CeFPro Connect

Optimizing due diligence: Best practices for enhanced assessment
This article examines the critical stages in the third-party lifecycle where supplier due diligence and assurance are necessary, detailing the types of due diligence activities, their link to performance monitoring, the required skill sets, the benefits of third-party assessors, and the use of pooled audits for efficiency.
Codee Woo
Codee Woo, Strategic Supplier Risk Manager, LGIM
Laura Faure
Laura Faure, Third Party Risk Manager, Legal & General 
Optimizing due diligence: Best practices for enhanced assessment

  • Suppliers should be vetted at the pre-contract stage to ensure they meet the firm's risk appetite.

  • Regular re-assessment of suppliers is necessary, with the frequency and depth based on the level of risk presented.

  • Re-assessment should be triggered by material changes to services or significant incidents.

  • Due diligence should evaluate the design and operational effectiveness of suppliers’ policies and procedures, including information security, operational resilience, and data protection.

  • Suppliers must have adequate controls for service performance monitoring and issue management.

  • Firms should regularly review and update their due diligence and assurance policies to address emerging risks and new regulations.

  • Findings from due diligence should inform ongoing performance monitoring, particularly for critical suppliers.

  • Assessors should have appropriate training, risk domain expertise, and experience with relevant controls.

  • Third-party assessors can provide unbiased evaluations and best practice recommendations when in-house capacity is limited.

  • Pooled audits can be cost-effective for medium to high-risk suppliers but may lack relevance to specific services or industries.

Log in to continue or register for free
Unlimited access to peer-contribution articles and insights
Global research and market intelligence reports
Discover iNFRont Magazine, an NFR publication
Panel discussion and presentation recordings