Third-Party Management: A risk-based approach – Part 2: Stephanie Font on Questionnaires and Due Diligence

Mar 21, 2023

Stephanie Font, director in operations optimization who specializes in due diligence and third-party questionnaires. She discusses crafting questionnaires tied to regulations and risk models. She explains how questionnaire answers guide the depth of investigations and when to escalate. She highlights using templates tailored by risk and the role of documentation and automation in creating audit trails.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Design Questionnaires To Meet Regulations

Do design questionnaires around the specific regulations you need to comply with.
Stephanie Font recommends asking questions that directly produce evidence for your compliance obligations and risk model.

INSIGHT

Questionnaires Feed Your Risk Model

Questionnaires are a starting point that feed your risk model and determine next steps.
Use responses to decide whether to do baseline screening or escalate to deeper investigations based on flagged risk factors.

ADVICE

Pick Investigation Depth Based On Risk

Do match investigation depth to identified risks: start with open-source checks, escalate to enhanced due diligence when red flags appear.
Stephanie describes open-source for baseline facts and enhanced due diligence for boots-on-the-ground verification.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Associate at the Volkov Law Group. In this Part 2, I visit with Stephanie Font, on the need for evaluation of potential third-party through questionnaires and determination of the necessary due diligence investigations to comply with regulations, while navigating using questionnaires to uncover the truth.

What is the importance of understanding regulations and risk factors when creating questionnaires to help with due diligence. Through understanding the risk model and what specific regulations the company needs to comply with, creating effective questionnaires to help with due diligence can become easier. Stephanie also found out that having a due diligence risk management system can automate some of the process and help flag any potential risk factors. With the help of questionnaires and due diligence, Stephanie was able to learn how to effectively document and investigate potential third parties.

Key Highlights

How questionnaires can be used to comply with regulations and inform a risk model.
How due diligence investigations can help to uncover risk factors in a potential third party.
How a third-party risk management system can automate parts of the process.

Notable Quotes

1. "Knowing what you're trying to comply with and thinking of those questions that are going to get you there is probably the top thing."

2. "Don't lose your common sense and listen if your gut tells you something's wrong."

3. "Documentation is key to create an internal audit trail and have something to show to regulators."

4. "Know your own risk model and build the risk model into the system to flag any potential risk factors."

Resources

Stephanie Font on LinkedIn

Check out Diligent’s 3rd party products and services here.