top of page


Date : 5 July 2024

Timing : 9:00 - 16:00 (30 min lunch break)

Language : English

CPE Points : 7

Deadline to register : 21 June 2024

Instructor : John Chesshire

Online Training


Auditing Third Party Risk

As if managing your organisation’s own risk profile isn’t challenging enough today, management must concern itself with how every one of their suppliers and vendors addresses risk. That’s right -management are responsible for the risk-related action or inaction of everyone in their service and supply-chain network.

How concerned should your organisation be about the dangers of third-party risk today? In short - very concerned.

Third-party risk is the likelihood that your organisation will experience an adverse event (e.g., data breach, operational disruption, reputational damage) when you choose to outsource certain services or use software built by third parties to accomplish certain tasks. Third parties include any separate business or individual providing software, physical goods, or supplies or services.


Third-party risk should be a top-of-mind concern for all businesses today - from global giants to two-person start-ups. If your business engages supply-chain partners or outsources anything, third-party risk should be on your internal audit radar.


This course will show you how to provide effective, professional insight and internal audit assurance over this important area.


Who should attend?

This course has been designed to be relevant to internal auditors, audit managers and chief audit executives, as well as risk managers and other second line colleagues, with varying levels of practical experience. It is of most relevance to those about to embark upon an internal audit of outsourced partnerships, procurement, contract management and the associated risks, for those who manage audits - or other activity - in this area, or for those wishing to stay up to date with topical developments, and emerging areas of risk and internal audit interest.


Course programme

A blend of theoretical, technical, discursive, and practical approaches covering:

  • third party risk and its strategic relevance to organisations
  • the objectives of third-party management and governance  
  • audit objectives, risk and controls relating to third parties
  • performance and contract management
  • key internal audit areas of focus and questions
  • challenges and opportunities when auditing third parties
  • additional resources


The course includes facilitator input, topical examples, short practical discussions and exercises to reinforce the learning and build upon your existing knowledge.


IIA Global CPE competency areas covered

Professionalism (Due professional care)

Performance (Organizational governance)

Performance (Engagement planning)


John Chesshire, CFIIA, QIAL, CRMA, CIA, CISA, has over 24 years' experience working in the internal audit, risk management, business improvement and governance fields. John is a Fellow of the Chartered Institute in the UK, an Independent Internal Audit Committee Chair, and was Chief Assurance Officer for the States of Guernsey until the start of 2021. He has delivered many well-received courses to IIA Luxembourg in the past, as well as to many other European Institutes of Internal Auditors.

His other recent clients include FTSE listed companies, multinationals, central and local government, law enforcement, charities, professional services companies, and international organisations such as NATO, the OECD, and UN Agencies. He is a principal examiner for the Institute of Risk Management and has been a visiting lecturer in the Governance and Assurance Hub at Birmingham City University.

He loves internal audit, is a great friend of IIA Luxembourg and particularly enjoys working in new and emerging areas of assurance interest.



























Auditing Third Party Risk

    bottom of page