As we all have learned - often the hard way - things aren't always what they seem. In other words, perception isn't always reality. In fact, sometimes it can be just the opposite.
Through surveys and onboarding of new customers, we've learned that misperception can be the result of overlooked, ignored, or unknown issues. When applied to critical risk management issues, the news can be quite a surprise, often leading to misalignment of expectations and risk exposure.
When asked to cite the current compliance percentage of existing COIs, the average response of perceived compliance hovers around 80%. Unfortunately, our experience tells us the client's view of their third-party compliance is often very different from what we discover. When we onboard a new client, we consistently find the true rate of compliance is more in the range of 15-25%. This is invariably caused by one or more of the following:
It could be argued that with a sustained COI compliance rate upwards of 80% most companies would be doing a pretty decent job managing the task internally and would not turn to outside professional compliance management for assistance. Yet they do. This is interesting behavior and actually good news, for it suggests that despite the high compliance rate they assign themselves there is something else moving them toward outsourcing the task. Maybe they subconsciously know that their 80% self-assessment is really only a sand castle. Their risk management alarm is silently ringing and they are acting responsibly by seeking expert assistance with this complex and difficult task.
The real hazard resides with those who believe the 80% number is real when in fact it is not. Here are a few quick questions to ask yourselves before getting too comfortable:
If you can answer "yes" to all of these questions there is a high likelihood your 80% estimate is valid. We can only hope to assist those who say it is but really know it isn't.