Deloitte advises on optimizing third-party assurance programs for outsourcing

by Brianna Crandall — August 15, 2016 — The use of outsourcing is steadily increasing, driving a growing need for the sharing of risk and performance reporting between outsource service providers (OSPs) and customers. Yet, results from a recent Deloitte poll show there may be a lack of clarity within OSPs around the ways that their third-party assurance (TPA) programs are managed. Deloitte points the way for organizations to set a high standard for the management of third-party programs.

Dan Kinsella, partner, Deloitte Advisory, and national third-party risk management leader at Deloitte & Touche, stated:

OSPs are situated in a challenging environment. Heightened exposure to risk across business areas has led to a tremendous increase in demand for custom TPA reports from customers. When combined with a rise in requests for information and on-site audits, that number can be staggering. While many OSPs recognize that an optimized TPA program can lead to proficiency, we’re seeing a concerning amount of uncertainty around who is ultimately responsible for which areas of the program.

A majority (48.2%) of poll respondents are unsure whether their organization is taking what they believe is the best approach toward improving the TPA reporting process. An open line of communication with customers and the salesforce, management, information technology (IT) and other key personnel is the first step that can help push outsourcers out of the blocks as they think about putting together a TPA optimization approach, says Deloitte.

Organizations are advised to invest in the customer’s first point of contact in order to get a full picture of the risk environment, identify gaps, and overlap in current reporting processes, and uncover and meet customer needs. According to Deloitte, how OSPs empower the salesforce to effectively and efficiently communicate TPA capabilities can strengthen the communication channel between the customer and vendor, ultimately moving the needle toward an optimized TPA program.

Chad Phillips, managing director, Deloitte & Touche, pointed out:

When you think about the risks facing your own organization, you also have to think about managing the myriad of risks faced by your clients. Many companies zero in on security and compliance instead of focusing on value creation based on risk tolerance. Fully transparent discussions between vendors and customers are needed to understand the risks and the compliance expectations, and to continually stay on top of the ever-changing risk landscape.

Optimization of an existing TPA framework and approach can create value for both OSPs and their customers. Deloitte offers five considerations for vendors to optimize their own TPA program:

  • Understand the outsourcing environment being worked in, know the internal and external reporting requirements, and take a holistic view of what types of reporting can satisfy the diverse needs of clients. Analyze risk to drive down costs throughout the entire process.
  • Integrate control testing requirements across the enterprise and use a “test once, satisfy many” approach. Identifying the overlap in a reporting program is key to optimization.
  • Rationalize reporting requirements and control frameworks into non-duplicative, efficient mechanisms to better fit the needs of all parties.
  • Enhance reporting methodologies and transparency, and empower the salesforce to sustain more efficient and effective communication streams with customers.
  • Monitor TPA processes and outsourcing relationships proactively by regularly revisiting the approach and considering process automation such as risk sensing. View this as a “living document” where the risk process is ongoing and evolving over time.

According to Kinsella, a successful finish for a third-party assurance (TPA) program would be one that “drives performance through good risk management and value through strengthening trust between parties, managing costs, and sustaining relationships through effective compliance management.

About the online poll

Over 2,070 professionals participated in a Deloitte Webcast, “Outsourcing assurance and compliance: Driving upside opportunity while addressing downside risk,” on June 30, 2016. Poll respondents work in industries including banking and securities (16.8%); technology (7.5%); investment management (5.7%); and insurance (5.6%).

About Deloitte Advisory

Deloitte Advisory helps organizations turn critical and complex business issues into opportunities for growth, resilience, and long-term advantage. Market-leading teams help clients manage strategic, financial, operational, technological, and regulatory risk to enhance enterprise value, while experience in mergers and acquisitions, fraud, litigation, and reorganizations helps clients emerge stronger and more resilient.