As organizations further their reliance on third party service providers, regulatory bodies around the world have increased their level of scrutiny regarding third party provider’s abilities to properly protect sensitive and internally used data and information assets. Today’s organizations are expected to demonstrate strong, third-party governance and risk management. Organizations that establish a third-party management program gain and maintain a clear understanding of their external provider’s controls and shortcomings through analysis of Statement of Control (SOC) reports, contract administration, service level agreement (SLA) reporting, and annual third-party risk assessments. Internal auditors need a basic understanding of third-party risk. Without this knowledge, internal auditors may not fully comprehend IT objectives and the associated risks inherent in using third parties and may lack the ability to assess or audit the design or effectiveness of controls related to those risks.
This course guides internal auditors in building proficiencies for assessing third-party IT vendors.