Exams or Audits

 View Only

Welcome to the Exams and Audits Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss best practices, trends, how to prepare, and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Exams and Audits: Exams and audits have vendor management components. Understanding ways to adequately prepare for an upcoming exam or audit is critical. You must understand what the examiners and auditors expect, how to prepare documentation you’ll share with them, who should be involved, and how best to follow up on their exam findings so that the same mistake doesn’t happen again.

Latest Discussion Posts

  • One item that we identified for audit firms, especially those that issue audit opinions, is to request a copy of their Peer Review letter. The AICPA requires all firms that Issue audit/assurance opinions to have a Peer Review conducted. That would give ... More

  • I would suggest that you request the CPAs "Peer Review Report" and the acceptance letter by the AICPA/State Board of Accountancy. The AICPA requires that the reviewing firm review at least one of your service auditors SOC reports. More

  • Profile Picture

    Audit firm due diligence

    This message was posted by a user wishing to remain anonymous Our Information Security Officer asked me to do a due diligence on the audit firms that audited our third party vendors SOC report. So, my question is whether we should do a due diligence ... More

  • This message was posted by a user wishing to remain anonymous For us, we assessed all of our critical vendors (has significant customer impact, bring down banking systems, large amounts of NPI, etc.) and see which fits the definition of the Bulletin. ... More

  • When it comes to internal audits, they should always be performed by your internal audit group. There a several reasons why, but the two most compelling are: The need to be independent and act in the organization's best interests vs. a line of business. ... More