The Fraud Examiner

Managing Risks in Vendor Relationships

March 2012
By Mark Scott, J.D., CFE


Organizational management increasingly needs to understand and mitigate its risks effectively to ensure long-term success. Effective risk management requires, among other things, a comprehensive and ongoing set of tools and processes to handle the dangers associated with third-party relationships.


Contracting with an outside third party subjects organizations to risks with the potential for significant financial and reputational harm, such as from fraud, breach of contract, error, breach of confidentiality, data loss and so on. The risks associated with vendor relationships, however, can be unique and vary depending on the vendor as well as the service or process outsourced. Common areas for vendor risks include:


Strategic risks

Reputation risks

Industry risks

Geographical risks

Compliance risks (e.g., the Sarbanes-Oxley Act, the Foreign Corrupt Practices Act, the UK Bribery Act, the Health Insurance Portability and Accountability Act)

Operational risks

Transaction risks

Credit risks


Consider, for example, the case of Federic Bourke, an American investor who was convicted of conspiring to violate the Foreign Corrupt Practices Act (FCPA), a federal law that outlaws certain bribes paid to foreign officials. Bourke invested $8 million with Victor Kozeny, a Bahamas-based Czech businessman, in an effort to privatize Azerbaijan’s government-controlled oil company. The U.S. government alleged that Kozeny bribed Azeri officials to ensure the privatization of the oil company, and the U.S. prosecutors secured Bourke’s conviction without offering clear evidence that Bourke knew that Kozeny was paying bribes. Instead, the government successfully argued that Bourke’s willful blindness (i.e., intentional ignorance) to the circumstances suggesting that Kozeny would make unlawful bribes was sufficient to establish Bourke’s criminal culpability. Bourke’s conviction, which resulted in a one-year sentence and a fine of $1 million, demonstrates the importance of conducting due diligence on third-party relationships and recognizing — and resolving — apparent red flags.  
Although most managers are aware of the inherent risks associated with using vendor products and services, many do not have the necessary processes or controls in place to address such risks. But in today’s increasingly globalized world, such preventive measures matter more than ever.

Sign In

Not a member? Click here to Join Now and access the full page.