Risk-based solution helps companies efficiently manage third-party due diligence to protect their brand and stand up to increased regulatory scrutiny
HOUSTON, July 23, 2013 – Datacert, Inc., the premier global provider of enterprise legal management solutions, announced today the release of its Third-Party Risk Management Module, an extension of Passport® GRC, the company's comprehensive, platform-based framework for managing broad governance, risk, and compliance programs. The new module helps companies protect their brand and reputation by effectively and efficiently managing third-party risk across their businesses to achieve compliance with increasingly-stringent regulations related to anti-corruption (e.g., Foreign Corrupt Practices Act and UKBA), conflict minerals, anti-money laundering (AML), financial services accountability (e.g., Dodd-Frank Act), and more. In addition, companies can use the module to evaluate risks related to internally-defined policies that extend to third parties, such as environmental sustainability-related policies to support social accountability initiatives.
Built to align with the due diligence standards defined by the Open Compliance and Ethics Group (OCEG), as well as with the IS0 31000 risk management framework, Datacert’s Third-Party Risk Management Module allows companies to more efficiently manage all third parties and related due diligence efforts. In particular, the module utilizes weighted risk factors to calculate each third party’s risk level, enabling an accurate assessment of third-party risk across the business. Organizations can then prioritize their evaluation and mitigation efforts according this assessed risk level and, on an ongoing basis, monitor changes to the risks factors and risk levels of all third-parties. This risk-based approach streamlines companies’ third-party management and due diligence efforts by allowing them to focus resources on the parties that represent the most risk to the company, while still monitoring all third parties. Since companies often work with thousands of third-party partners, this ability is critical to enabling them to comply with regulatory requirements to protect their brand and reputation.
"With thousands of third parties to contend with and increased regulatory scrutiny, companies must actively monitor and manage these relationships. Organizations need to demonstrate a defensible due diligence process and an in-compliance status throughout their extended business environment," commented Michael Rasmussen, J.D., OCEG Fellow, and founder of GRC 20/20, a leading GRC strategy advisory firm. "Datacert's new module provides the type of backbone technology and strategic approach within a risk-based context that is needed to help companies effectively manage third-party risks and relationships throughout their value chain."
The Passport GRC Third-Party Risk Management Module provides a central place for companies to store and manage all third-party information, enabling a comprehensive view of third-party risk and due diligence efforts across their businesses. This visibility, combined with the risk-based approach, helps companies mitigate third-party risk and sustain a state of compliance, ensuring validity, accountability and consistency in their third-party risk management processes. This, in turn, allows companies to have a defensible due diligence process and audit trail that can stand up to increased regulatory scrutiny.
"Our solution helps companies strategically prioritize the risk level of third-party relationships so that resources are allocated in the right place, effective and ongoing due diligence is conducted and tracked, and ongoing monitoring is achieved," explained Shaheen Javadizadeh, vice president of product management, Datacert. "Ultimately, our technology will help companies protect their brand and reputation and avoid financial consequences of potentially risky relationships."
The module supports an automated and centralized third-party risk management process based on the five steps of the ISO 31000 risk management framework:
- Identify – Centralized access to all third-party information enables risk managers to more easily gather information and identify relevant risk indicators
- Analyze – Risk managers utilize a pre-defined set of risk factors to generate a third-party risk score and recommended due diligence level (low, medium, high); Risk factors can be based on out-of-the-box industry standards (e.g., the Transparency International’s Bribe Payers Index and Corruption Perceptions Index) and/or configured to support company-specific needs
- Evaluate – Due diligence tasks (e.g., third party self-disclosure survey, cross-checks, on-site investigation, etc.) that are appropriate to the calculated risk level, can be automatically generated, creating standardized, risk-based due diligence plans
- Mitigate – Risk managers can assign and track corrective actions (e.g., training, contract term revisions, additional controls for payment approvals, more vigorous and frequent monitoring, etc.) to mitigate the risk posed by the third party, while automated notifications help ensure that necessary follow-up actions are addressed
- Monitor – With access to a historical view of each party’s risk level, risk managers are alerted if there are changes so that new tasks can be generated to ensure to ongoing monitoring and due diligence is taking place
The Third-Party Risk Management Module is part of Datacert’s Passport GRC solution, which is comprised of four components: Compliance & Policy Management, Risk Management, Internal Audit Management, and Incident & Inquiry Management. Passport GRC provides companies with a comprehensive framework to support sustainable, proactive, and defensible management of their broad governance, risk, and compliance programs. All of the components and the new module are consolidated on a single platform and share a common database, workflow engine, and business intelligence engine, allowing information to be easily shared across the different functional areas and providing critical visibility across all aspects of companies' GRC initiatives. Passport GRC also integrates seamlessly with Passport Matter Management and Legal Spend Management, creating a closed-loop process between corporations’ legal and GRC functions.