
The Scope-Creep Issue that Kills Due Diligence Programs
“Wait, maybe we should include pencil suppliers in the anti-bribery due diligence program. I mean, we buy A LOT of pencils. Also – let’s include
“Wait, maybe we should include pencil suppliers in the anti-bribery due diligence program. I mean, we buy A LOT of pencils. Also – let’s include
It’s nearly midnight. The lawyers, accountants and top management have been working away in secret for months.
The deal is about to be announced – a huge strategic acquisition that will bring the company great benefits and rock the market.
You get a call at 11:59p.m.
The CEO quickly asks, “do we need to do some kind of compliance due diligence before we announce the deal in six hours?”
Or worse, you don’t get the call at all. You find out along with all of the other employees at the all-hands meeting.
Considering the specter of successor liability for bribery and other compliance-related misconduct, compliance should be the first department called once a merger or acquisition begins to be seriously discussed. But even if we have the luxury of being called, we don’t always know what to do to perform proper due diligence on the target company. Here’s where to start…
Your third parties hate you right now. One due diligence questionnaire comes from compliance, another from information security, another from corporate social responsibility, another from health and safety… all coming from different email addresses and systems. All repetitive. All taking an overly long amount of time.
For the past couple of years, there has been a push to relieve the stress felt by third parties by integrating the due diligence process into a single process. Saying “we should have a single process” is simple. Executing on that is really, really hard.
One blog post could not do justice to the grandness of this task, so this one will focus solely on scoping the types of risks that should be considered for an integrated third party risk management approach. Every company is different of course, and understanding the due diligence already being performed by various functions is a critical part of gathering information to succeed in creating the process. Regardless, some risks are commonly incorporated into an integrated third party program. These include:
Bribery and Corruption
The need for bribery-related due diligence in corporate compliance sparked the entire industry. Many third party due diligence programs are still focused solely on bribery and corruption, and it should still be a major focus of any third party due diligence program.
Modern Slavery/Human Trafficking…
Kristy Grant-Hart is a compliance and ethics expert specializing in transforming compliance departments into in-demand business assets.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |