Risk management and Covid-19: monitoring of service providers.
Third party risk management is being addressed in most organizations where services are being rendered by external service providers, such as IT datacenters and cloud service providers. Based on contracts and service level management agreements the quality of services delivered is being managed, monitored and discussed between parties. In 'usual times' this takes place on a regular basis, let's say quarterly. But in these unprecedented times, dealing with Covid-19, one can argue whether the regular monitoring and reporting still suffices from a risk management perspective. What should organizations do additionally in managing the risks in the external service provider relationship?
It speaks for itself that the regular points of attention regarding services delivered by external service providers need to be assessed, monitored and discussed. But additional questions should be raised:
Answering the above questions is of importance to manage dependencies on external service providers, foresee any issues on quality of services and discuss solutions in a timely manner in order to safeguard continuity of operations.
KPMG can assist you in addressing these questions and asses the quality of the third party risk management in the organization. In case you would like to discuss your approach on managing third party risks, please feel free to contact Brigitte Beugelaar.