Companies that outsource are effectively extending their enterprise to include the services of the third parties with whom they’ve contracted. While wholesale failure of third-party services is fairly rare, gaps in control performance are not. This is why leading enterprises seek to assess and manage.
Once you understand how a particular vendor’s risks might impact your business, you have to make a choice:
- Agree to bear the risk that has been identified;
- Reject the vendor and look for another that can meet your needs; or,
- Collaborate with the vendor to remediate the risk and help the company become a more suitable business partner.
Remediation consists of a management program in which you present your vendor with a list of findings or deficiencies then work together to develop a plan to address those shortcomings with a schedule for completion. Ideally, you and the vendor will work together to determine when and how you will put the controls in place.
A key aspect of any vendor relationship, remediation acts as a two-way street that allows you and your vendor to learn about each other’s business practices and to gauge how much each is willing to invest in a mutually beneficial partnership.