SlideShare ist ein Scribd-Unternehmen logo

Third-Party Risk Management

M
Mark Scales
1 von 14
Downloaden Sie, um offline zu lesen
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial AdviceAudit | Tax | Advisory | Financial Advice Managing Third Party Risk Robyn Cooper and Mark Scales 29 January 2015
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Don’t get yourself in the headlines! “Outsourcing and procurement in Audit Commission crosshairs” “Horror stories of gov’t outsourcing to greedy private companies” “Taxpayers are getting fleeced” “Government exposed to fraud after serious failings on managing outsourcing contracts” “Australia: Outsourcing responsibility: risks of giving government contractors too much autonomy” “National Audit Office finds five contracts are being investigated and warns there could be more cases of overbilling”
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Third Party Risk Research Study Results – CFO Magazine 3% 14% 17% 17% 19% 24% 36% 51% Other Providing on the ground resources in new markets or geographies Providing inputs to support our own production or operations Reducing or managing my company's risk Providing goods/ services that are unrelated to our core business Adding capacity to expand the business Providing core service capabilities or expertise that we currently lack Reducing costs What do you expect to be the top business drivers for your company’s use of third parties over the next two years?
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Case Study – Department of Defence “Collins Class submarines put Australian defence in ‘dark place’ not being able to deploy for five months.” “Royal Australian Navy is facing a massive cost blowout of about $800 million for three powerful Air Warfare Destroyers.”
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lateline Report on Air Warfare Destroyer Project http://www.abc.net.au/lateline/content/2014/s3952302.htm
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Consequences Air Warfare Destroyer: §  Project 2 years behind schedule and $350M over budget, an improvement from the $800M midway through the project. §  Key contractor ASC replaced by BAE Systems. Collins Class Submarines: §  Australia to buy submarines, likely from Japan, rather than utilising Australian manufacturing industry.
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lessons Learned §  “A more commercial approach to contracting, risk management and risk transfer is required” §  More comprehensive due diligence and risk assessment §  More clearly articulated service level expectations §  More investment in monitoring third party performance to identify issues in a timely manner
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform Monitor Managed Third Party Risk InitiateFormalise Managed Third Party Risk §  Need identified §  Evaluation of relationships §  Due diligence & risk assessment §  Performance §  Risk §  Organisational changes §  Contracts and agreements reviewed §  Service levels and expectations set §  Exchange of data, goods and services §  Invoicing and payment
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Initiate §  Needs identification (e.g. technical specification, information requirements, resource skills and expertise, budget) §  Due diligence (e.g. financial, historical and legal records of incidents and issues) §  Risk Assessment (e.g. defined risk appetite, inherent risk of third party, risk mitigation activities / controls) §  Evaluation of relationships (e.g. conflicts of interests, links to criminal or terror groups)
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Formalise §  Training your Third Party (e.g. code of conduct, policies and procedures, etc.) §  Undertaking an upfront systems review to assess internal control environment of the third party §  Health Check over systems and processes to ensure alignment between parties §  Contracts and agreements established in consultation with experts where required (e.g. legal) §  Service levels and expectations set and reflected in the contract
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform §  Monitoring of changes to legal and regulatory environments “Even successful business relationships experience issues and incidents.” §  Mechanisms for reporting issues or incidents §  Processes and systems for investigation and resolution of issues that arise §  Collaboration and communication between both sides of the relationship §  Collection and management of all communications to provide a historical record
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Monitor §  Performance of independent audits on an ongoing basis §  Regular reviews performed by the Commercial team to ensure compliance with the contract §  Annual attestation by Third Party of compliance with code of conduct and established policies §  Ongoing monitoring of risk indicators (e.g. scoring of risks, tracking of risk action plans)
Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Build Risk Expertise Defined Responsibilities Perform Health Checks Monitor and Test Compliance Standardised Processes and Agreements Better Practice – Third Party Risk Management Train your Third Party Extend your ‘speak-up’ culture
Audit | Tax | Advisory | Financial Advice For further information Disclaimer Crowe Horwath (Aust) Pty Ltd is a member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath is a separate and independent legal entity. Liability limited by a scheme approved under Professional Standards Legislation (other than for the acts or omissions of financial services licensees) in each State or Territory other than Tasmania. ABN 84 006 466 351 Robyn Cooper Principal, Internal Audit Brisbane Tel +61 7 3233 3496 robyn.cooper@crowehorwath.com.au Mark Scales Associate Principal, Internal Audit Brisbane Tel +61 7 3233 3500 mark.scales@crowehorwath.com.au Tel 1300 856 065 www.crowehorwath.com.au The relationship you can count on

