Providing assurance over nth party risk management requires audit leaders to understand the extent to which key third-parties rely on sub-outsourcers. Internal audit should assess how far the organisation understands its level of risk and the controls in place to manage it. According to Risk in Focus 2020, this is one of the top five areas where internal audit spends its time and effort.
- Is this already on your audit plan?
- Are you daunted by the topic?
- Sensing a gap in your knowledge?
If yes to any of these, this article is for you. Take ten minutes to increase your knowledge and challenge the robustness of the supply chain assurance you provide.
Who is an nth party?
Supply chains are often global, complex and volatile with a myriad of interconnecting elements. The hidden reliance on parties deep within the supply chain creates risk such as critical failure points, data leakage and illegal operations.
Typically, supply chain assurance ranges from supplier selection, contract management and supplier management through to inventory management, distribution and logistics.
Whether the terminology is supplier, vendor, tier 1 or third-party, assurance often focuses on the company with whom the organisation has the contract. This is insufficient.
Is internal audit providing ice-berg assurance?
Subcontracting is a normal part of production. However, unauthorized subcontracting presents significant risks for continuity and compliance with quality, social and environmental production standards whether domestic or overseas: from the disposal of waste to producing a microwave. All of these additional supply chain components are known as nth parties.
It is important to keep in mind that nth parties may not be subjected to the level of scrutiny and oversight that the organisation has over the legally contracted third party. This calls for businesses to take even greater care in managing supplier risk. It…