Search

Editors

Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Harry Cassin Managing Editor


Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« Corruption kills another Olympic dream | Main | Fat Leonard ‘ghostwriter’ pleads guilty »
Wednesday
Nov142018

Developing an internal due diligence procedure? Start here

Risk profiling third parties is now a critical stage of any due diligence process. As businesses continue to expand and grow, more and more factors must be considered when assessing the risk level of a given third party -- whether a vendor, customer, or agent.

If you're new to developing internal due diligence procedures and risk profiles, here are some recommendations on how to get started.

  • Understand your third-party landscape -- complete a risk assessment and know your biggest risk factors -- even at a high level (including credible risk sources and references such like the CPI)
  • Divide your third parties into risk categories using your top 3-5 risks you identified from the risk assessment
  • Start with the highest risk third parties and make sure there are no immediate issues
  • Lay out your due diligence program and build a future process that considers no more than five factors when evaluating where a third party gets categorized (e.g. location, type of service, contract value, government involvement, prior history)
  • Name or assign a specific metric to the categories you create for each third-party type -- these will be your third party “risk profiles"
  • Detail due diligence procedures that are appropriate for each risk profile

In my next post I'll discuss what specific factors should be taken into account when creating a risk profile, and the complexities of automating the process. 

____

Lindsay Columbo, Esq. is a founder of eSpear LLC, a developer of due diligence and screening solutions, where she serves as the Global VP of Compliance & Support Services. She previously served as Associate Corporate Counsel, Global Ethics & Compliance for Brightstar Corp. a SoftBank company headquartered in Miami, Florida. She can be contacted here.