Empfohlen

Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 

Empfohlen

Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk ManagmentPivotPointSecurity
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesMohsen Gharakhani
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Organization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesOrganization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesChris Garbett
 
12JA-ISPE
12JA-ISPE12JA-ISPE
12JA-ISPEGeert Crauwels
 

Weitere ähnliche Inhalte

Was ist angesagt?

A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk ManagmentPivotPointSecurity
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesMohsen Gharakhani
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 

Was ist angesagt? (20)

Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk Managment
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelines
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 

Andere mochten auch

Organization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesOrganization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesChris Garbett
 
Superheroes are real
Superheroes are realSuperheroes are real
Superheroes are realabdulg99
 
Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01kuntapradeepreddy
 
Rencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le ProgrammeRencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le ProgrammeGuillaume Barucq
 
Ponce De Leon Vocabulary
Ponce De Leon VocabularyPonce De Leon Vocabulary
Ponce De Leon VocabularyShauna McCarthy
 
chuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcmchuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcmshizuko401
 
Healthcare considerations in Ramadan
Healthcare considerations in RamadanHealthcare considerations in Ramadan
Healthcare considerations in Ramadanabdulg99
 
Identitatealuipascal1
Identitatealuipascal1Identitatealuipascal1
Identitatealuipascal1colceralina
 
E learning
E learningE learning
E learningnisaiims
 
Faith needs for detainees in police stations
Faith needs for detainees in police stationsFaith needs for detainees in police stations
Faith needs for detainees in police stationsabdulg99
 

Andere mochten auch (19)

Organization Chart & Project Responsibilities
Organization Chart & Project ResponsibilitiesOrganization Chart & Project Responsibilities
Organization Chart & Project Responsibilities
 
12JA-ISPE
12JA-ISPE12JA-ISPE
12JA-ISPE
 
Superheroes are real
Superheroes are realSuperheroes are real
Superheroes are real
 
Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01Blueraydisc 110913143007-phpapp01
Blueraydisc 110913143007-phpapp01
 
Property Times October 2014
Property Times October 2014Property Times October 2014
Property Times October 2014
 
Rencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le ProgrammeRencontres de Biarritz 2016 - Le Programme
Rencontres de Biarritz 2016 - Le Programme
 
Debate
DebateDebate
Debate
 
Property Times Media kit 2014
Property Times Media kit 2014Property Times Media kit 2014
Property Times Media kit 2014
 
Ponce De Leon Vocabulary
Ponce De Leon VocabularyPonce De Leon Vocabulary
Ponce De Leon Vocabulary
 
chuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcmchuyên dịch vụ giúp việc bảo đảm tại hcm
chuyên dịch vụ giúp việc bảo đảm tại hcm
 
Healthcare considerations in Ramadan
Healthcare considerations in RamadanHealthcare considerations in Ramadan
Healthcare considerations in Ramadan
 
Identitatealuipascal1
Identitatealuipascal1Identitatealuipascal1
Identitatealuipascal1
 
Property Times eMagazine November 2014
Property Times eMagazine November 2014Property Times eMagazine November 2014
Property Times eMagazine November 2014
 
Africa Academic Paper 2016
Africa Academic Paper 2016Africa Academic Paper 2016
Africa Academic Paper 2016
 
Tree of Business
Tree of BusinessTree of Business
Tree of Business
 
E learning
E learningE learning
E learning
 
Bab7 software
Bab7 softwareBab7 software
Bab7 software
 
Faith needs for detainees in police stations
Faith needs for detainees in police stationsFaith needs for detainees in police stations
Faith needs for detainees in police stations
 
