Due-diligence on delivery partners
This criterion assesses whether the organization conducts proportionate, risk-based due diligence on delivery partners, sub‑grantees, and implementing agents. It covers verification of identity, legal status, governance, financial controls, competence, safeguarding, and data protection. It requires explicit go/no-go gating, operational AML/CTF controls, and a risk-tiered monitoring system to protect funds, beneficiaries, and reputation in line with Islamic values.
| Metric | Risk-based partner due diligence coverage and health |
|---|---|
| Target | ≥95% coverage; 100% high-risk enhanced DD; 100% contracts compliant; 0 overdue critical findings |
| Frequency | Quarterly |
| Method | % active partners with valid DD; % rescreened on schedule; % files with documented rationale; % corrective actions closed in SLA |
| Unit | Percent/Count |
Level 1: Initial/Ad-hoc
Partner selection is informal, ad-hoc, and inconsistent. There is no formal process for conducting due-diligence, and decisions are often based on personal relationships or convenience.
Level 2: Developing
A basic, documented process for vetting partners exists but is applied inconsistently. Checks are limited to fundamental legal and financial standing, with little to no assessment of ethical or value alignment.
Level 3: Established
A standardized, organization-wide due-diligence policy is defined. The process includes checks for competence, financial stability, and ethics, with defined go/no-go criteria and documented decision rationale for all partners.
Level 4: Advanced
The due-diligence process is quantitatively managed using KPIs. Partner selection is data-driven, and a risk-tiered monitoring plan with defined rescreening schedules is consistently applied.
Level 5: Optimizing
The due-diligence process is continuously improved based on predictive triggers (e.g., adverse media) and closed-loop corrective actions. It is fully integrated with strategic sourcing and risk management, focusing on long-term, value-aligned partnerships.
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | exempt | Typically do not use formal delivery partners; full formal frameworks, governance assessments, and exceptions registers are disproportionate. |
| Small | partial | Scaled down to basic identity, legal status, and safeguarding/sanctions checks if using partners; complex internal control assessments are disproportionate. |
| Medium | partial | Core due diligence applies, but the depth of partner governance and financial health audits should scale with funding volume and risk level. |
| Large | full | |
| Major | full |
Applicable When
- The organization engages delivery partners, sub‑grantees, implementing agents, intermediaries, or data processors/joint controllers
- The organization delivers services/programs through third parties
- The organization transfers funds or assets to third parties for delivery
Not Applicable When
- The organization does not use third parties to deliver programs/services and only makes low-risk commodity purchases
- All delivery is in‑house with no grants, sub-awards, or implementing partners
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.