Harvard Law Blog Post on Third Party Oversight

A recent blog post for the Harvard Law School Forum on Corporate Governance addresses issues boards may have with third party risk among service providers. The post, authored by professionals from Deloitte & Touche, discusses measures boards may take to oversee third-party risk with greater confidence. The article encourages boards to ask, “probing questions of management regarding its understanding of risk in third-party relationships that exist in the lower tiers of the extended enterprise.” Technology is one tool that boards can use to assess risk, include increased use of data and continual monitoring of real-time data, as well as the use of dashboards to present data points on “key risk indicators as well as anomalies that merit further intervention.” The article suggests the following questions for boards exercising their oversight role:

  • Where does oversight responsibility for third-party risk reside within the board and its committee structure? Where does responsibility reside within management?
  • What are the key risks the company faces stemming from third parties?
  • What skill sets does the board have to advise management on third-party risk and opportunity?
  • To what extent does information presented by management enable a well-informed third-party risk management strategy, and how can the information be improved?