Bab9 prosedur
Bab9 prosedurBab9 prosedur
Bab9 prosedur
 

Ähnlich wie Third-Party Risk Management

Due Diligence For Transactions
Due Diligence For TransactionsDue Diligence For Transactions
Due Diligence For TransactionsPiyush Bhandari
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...LexisNexis Benelux
 
1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FA1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FAZowie Murray
 
Creative Accounting and Forensic Accounting
Creative Accounting and Forensic AccountingCreative Accounting and Forensic Accounting
Creative Accounting and Forensic AccountingDikshyaMahapatra
 
Kiguru and associates company profile
Kiguru and associates company profileKiguru and associates company profile
Kiguru and associates company profileVincent Kadima
 
Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1JRA & Associates
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013Nidhi Gupta
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013Nidhi Gupta
 
Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015Fernandes Anthony
 
Steelbridge Compliance Brochure
Steelbridge Compliance BrochureSteelbridge Compliance Brochure
Steelbridge Compliance Brochuredniknejad
 
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...Rachel Hamilton
 
2015 SEC National Examination Program Priorities
2015 SEC National Examination Program Priorities2015 SEC National Examination Program Priorities
2015 SEC National Examination Program PrioritiesCliff Busse
 

Ähnlich wie Third-Party Risk Management (20)

ch01_ppt_leung_1e.ppt
ch01_ppt_leung_1e.pptch01_ppt_leung_1e.ppt
ch01_ppt_leung_1e.ppt
 
Due Diligence For Transactions
Due Diligence For TransactionsDue Diligence For Transactions
Due Diligence For Transactions
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
 
1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FA1115-35 LA_KAM Guidance Paper_Web_FA
1115-35 LA_KAM Guidance Paper_Web_FA
 
Creative Accounting and Forensic Accounting
Creative Accounting and Forensic AccountingCreative Accounting and Forensic Accounting
Creative Accounting and Forensic Accounting
 
conferences.aicpa.org
conferences.aicpa.orgconferences.aicpa.org
conferences.aicpa.org
 
Kiguru and associates company profile
Kiguru and associates company profileKiguru and associates company profile
Kiguru and associates company profile
 
Chap001.ppt
Chap001.pptChap001.ppt
Chap001.ppt
 
Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1Companies Act 2013 - Some New Concepts: Part 1
Companies Act 2013 - Some New Concepts: Part 1
 
Dawgen Global Services
Dawgen Global ServicesDawgen Global Services
Dawgen Global Services
 
Audit _Chapter 1.ppt
Audit _Chapter 1.pptAudit _Chapter 1.ppt
Audit _Chapter 1.ppt
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Legal risk advisory services 2013
Legal risk advisory services 2013Legal risk advisory services 2013
Legal risk advisory services 2013
 
Forensic Audit.pptx
Forensic Audit.pptxForensic Audit.pptx
Forensic Audit.pptx
 
Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015Tax risk management_13th_oct_2015
Tax risk management_13th_oct_2015
 
Steelbridge Compliance Brochure
Steelbridge Compliance BrochureSteelbridge Compliance Brochure
Steelbridge Compliance Brochure
 
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
Global Risk: How to Manage Corruption Risk for Your Investment in High-Risk R...
 
2015 SEC National Examination Program Priorities
2015 SEC National Examination Program Priorities2015 SEC National Examination Program Priorities
2015 SEC National Examination Program Priorities
 

