Wednesday, January 27, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

How to Medal in Outsourcing

by Corporate Compliance Insights
August 3, 2016
in GRC Vendor News
How to Medal in Outsourcing

New York (Aug. 3, 2016) PRNewswire — The use of outsourcing is steadily increasing, driving a growing need for the sharing of risk and performance reporting between outsource service providers (OSP) and customers. Yet results from a recent Deloitte poll show there may be a lack of clarity within OSPs around the ways their third-party assurance (TPA) programs are managed. As the athletes of the world converge on Rio to test the results of their practice and process, organizations can similarly aspire to an Olympic standard for the management of third-party programs.

“OSPs are situated in a challenging environment,” said Dan Kinsella, partner, Deloitte Advisory and national third-party risk management leader at Deloitte & Touche LLP. “Heightened exposure to risk across business areas has led to a tremendous increase in demand for custom TPA reports from customers. When combined with a rise in requests for information and on-site audits, that number can be staggering. While many OSPs recognize that an optimized TPA program can lead to proficiency, we’re seeing a concerning amount of uncertainty around who is ultimately responsible for which areas of the program.”

A majority (48.2 percent) of poll respondents are unsure whether their organization is taking what they believe is the best approach toward improving the TPA reporting process. An open line of communication with customers and the sales force, management, IT and other key personnel is the first step that can help push outsourcers out of the blocks as they think about putting together a TPA optimization approach. Organizations should invest in the customers’ first point of contact in order to get a full picture of the risk environment, identify gaps and overlap in current reporting processes and uncover and meet customer needs. How OSPs empower the sales force to effectively and efficiently communicate TPA capabilities can strengthen the communication channel between the customer and vendor, ultimately moving the needle toward an optimized TPA program.

“When you think about the risks facing your own organization, you also have to think about managing the myriad of risks faced by your clients,” said Chad Phillips, managing director, Deloitte & Touche LLP. “Many companies zero in on security and compliance instead of focusing on value creation based on risk tolerance. Fully transparent discussions between vendors and customers are needed to understand the risks and the compliance expectations and to continually stay on top of the ever-changing risk landscape.”

Optimization of an existing TPA framework and approach can create value for both OSPs and their customers. Here are five considerations for vendors when going for the gold in their own TPA program:

  1. Understand the outsourcing environment you are working in, know the internal and external reporting requirements and take a holistic view at what types of reporting can satisfy the diverse needs of clients. Analyze risk to drive down costs throughout the entire process.
  2. Integrate control testing requirements across the enterprise and use a “test once, satisfy many” approach. Identifying the overlap in a reporting program is key to optimization.
  3. Rationalize reporting requirements and control frameworks into non-duplicative, efficient mechanisms to better fit the needs of all parties.
  4. Enhance reporting methodologies and transparency, and empower the sales force to sustain more efficient and effective communication streams with customers.
  5. Monitor TPA processes and outsourcing relationships proactively by regularly revisiting the approach and considering process automation such as risk sensing. View this a “living document” where the risk process is ongoing and evolving over time.

“A podium finish for a TPA program would be one that drives performance through good risk management and value through strengthening trust between parties, managing costs and sustaining relationships through effective compliance management,” concluded Kinsella.

About the online poll

Over 2,070 professionals participated in a Deloitte webcast, “Outsourcing assurance and compliance: Driving upside opportunity while addressing downside risk,” on June 30, 2016. Poll respondents work in industries including banking and securities (16.8 percent), technology (7.5 percent), investment management (5.7 percent) and insurance (5.6 percent).

About Deloitte Advisory

Deloitte Advisory helps organizations turn critical and complex business issues into opportunities for growth, resilience and long-term advantage. Our market-leading teams help our clients manage strategic, financial, operational, technological and regulatory risk to enhance enterprise value, while our experience in mergers and acquisitions, fraud, litigation and reorganizations helps clients emerge stronger and more resilient.

As used in this document, “Deloitte” and “Deloitte Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.


Previous Post

5 Ways Board Portals Help with Corporate Governance

Next Post

Are You Tough Enough to Cross the Rubicon?

Corporate Compliance Insights

Related Posts

abstract handshake on grey background

Kroll Launches Data Privacy and Digital Trust Solutions Ahead of Data Privacy Day

January 21, 2021
red stick figure standing outside circle of blue stick figures

ICA Survey: 4 in 10 Compliance Professionals Experience Discrimination in the Workplace

January 21, 2021
business team interrogate corrupt businessman, money falls from his pockets

QuantaVerse Launches New Financial Crime Investigation Report

January 20, 2021
yellow job search box speech bubble

Fortune 500 Job Descriptions Are Still Biased Toward Men

January 12, 2021
Next Post
Affecting change isn’t easy – avoid these stumbling blocks

Are You Tough Enough to Cross the Rubicon?

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights