Written by: Rajesh Bathija

The uncertainty triggered by the novel coronavirus has made it imperative for organisations world over to recalibrate business risks. Businesses, as they evolve, progressively employ various third parties, particularly vendors and suppliers, to reduce costs, increase efficiency and exercise specialisation. Demand for external parties may arise across various groups within an organisation, creating a need to review and manage new risks that the company will be exposed to. While these risks persist, businesses should focus on aligning such risks with their own strategies and culture, thereby establishing a system of co-existence.

A dominant part of any third-party review emphasises on preparing or updating the vendor master to determine the volume of third parties contracted by the organisation, thereby identifying critical business areas that employ such vendors and understanding the organisation’s dependence thereon. An eventual grading of such dependencies may allow the firm to better allay risks associated with them. Grading may be based on certain parameters including business continuity and sustainability in a post COVID ecosystem, ability to service requirements in the long run, impact on delivery timelines, harnessing the untapped potential and evaluating exposure to each organisation third party suppliers.

In the aftermath of COVID, as companies including third parties seek to reorganise their businesses, there will be instances of staff retrenchment, reduction in salary and realigning capabilities. In situations where such factors may limit the ability of vendors to service their clients at optimal capacity, key questions which will arise include a) will your business be prioritised and be serviced if third-party service providers downsize, b) is it time to diversify the pool and onboard new vendors, c) could there be a potential fraud risk due to sub-optimal internal processes. The answers to these questions could lead to organisations either bearing the obligation of onboarding additional vendors or assessing the existing ones to mitigate risks while ensuring effective internal controls to enable businesses to operate smoothly.

The lockdown imposed has led to the majority of the offices moving to remote working platforms creating an ideal opportunity for cybercriminals leading to higher intensity of cyber frauds, phishing attacks, data theft, ransomware, etc. which affects the entire ecosystem including your vendors and suppliers. This has raised several important questions: a) do organisations know the extent to which their vendors are exposed? b) are third-parties able to provide their employees relevant infrastructure to enable them to work remotely or are employees constrained due to this displacement? c) will this displacement impact services affecting both the vendors and their customers? and d) do cybersecurity protocols of companies also include third-parties?