Risk assessment step 2 – Gather information about typical third party risks: Obtain sufficient information to form a comprehensive view of the bribery risks related to the types of third parties used by the company (i.e. the ways in which bribery might take place, especially where differing by type of third party). Key information sources are listed in the table below.
Risk assessment - sources of information on risks •
Internal documentation, such as due diligence records, incident reports, whistleblowing reports and audit reports
•
Internet research, such as reports of bribery law enforcement
•
Company’s management and employees, especially those operating locally and those responsible for contracting with and managing relationships with third parties
•
Support functions, such as compliance, purchasing and contracting
•
Professional advisors and anti-corruption consultants
•
The company’s third parties
•
Trade associations and chambers of commerce, such as reports on sectoral or market corruption issues
•
Embassies and High Commissions
In addition, interviews should be held with key third parties, such as major suppliers and contractors operating in high risk jurisdictions and/or sectors, to get perspective on attitudes to due diligence, monitoring and audits, and any cultural considerations related to the subject of bribery and corruption. These interviews should be conducted with the most senior personnel possible at the relevant third party to obtain as informed and complete a view as possible.
18
Transparency International | Managing third party risk: Only as strong as your weakest link