Page 18

Risk assessment step 2 – Gather information about typical third party risks: Obtain sufficient information to form a comprehensive view of the bribery risks related to the types of third parties used by the company (i.e. the ways in which bribery might take place, especially where differing by type of third party). Key information sources are listed in the table below.

Risk assessment - sources of information on risks •

Internal documentation, such as due diligence records, incident reports, whistleblowing reports and audit reports

Internet research, such as reports of bribery law enforcement

Company’s management and employees, especially those operating locally and those responsible for contracting with and managing relationships with third parties

Support functions, such as compliance, purchasing and contracting

Professional advisors and anti-corruption consultants

The company’s third parties

Trade associations and chambers of commerce, such as reports on sectoral or market corruption issues

Embassies and High Commissions

In addition, interviews should be held with key third parties, such as major suppliers and contractors operating in high risk jurisdictions and/or sectors, to get perspective on attitudes to due diligence, monitoring and audits, and any cultural considerations related to the subject of bribery and corruption. These interviews should be conducted with the most senior personnel possible at the relevant third party to obtain as informed and complete a view as possible.


Transparency International | Managing third party risk: Only as strong as your weakest link

Profile for Transparency International UK

Managing Third Party Risk  

Managing Third Party Risk