The Client: Fortune 100 Consumer Goods Company
The client found it increasingly impractical to manually assess risks across thousands of third parties worldwide. MetricStream’s solution offered them a way to automate third-party risk assessments for optimal efficiency. It also delivered complete, near real-time visibility into third-party risks across the globe, enabling the client to make informed sourcing decisions.
After a comprehensive evaluation of multiple third-party risk management solution providers, MetricStream was chosen by the client based on the strength of their offering, as well as their reputation as a GRC market leader.
MetricStream delivered a centralized solution that scales across the client’s global enterprise, integrating all third-party risk assessment and onboarding processes in a centralized system for complete transparency and visibility. The solution also links risk assessment processes with strategic decision-making for better third-party governance.
Today, anyone with an organizational ID can access the system, and create a new third party, instead of waiting for it to be performed by a select group of managers. The solution processes each third-party request, and triggers a systematic workflow of screening and risk assessments to determine if the third party should be on-boarded or not.
Adding further efficiency, the solution automates third-party risk assessments and qualification. It also enables any third party from across the globe to fill in their risk assessment surveys directly in the system, thereby saving the client the time and effort of manually distributing surveys and collecting responses.
Below are the detailed capabilities of MetricStream’s Third-Party Risk Management Solution:
Empowering users across the enterprise to search and add new third parties on their own
The MetricStream solution consolidates all global third-party data in a single, centralized database. Tens of thousands of employees from multiple countries worldwide can log into this database, and search for a particular third party with the help of intuitive search and reference tools. If the third party does not exist in the database, users can independently create a requirement for a new third party.
Automating third-party screening
When a new requirement is created, the solution throws up a simple, lean form to the user to capture basic data about the suggested third party. Based on the user’s responses, the solution automatically screens the third party based on certain parameters such as the country in which they operate, as well as the category and type of services they will provide to the client. It then leverages complex algorithms to calculate which risk assessments and surveys need to be performed on the selected third party. The third parties that don’t pass the screening process are flagged. For instance, if a third party is located in a country where trade sanctions have been imposed, the solution disqualifies them from further assessments, and also sends an email notification to the client’s legal team.
Streamlining third-party risk assessments and qualification
Based on the results of the screening process, the solution categorizes the third party into a particular risk area, and determines the type of risk assessment surveys that need to be administered to them. For instance, if it finds that the third party is located in a country with a high corruption index, the solution automatically administers an anti-bribery survey to them. The selected third party receives an automatic email notification with instructions and log-in details which they can use to access the MetricStream solution, and respond to the risk surveys.
The solution also provides the flexibility for third parties to download their surveys as spreadsheets, and send them to sub-contractors and other fourth parties to fill in the required information. This data can later be uploaded into the system.
There are three primary surveys issued to third parties:
Depending on the responses to these surveys, the client decides whether or not to qualify the selected third party.
Delivering multi-language support
Given that the client’s third parties are spread across multiple countries with different language requirements, the MetricStream solution provides multi-language support. Third parties accessing the solution can choose from six languages to fill in their surveys - English, Chinese, Spanish, Arabic, Russian, and Vietnamese. All survey questions will be displayed in the selected language.
MetricStream will continue to work with the client towards providing support for up to 14 languages.
The client has a massive network of third parties worldwide, including suppliers, contractors, and consultants. Every month, multiple new third parties are added to this network to meet the client’s growing business requirements. Yet, each third party introduces multiple risks, including bribery risks, product safety risks, and information security risks - all of which directly impact the client’s reputation and credibility.
To keep these risks in control, the client thoroughly assesses each third party before and after they are on-boarded into the organization. Yet, over time, these assessments became increasingly complex and cumbersome. Whenever there was a request for a new third party, it had to be routed through a few select managers in the organization. They were the only ones with access to the third-party database, and therefore, they bore the entire responsibility of tracking thousands of third parties, and assessing the associated risks.
Adding to the challenge, each risk assessment was performed manually. Therefore, it took up considerable time and effort, and slowed down the onboarding process.
Meanwhile, if the management team wanted visibility into the status of third-party risks and onboarding, they had to send out a request, and wait for reports to be manually generated. This again took time, and delayed decision-making processes.
It quickly became evident that the existing approach to third-party risk assessments and onboarding was neither practical nor viable. With more third parties came more risks that needed to be assessed as quickly and efficiently as possible. So, the client began looking for a new solution to automate and accelerate their risk assessments.
The client chose MetricStream for the following reasons:
Market leadership: MetricStream GRC solutions are widely used across the retail and consumer goods industry
Scalability: Thousands of employees and third parties from across the global enterprise can access the MetricStream solution over a web-based interface.
Automation: The solution replaces cumbersome manual tasks with swift, automated workflows.
Extensibility: In the future, the client can extend the solution to other GRC areas such as third-party compliance management, third-party audits, and social compliance