CeFPro Connect

Credit Risk USA
CeFPro Connect Subscribe to our weekly newsletter
Register here
Article
Optimizing due diligence: Best practices for enhanced assessment
This article examines the critical stages in the third-party lifecycle where supplier due diligence and assurance are necessary, detailing the types of due diligence activities, their link to performance monitoring, the required skill sets, the benefits of third-party assessors, and the use of pooled audits for efficiency.
Jun 04, 2024
Codee Woo
Codee Woo, Strategic Supplier Risk Manager, LGIM
Laura Faure
Laura Faure, Third Party Risk Manager, Legal & General 
Optimizing due diligence: Best practices for enhanced assessment

  • Suppliers should be vetted at the pre-contract stage to ensure they meet the firm's risk appetite.

  • Regular re-assessment of suppliers is necessary, with the frequency and depth based on the level of risk presented.

  • Re-assessment should be triggered by material changes to services or significant incidents.

  • Due diligence should evaluate the design and operational effectiveness of suppliers’ policies and procedures, including information security, operational resilience, and data protection.

  • Suppliers must have adequate controls for service performance monitoring and issue management.

  • Firms should regularly review and update their due diligence and assurance policies to address emerging risks and new regulations.

  • Findings from due diligence should inform ongoing performance monitoring, particularly for critical suppliers.

  • Assessors should have appropriate training, risk domain expertise, and experience with relevant controls.

  • Third-party assessors can provide unbiased evaluations and best practice recommendations when in-house capacity is limited.

  • Pooled audits can be cost-effective for medium to high-risk suppliers but may lack relevance to specific services or industries.
Log in to continue or register for free
WHAT'S INCLUDED:
Unlimited access to peer-contribution articles and insights
Global research and market intelligence reports
Discover iNFRont Magazine, an NFR publication
Panel discussion and presentation recordings
REGISTER HERE SIGN IN
Aravo report skyscraper
Related insights
Adapting to new regulatory challenges: Enhancing third-party risk management
Adapting to new regulatory challenges: Enhancing third-party risk management
Critical Steps to Ensure Compliance and Mitigate Third Party Risk
Critical Steps to Ensure Compliance and Mitigate Third Party Risk
Mastering Exit Strategies in Third-Party Risk Management for Future Regulatory Compliance
Mastering Exit Strategies in Third-Party Risk Management for Future Regulatory Compliance
Navigating Concentration Risk for Enhanced Business Resilience in a Geopolitical Landscape
Navigating Concentration Risk for Enhanced Business Resilience in a Geopolitical Landscape
Managing Interconnectivity Across Risk Categories and Establishing a Holistic View of Risk
Managing Interconnectivity Across Risk Categories and Establishing a Holistic View of Risk