No matter how well prepared your organization is to weather out the coronavirus crisis, your ultimate resilience depends on that of your underlying third parties. In a reality check, some 94% of Fortune 1000 companies said they had experienced a supply-chain disruption because of COVID-19. Under these unprecedented conditions, it’s critical to verify that your vendors, contractors, and other third-party suppliers have continuity measures in place just as strong as your own – or everything could come tumbling down.
Will your suppliers will be able to meet their contractual obligations? Here is a checklist to help you get the answers you need:
- Formulate a third-party risk management framework. Establishing a framework sets the tone from the top by clearly delineating ways for business lines and stakeholders to identify and manage risk. A framework also ensures that risk and commercial activities are balanced.
- Take a close look at business continuity and pandemic plans. Ideally, you already have these on file, at least for critical suppliers. If not, request those plans now. Make sure they meet or exceed your requirements – and verify that the plans have been tested.
- Reassess third-party classification status. Massive numbers of employees – your own as well as your suppliers – are now working from home. In this new world order, certain suppliers, such as videoconferencing or laptop support vendors, may have risen to high or critical status if your operations now depend on those functions. Make sure you have complete business continuity plans from any vendor classified as high risk or above.
- Implement clear governance and escalation procedures. Break down silos and encourage collaborative decision-making among business units and functions, including compliance, finance, procurement, supply chain, internal audit, and IT.
- Send out a supplementary risk assessment questionnaire focusing on coronavirus-related risks. Have their operations been negatively impacted by COVID-19? Have locations been forced to close or limit service? Will they be able to meet demand for services? Are their employees working from home? Are you experiencing financial issues related to the coronavirus pandemic? Be sure to ask questions about the health of employees and other relevant issues not typically included in a standard business continuity plan. The responses will help you identify which vendors are trending riskier. You can then follow up directly with any concerning situations. And continue to monitor risk levels as they could change significantly as events unfold.
The coronavirus crisis has reinforced how critical it is to check in with your third parties throughout the entire relationship, not just at onboarding. Regularly review your high-risk vendors to identify security or operational issues. Security and financial ratings also can help identify any shifts in risk posture over time. Of course, monitoring only goes so far. Have a remediation plan in place for any critical risk and vulnerabilities that arise.