Customer Logins
Obtain the data you need to make the most informed decisions by accessing our extensive portfolio of information, analytics, and expertise. Sign in to the product or service center of your choice.
Customer Logins
BLOG
Mar 13, 2023
Ensuring Accurate IRQ Responses for Better Due Diligence
All onboarding activities start with the data capture in the inherent risk questionnaire (IRQ) fields. Next, the IRQ data is used to trigger the appropriate level of due diligence and oversight activities. So there need to be significant efforts to define what information needs to be captured in the first place, and what are the criteria for triggering activities.
In short, the accuracy of the IRQ fields is paramount. But what about the person providing the responses in the first place?
Providing the correct data starts with knowing what data to provide
Respondants need to understand what they are being asked for in order to provide it, which isn't always the case. For example, a relationship owner with a limited technology background may incorrectly capture responses to application related questions. They may not review help texts or links to reference materials when they are giving responses to profile fields.
Information sensitivity classifications can have complex definitions and nuances that can be misinterpreted. So perhaps the respondant solicit helps - but are they asking the right internal contact for support? Or maybe they're under pressure to continue to submit the questionnaire and move the workflow forward.
The unanticipated consequences of an innacurate IRQ
The consequences from inaccurate IRQs can be dire. The assigned inherent risk level could be incorrect, triggering unnecessary due diligence or not triggering a due diligence assessment where it is needed. A contract could be executed with a service provider that does not have adequate controls in place to safeguard data. No business wants to have to notify customers of a data breach or be subject to any associated penalties or reputational damage as a result of this sort of mistake.
But if the IRQ is accurate from the begining, and the appropriate due diligence is completed, then you can add protective language to your agreements based on findings.
It's also good for relationships. Suppliers commit significant time and resources to completing due diligence assessments, so ensuring you're only including relevant questions, for which accurate and relevant data can be provided, is a good way to maintain these relationships.
How to ensure accurate IRQ responses
There are many ways organizations can reduce the risk of innacurate IRQ responses. Onboarding workflows should have the appropriate gates to allow relationship owners and subject matter experts to capture or update IRQ responses. Questions, response choices, and help text should be reviewed periodically to increase clarity and minimize error. Quality control reviews of existing IRQs should be used to identify inconsistencies in the responses across relationships. Finally, information obtained from suppliers during the due diligence process should be used to correct and enhance IRQ responses.
How KY3P® by S&P Global can help:
KY3P® helps you manage your end-to-end vendor portfolio lifecycle on a single platform with on-demand, multi-dimensional vendor risk assessments. Our platform provides standardized onboarding, due diligence, inherent risk calculation, oversight, and offboarding of supplier products, services, and outsourcing arrangements. Our tools let you continuously monitor risk through partnerships with industry-leading data providers that specialize in financial health, cybersecurity ratings, data-breach analysis, location risk, and more. Our managed services scale your third party risk management program, while minimizing constraints caused by the difficulties of attracting and retaining risk management teams.
We would like to hear about your experience addressing this challenge. To share feedback and discuss or to learn more about KY3P, please contact us today.
S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.
This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.
{"items" : [
{"name":"share","enabled":true,"desc":"<strong>Share</strong>","mobdesc":"Share","options":[ {"name":"facebook","url":"https://www.facebook.com/sharer.php?u=http%3a%2f%2fssl.ihsmarkit.com%2fmarketintelligence%2fen%2fmi%2fresearch-analysis%2fensuring-accurate-irq-responses-for-better-due-diligence.html","enabled":true},{"name":"twitter","url":"https://twitter.com/intent/tweet?url=http%3a%2f%2fssl.ihsmarkit.com%2fmarketintelligence%2fen%2fmi%2fresearch-analysis%2fensuring-accurate-irq-responses-for-better-due-diligence.html&text=Ensuring+Accurate+IRQ+Responses+for+Better+Due+Diligence++%7c+S%26P+Global+","enabled":true},{"name":"linkedin","url":"https://www.linkedin.com/sharing/share-offsite/?url=http%3a%2f%2fssl.ihsmarkit.com%2fmarketintelligence%2fen%2fmi%2fresearch-analysis%2fensuring-accurate-irq-responses-for-better-due-diligence.html","enabled":true},{"name":"email","url":"?subject=Ensuring Accurate IRQ Responses for Better Due Diligence | S&P Global &body=http%3a%2f%2fssl.ihsmarkit.com%2fmarketintelligence%2fen%2fmi%2fresearch-analysis%2fensuring-accurate-irq-responses-for-better-due-diligence.html","enabled":true},{"name":"whatsapp","url":"https://api.whatsapp.com/send?text=Ensuring+Accurate+IRQ+Responses+for+Better+Due+Diligence++%7c+S%26P+Global+ http%3a%2f%2fssl.ihsmarkit.com%2fmarketintelligence%2fen%2fmi%2fresearch-analysis%2fensuring-accurate-irq-responses-for-better-due-diligence.html","enabled":true}]}, {"name":"rtt","enabled":true,"mobdesc":"Top"}
]}