Third-Party Risk Management for Internal Auditors

Format: Online

In today's interconnected business landscape, organizations increasingly rely on third-party relationships to achieve their objectives and enhance operational efficiency. However, these relationships come with inherent risks that can impact an organization's reputation, financial stability, and compliance with regulatory requirements. Internal auditors play a crucial role in identifying, assessing, and mitigating these risks to protect their organizations.

This course is designed to equip internal auditors with the knowledge, skills, and tools necessary to effectively evaluate and manage the risks associated with third-party relationships. Through a combination of lectures, case studies, practical exercises, and discussions, participants will gain a deep understanding of the principles and leading practices in third-party risk management.

Summary Info

CPE Hours Available:	16
NASBA Knowledge Level:	Intermediate
NASBA Delivery Method:	Group Internet based
NASBA Field of Study:	Auditing
Competency Level:	Applied Knowledge
Prerequisites:	Participants should have a foundational understanding of internal auditing principles and practices. Basic knowledge of risk management, governance, and organizational behavior will be beneficial.
Advance Preparation:	None
Topic(s):	Third-Party Risk Management
Price Range:	$1,359 - $1,699

Who will benefit from this course?

This course is ideal for internal auditors, compliance officers, risk managers, and any individuals responsible for evaluating and managing third-party relationships within their organizations.

Course Objectives

Upon completion of this course, participants will:

Understand the concept of third-party risk management and its importance in today's business environment.
Identify the various types of third-party relationships and their potential impact on an organization.
Learn how to assess and categorize third-party risks based on criticality and vulnerability.
Develop risk assessment frameworks tailored to their organization's specific needs.
Explore the regulatory landscape and compliance requirements related to third-party risk management.
Understand the operating model components required to support an effective third-party risk management program.
Discover effective strategies for risk management across the third-party relationship lifecycle, including in the event of response to a third-party breach or disruption.
Build the skills needed to conduct comprehensive audits of third-party risk management programs (or specific third-party activities).
Learn how to integrate third-party risk management into an organization's overall risk management framework.

Unit Topics

Introduction to Third-Party Risk Management

Understanding the importance of third-party risk management in modern business.
Recognizing the potential impact of third-party risks on an organization.
Case studies illustrating the consequences of third-party failures.

Understanding the Third-Party Ecosystem and Risks

Understanding the organization’s third-party ecosystem, including the types of third parties.
Identifying and classifying various types of third-party risk domains (e.g., operational, strategic, compliance, reputational).
Assessing criticality and vulnerability factors in third-party relationships.
Developing a risk categorization framework tailored to organizational needs.
Real-world examples of third-party risk categorization.

Regulatory Landscape and Compliance Requirements

Overview of relevant regulations and industry standards (e.g., GDPR, HIPAA, ISO 27001).
Understanding compliance requirements related to third-party risk management.
Incorporating regulatory considerations into risk assessment frameworks.

Third-Party Risk Management Program Considerations and Leading Practices

Understanding the operating model components required to support an effective third-party risk management program, including:
- Governance and Oversight.
- Policies and Standards.
- Management Processes.
- Tools and Technology.
- Risk Metrics and Reporting.
- Risk Culture.
Considering the maturity of third-party risk management activities and capabilities at an organizational program level.

Third-Party Relationship Lifecycle: Considerations and Leading Practices

Understanding and assessing risk mitigation considerations and leading practices for:
- Third-party due diligence, evaluation, and selection.
- Contracting and third-party onboarding.
- Management and monitoring of third-party.
- Termination and off-boarding of third-party.
Identifying incident response responsibilities and capabilities (specific to third-party breaches or disruptions):
- Evaluation of incident response plans, including required notifications and disclosures, as well as business continuity.
- Coordination with third-party.

Auditing Third-Party Risk Management Programs or Activities

Planning and executing audits of third-party risk management programs or specific third-party activities.
Auditing methodologies, sampling techniques, and evidence collection.
Reporting audit observations and making recommendations for improvements.

Integration with Overall Risk Management Framework

Integrating third-party risk management into the organization's enterprise risk management (ERM) framework.
Aligning third-party risk management with strategic objectives.
Coordinating with other risk management functions (e.g., IT security, compliance).
Case studies of successful risk management integration.

Available Formats

: Online

oct. 02 - 09, 2024

Oct 2,4,7,9
12:30PM-4:00PM ET

Virtual

$1,359 - $1,699

Online

nov. 19 - 22, 2024

Nov 19-22 1:00PM-4:30PM ET

Virtual

$1,359 - $1,699

Related Courses and Resources

Course

Format: Online

Available Formats

Related Courses and Resources

Third-Party Risk Management for Internal Auditors

Learn about IIA programs and partners.