Third Party Due Diligence

Employing a third party - be it a supplier, agent, distributor, lawyer, accountant, or consultant - comes with many risks and regulatory requirements. Companies have to ensure that their third parties protect confidential IT information, avoid unethical practices, maintain a safe and healthy working environment, mitigate operational risks, and more. At the same time, they have to monitor third-party compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Anti-Money Laundering (AML) requirements, conflict minerals reporting requirements, the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, the Federal Trade Commission (FTC) Act, and the Dodd-Frank Act.

Meeting these obligations requires companies to implement robust third-party risk management processes, policies, training programs, controls, due diligence processes, audits, and timely issue remediation. If these processes are not effective, third-party risks could snowball into serious issues that will ultimately affect the profitability and credibility of the company who hired the third-party. Unfortunately, many companies are struggling to implement these due diligence measures due to the increasing complexity and vastness of the third-party network, as well as the high costs of compliance management, and limited visibility into due diligence.

The MetricStream Solution for Third Party Due Diligence

MetricStream offers a comprehensive and flexible solution for third-party governance and due diligence. Built on a scalable GRC platform, the solution transcends enterprise siloes, unifying and consolidating all third parties in a centralized framework. This integrated approach helps in providing greater visibility into third-party risks and compliance, increasing collaboration between companies and their third-parties, and minimizing redundancies.

The MetricStream solution also streamlines the complete range of third-party due diligence processes - right from third-party onboarding and information management, to policy development and distribution, code of conduct training, risk management, control monitoring, audits, and due diligence reporting. Advanced risk analytics help transform third-party data into meaningful insights, while powerful work-flow tools automate resource-intensive processes such as third-party risk ranking and control monitoring.

Benefits of the MetricStream solution

  • Enables third-party risks to be proactively assessed, ranked, and mapped to the corresponding controls, control tests, policies, and regulatory compliance requirements for complete accountability and transparency
  • Enables controls to be designed, implemented, assessed, and monitored to mitigate third-party risks, and prevent compliance violations
  • Facilitates a systematic approach to due diligence audits with advanced capabilities such as an audit advisor, shared calendar, configurable due diligence checklists, and automatic alerts and notifications
  • Integrates with multiple issue reporting systems such as hotlines and online interfaces to capture third-party issues and complaints
  • Supports due diligence investigations, root cause analyses, assignment of follow-up actions, and initiation of corrective and preventive action
  • Provides graphical dashboards and reports that deliver visibility into third-party compliance, risk intelligence, and issues, thereby enabling companies to make more informed business decisions
  • Enhances compliance with the full range of third-party management regulations including HIPAA, FCPA, the UK Bribery Act, the FTC Act, and the Dodd-Frank Act