Armanino Blog

COVID-19’s Impact on Third-Party Risk Management

April 01, 2020

While the long-term business impacts of COVID-19 aren’t yet clear, organizations would be wise to evaluate potential new vendor risk management issues associated with their third-party providers. Companies that depend on many third-party service providers to drive critical processes could run into issues if there are disruptions to those dependencies. Third-party providers that handle an organization’s technology infrastructure may not be able to deal with additional capacity demands as systems are utilized beyond their intended capacity.

If your company believes there is a potential for service disruptions, consider taking the following steps to help mitigate them:

  • Review the third-party vendor population, prioritize those services that are critical and operate in heavily affected regions, and evaluate if those services will be impacted.
  • Reach out to these critical third-party vendors by providing an updated due diligence evaluation questionnaire, which would enable the vendor to provide details if they are affected (regarding how). And ask them to outline the steps they have taken to prepare, mitigate and manage their response.
  • Discuss the third-party vendor’s pandemic preparedness plan (if there is one) and ask if it has been invoked.
  • Review service level agreements (SLAs) in place with key third-party service providers to identify risk areas where something could go wrong that would likely not occur under normal circumstances. Consider any implications if SLAs are not met, and what triggers exist if SLAs are not met by the service provider.
  • Consider organizing regular touchpoints with vital third-party vendors, to monitor the ongoing evolution of COVID-19’s possible impact on service levels.
  • Ensure that organizational personnel responsible for third-party vendor oversight understand how to assess the impact and mitigation process if issues arise.
  • Perform a third-party risk assessment with your critical vendors, discussing any potential service disruptions and the impact on operations if those disruptions occur.
  • Create or update your organization’s third-party service strategies by having alternative providers and consider impacts on critical processes if providers are changed.
  • Keep key internal and external stakeholders informed of issues or changes resulting from third-party issues.
  • Assess the impact of delays to code changes, security patch updates or any other changes.
  • Review third-party vendors’ security policies, processes and procedures to ensure that new vulnerabilities are not being introduced to the organization due to the rapid changes caused by the pandemic.

COVID-19 has changed the way organizations conduct business and manage their remote workforces. Organization processes for monitoring third-party vendor risk should be revisited to ensure that risk is not going unmitigated.

For the latest regulatory updates and more information on keeping your business running through disruption, visit our COVID-19 Resource Center.

April 01, 2020

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Related News & Insights
Costco Travel Webinar
One of the world’s top retailers reveals their cloud upgrade process.

May 19, 2022 | 11:00 AM - 11:30 AM PT
Overview of Sage Intacct R2 Release Webinar
Learn the newest features and enhancements in Sage Intacct from the 2022 Release 2.

May 18, 2022 | 01:00 PM - 02:00 PM PT
Foundation Cuts Manual Data Entry, Empowers Staff With Robotic Process Automation
Case Study
RPA tech enables lasting growth, boosts savings and frees up staff to redirect their time to meaningful strategies.

May 18, 2022