THIRD PARTY RISK MANAGEMENT IN SUPPLY CHAIN SECURITY
R&C: Could you provide an overview of the key risks facing today’s supply chains? To what extent are companies exposed to vulnerabilities arising from their third-party relationships?
Turteltaub: While to most organisations, outside suppliers are thought of as outside suppliers, to enforcement authorities, regulators, the public and investors they are seen as extensions of your organisation. Often from a legal and reputational risk perspective, anything your supply chain does on your behalf can have negative impacts on your organisation. For that reason, it is essential that organisations have a thorough understanding of not just who their suppliers are, but also how they operate and the risks they pose to their organisation.
Dunbar: Many businesses are focused on ‘high profile’ supply chain risks, such as geopolitical conflict. But the risks vendors may present to a business are highly contingent on the nature of goods and services provided, the business relationship and the brand of the purchasing party. Companies may also struggle to evaluate the risk presented by the extended supply chain. A supply chain risk management programme should address a series of simple questions. First, can suppliers consistently meet demand? Second, are the data, goods or services properly protected and managed? Third, do suppliers have appropriate controls to ensure sufficient quality? Fourth, are suppliers financially viable with an effective governance structure? Fifth, do suppliers meet all applicable local, federal and international regulations? Sixth, will a relationship with the supplier reflect poorly on our brand or reputation? And lastly, do suppliers meet green standards that align with expectations and industry standards?
Apr-Jun 2024 Issue
BDO
Society of Corporate Compliance and Ethics & Health Care Compliance Association