Using third parties invariably presents a variety of risks for organizations, including strategic, reputational, regulatory, operational, financial, transactional, security, compliance, and other risks. However, when utilized effectively, third parties can also provide tremendous value in terms of specialized knowledge, increased capacity, reduced overhead, and more customized business solutions. Internal audit should be at the front of managing the risks associated with third parties by independently reviewing, evaluating, and reporting on the related business practices.
This course provides an overview of third-party risk management, including governance structure and risk management processes. It also specifies contracting, monitoring, and contract termination elements of the third-party relationship. Finally, the content defines the role of internal audit as it relates to various phases of the third-party management audit engagement, including planning, defining scope and objectives, testing, and reporting.