But even if your business works with domestic suppliers and isn’t exposed to a global supply chain, regulatory demands — whether it be industry regulations or government occupational health and safety standards — are consistently evolving to place more emphasis on employer liability. For example, Alberta’s recently actioned
Bill 30, which places increased responsibility on employers to guarantee the health and safety of their workers and worksites.
So where do businesses begin to approach operational risk in their third-party environment? Start with an all-encompassing, multi-stage approach based on four key steps:
1) Understanding the current risk
The first step to effectively managing third-party risk is to develop a deep understanding of where current risks exist and to identify where they are likely to develop in the future. A deep analysis of several factors should be examined among each of your vendors, including but not limited to their cultural awareness, performance management processes, safety manuals and procedures, employee communication and general risk awareness.
2) Establishing a strategy
Once identified, prioritize your third-party risks to direct proper focus towards the most immediate issues. Developing a risk management strategy to share across your organization will ensure that a proper structure is in place to identify, prioritize and mitigate potential issues before they can occur. Your risk management plan should inform the basis of your incident management plan for when risks escalate into real issues.
3) Encouraging a risk-aware culture
If your organization boasts a risk-aware culture, an emphasis on safety and incident mitigation will naturally trickle down during the third-party selection process. Risk awareness should start with the executive and be encouraged throughout the entire organization. With a top-down and bottom-up approach to this cultural change, your organization will naturally begin to develop control processes that enable a safe, secure work environment and ultimately, will be reflected through supplier relationships.
4) Incorporating a central database to monitor risk
Ensuring your suppliers are compliant — to both government regulations and to your organization’s site-specific safety requirements — is a critical step in the risk management process. But storing compliance data in spreadsheets is no longer an effective method. With a central compliance management tool, your organization can track critical data and information such as supplier insurance documents, asset maintenance records, incident reports, safety manuals, training certifications and so on. A centralized, technology-enabled repository allows you to track this third-party compliance data and also enables you to mitigate risks by notifying you when tickets expire, equipment requires maintenance or insurance documents become void.
How does your organization currently manage third-party risk? View our contractor risk infographic to see which of the three categories you fall under.