A three step approach for Third Party Risk Management

Effectively managing third party risks

Both large and small organizations struggle with mitigating the risk of doing business with third parties. One needs to efficiently and effectively manage the third party risk, a risk-based approach is required.


Patrick Özer

Partner Forensic

KPMG Nederland


Gerelateerde content

Three step approach for third party risk management

In today’s global environment dealing with the risk of doing business with third parties, e.g. clients, suppliers and agents, is becoming more and more important. In the current information and data age organizations cannot hide and state that they were not aware of the risks that their business partner could pose. We see clients, both large and small organizations, struggle with mitigating the risk of doing business with these third parties.

As it is not possible or even desirable to perform the same scope of due diligence on all third parties (cost, time and effort), one needs to efficiently and effectively manage the third party risk. Therefore a risk-based approach is required. Such an approach consists of the following three steps:

  1. identification of the universe of third-party intermediaries (TPIs) and those that the organization determines to be within scope (i.e. to be included in the TPRM process);
  2. managing the integrity due diligence process and risk assessment;
  3. conducting the appropriate level of integrity due diligence (IDD).

To ease the above risk-based due diligence process, KPMG developed the Astrus technology. Astrus due diligence is a cloud based solution which provides efficient means to obtain information and assess risks associated with clients, suppliers and agents through a technology-enabled, research methodology.

Astrus uses an extensive range of on-line public data records (more than 40,000 sources) including global sanctions and regulatory enforcement lists, corporate records, court filings, press, media and internet sources to identify important integrity and reputational information, which can be used to support due diligence assessments. Experienced Corporate Intelligence specialists, capable of dealing with 88 different languages, manually analyze and evaluate the Astrus search results and presents them in a standardized template.

Having a a risk-based approach in place, solid due diligence with a tool like Astrus can help to overcome the hurdles of managing third part risks.

Authors: Patrick Özer and Monica van Santbrink

© 2021 KPMG N.V., een Nederlandse naamloze vennootschap en lid van de wereldwijde KPMG-organisatie van onafhankelijke ondernemingen gelieerd aan KPMG International Limited, een Engelse vennootschap “limited by guarantee”. Alle rechten voorbehouden.

Neem contact met ons op


Wilt u een offerte van ons ontvangen?


loading image Vraag een offerte aan

Mijn profiel

Blader door artikelen en kies uw interesses.

Sign up today