Managing Third-Party Vendor Risk During Your Relocation
Understanding Third Party Vendor Relationships
In today’s business world, it is increasingly common to outsource tasks to other specialized organizations. By partnering with other organizations, you can typically provide a higher level of service at a lower cost. These partnerships through sub-contracting create efficiencies by allowing organizations to expand quickly with limited investment and can simplify the procurement processes by allowing solutions from different sources to be bundled together. These sub-contractors, or third-party vendors, are parties who provide ancillary products or services on behalf of a primary supplier to the end-user. Since there are limited controls over how a contractor performs their duties, significant points of risk can be introduced. It is important for every organization to understand, track, and manage these risks in order to avoid negative outcomes.
Understanding Third Party Risks
Third-party vendors introduce risks to your organization which are often times outside of your control. When relying on another company to perform functions on your behalf, your company may become liable for the actions, or inactions, of third-party vendors. Risks may include personal injury, cybersecurity, regulatory compliance, and financial or less tangible things such as time and brand reputation.
Consider these prominent examples of 3rd party risk:
2013 – Target’s credit card processing system was breached due to a HVAC vendor’s failure to secure network portals used to monitor their building’s energy management system. Total cost of the breach was $202 million.
2016 – A snow vendor failed to remove ice near the entrance of a NJ medical facility. A patient fell on the ice and the NJ medical facility incurred $1.4M in damages.
1993 – A beef supplier of Jack-in-the-Box failed to meet cleaning and sanitizing standards resulting in an E. Coli outbreak which infected 732 people and killed 4. The outbreak cost $58.5 million in damages. The chain was barred from operating in several states for over 2 decades, was forced to sell off a large portion of the company to cover damaged and delayed expansion plans for over a decade.
2010 – Deepwater Horizon oil spill was an industrial accident caused by mis-actions of Transocean, a BP contractor. The accident resulted in one of our nation’s largest environmental disasters including the death of 11 employees, the loss of 4.9million barrels of crude oil, and a total clean up cost of $61.6 billion. BP was fined an additional $5.5 billion in civil damages.
Tracking 3rd Party Risks
The simplest and first steps to understanding your organization’s third-party vendor risk is by creating a risk-register. This document provides you a place to log the known risks associated with each of your third-party vendors based on the services that they provide. As risks are identified, a mitigation plan can be developed to address each of the risks on the log. A good process for third-party vendor management should be part of every organizations overall risk management strategy.
As you develop your risk-register, there are likely risks that are unknown to you at this time. Consider partnering with a legal team specializing in risk management to help your organization perform a risk audit.
Managing Third-Party Risks
Actively managing the risks posed by third-party vendors not only protects your organization but strengthens it as well. Third-party vendor management requires diligence from all levels of your organization and helps to promote a culture of safety, security, and accountability.
Form a plan. There should be clear roles and responsibilities within your organization for how contracts are reviewed, services are monitored, and performance is tracked.
Do due diligence. Only work with reputable vendors. Perform background checks, get references, and ask to review samples of prior work when appropriate.
Request Reports. All contracts should outline deliverables and key performance indicators (KPIs). Request periodic reports to identify and track performs. Request reports outline known or potential risks that your vendor identifies.
Review potential risk. Consider the types of risks that each third-party vendor poses. Don’t become complacent as a new third-party vendor becomes more familiar. Continue to audit and review their potential risks and update your register overtime.
Create resiliency. Have a plan for how your organization will respond to a significant risk event. Ensure there is a backup in case a third-party relationship must be terminated.
Third-Party Risks for Relocation
Relocation events are unique risk points for organizations because they do not occur very often and generally include third-party vendors that are outside of an organization’s typical vendor pool. While your organization may only interact with your relocation third-party vendors for a very short period of time, the effects of their work, and the associated risk have the potential to linger for years.
An electrical contractor fails to properly ground a section of modular desks in an inbound call center. A failed battery in a UPC caused a power surge along the ground wire causing damage to 12 computers and greatly limiting customer support.
A moving truck is involved in an at-fault accident injuring 3 people and destroying the high-value contents inside.
An AV systems installer fails to use appropriately sized anchors for a conference room display. During a public event, the display falls and strikes an attendee.
A tie-down strap securing an industrial tank onto a flatbed trailer breaks allowing the tank to roll down an interstate during heavy traffic.
An IT vendor testing network configurations unknowingly has a ransomware virus on his computer. Weeks later, every computer in the company becomes inaccessible and backups are compromised.
Our guides at Voyage Relocation Services are experts in commercial relocation and know the unique risks that come along with it. Let our guides help you better understand and manage the risks associated with your relocation. Contact us now to learn more.