Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

The Never-Ending Story

Carole Switzer | April 25, 2017

Consider this scenario: You evaluate a new third-party vendor operating in a high-risk country for corruption risk and other liability concerns such as environmental impact or workforce compliance. Once evaluated, the vendor becomes subject to certain controls based on the risk tier established. You monitored those controls but, six months into the relationship, beneficial ownership of the party changes and the initial risk ranking is no longer valid. The new owners have a record of human rights abuses in their factories and have been associated with bribery charges.

There was published news of the upcoming change of ownership, which you would have seen if you had been engaged in ongoing monitoring of external news sources about your third parties. If you had been collecting information from various sources about the new owners and their track record, you would have re-evaluated the third party and enhanced controls or revised your contract. But you are only evaluating... To get the full story, subscribe now.