10 Things to Ask When Outsourcing / Choosing a Supplier

Many organisations choose to outsource critical functions or services to third parties/contractors. However, outsourcing the work does not outsource the responsibility. Globally, in many industries, regulators have now taken a keen interest in how organisations manage outsourced activities that are seen as “critical”. Below, we’ve listed 10 things you should be asking when outsourcing a critical function and/or choosing a new supplier.

laptops in an office meeting

  • Policies & Procedures – does the supplier have appropriate policies and procedures in place? This may be dependent on the nature of the service, but you should be checking if the organisation has key policies in place such as information security, health & safety, etc.
  • Data / Information Security – what data protection/information security controls are in place? Regardless of the information to be shared, all organisations should have adequate cyber security controls in place. Where will the information be stored/processed?
  • Disaster Recovery/Incident Response – if a disaster were to happen, what would happen to the supplier’s service levels? You should check their disaster recovery/business continuity plans to ensure the recovery time objectives are acceptable. Does the supplier have a formal incident response plan that is reviewed and tested on an annual basis? Does the plan include specific actions to respond to a cyber incident?
  • Insurance – does the supplier have adequate insurance coverage and can they demonstrate this?
  • Track record – can the supplier provide references of similar organisations that use their service/offering? This helps demonstrate that the supplier has the adequate skills/expertise to deliver on their service levels. How financially sound is the service provider? What percentage of their business does the work they will be doing for you represent?
  • Reporting – can the supplier provide periodic reports on service levels? For example, you might want to know uptime/downtime if it’s an IT supplier.
  • Regulatory change – what happens if there’s a regulatory change that impacts the service? Will this be covered in the existing service offering or will the organisation need to pay extra for a new/additional service? Is the supplier regulated – if so, can they demonstrate compliance with the required regulation, etc.?
  • Key People – Who will be managing/delivering the service on your behalf? What experience and competence do these people have? Are there enough of them?
  • Concentration – How many critical functions are you outsourcing to this supplier? Would a failure of the supplier mean serious damage to your organisation?
  • Sub-Outsourcing – Does the supplier intend to sub-outsource some element of the service? Is this acceptable? Will the service be performed in a country that is acceptable in terms of compliance and quality?

Once you’ve chosen a new supplier/outsourced function, the supplier should become part of your ongoing due diligence/monitoring programme depending on their criticality.

For more information on how CalQRisk can assist with your supplier/outsourcing risk management efforts, click here.


Hugh Smith

‟ CalQRisk is the perfect tool for managing risk and compliance in an insurance broker in Ireland, the risk assessment really help compliance and risk communicate the message to the business and therefore create the correct culture in the firm. As a reporting tool it bring the right information in a concise and easy to communicate fashion‟

Hugh Smith, Frank Glennon Limited (FGL)

Former head of compliance and risk management

Centaur Testimonial

‟The addition of the Third Party module to the CalQRisk platform has provided Centaur with a cost-effective centralised solution to implement and manage our Third Party Risk Management Framework within our wider Risk Management Framework, which is already supported by CalQRisk. These outputs strengthen our ability to continually assess and monitor the impact TPs have on our overall operational resilience and to identify and manage Third Party related risks effectively and provide assurances to our key stakeholders

Brendan McGrath

Group Director, Risk and Internal Audit

Centaur Fund Services

‟CalQRisk allows us to demonstrate and operate a sound governance and risk management framework‟

Tracy Tookey

Head of Risk & Compliance

Recent News

Footprint Underwriting onboards CalQRisk for risk management and compliance

Footprint Underwriting, a leading underwriting agency in Ireland, has recently implemented the CalQRisk solution in order to enhance ...
Read More

Climate-Related & Environmental Risk Assessment Guide

A Climate & Environmental Risk Assessment Guide was issued to Risk Advisory Service subscribers in Dec 2023 following ...
Read More

Loan Product Risk Assessment Guide

The Risk Advisory Service Loan Product Risk Assessment Guide circulated recently provides a framework for conducting risk assessments ...
Read More

Risk Today – Strategic Planning

Last quarter’s Risk Today e-zine for CalQRisk’s Risk Advisory Service subscribers, focusses on how Risk Management Officers can ...
Read More

Learning Lessons from Incidents

All organisations experience “Incidents”. Some call them by other names: “Near Misses”, “Mistakes”, “Errors & Omissions”, “Operational Errors”.  ...
Read More

CalQRisk included on RegTech100 list for 2024

CalQRisk was named as part of the RegTech100 list for 2024. The RegTech100 is an annual list of ...
Read More

6 things you need to know about the Individual Accountability Framework (IAF)

The Central Bank of Ireland has recently released regulations and guidance on the Individual Accountability Framework (IAF). Here ...
Read More

Paysend chooses CalQRisk as their Risk Management Solution

Paysend, a next generation integrated global payment ecosystem, has recently implemented the CalQRisk solution in order to enhance ...
Read More

ESG and Sustainability Reporting

The practice of businesses promoting sustainability and social responsibility in their operations can be traced back to the ...
Read More

CalQRisk Wins Best RegTech Solution at National Fintech Awards

CalQRisk, a leading provider of Governance, Risk & Compliance solutions has won the ‘Best Regtech Solution Award’ at ...
Read More