Managing Third Party Engagements

The Third Party Engagements use case supports the following processes.

On this page

The following diagram shows the high-level process that the Archer Third Party Management solution area supports.

Vendor Workflow Diagram

Note: Any data request that must go to the third party for updates, and where the third party does not have edit access to the application, is represented by a dotted line.

Request a New Product or Service

If your business wants to request a new product or service from the Procurement team , you should submit a supplier request form. The supplier request form also allows you to track the associated prospective engagements and either identify existing third party suppliers that are available to fulfill the request or request to add a new supplier for evaluation.

Note: Using a supplier request form is optional, as the system still allows you to manage an engagement and contract approval without an associated supplier request form.

The following diagram shows the process of requesting a new product or service.

Third Party Management Supplier Request form

Document Engagements

Here are the tasks to document engagements:

Third Party Management Documenting engagements workflow

Note: Tasks 1 and 2 must be performed in sequential order. Tasks 3 to 6 can be performed in any order that suits your business processes.

  1. Create a prospective engagement, including selecting the Third Party being evaluated for the engagement and the engagement type. The engagement type determines which insurance certificates are required for the prospective engagement.

  2. Perform engagement risk assessments, which are a multi-step process that involves evaluating the inherent risk of an engagement by risk category, generating and distributing a questionnaire for the third party to complete, and evaluating the residual risk. Inherent risk is the impact and likelihood of a risk in the absence of controls and risk transfer. Measure residual risk to evaluate controls that are in place to mitigate inherent risk for each risk category.

  3. Use the Financial Viability Risk Assessment allows you to evaluate the financial ratios of third parties and engagements, and to ensure that they conform to your organization's standards for acceptable on-going risk. This assessment provides insight into the financial state of your third party, and can help you make an educated decision about moving into a contractual relationship with a prospective third party.

  4. Collect insurance requirements. Document your third party’s proof of insurance and to monitor and manage any omissions and exceptions to your insurance requirements.

  5. Monitor subcontractor dependencies. If you have the Archer Third Party Risk Management use case licensed, you can calculate the subcontractor exposure for engagements. The subcontractor Governance Rating is a measure of the adequacy of a third party's governance of its supply chain risk.

  6. Respond to RFPs.

Negotiate Contracts

Here are the tasks to negotiate contracts.

Negotiating contracts stage diagram

  1. Document a new contract by entering the contract details and saving the record, after which the record enters advanced workflow.

  2. (Optional) Begin a contract risk review assessment to evaluate the risk of the contract.

  3. Submit the contract for review.

  4. Review the contract and determine whether to approve, reject, or cancel the contract.

Finalize the Supplier Request, Engagement, and Contract

Important: The process for final approvals is different depending on whether or not the engagement has an associated supplier request form. A Workflow Approvals section has been added to both the supplier request form and engagement applications in order to capture the business responses and respective response dates.

Regardless of whether the final approvals are captured in the supplier request form or in the engagement directly, the Business Unit Risk Manager cannot take action in the engagement until the following 4 requirements have been satisfied:

  • An associated approved contract
  • A completed risk analysis
  • An established financial viability risk
  • All required certificates of insurance

Perform Ongoing Monitoring

Routinely monitor different third party relationships to identify new risks. The following items should be monitored or assessed on a quarterly, biannual, or annual basis.

  • Certificates of Insurance. Routinely monitor all certificates of insurance associated with your engagements throughout the lifetime of each engagement.

  • Financial Viability. The Financial Viability assessment should be redistributed and analyzed on a yearly basis, or more frequently.

  • Loss Events, Findings, and Remediation Plans. Loss events, findings, and remediation plans should be assigned relationship managers and monitored and assessed regularly to prevent further damage to your organization and to expedite the remediation process.