Rethinking third-party contractual compliance – Part IV

Third-party risk and compliance is the cause of much unease, not only to the risk manager but in the C-suite and the boardroom. And no wonder, large organizations may contract with tens of thousands of vendors and suppliers. Even smaller companies can count hundreds of businesses with whom they contract - and rely on - to meet their business objectives. And studies indicate the costs associated with non-compliance can be 2.6 times greater than compliance.

The need to manage these relationships is self-evident. Routine audit and enforcement will ultimately reduce risk, but there is more at stake. By extending the horizon beyond the immediate goal of following the letter of the agreement, organizations are coming to view management of the contracting process as a pathway for increased productivity, asset optimization and ultimately business growth. Put another way, a program of contract risk compliance can actually add value to the enterprise.

Whether the third-party relationship is one of distribution, licensing or service provision, there are ample waypoints to review compliance against a template that encompasses revenue recovery opportunities, extended service arrangements or new-found flexibility that leads to improved business efficiencies. By linking contractual risk to the drivers of value the balance between the cost of the relationship and its resultant benefits are better defined, and aligned.

It is not surprising that many companies may initially believe this extended view of contract compliance is beyond their reach. After all, implementation begins with instilling a risk culture that must emanate from the top and pervade the organization. Certain protocols, governance procedures and cross-departmental consensus must be obtained regarding where exactly are the touchpoints for improving business performance. And of course, even with these basic building blocks in place, you must have the tools, often in the form of technology, to measure outcomes, create metrics and visualize results.

Nevertheless, you don't have to do it all at once. If executive sponsorship is available the barriers to progress are more perceptual than actual. Identify some reasonable, practical steps to get started. Ask yourself the following:

• Do we have a formal strategy or governance model for managing third-party risk?
• Do we know where the breakpoints are?
• Are business units proactively working with Risk Management and Compliance professionals?
• Is there a process for assessing third-party relationships?
• Are contracts appropriately constructed to minimize risk? Moreover, are they enforced?
• Are there better ways to interact with third-parties to enhance the value of the relationship to the enterprise?

Armed with this basic information, the role of vendor management will incrementally advance beyond the traditional, where contracts originate and terminate at Legal. By rethinking the role third-parties play within the larger organization, opportunities to both strengthen and enhance this naturally symbiotic relationship will evolve, ultimately leading to greater and lasting value to the enterprise.