An Ounce of Third-Party Risk Management Prevention

There is an old saying that goes, “an ounce of prevention is worth a pound of cure”.  Meaning the cheapest way to fix a problem is often to simply prevent it from occurring. Perhaps there is no better example than in the world of third party risk management. When you think of the amount of clean up that is required after a problem, with the benefit of hindsight, you’ll likely wish you’d taken a few proactive steps to have prevented the problem altogether. 

Third Party Risk Management Examples 

Let’s look at a few common examples: 

1. Contract Management - If you don’t have a well-run system for handling your contracts, you may be missing some real opportunities to stave off disaster.  

Having strong provisions for service level reporting may alert you to problems with customer service early on, tracking contract renewal terms is vital so that you don’t accidentally allow a large contract you wanted to terminate simply auto renew, and a poorly written contract exposes you in countless ways. 

2. Information security - Follow your customer’s data, wherever it goes.

Consider who has access, even second-hand access – remember the massive Target breach was actually facilitated by an HVAC provider’s credentials being compromised.  A recent study says that a data breach can cost between $130 and $170 for each record… that’s a lot of money that could have been avoided by taking strong steps in information security on the front end. 

3. Financial analysis - Let’s face it - financials are tough to get if you’re dealing with a small privately held company, but if they are providing a vital service to your institution, you need to do everything you can to gain comfort around their financial health.

You don’t want to wake up one day and find they’ve suddenly gone out of business. 

By doing these three things well, you'll have taken major steps to ensure that their practices are sound and that you've done a lot to address the risks inherent in the relationship. 

These are just a few things to consider. Remember, what you don’t know will hurt you.

To learn more about how to manage third party inherent risk, download our infographic.