×
Case Study

Pharmaceutical Major Accelerates Third-Party Screening, Assessment, and Onboarding with MetricStream’s Cloud-based App

The Client: One of the world’s top pharmaceutical companies focused on researching, developing, manufacturing, and marketing new medications

 

Overview

The client needed to onboard new third parties within a week. However, their third-party screening and assessment processes were largely manual and time-consuming. With the MetricStream Third-Party Management App, the client has been able to automate and accelerate third-party assessments, qualification, information updates, and monitoring. In doing so, they have saved time and improved efficiency, while also enhancing visibility into third-party information and risks. Supplier onboarding can now be completed in a week, and up to 10,000 suppliers can be on-boarded every year.

The Solution

After evaluating multiple solution providers, the client chose MetricStream based on their ability to provide a unified, cloud-based system to manage third-party screening, qualification, and onboarding, as well as updating of third-party information across all business units.

Today, the MetricStream Third-Party Management App, has enabled the client to automate various third-party assessment and qualification workflows. It also provides the scalability to manage tens of thousands of third parties, while integrating with other systems in the organization to collect the data needed to support third-party screening.

The app was deployed over the private MetricStream GRC Cloud, enabling the client to realize faster time to value, as well as high levels of reliability, availability, and security.

Below are the key capabilities of the app used by the client:

Third-Party Information Management

The app integrates with the client’s Master Data Management (MDM) system to gather information on all third parties, including new firms or individuals, as well as previously registered parties who have not yet been screened. The system also helps segment and score third parties based on the relative risks around spend amount, country where the third-party is located, and associated products and services. Based on the segmentation score, the organization can determine the level of due diligence and type of assessment required for the third-party.

Some third-parties require payments for their services (classified as “purchasing”), while others don’t (“nonpurchasing”). The MetricStream app helps route each of these third parties through a separate sourcing approval process.

The app also helps add more depth to the information or profile of each third party by capturing key data such as third-party banking details. Only those banking fields that are relevant to a particular third party based on their location are highlighted in the form. This makes it simple for that firm or individual to fill in their details. The app also captures a third party’s D&B D-U-N-S number and diversity status.

Through the app’s online interface, third-party users can update their basic details, address, and contact information. The form can be assigned to them as a task for profile updates. Any changes they make are updated immediately in the system. However, the form fields driving sourcing approval are non-editable for third parties.

Third-Party Screening and Automated Assessments

When a new third party needs to be screened, the app auto assesses the third party’s profile information, and populates an assessment form accordingly. Based on this data, a series of additional third-party assessments or questionnaires are triggered through the app. These assessments include a code of conduct assessment, ABAC assessment, US Customs Trade Partnership against Terrorism (CTPAT) assessment, Healthcare Organization (HCO) assessment (to determine if the third party is a healthcare organization), Healthcare Professional (HCP) assessment (for individuals), thirdparty vendor assessment, supplier diversity assessment, disclosure assessment, corporate integrity assessment, and adverse events assessments.

The app also provides the ability to score third parties based on the assessment. Depending on each score, users can determine the next assessment to be triggered. They can also validate third-party data based on quality control measures. In addition, third parties can be red flagged wherever necessary.

After the scores are calculated, the app facilitates a third-party qualification process to decide whether the third party should be marked as active, inactive, blocked, qualified, or non-qualified. Following this process, the app pushes the data back to the MDM system for further processing.

Continuous Monitoring

Once the third-party screening and assessment process is completed, the app facilitates a 6-month ABAC monitoring activity. It helps the client follow a systematic and consistent approach toward tracking third parties based on ABAC requirements. It also provides a view of previous and current ABAC scores, allowing the company to identify areas of risk or concern. Users have the flexibility to easily define and track tasks for ABAC monitoring.

The Challenge

To support their rapidly growing business, the client wanted to expand their network of third parties. Their goal was to onboard 5,000-10,000 third parties every year for their US operations alone. However, there was one hurdle if these third parties were not screened properly, they could pose a significant risk to the company’s reputation. At the same time, if the screening process took too long, it would delay third-party onboarding, and consequently affect the supply of goods and services to the company.

The company’s objective was to onboard most third parties in 1-2 weeks, and critical third parties, in 1-2 days. This meant that processes for third-party information gathering, assessments, screening, qualification, and onboarding had to be quick and efficient. However, these activities were traditionally managed in a manner that was fragmented, decentralized, and not clearly defined. The client lacked streamlined and sustainable processes, frameworks, and tool sets to manage third-party registration, segmentation, screening, risk assessment, due diligence, qualification, and monitoring. There were multiple stakeholders involved and no centralized governance system.

Considering that each third party had to undergo multiple types of screenings or assessments ranging from Anti-Bribery Anti-Corruption (ABAC) assessments, to supplier diversity and adverse events assessments it was simply not scalable to continue conducting these assessments using manual tools and processes. As a result, the client began looking out for a more advanced solution that would help them automate and accelerate third-party screening, qualification, and onboarding. 

Benefits

  • Faster Information Gathering
    The app simplifies and accelerates the collection of third party data, including banking details. Online access to the system, coupled with data entry forms specific to each geography, make it easy for third parties from across the world to enter and update their banking information. This data is stored in a central repository where it can be referred to by the client quickly and efficiently.
  • Simpler Assessment and Monitoring Processes
    The app streamlines and automates multiple third-party assessment processes, including the ABAC assessments, scoring, and monitoring. Not only does this help the client save time, but it also allows them to identify high risk third parties efficiently, and make informed decisions on whether or not to qualify them.
  • Swifter Onboarding
    The app’s ability to automate supplier assessments and scoring has helped the company accelerate the whole process of third-party screening, qualification, and onboarding. Instead of taking 2-3 weeks to onboard a supplier, the client can now complete the process in just one week.
  • Greater Scalability
    The app has the scalability to onboard and accommodate 10,000 and more suppliers every year. Eventually, it will house data on 25,000 users for the company’s US operations alone, and can be scaled further to accommodate additional third parties for the company’s European and other global operations.
  • Better Integration of Third-Party Details
    Instead of having to deal with third-party information scattered across spreadsheets and other documents, the client now has a centralized data repository. In addition, the app integrates with the client’s third-party information management system to enrich existing details. Thus, the client has a comprehensive, real-time view of all relevant third party data, whenever needed.
lets-talk-img

Ready to get started?

Speak to our GRC experts Let’s talk