How to medal in outsourcing: Deloitte poll finds room for improvement in third-party assurance programs
NEW YORK, Aug. 3, 2016—The use of outsourcing is steadily increasing, driving a growing need for the sharing of risk and performance reporting between outsource service providers (OSPs) and customers. Yet, results from a recent Deloitte poll show there may be a lack of clarity within OSPs around the ways that their third-party assurance (TPA) programs are managed. As the athletes of the world converge on Rio to test the results of their practice and process, organizations can similarly aspire to an Olympic standard for the management of third-party programs.
“OSPs are situated in a challenging environment,” said Dan Kinsella, partner, Deloitte Advisory and national third-party risk management leader at Deloitte & Touche LLP. “Heightened exposure to risk across business areas has led to a tremendous increase in demand for custom TPA reports from customers. When combined with a rise in requests for information and on-site audits, that number can be staggering. While many OSPs recognize that an optimized TPA program can lead to proficiency, we’re seeing a concerning amount of uncertainty around who is ultimately responsible for which areas of the program.”
A majority (48.2 percent) of poll respondents are unsure whether their organization is taking what they believe is the best approach toward improving the TPA reporting process. An open line of communication with customers and the salesforce, management, IT, and other key personnel is the first step that can help push outsourcers out of the blocks as they think about putting together a TPA optimization approach. Organizations should invest in the customers’ first point of contact in order to get a full picture of the risk environment, identify gaps, and overlap in current reporting processes, and uncover and meet customer needs. How OSPs empower the salesforce to effectively and efficiently communicate TPA capabilities can strengthen the communication channel between the customer and vendor, ultimately moving the needle toward an optimized TPA program.
“When you think about the risks facing your own organization, you also have to think about managing the myriad of risks faced by your clients,” said Chad Phillips, managing director, Deloitte & Touche LLP. “Many companies zero in on security and compliance instead of focusing on value creation based on risk tolerance. Fully transparent discussions between vendors and customers are needed to understand the risks and the compliance expectations, and to continually stay on top of the ever-changing risk landscape.”
Optimization of an existing TPA framework and approach can create value for both OSPs and their customers. Here are five considerations for vendors when going for the gold in their own TPA program:
- Understand the outsourcing environment that you are working in, know the internal and external reporting requirements, and take a holistic view at what types of reporting can satisfy the diverse needs of clients. Analyze risk to drive down costs throughout the entire process.
- Integrate control testing requirements across the enterprise and use a “test once, satisfy many” approach. Identifying the overlap in a reporting program is key to optimization.
- Rationalize reporting requirements and control frameworks into non-duplicative, efficient mechanisms to better fit the needs of all parties.
- Enhance reporting methodologies and transparency, and empower the salesforce to sustain more efficient and effective communication streams with customers.
- Monitor TPA processes and outsourcing relationships proactively by regularly revisiting the approach and considering process automation such as risk sensing. View this a “living document” where the risk process is ongoing and evolving over time.
“A podium finish for a TPA program would be one that drives performance through good risk management and value through strengthening trust between parties, managing costs, and sustaining relationships through effective compliance management,” concluded Kinsella.
About the online poll
Over 2,070 professionals participated in a Deloitte webcast, “Outsourcing assurance and compliance: Driving upside opportunity while addressing downside risk,” on June 30, 2016. Poll respondents work in industries including banking and securities (16.8 percent); technology (7.5 percent); investment management (5.7 percent); and insurance (5.6 percent).
About Deloitte Advisory
Deloitte Advisory helps organizations turn critical and complex business issues into opportunities for growth, resilience, and long-term advantage. Our market-leading teams help our clients manage strategic, financial, operational, technological, and regulatory risk to enhance enterprise value, while our experience in mergers and acquisitions, fraud, litigation, and reorganizations helps clients emerge stronger and more resilient.
As used in this document, “Deloitte” and “Deloitte Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.