Due Diligence Process & Due Diligence Reviews

Analysis of third-party due diligence needs

Our compliance advice for a third-party due diligence review uses a needs-based approach. Together with you we will determine the inherent potential risks in the underlying business model of third parties. For example, should integrity issues of all types of business partners be identified, or are there specific compliance risks such as corruption or child labor that should be managed through the third-party due diligence process?

The basis for assessing the needs of a third-party due diligence process and any related third-party due diligence review could be the company-specific compliance risk analysis. In its absence, we will gladly assist you to carry out a specific risk analysis of your third parties. Only after identification of the third-party types that could represent a compliance risk for you, a due diligence check based on this can be created.

Determining the materiality of your third-party compliance risks

Once the compliance-relevant third-party types have been segregated, we begin to identify the nature of these third parties in your operational business. How many third parties matching the compliance-relevant description are part of your inventory? How much business is generated involving these third parties?

Many companies that we know often do not have an integrated ERP system in which master data can be evaluated and thus analyzed across the enterprise or group. Because of this, the processing of the underlying total becomes a challenge. equia’s vast experience and knowledge gained from multiple due diligence process introductions and due diligence reviews adds significant value here by helping you inventory all compliance relevant third parties.

Devising and introducing a third-party due diligence process (including selection & calibration tool)

equia is there to support you in conceptualising your individual third-party due diligence processes. You benefit from equia staff’s cumulative operational experience gained from many successful implementations of third-party due diligence processes. You also profit from the expertise we have acquired as reviewers for the U.S. Department of Justice and in our close interactions with German-speaking law enforcement agencies. You can therefore rest assured, that your third-party due diligence process will be conceptualised bearing in mind government expectations and leading-edge approaches.

When providing advice on introducing a third-party due diligence process, equia relies consistently on a risk-based third-party due diligence audit approach. By doing this, the minimum regulatory requirements are met, while also taking the profitability of your company into consideration.

Should you be looking for an IT-technical solution to support your third-party due diligence process, we will gladly advise you in the selection and subsequent calibration of the IT tools, always keeping in mind company-specific requirements.

Effectiveness check of your third-party due diligence process

In some companies, we spotted various compliance violations in connection with third party business relations despite a well-designed third-party due diligence process. Here we cannot help but point out that even the best third-party due diligence process in a company will not provide the ultimate added value unless applied to and duly executed by all falling in its scope. Third parties do not regularly undergo due diligence or are portrayed incorrectly in the process.

equia can track the effectiveness of your third-party due diligence process using a risk-based sample of third-party due diligence reviews as basis and suggest improvements for possible optimization in the design, either during conception or operative execution.

As equia staff have many years of experience in this field, we can reach different conclusions from internal auditing which, as part of its audit activity, does not perform any or only an insufficient comprehensive effectiveness review of the process. This could also be due to the test guidelines used, which, depending on their characteristics, require a different focus.

Third-party due diligence review

Upon request, we will carry out due diligence of your third parties on the basis of the documents and public sources provided by you. Depending on your business model, the type of third party and other criteria, we will use a risk-based audit approach that includes a compliance risk assessment at the conclusion of the third-party due diligence review. This will provide you with concrete guidance on how to manage the compliance risks associated with the relevant third party.