Overview

As if managing your organisation’s own risk profile isn’t challenging enough today, management must concern itself with how every one of their suppliers and vendors addresses risk. That’s right -management are responsible for the risk-related action or inaction of everyone in their service and supply-chain network.

How concerned should your organisation be about the dangers of third-party risk today? In short - very concerned.

Third-party risk is the likelihood that your organisation will experience an adverse event such as a data breach, operational disruption, reputational damage when you choose to outsource certain services or use software built by third parties to accomplish certain tasks. Third parties include any separate business or individual providing software, physical goods, or supplies or services.

Third-party risk should be a top-of-mind concern for all businesses today - from global giants to two-person start-ups. If your business engages supply-chain partners or outsources anything, third-party risk should be on your internal audit radar.

This course will show you how to provide effective, professional insight and internal audit assurance over this important area

Who should attend?

This course has been designed to be relevant to internal auditors, audit managers and chief audit executives, as well as risk managers and other second line colleagues, with varying levels of practical experience. It is of most relevance to those about to embark upon an internal audit of outsourced partnerships, procurement, contract management and the associated risks, for those who manage audits - or other activity - in this area, or for those wishing to stay up to date with topical developments, and emerging areas of risk and internal audit interest.

Course description

A blend of theoretical, technical, discursive, and practical approaches covering:

• third party risk and its strategic relevance to organisations
• the objectives of third-party management and governance 
• audit objectives, risk and controls relating to third parties
• performance and contract management
• key internal audit areas of focus and questions
• challenges and opportunities when auditing third parties
• additional resources

The course includes facilitator input, topical examples, short practical discussions and exercises to reinforce the learning and build upon your existing knowledge.

Trainer bio

John Chesshire, CFIIA, QIAL, CRMA, CIA, CISA, has over 26 years’ experience working in the internal audit, risk management, business improvement and governance fields. John is a Fellow of the Chartered Institute of Internal Auditors in the UK, an Independent Internal Audit Committee Chair, and a member of three other Audit Committees in the international charity, defence and local government sectors. He was Chief Assurance Officer for the States of Guernsey until the start of 2021. John is also currently the part time internal auditor for an international credit ratings agency and also undertakes external quality assessments of internal audit functions around the world.

He has delivered many well-received courses to IIA Luxembourg in the past, as well as to many other European Institutes of Internal Auditors. His other recent clients include FTSE listed companies, multinationals, central and local government, law enforcement, charities, professional services companies, and international organisations such as NATO, the OECD, the ACCA, and UN Agencies. He has been a principal examiner for the Institute of Risk Management and a visiting lecturer in the Governance and Assurance Hub at Birmingham City University. 

John loves internal audit, is a great friend of IIA Luxembourg and particularly enjoys working in new and emerging areas of assurance interest.