1. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial AdviceAudit | Tax | Advisory | Financial Advice
Managing Third Party Risk
Robyn Cooper and Mark Scales
29 January 2015
2. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Don’t get yourself in the headlines!
“Outsourcing and
procurement in
Audit Commission
crosshairs”
“Horror stories of gov’t
outsourcing to greedy
private companies”
“Taxpayers are getting fleeced”
“Government exposed to fraud after serious failings on
managing outsourcing contracts”
“Australia: Outsourcing responsibility: risks of giving government
contractors too much autonomy”
“National Audit Office finds five contracts are
being investigated and warns there could be
more cases of overbilling”
3. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Third Party Risk Research Study Results – CFO Magazine
3%
14%
17%
17%
19%
24%
36%
51%
Other
Providing on the ground resources in new markets or geographies
Providing inputs to support our own production or operations
Reducing or managing my company's risk
Providing goods/ services that are unrelated to our core business
Adding capacity to expand the business
Providing core service capabilities or expertise that we currently lack
Reducing costs
What do you expect to be the top business drivers for your company’s use of third
parties over the next two years?
4. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Case Study – Department of Defence
“Collins Class submarines put
Australian defence in ‘dark place’
not being able to deploy for five
months.”
“Royal Australian Navy is facing a
massive cost blowout of about
$800 million for three powerful Air
Warfare Destroyers.”
6. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Consequences
Air Warfare Destroyer:
§ Project 2 years behind schedule and $350M over budget, an improvement from
the $800M midway through the project.
§ Key contractor ASC replaced by BAE Systems.
Collins Class Submarines:
§ Australia to buy submarines, likely from Japan, rather than utilising Australian
manufacturing industry.
7. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Lessons Learned
§ “A more commercial approach to contracting, risk management and risk transfer
is required”
§ More comprehensive due diligence and risk assessment
§ More clearly articulated service level expectations
§ More investment in monitoring third party performance to identify issues in a
timely manner
8. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Perform Monitor
Managed
Third
Party
Risk
InitiateFormalise
Managed Third Party Risk
§ Need identified
§ Evaluation of
relationships
§ Due diligence &
risk assessment
§ Performance
§ Risk
§ Organisational
changes
§ Contracts and
agreements
reviewed
§ Service levels and
expectations set
§ Exchange of data,
goods and services
§ Invoicing and
payment
9. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Initiate
§ Needs identification (e.g. technical specification, information requirements,
resource skills and expertise, budget)
§ Due diligence (e.g. financial, historical and legal records of incidents and issues)
§ Risk Assessment (e.g. defined risk appetite, inherent risk of third party, risk
mitigation activities / controls)
§ Evaluation of relationships (e.g. conflicts of interests, links to criminal or terror
groups)
10. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Formalise
§ Training your Third Party (e.g. code of conduct, policies and procedures, etc.)
§ Undertaking an upfront systems review to assess internal control environment of
the third party
§ Health Check over systems and processes to ensure alignment between parties
§ Contracts and agreements established in consultation with experts where
required (e.g. legal)
§ Service levels and expectations set and reflected in the contract
11. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Perform
§ Monitoring of changes to legal and regulatory environments
“Even successful business relationships experience issues and incidents.”
§ Mechanisms for reporting issues or incidents
§ Processes and systems for investigation and resolution of issues that arise
§ Collaboration and communication between both sides of the relationship
§ Collection and management of all communications to provide a historical record
12. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Monitor
§ Performance of independent audits on an ongoing basis
§ Regular reviews performed by the Commercial team to ensure compliance with
the contract
§ Annual attestation by Third Party of compliance with code of conduct and
established policies
§ Ongoing monitoring of risk indicators (e.g. scoring of risks, tracking of risk action
plans)
13. Audit | Tax | Advisory | Wealth Management
Audit | Tax | Advisory | Financial Advice
Build Risk
Expertise
Defined
Responsibilities
Perform
Health
Checks
Monitor and
Test
Compliance
Standardised
Processes and
Agreements
Better Practice – Third Party Risk Management
Train your
Third Party
Extend your
‘speak-up’
culture
14. Audit | Tax | Advisory | Financial Advice
For further information
Disclaimer
Crowe Horwath (Aust) Pty Ltd is a member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath is a separate and
independent legal entity. Liability limited by a scheme approved under Professional Standards Legislation (other than for the acts or omissions of
financial services licensees) in each State or Territory other than Tasmania. ABN 84 006 466 351
Robyn Cooper
Principal, Internal Audit
Brisbane
Tel +61 7 3233 3496
robyn.cooper@crowehorwath.com.au
Mark Scales
Associate Principal, Internal Audit
Brisbane
Tel +61 7 3233 3500
mark.scales@crowehorwath.com.au
Tel 1300 856 065
www.crowehorwath.com.au
The relationship you can count on