Managing 3rd Party Risks

Fraud Prevention Tip #33: Special Attention to Managing 3rd Party Risks

One fraud risk area of special concern comes from relationships with third parties. Here’s why.

Your organization’s relationship with employees is governed by law, policy, and operating procedures. There exists a daily ability to supervise, monitor, reward, and discipline individuals. Information needed for these tasks is available with few barriers. Employees generally share the organization’s ethical standards. Deviation in individual behavior from those standards is often detectable.

The organization’s relationship with third parties is determined by the documents governing the relationship. Examples include contracts, purchase orders,

Managing 3rd Party Risks

High Impact Auditing: Practices that Pay

Every day, the expectations placed on professional internal auditors are on the rise. As a result, we all find ourselves in a constant state of “catching up” in order to meet the needs of management, board members, clients and even ourselves. This highly interactive program will provide proven ideas that can dramatically increase the daily effectiveness and perceived value of the individual auditor and the audit team. Participants will learn how to:
Identify the key areas where management and other client groups want and need attention
Define your role to fully meet the needs of the organization
Identify the behavioral adjustments needed to be more effective every day
Improve audit planning and performance to identify and address areas of importance
Develop audit steps that find important problems and opportunities
Get desired action from auditees and others
Demonstrate measurable value

engagement letters, loans, leases, sales agreements, standard terms and conditions, and other documents. Third parties have legitimate business interests that may at times be at odds with those of their customers and clients. If wrongdoing by third parties is suspected, it may be difficult or impossible to obtain records needed to prove or disprove the suspicion.

Suspected fraud by outside organizations with a trust relationship can be extremely challenging to pursue. Be as prepared as possible for these challenges. Make sure that the documents that define the relationship are clear on matters of fraud and other wrongdoing.

Where appropriate, make your organization’s Code of Conduct an integral part of any third-party relationship documents. Consider having the third party acknowledge their awareness and compliance with your conduct standards every year.

Also include appropriate Right to Audit language in third party ‘deal documents’ – again, where appropriate to do so. We recommend strong Right to Audit language in:

• Requests for Proposals
• Contracts (including the requirement for your Right to Audit be included in any sub-contacts or suppliers to the contract)
• Purchase Orders
• Engagement Letters with your professional service providers
• Any leases you sign as lessor where there is a cost pass through provision
• Standard Terms and Conditions

One last thing. Don’t just have Right to Audit provisions. Perform detailed audits of third parties performed by subject matter experts. If you’re not quite sure where to start, reach back to me at John@JohnHallSpeaker.com. We’ll get you pointed in the right direction.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”