michelangelus - Fotolia

Due diligence requires a flexible, standardised approach

A study has found that procurement professionals are not confident of the process for vetting new suppliers – but a one-size assessment approach does not fit all

Research from Dow Jones Risk & Compliance has found that many organisations are failing to put in place adequate checks and balances in their due diligence process to bring on board new suppliers.

The findings, published in the Confronting the code of conduct gap report, are relevant to corporate IT, especially in global organisations that may have to deal with different IT suppliers in different regions of the world, where bribery and corruption is part of doing business.

A panel of experts discussed the findings at a recent event in London. Charlie Monteith, former Serious Fraud Office policy lead and contributor to the UK Bribery Act, said: “Driven by the need to have anti-corruption laws of equal standing, and to protect domestic industry, other countries have instated tougher laws – although they haven’t entirely caught up with the UK. Overall, there is a sense among business that bribery is neither sustainable nor worth the risk.”

The survey reported that among the procurement risk organisations face is that their exposure may arise from indirect dealings via a third or fourth party further down their supply chain.

Based on the responses from the procurement professionals surveyed, the study reported that a third of all new supplier onboarding undertaken in the past 12 months was likely to have been executed incorrectly.

Half of the procurement professionals surveyed said that the time required to vet suppliers results in corners being cut to do business faster. Based on the findings of the survey,  Dow Jones Risk & Compliance estimated that 31% of the third parties businesses work with are considered “high risk”.   

Jim Lord, former US Department of Justice prosecutor and consultant to Dow Jones Risk & Compliance, said: “Over half of procurement professionals are not confident that existing suppliers have been vetted properly.”

Guy Harrison, general manager of Dow Jones Risk & Compliance, said: “This research reveals significant gaps in the implementation of third-party risk management processes, as well as a lack of business-wide understanding about the risks such processes are designed to address.

“With enforcement action on the rise, compliance simply isn’t the place to cut corners. UK businesses need to address blind spots around third-party risk management as a matter of urgency.”

However, Markus Shultz, global head financial crimes compliance at Standard Chartered, warned that there are unintended consequences of vetting suppliers in a way that is so stringent, it prevents niche businesses and startups from bidding for business.

He said these smaller companies can remain stuck by the huge onboarding task set by large corporates. Startup and niche players may not have the scale to be considered by a large organisation, and certainly they are unlikely to meet many of the prerequisites that would normally be required to be taken seriously during a tender process.

Shultz argued that a one-size-fits-all approach is not effective at assessing such suppliers. “Smaller firms may have a lot of value, but sometimes it is easier to get Oracle in because the vetting process is too stringent. If we are we too formulaic, we could end up cutting out really important vendors,” he said.

Read more about IT procurement

Read more on IT governance