Common due diligence pitfalls organisations make and how to avoid them

  • Global
  • Security Risk Management
  • Investigations, Litigation and Forensics
  • Organisational Resilience
Zach Rothstien

Zachary Rothstein

Common due diligence pitfalls and how to avoid them

With increasing regulatory pressures and reputational concerns, organizations are more vulnerable than ever to a variety of potential risks stemming from the third parties they rely on to conduct business. An estimated 90% of regulatory corruption cases are related to third parties and organizations of all sizes are increasingly turning to technology to help facilitate their due diligence programs. Control Risks recently hosted a webinar with GAN Integrity to discuss common due diligence mistakes made by organizations of all sizes, sectors and geographies and how to avoid them.

brought to you by VANTAGE

Key takeaways include: 
  • Take a true risk-based approach to due diligence – Many organizations take a linear approach to risk ranking by escalating due diligence based on the results from an initial screen. This can be detrimental to even the most sophisticated programs as many potential red flags are not easily discernible in the public domain.  Taking a risk-based approach to initial due diligence that accounts for your organization’s specific needs, risk appetite, exposure and judgement can help facilitate better resource allocation and ultimately responsiveness to any issues. 

    Technology can help facilitate these dynamic and multifaceted workflows and allow you to stress-test your tailored risk factors and their weightings. The carefully considered nature of the organization’s approach can then be demonstrated should any regulatory issues arise. 

  • Integrate your due diligence program into a broader risk framework – Organizations have often approached third-party due diligence in a vacuum. With the myriad of potential exposures from third parties converging, due diligence should be conducted within a broader risk framework that takes other business risks, such as legal and operational risks, into account.  

    It’s important to communicate how due diligence results are interpreted and acted on across the organization. In the same vein, it can be beneficial to provide your third parties with transparency regarding your risk approach. Realization of a red flag does not necessarily mean the end of a relationship, but it is important to have agreement and understanding across the organization on how to move forward. Technology can help standardize, facilitate and ultimately demonstrate this process. 
  • Find the optimal level of in-house resourcing and external support – Adequate resourcing is a common issue among compliance teams and some of the most efficient programs have found a balance by leveraging a decentralized process paired with centralized oversight, assisted by technology. This allows local teams who manage third-party resources to initiate the process of qualifying, evaluating and identifying risks through the framework of a centralized, consistent approach and set of standards that can then be applied locally. This balancing act is unique to every organization but the ability to apply cohesion, uniformity, automation and transparency on a global scale can be achieved using technology. 

The application of technology within a third-party due diligence program can bring transparency and efficiency gains which will enable compliance teams to shift resources to the issues which matter most. GAN Integrity and Control Risks are proud to support our clients in this endeavor with the introduction of VANTAGE, a suite of products specifically designed for organizations that rely on a complex web of global third parties to deliver critical support. VANTAGE means end-to-end third-party management. From initial screenings using the world’s largest risk databases, to deeper levels of research and on-the-ground investigative work, as well as automated cloud-based compliance solutions, VANTAGE enables you to focus your efforts on mitigating risk, and facilitates the management of multiple vendors, tools and services.


For more information, including case studies, suggested best practices and practical recommendations to help businesses address the complex demand for third-party due diligence, watch the full webinar here or email us to speak with one of our specialists directly: [email protected]


Find out more

How can our experts help you?