Professional Documents
Culture Documents
Third Party Risk Management Solution - Web
Third Party Risk Management Solution - Web
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 3
The extended enterprise
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 4
The extended enterprise
The extended enterprise is the concept that an organisation does not operate in isolation. Its success is dependent upon
a complex network of third-party relationships.
Joint
Franchise
ventures
– Sales agents
Certification – Licensing – Distribution
R&D – Distributors
bodies Labs – and Sales – Loyal partners
Inventory –
Logistics Customers
Shipping –
– Advertising – Media
Marketing agency ad sales
Infrastructure and –
application support
Hosted vendor solutions – – Office products
Technology Facilities – Waste disposal
Disaster recovery –
Licensed vendor solutions – – Cleaning
Hardware lease –
– Recruiting
Human – Contractors
Insurance – Benefits providers
Resources
– Payroll processing
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 5
Third party risks in an extended
enterprise network
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 6
Third party risks in an extended enterprise network
Loss of reputation – Risk to the reputation of the organisation from the use of third-party
relationships due to a myriad of reasons, including misuse of intellectual property, poor
product quality, lack of compliance to human rights, and environmental regulations, etc.
Data risk – Loss, misuse, or mishandling of critical data of the organisation or its
customers by a third-party relationship can result in financial loss; hefty fines and
Extended decrease in shareholder value
enterprise
Product recall – Poor product quality, safety issues, or faulty packaging by third parties can
• Sell side lead to product recalls resulting in recall costs, lawsuits from consumers, increased costs
• Buy side from settlements, and lost revenue from missed sales opportunities
• Infrastructure
Financial impact – Financial loss from under-reporting of revenue from licenses,
royalty partners, distributors, franchisees, etc. and over-payment for services from
third-party relationships
Lack of compliance – Third party acts corruptly to gain business advantage for organisation
resulting in hefty fines or is not in compliance with the environment, conflict minerals, health
and safety, labour rights, etc. regulations
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 7
Deloitte’s Third-Party Risk
Management (TPRM) solution
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 8
How can we help?
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 9
TPRM automation platform
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 10
Deloitte’s third-party risk management
- Approach and methodology
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 11
Deloitte’s third party risk management - Approach and methodology
Data sources (Company internal systems like ERP, CRM, billing system)
Reporting
CISO Team Chief Risk Office Supply chain Business controller Key Performance Indicators (KPI)
Automation
Views Workflow Data repository Analytics and reporting
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 12
Deloitte’s engagement delivery
models for TPRM program
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 13
Deloitte’s engagement delivery models for TPRM program
Various engagement delivery model
Description: Description:
Deloitte VIC Client Deloitte VIC
• The client receives service delivery • In a Build-Operate-Transfer
as per the defined SLA Service provider staff, (BOT) model, the TPRM Organisation Service provider
tools, framework, and staff and assets staff and assets
• Trained staff, framework, and tools offshore delivery centre is
take entire ownership of
are provided by Deloitte usually developed based
deliverables and quality Deloitte develops
on specific requirements Service
new delivery
Trend: of a client delivery
capabilities on
to organisation
• Clients use this model to deliver TPRM
Managed service delivery Trend:
TPRM effectively and efficiently as
per the assessment costing model Often selected by clients who Service Deloitte
do not have skill sets, scale, Delivery staff and assets
Client or capability within a function Ownership
Captive TPRM delivery
Receives service delivery or geography centre transfer capabilities
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 14
Key contacts
Rohit Mahajan
President
Risk Advisory
rmahajan@deloitte.com
Munjal Kamdar
Partner
mkamdar@deloitte.com
Gautam Kapoor
Partner
gkapoor@deloitte.com
Vishal Chaturvedi
Partner
vchaturvedi@deloitte.com
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 15
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and
each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about
for a more detailed description of DTTL and its member firms.
This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP). This material (including any information contained in it) is intended to provide general information on a
particular subject(s) and is not an exhaustive treatment of such subject(s) or a substitute to obtaining professional services or advice. This material may contain information sourced from
publicly available information or other third party sources. DTTILLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance
placed on information sourced from such sources. None of DTTILLP, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is,
by means of this material, rendering any kind of investment, legal or other professional advice or services. You should seek specific advice of the relevant professional(s) for these kind of
services. This material or information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any
action that might affect your personal finances or business, you should consult a qualified professional adviser.
No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person or entity by reason of access to, use of or reliance on, this material. By using this
material or any information contained in it, the user accepts this entire notice and terms of use.
©2019 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited
©2019 Deloitte Touche Tomatsu India LLP Third Party Risk Management Solution 16