Thinking third party risk and due diligence

As AOs we engage with many third parties, beyond the centres who might provide training and assessment towards our qualification outcomes. The immediate third parties we think of are examiners, EQAs (external quality assurers), external verifiers and moderators. I would guess we are on top of these agreements, usually with standard contracts in place and a schedule at the back that details the specifics of the role, expectations, fees etc. Our due diligence may have been interviews, tests, recommendations, etc.

However, there can be some ambiguity around who the other third parties are? It might be IT suppliers for data base, centre portals and admin services, websites, IT backup and support; certificate suppliers; print and stationery; marketing or HR outsource service; cleaners; venue/organisations that are exam centres and more. It does depend on the size and structure of the AO what agreements may be needed. The thing about all of these organisations/people contributing to delivery of qualification though is how well do you know them and have you got a robust contract in place with service level agreements?

Knowing your suppliers starts with specifying your needs, knowing your budget, going out to the market and then possibly going through a tender and then due diligence process. Often I hear of suppliers that have been inherited, have always been there, the contract has run out, not reviewed, but the auto re-new process kicked in.

Should we be worried? Possibly and yes for sure under the General Conditions (Condition C1) if they contribute to the ability of the AO to deliver qualifications; subject to the make-up of the organisation. 

Before any contract engagement party, due diligences is a must. Starting with a check on Conflicts of Interest, do they also deal with the competition and is the risk of confidential information being shared mitigated? Can they provide you with assurances that the company is sound and unlikely to go under? Can they meet your delivery needs – can you talk to an existing customer that can provide assurances there?

Also an area that can sometimes be forgotten is who your potential suppliers use and rely on for themselves? For example, a web supplier who works with a separate hosting company, where they don’t have servers or do that themselves? Is that arrangement secure, can you be confident in it?

Due diligence exercises can be delivered through the use of surveys to glean information. Where this is a useful method is when you may have a number of potential suppliers being assessed - the questions asked of potential suppliers can be consistent and answers easy to compare. So,

• is your potential supplier financially sound and a real entity? 

• have they had any breaches for anything, from disqualified directors to data protection?

• have you identified any risks with their business and what does their back-up business continuity look like?

• are there any conflicts of interest? Will your confidentiality agreements work with them? Are your security worries addressed?

• do ‘their’ suppliers pose any concerns, anything that might affect the service you want to contract for?

Plenty to consider on this topic.

Heather Venis 

Principal, Awarding First

Heather@awardingfirst.co.uk

Mobile: 0789 479 6262

7/10/2016

← Back to Latest News

cock

Quick links

Legal bits

Write to us

  • Awarding First
    Curscote,
    Priest Weston,
    Montgomery,
    Shropshire,
    SY15 6DF

Get in contact