Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII
Issue XVIII
Issue XIX
Issue XX
Issue XXI
Issue XXII
Issue XXIII
Issue XXIV
Issue XXV
Issue XXVI
Issue XXVII
Issue XXVIII
Issue XXIX
Issue XXX
Issue XXXI
Issue XXXII
Issue XXXIII

click here to

Subscribe to our newsletter



To Unsubscribe click here

A new governance model and approach to 3rd Party Due Diligence and Compliance



Keynote speech by Henrik Frøssling, RiskMaturity.
During the 10th annual GRC and IT Security Summit in Copenhagen on the 15-16th March 2017, we examine the different consequences of third party non-compliance and find sustainable solutions to the GRC business opportunities, direct and indirect cost and reputation risk so that these risks are not to be underestimated or neglected.

Do we always know whom we do business with? Continued media exposure on third party compliance defaults reminds us of the importance of knowing whom we choose to do business with and the dire consequences related to bad publicity, directly impact brand and reputation. At the first part of the workshop we focus on;
  • It is not only of interest to know whom we choose to do business with and who are behind the companies.
  • What are the compliance, circumstantial preventive actions, due diligence and controls?
  • What are the global ethical standards of the business partners, and their trading partners as well as potential shell companies?
  • The risk exposure of corruption, fraud, money laundry or terror financing.
  • How to address criminal offences when ignorance is not a viable defence. We review the standard rules and regulations.

Get proper hold of your third party issues with a risk-based approach, using own resources. With various background checks and preventive actions. The financial upside and getting a hold on reputation risks should not be underrated.

How to ensure that our business partners are mature enough on requirements in the areas of GRC regarding Code of Conducts & Business Ethics?
The board, senior executives and management teams must be aware of the internal and external requirements on customers Code of Conduct for suppliers to establish a prudent tone-at-the-top. These requirements are more complex to have a dialogue on risks and responses so that the staff can proclaim; yes we are compliant with Code of Conducts & Business Ethics?
  • What are the mechanisms behind the enterprise' capacity to understand third party issues, requirements, best practice, risks and consequences?
  • How to adopt a new or changed rationale to ensure compliance?
  • How to be compliant in processes as well as practice,
  • We take a risk-based approach to focus on incorporating the integrating and embedding processes to the corporate culture and structure.
  • How do we find the right level of compliance and the right balance in culture, structure, processes, control environment and evidence of the compliance
  • Do we have an increased level of maturity, risk governance and to measure the performance?
  • We review and update the code of conduct requirements from stakeholders and regulators on burning issues.
  • How to avoid that our business partners can endanger your business.

During both, we examine the different consequences of third party non-compliance and find sustainable solutions to the GRC business opportunities, direct and indirect cost and reputation risk so that these risks are not to be underestimated nor neglected.

Henrik Frössling has extensive experience in the areas of Governance, Risk Management and Compliance. He has held several positions in different organisations such as risk manager, project manager, internal control manager, management consultant and CFO. He has a vast experience from various businesses, local as well as global, with operational and strategic deliveries and training sessions in many different cultures.