Implementing a Third-Party Management Solution: 5 Steps for Success
Centralizing third-party management and automating the compliance process is a vital step towards achieving Anti-Bribery and Anti-Corruption compliance. Given the inherent complexity of the third-party compliance process and the number of departments that play a role in the effort, implementing a third-party technology solution requires a thoughtful and methodical approach. The five-step process detailed below helps companies ensure the successful implementation of a third-party compliance solution. Step One Identify the Right Team In order to ensure an efficient software implementation, consider designating an executive sponsor to own the selection and implementation of the solution, including responsibility for overseeing the creation of the business case to justify the company s investment in the solution. An executive sponsor s role typically includes responsibility for communicating with senior executives and the Board of Directors and managing their expectations throughout the process. In addition, identify relevant stakeholders, such as sales and operations executives, and ensure that they play a role in the development of the criteria to screen and select a third-party compliance solution provider. Stakeholders can also provide assistance in overcoming roadblocks encountered during the assessment and implementation process as well as support to ensure that the project is on track to meet the company s compliance-related expectations. Step Two Develop a Project Implementation Timeline IT s Role The level of support needed from the IT function varies based on the third-party compliance management solution that a company selects. While some solutions require changes to the existing IT infrastructure, other cloudbased solutions require limited technical support. Regardless, the IT function has a role to play, and postponing their engagement in the process can translate into significant delays in the project timetable. It is imperative that the executive sponsor creates a project timetable that reflects an appropriate sense of urgency and meets the needs of the organization. An implementation timeline typically includes the following phases: Current state assessment: To drive change, companies must understand their current environment. By doing so, they will gain a clearer understanding of how much must change and where potential roadblocks may exist. Future state design: While a third-party compliance solution can provide a number of benefits to support the onboarding, management, monitoring, and auditing of third parties, it must reside within an integrated, cross-functional compliance effort. Gap identification, analysis, and prioritization: With a detailed understanding of the current and future state of the compliance effort, companies can document, analyze, and prioritize the gaps within their existing compliance program. This often requires the support of an external third-party compliance due diligence firm. 2 Implementing a Third-Party Management Solution: 5 Steps for Success
Implementation plan: A detailed implementation plan will include the roles and responsibilities of executives and employees impacted by the change and clear expectations for the third-party compliance management provider to meet. Company-wide communications plan: To effect change, the company s employees and executives must support the transformation of the compliance process. A communications plan helps create the case for change and minimize objections across the organization. Third-party communications plan: In addition to developing an internal communications plan, companies must develop the content and tone of communications with third parties as well. This includes determining how the company plans to welcome third parties to the organization and engage them in the compliance process. Establish Key Performance Indicators (KPIs) to monitor and report post-implementation: Monitoring KPI post implementation ensures that the third-party compliance solution functions as intended and delivers the benefits detailed in the business case used to justify the investment. Such reporting empowers the compliance division and provides clear and compelling evidence to C-Suite executives and the Board of Directors regarding the program s performance. Project timelines must take into account the company s compliance-related objectives. For example, if an organization is under a government probe, the project timeline will be much shorter than it would be if the organization is starting the process without any government pressure. Step Three Determine Pre- and Post-Implementation Roles and Responsibilities Ownership of a third-party compliance solution involves differing levels of responsibility and expense. Who will fund the initial investment in the solution? Who will be fiscally responsible once the adoption of the solution takes place? There may be further discussion about whether to centralize or decentralize the company s third-party compliance program. This is also the time to determine the need for additional staff to support the solution in either a decentralized or a centralized state. Step Four - Identify the Location and Ownership of Third-Party Records Integrating Legacy Data Do you plan to upload legacy third-party compliance data? If so, determine the solution provider s role in the process. Do they have previous experience mapping data and assisting clients with the integration process? One of the benefits companies realize from implementing a third-party compliance solution is the creation of a dedicated repository to house third-party data. An essential step in the process to centralize such data involves identifying the location of relevant third-party data within the company, including who owns that data and who must approve its migration to another platform. Performing this step prior to the implementation process can help identify potential objections or obstacles without affecting the project timeline. www.securimate.com 3
Step Five Evaluating Your Company s Due Diligence Questionnaire and Risk Model Due Diligence Questionnaires Implementing a risk-based approach to third-party compliance involves gathering data, typically via due diligence questionnaires (DDQ). In turn, the risk model helps establish the level of due diligence required for each third party. If your organization does not have an existing due diligence questionnaire, the third-party compliance solution provider may have templates they can provide. Depending on the location of your company s third parties, you may need versions of the DDQ in multiple foreign languages. Risk Model Third-party risk models include many factors that allow a company to assess the compliance risk that an intermediary presents. If your organization has an existing risk model in place, now is the time to reevaluate the components and their weighting. Implementing a technology-focused solution to centralize and automate the third-party management and compliance process is a complex, yet vital, process towards achieving Anti-Bribery and Anti- Corruption compliance. Through careful planning and insightful cross-functional team discussion, companies can implement solutions that provide flexibility and are scalable with demand. Engaging the Experts to Create a Third-Party Risk Model Deploying a risk-based compliance program requires a detailed understanding of the types of intermediaries the company engages and a fully functional risk model that analyzes a number of factors, including: Where the third party conducts business. The type of third party (Ex. intermediary, consultant, supplier). How much business the third party generates for the company. The third party s participation in government tenders. The third party s interaction with government entities on your company s behalf. Contact Us Securimate s Total Solution delivers a streamlined, flexible, and scalable approach to third-party management. Clients benefit from the access to knowledgeable compliance experts who have extensive experience helping clients develop and deploy industry-leading third-party risk models. To find out how Securimate can help your organization implement a third-party management program, please contact us at info@securimate.com or +1 (512) 287.2700 for more information. 4 Implementing a Third-Party Management Solution: 5 Steps for Success
About Securimate Securimate is the leading enterprise third-party management Saas, Software as a Service solution that enables multinational companies to systematically onboard, manage, monitor, and audit their sales channel and supply chain participants. Securimate s flexible workflows deliver detailed analytics that help customers ensure regulatory compliance, maximize supply chain efficiency, and comply with data privacy laws and regulations. Securimate Inc. Headquarters 11044 Research Blvd., Suite B-250 Austin, TX 78759 USA Securimate Inc. 2638 Highway 109, Suite 200 Wildwood, MO 63040 USA +1 (512) 287.2700 info@securimate.com www.securimate.com SM-1011501