Companies that outsource are effectively extending their enterprise to include the services of the third parties with whom they’ve contracted. While wholesale failure of third-party services is fairly rare, gaps in control performance are not. This is why leading enterprises seek to assess and manage.

Once you understand how a particular vendor’s risks might impact your business, you have to make a choice:

1. Agree to bear the risk that has been identified;
2. Reject the vendor and look for another that can meet your needs; or,
3. Collaborate with the vendor to remediate the risk and help the company become a more suitable business partner.

Remediation consists of a management program in which you present your vendor with a list of findings or deficiencies then work together to develop a plan to address those shortcomings with a schedule for completion. Ideally, you and the vendor will work together to determine when and how you will put the controls in place.

A key aspect of any vendor relationship, remediation acts as a two-way street that allows you and your vendor to learn about each other’s business practices and to gauge how much each is willing to invest in a mutually beneficial partnership.