Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Developing an internal due diligence procedure? Start here

Risk profiling third parties is now a critical stage of any due diligence process. As businesses continue to expand and grow, more and more factors must be considered when assessing the risk level of a given third party — whether a vendor, customer, or agent.

If you’re new to developing internal due diligence procedures and risk profiles, here are some recommendations on how to get started.

  • Understand your third-party landscape — complete a risk assessment and know your biggest risk factors — even at a high level (including credible risk sources and references such like the CPI)
  • Divide your third parties into risk categories using your top 3-5 risks you identified from the risk assessment
  • Start with the highest risk third parties and make sure there are no immediate issues
  • Lay out your due diligence program and build a future process that considers no more than five factors when evaluating where a third party gets categorized (e.g. location, type of service, contract value, government involvement, prior history)
  • Name or assign a specific metric to the categories you create for each third-party type — these will be your third party “risk profiles”
  • Detail due diligence procedures that are appropriate for each risk profile

In my next post I’ll discuss what specific factors should be taken into account when creating a risk profile, and the complexities of automating the process. 


Lindsay Columbo, Esq. is a founder of eSpear LLC, a developer of due diligence and screening solutions, where she serves as the Global VP of Compliance & Support Services. She previously served as Associate Corporate Counsel, Global Ethics & Compliance for Brightstar Corp. a SoftBank company headquartered in Miami, Florida. She can be contacted here.

Share this post


Comments are closed for this article!