Auditing Third Party Risk
As if managing your organisation’s own risk profile isn’t challenging enough today, management must concern itself with how every one of their suppliers and vendors addresses risk. That’s right -management are responsible for the risk-related action or inaction of everyone in their service and supply-chain network.
How concerned should your organisation be about the dangers of third-party risk today? In short - very concerned.
Third-party risk is the likelihood that your organisation will experience an adverse event (e.g., data breach, operational disruption, reputational damage) when you choose to outsource certain services or use software built by third-parties to accomplish certain tasks. Third parties include any separate business or individual providing software, physical goods, or supplies or services.
Third-party risk should be a top-of-mind concern for all businesses today - from global giants to two-person start-ups. If your business engages supply-chain partners or outsources anything, third-party risk should be on your internal audit radar.
This course will show you how to provide effective, professional insight and internal audit assurance over this important area.
Who should attend?
This course has been designed to be relevant to internal auditors, audit managers and chief audit executives from every business sector - private, public and voluntary - and for delegates with varying levels of practical experience. It is of most relevance to those about to embark upon an internal audit of outsourced partnerships, procurement, contract management and the associated risks, for those who manage audits in this area or for those wishing to stay up to date with topical developments and emerging areas of internal audit interest.
A blend of theoretical, technical, discursive and practical approaches covering:
third party risk and its strategic relevance to organisations
the objectives of third party management and governance
audit objectives, risk and controls relating to third parties
performance and contract management
key internal audit areas of focus and questions
challenges and opportunities when auditing third parties
The course includes facilitator input, topical examples, short practical discussions and exercises to reinforce the learning and build upon your existing knowledge.
John Chesshire, CFIIA, QIAL, CIA, CISA, has over 22 years' experience working in the internal audit, risk management, business improvement and governance fields. John is a Fellow of the Chartered Institute in the UK, is an Independent Internal Audit Committee Chair and has recently been Chief Assurance Officer for the States of Guernsey.
He has delivered many well-received courses to several European Institutes of Internal Auditors and his other recent clients include FTSE listed companies, multinationals, central and local government, law enforcement, international charities, professional services companies, and international organisation such as NATO, the OECD and UN Agencies.
He is a principal examiner for the Institute of Risk Management and has been a visiting lecturer in the Governance and Assurance Hub at Birmingham City University. He loves internal audit and particularly enjoys working in new and emerging areas of assurance interest.