Crowe in the UK is a leading audit, tax, advisory and consulting firm, with a national presence to complement its international reach as an independent member of Crowe Global, one of the top 10 accounting networks in the world. Crowe’s technical expertise and deep market knowledge means they are well placed to offer insight and pragmatic advice to individuals and organisations of all sizes across a broad spectrum of sectors. Learn more at www.crowe.co.uk.
By joining the Risk Ledger network, Crowe have been able to continue to satisfy all regulatory and security requirements as well as maintain its accreditations.
Raj Lachani, Director of IT Operations, Crowe UK
In highly regulated industries, such as the financial sector, maintaining compliance with cyber security, operational resilience and other regulations is a high priority for any firm. Yet, given today’s complex digital supply chain dependencies facing organisations, ensuring that the often hundreds of third-party suppliers that organisations rely on abide by the same high standards adds additional complexity to the mix.
Crowe UK is strongly committed to ESG principles. So effective supply chain risk management is essential, not just to protect the company and its clients from cyber threats, but also to ensure that their suppliers uphold exemplary ESG practices.
The Procurement and Sustainability Manager at Crowe UK explains: “ESG is a very important factor to us at Crowe, and we stand very firmly on what it represents. Given our core values are ‘We care, We share, We invest, We grow’, this emphasises the social governing responsibilities we have when it comes to maintaining a robust supply chain.”
Prior to joining Risk Ledger, Crowe UK had a manual TPRM process in place that put a great strain on both its own security team, but also on their suppliers. In the words of Raj Lachani, “prior to Risk Ledger, Crowe UK previously ran a minimal, manual third party risk process. This was burdensome on internal resources and on suppliers. It lacked visibility and was not scalable.”
To strengthen, simplify and streamline its assessment of compliance risk among suppliers, Crowe UK chose to partner with Risk Ledger, a cutting-edge third-party risk management platform that empowers security and procurement teams to Defend-as-One by visualising and managing their entire supply chain in real-time.
Utilising Risk Ledger’s standardised assessment framework, mapped against all leading international cyber security standards, including NIST, ISO27001 or the NCSC’s CAF, has given Crowe UK a comprehensive and consistent way of assessing and benchmarking suppliers across the board.
According to the Procurement and Sustainability Manager at Crowe UK, “by consolidating our risk questionnaires, Risk Ledger saves considerable time in our TPRM processes and provides all the answers to security and compliance queries in one place.”
Third party risk management is crucial to our firm as it helps us identify, assess and mitigate risks associated with our supply chain and trusted partners. As part of our security framework and regulatory requirements, we need to demonstrate that we satisfy external assessments.”
Raj Lachani, Director of IT Operations, Crowe UK
Crowe UK joined Risk Ledger and was quickly able to connect with all its suppliers that were already on the platform. Any new suppliers were invited by Crowe UK to complete the Risk Ledger assessment. After building their security profile on Risk Ledger for the first time, suppliers henceforth simply have to keep this profile up-to-date. Whenever a supplier control changes, Crowe is notified automatically, significantly reducing the burden on both Crowe and its suppliers.
Risk Ledger has allowed Crowe to run an efficient and effective third-party risk management programme, collaborating with suppliers to identify and remediate risks. Risk Ledger has reduced the time and cost of supplier risk management by around 60%.
Raj Lachani, Director of IT Operations Crowe UK
Risk Ledger’s dedicated ESG control questions allow Crowe UK to ensure that their suppliers uphold the highest ESG standards. These control questions ask suppliers for information on fair labour practices, human rights commitments and upholding the highest environmental standards, as well as measures taken to comply with global sanction and anti-modern slavery regimes.
The Procurement and Sustainability Manager at Crowe UK explains: “At Crowe, we are extremely committed to preventing modern slavery, and we continue to improve our due diligence. The monitoring capabilities provided by Risk Ledger play a key role in ensuring we comply with the latest ethical standards and ESG legislation…At Risk Ledger there are 23 questions to be answered in the specified domain of ESG, ensuring that we at Crowe are reducing our environmental footprint, improving social responsibility and ensuring transparent governance within our supply chain”.
Crowe also values the range of support options and expertise provided by Risk Ledger, and the ease of communication with Risk Ledger’s customer support and with their suppliers directly on the platform. According to the Procurement and Sustainability Manager at Crowe UK: “The hands-on support from Risk Ledger includes weekly 30-minute calls with our account manager, and a discussion platform which our suppliers can use to raise queries or concerns with us and with Risk Ledger. There’s also a chat function, so we can seek guidance from a Risk Ledger specialist at any time.”
Risk Ledger was designed to enable and facilitate enhanced communication and collaboration between security teams at client organisations and at their suppliers, which encourages and improves supplier engagement and achieves better response speeds to emerging threats when they appear. Crowe UK recognises the importance of this collaboration across their supply chain to achieve better security outcomes and compliance with industry regulations. To support its efforts, Crowe has a compliance officer responsible for implementing and maintaining compliance policies. These policies are shared with suppliers on the Risk Ledger platform, and the company expects suppliers to replicate this approach in their own operations. Risk Ledger flags up any conflicts with these policies among suppliers, helping Crowe to address compliance issues with those suppliers.
The Procurement and Sustainability Manager at Crowe UK highlights: “Where we have managed to identify gaps in knowledge between the supplier and ourselves, we can log virtual calls with our global suppliers and explain to suppliers what the Risk Ledger platform has to offer. This has enabled us to increase transparency, integrity, and validity in the suggested responses by suppliers.”
Risk Ledger has a very open flow of communication, with an available discussion tab, giving the opportunity to branch into a discussion with each supplier linking to specific domains. This area is where assessment answers can be reviewed and challenged, when working towards the improvement of their compliance score. This is a very resourceful feature, with a great proactive approach to handling issues. There is the option to attach files, with great visibility of the history of recent discussions to be monitored for audit. This discussion tab function also prompts an email, when responses have been provided for both the supplier and us at Crowe, which helps us to achieve seamless and time effective query resolution.
Procurement and Sustainability Manager, Crowe UK
No organisation is an island.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.