control Environment, providing a framework and foundation for growth.

Ian Maddison-Roberts, VP Operations, Kimble

Discover how we have supported organisations like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>