Manage risk with third-party due diligence
On February 6th, The New York Times reported that the Federal Emergency Management Agency (FEMA) fired contractor Tiffany Brown, sole owner and employee of Tribute Contracting LLC. The agency hired Brown’s firm after Hurricane Maria to supply food for hungry residents in Puerto Rico. It appears that, instead of the agreed-upon 18.5 million meals, Brown delivered just 50,000. And – to make matters worse – those meals can’t be used, since they did not meet FEMA’s packaging requirements.
This is so bad on so many levels, that FEMA deserves an honored spot in the Due Diligence Hall of Shame. Thanks to their inability to check up on a known government contractor, FEMA was unable feed American citizens when they needed it most. FEMA wasted time and our tax dollars. And, like others in the Due Diligence Hall of Shame, they just don’t get it.
From a due diligence perspective, the warning signs were there. Apparently, the firm did not deliver on previous contracts and wound up listed as “Excluded” on the government’s own System for Award Management (SAM) website. As FEMA points out, though, the exclusion technically applies only to contracts through a another agency (GPO), but failure to complete any previous contract with any customer is a big red flag and should be heeded.
So how do you manage risk when working with vendors, contractors, and other third parties?
Here are a some of my top tips for third-party due diligence:
Do some online searching – Look at regulatory/licensing agencies, association memberships, past clients, reputation, and court filings to check out the firm and key executives. Use a mix of news, social media, and public records.
Evaluate operations and infrastructure – Do they have the personnel , technology, and procedures needed to deliver the completed product or service while complying with rules and laws? Will their processes and structure work well with your own company’s systems?
Talk to their customers – Identify firms through your web searching, rather than relying on vendor-provided references. What’s the party’s reputation and track record, and how do they typically respond to complaints?
Put it all together – Given what you know, measure the level risk of working with this firm. Is there any fraud in their background, and what’s the potential for future fraud? Can you work with this firm without tarnishing your company’s reputation?
Monitor ongoing activity – If you’ve decided to move forward with this business relationship, don’t stop at pre-deal due diligence. Create alerts and monitor company changes and events. Run regular audits to assess compliance and progress toward completion.
Don’t wind up like FEMA with a place of honor in the Due Diligence Hall of Shame. You have too much at stake. Learn as much as you can about your vendors and contractors – and don’t ignore the warning signs.