Exams or Audits

 View Only

Welcome to the Exams and Audits Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss best practices, trends, how to prepare, and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Exams and Audits: Exams and audits have vendor management components. Understanding ways to adequately prepare for an upcoming exam or audit is critical. You must understand what the examiners and auditors expect, how to prepare documentation you’ll share with them, who should be involved, and how best to follow up on their exam findings so that the same mistake doesn’t happen again.

Latest Discussion Posts

  • Profile Picture

    RE: SOC Report

    By: Frank Delker , one month ago

    It is to the vendor's advantage to share the SOC 2 reports as those provide you the ability to review security posture without having to conduct all that audit work yourself. If they don't provide the SOC 2, then your contractual audit rights are more ... More

  • Profile Picture

    RE: SOC Report

    By: Donna Gomez , one month ago

    I perform third party assessments for public agency - local government, and within our policy, we do specify the following: SOC 2 (Type 2) If they do not have a SOC 2 or other external audit report I fully expect that the vendor will have ... More

  • Profile Picture

    RE: SOC Report

    By: Deidre Sample , one month ago

    Agree - SOC1 and SOC2 are provided by privately held companies if available, particularly ones keenly aware of business value they provide to FI and is indicative of strong partnership to support regulatory commitments. For private companies who avoid ... More

  • Profile Picture

    RE: SOC Report

    By: Gene Fox , one month ago

    This is not true. I receive SOC 1s and SOC 2s from most of our privately held. However, financial statements are rare, so I ask for a Financial Condition Letter, which a Chief (or equivalent) needs to attest to – all of the privately helds provide these ... More

  • Profile Picture

    RE: SOC Report

    By: Kelli Shoup , one month ago

    Hello I have been told that private companies are not required to share their financial statements. That does not stop me from asking for them though. Most of the time they will share with a signed NDA. I ask for the same documents from ... More

Polls

Most Active Users List