This message was posted by a user wishing to remain anonymous
Recent audit is asking us to ensure the annual report to the board sufficiently addresses the scope and detail regarding vendor oversight activities. Including overall condition and performance of mission critical service provider arrangements and any exceptions identified thru monitoring, etc. Do you do this today, and how do you approach it in your program?