Third-Party Risk Management

  • 1. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial AdviceAudit | Tax | Advisory | Financial Advice Managing Third Party Risk Robyn Cooper and Mark Scales 29 January 2015
  • 2. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Don’t get yourself in the headlines! “Outsourcing and procurement in Audit Commission crosshairs” “Horror stories of gov’t outsourcing to greedy private companies” “Taxpayers are getting fleeced” “Government exposed to fraud after serious failings on managing outsourcing contracts” “Australia: Outsourcing responsibility: risks of giving government contractors too much autonomy” “National Audit Office finds five contracts are being investigated and warns there could be more cases of overbilling”
  • 3. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Third Party Risk Research Study Results – CFO Magazine 3% 14% 17% 17% 19% 24% 36% 51% Other Providing on the ground resources in new markets or geographies Providing inputs to support our own production or operations Reducing or managing my company's risk Providing goods/ services that are unrelated to our core business Adding capacity to expand the business Providing core service capabilities or expertise that we currently lack Reducing costs What do you expect to be the top business drivers for your company’s use of third parties over the next two years?
  • 4. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Case Study – Department of Defence “Collins Class submarines put Australian defence in ‘dark place’ not being able to deploy for five months.” “Royal Australian Navy is facing a massive cost blowout of about $800 million for three powerful Air Warfare Destroyers.”
  • 5. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lateline Report on Air Warfare Destroyer Project http://www.abc.net.au/lateline/content/2014/s3952302.htm
  • 6. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Consequences Air Warfare Destroyer: §  Project 2 years behind schedule and $350M over budget, an improvement from the $800M midway through the project. §  Key contractor ASC replaced by BAE Systems. Collins Class Submarines: §  Australia to buy submarines, likely from Japan, rather than utilising Australian manufacturing industry.
  • 7. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Lessons Learned §  “A more commercial approach to contracting, risk management and risk transfer is required” §  More comprehensive due diligence and risk assessment §  More clearly articulated service level expectations §  More investment in monitoring third party performance to identify issues in a timely manner
  • 8. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform Monitor Managed Third Party Risk InitiateFormalise Managed Third Party Risk §  Need identified §  Evaluation of relationships §  Due diligence & risk assessment §  Performance §  Risk §  Organisational changes §  Contracts and agreements reviewed §  Service levels and expectations set §  Exchange of data, goods and services §  Invoicing and payment
  • 9. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Initiate §  Needs identification (e.g. technical specification, information requirements, resource skills and expertise, budget) §  Due diligence (e.g. financial, historical and legal records of incidents and issues) §  Risk Assessment (e.g. defined risk appetite, inherent risk of third party, risk mitigation activities / controls) §  Evaluation of relationships (e.g. conflicts of interests, links to criminal or terror groups)
  • 10. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Formalise §  Training your Third Party (e.g. code of conduct, policies and procedures, etc.) §  Undertaking an upfront systems review to assess internal control environment of the third party §  Health Check over systems and processes to ensure alignment between parties §  Contracts and agreements established in consultation with experts where required (e.g. legal) §  Service levels and expectations set and reflected in the contract
  • 11. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Perform §  Monitoring of changes to legal and regulatory environments “Even successful business relationships experience issues and incidents.” §  Mechanisms for reporting issues or incidents §  Processes and systems for investigation and resolution of issues that arise §  Collaboration and communication between both sides of the relationship §  Collection and management of all communications to provide a historical record
  • 12. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Monitor §  Performance of independent audits on an ongoing basis §  Regular reviews performed by the Commercial team to ensure compliance with the contract §  Annual attestation by Third Party of compliance with code of conduct and established policies §  Ongoing monitoring of risk indicators (e.g. scoring of risks, tracking of risk action plans)
  • 13. Audit | Tax | Advisory | Wealth Management Audit | Tax | Advisory | Financial Advice Build Risk Expertise Defined Responsibilities Perform Health Checks Monitor and Test Compliance Standardised Processes and Agreements Better Practice – Third Party Risk Management Train your Third Party Extend your ‘speak-up’ culture
  • 14. Audit | Tax | Advisory | Financial Advice For further information Disclaimer Crowe Horwath (Aust) Pty Ltd is a member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath is a separate and independent legal entity. Liability limited by a scheme approved under Professional Standards Legislation (other than for the acts or omissions of financial services licensees) in each State or Territory other than Tasmania. ABN 84 006 466 351 Robyn Cooper Principal, Internal Audit Brisbane Tel +61 7 3233 3496 robyn.cooper@crowehorwath.com.au Mark Scales Associate Principal, Internal Audit Brisbane Tel +61 7 3233 3500 mark.scales@crowehorwath.com.au Tel 1300 856 065 www.crowehorwath.com.au The relationship you can count on