Due Diligence is Due

Image of Third-Party Risk Management

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Jamie Huntington shares her thoughts on why Due Diligence is so essential in the third-party risk management process.


What is due diligence? Black Law Dictionary defines due diligence as "Such a measure of prudence, activity, or assiduity, as is properly to be expected from, and ordinarily  exercised by, a reasonable and prudent man under the particular circumstances; not measured by any absolute standard, but depending on the relative facts of the special case."
 
Working in the utility industry, which is highly regulated, "contractor" due diligence has always been a part of how we evaluate contractors on some level. Still, until recently, it's not been a formal process.   Working with third-party contractors is a given as a supply chain professional for a utility company. Surprisingly it wasn't until recently that the term "contractor due diligence" was cited during an internal audit which led us to develop a formalized process. 
 
The internal observation was to improve our contractor due diligence around financial health, specifically for sole proprietors on tier 1 and 2 projects.   
Taking a phased approach to implementing a prequalification program, we required only contractors performing high-risk work to register with a prequalification vendor. These contractors' safety, insurance, judgments, and environmental practices were evaluated. Expanding our prequalification to include additional financial scoring was a relatively easy transition.   
 
The utility industry is challenged to execute on capital efficiently to provide the best value to our shareholders and the best price to our ratepayers. The procurement department has to move quickly to manage contracts and purchase orders while ensuring the third party meets our corporate standards.    
 
This challenge led me to ask, "How do I make it "easy" for contractors to provide their information to the business?" The solution is a digital supplier portal with built-in workflows for evaluation based on the contractor's NAICS/SIC codes and their industry.   This will allow us visibility into our third-party relationships to assess risks upfront, enhance issue escalation and identify interdependent risks.   By requiring specific workflows, we can empower internal subject matter experts to review contractors efficiently before onboarding them as suppliers.   Presently subject matter experts are not involved until after the RFP process, which can cause a significant delay and risk to a project if the supplier is deemed non-compliant.  
 
A supplier portal will facilitate five steps for actionable performance measurement and continuous improvement: supplier segmentation, performance measurement, continuous improvement, and collaboration based on the third-party relationship.   
 
Supplier segmentation will determine supplier engagement, spend analysis, governance model, financial stability, reputation, and technology sustainability. Segmentation will evaluate the level of supplier relationship management required and the appropriate governance model.  
 
KPIs and KRIs will drive performance measurement by deploying scorecards for identified suppliers, a standardized process for measuring performance, communicating performance to stakeholders, and defining roles and responsibilities with escalation procedures. 
 
Continuous improvement derived from supplier review meetings and action plans, mutual communication, and coordinated supplier management activities to provide open feedback from the supplier.   
 
The collaboration will allow us to be a "customer of choice" and benefit from a mutual supplier relationship to partner in innovation and opportunities. 
Perform audits, site checks, and reference reviews to ensure contract compliance. By developing and implementing a streamlined and user-friendly online supplier portal, our company will require any supplier with spend to register. The necessary registration level will be determined by the workflow and documentation provided by the supplier.  
 
The supplier portal will integrate with our contract and financial system to improve compliant spending and contractor management. If the supplier isn't registered and "approved," they will not be available in our approach to issue a contract or purchase order or receive payment from our accounts payable department.   
By practicing due diligence and partnering with our third parties, we can leverage our business relationships for mutual benefit and maintain our corporate social responsibility to provide value to our shareholders and business partners.  

SIG University's Certified Third-Party Risk Management Professional (C3PRMP) program is a globally recognized certification that is the “gold standard” in terms of relevance, scope and content. The C3PRMP program was created by Linda Tuck Chapman, an advisor, educator, author and expert.

 

Jamie Huntington, Supplier Diversity & Development Manager, Black Hills Energy

Jamie Huntington is a South Dakota native. While pursuing her under graduate degree she volunteered for several community action programs for domestic violence and child advocacy. After graduating with her Bachelor of Science degree in paralegal studies she pursued her career as a litigation paralegal which spanned for 15 years. She welcomed a career change to the utility industry with Black Hills Energy where she is the Supplier Diversity and Relationship Manager. She loves living in the Black Hills and enjoys spending time with her beautiful daughters.