Skip to Content

Auditing Third Party Risk - IT

Format: On-demand

As organizations further their reliance on third party service providers, regulatory bodies around the world have increased their level of scrutiny regarding third party provider’s abilities to properly protect sensitive and internally used data and information assets. Today’s organizations are expected to demonstrate strong, third-party governance and risk management. Organizations that establish a third-party management program gain and maintain a clear understanding of their external provider’s controls and shortcomings through analysis of Statement of Control (SOC) reports, contract administration, service level agreement (SLA) reporting, and annual third-party risk assessments. Internal auditors need a basic understanding of third party risk. Without this knowledge, internal auditors may not fully comprehend IT objectives and the associated risks inherent in using third parties, and may lack the ability to assess or audit the design or effectiveness of controls related to those risks. The self-study Auditing Third-Party IT Risk course delivers an introduction to third-party risk concepts, and emphasizes the significant role that the business units and IT play in establishing and maintaining third-party relationships. Further, this course guides internal auditors in building proficiencies for assessing third-party vendors.

Available Formats