Exams or Audits

 View Only

Welcome to the Exams and Audits Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss best practices, trends, how to prepare, and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Exams and Audits: Exams and audits have vendor management components. Understanding ways to adequately prepare for an upcoming exam or audit is critical. You must understand what the examiners and auditors expect, how to prepare documentation you’ll share with them, who should be involved, and how best to follow up on their exam findings so that the same mistake doesn’t happen again.

Latest Discussion Posts

  • Profile Picture

    RE: 4th Party SOC Report

    GM, Michael your approach is solid. Never heard IA requesting 4th SOC reports, that is ridiculous. Your approach leverages your TP relationship and controls over their TPs. perfect. Do your contracts have provisions re your TP having TPRMO in ... More

  • Profile Picture

    RE: 4th Party SOC Report

    Yes, that's a solid approach. Certain 4th parties may have SOC (or related compliance) information available online for access but it is far better to have the assurance that your vendor is reviewing the compliance artifacts that they should be in ... More

    1 person likes this.
  • Fourth party to nth party risk is evolving and there really is not much guidance on it from regulators but they do expect oversight. It really does come down to your risk appetite and tolerance within your third party oversight program. Whenever we ... More

  • Two suggestions: 1) We have executed NDAs with the Fourth Parties to gain access to the SOC 2 Reports, and 2) Our third parties share their summary of due diligence - just what was reviewed - Such as the SOC Report, financials, COIs , etc. More

  • Our External Auditor's are requesting that we need to obtain our 4th Parties SOC Report. This has posed a challenge with confidentially since the 4th Party does not have a relationship with us. In evaluating 4th Parties, I have typically reviewed our ... More

    1 person likes this.

Polls