Exams or Audits

 View Only

Welcome to the Exams and Audits Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss best practices, trends, how to prepare, and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Exams and Audits: Exams and audits have vendor management components. Understanding ways to adequately prepare for an upcoming exam or audit is critical. You must understand what the examiners and auditors expect, how to prepare documentation you’ll share with them, who should be involved, and how best to follow up on their exam findings so that the same mistake doesn’t happen again.

Latest Discussion Posts

  • Hello, yes, I'd recommend looking at your contract with this vendor, to see what audit obligations they have. I'd recommend going on site for a site visit and specifically meet to discuss and tour as best as possible to visually confirm controls are ... More

  • Profile Picture

    Report of Examination

    This message was posted by a user wishing to remain anonymous Hello All, I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring ... More

  • Profile Picture

    RE: SOC 1

    Getting back to the original question, other than CORE, you would get the SOC 1 Type II Report and GAP/Bridge Letter for a third-party that processes financial transactions ONLY when your bank books the transactions verbatim without any internal KEY controls ... More

  • Profile Picture

    RE: SOC 1

    Good practice would be to require all necessary reports, e.g. SOC 1 or 2, PCI-DSS, ISO, etc. be provided by a vendor as part of the due diligence process. Then when you do your annual third-party review you should be asking for current versions. If ... More

  • Profile Picture

    RE: SOC 1

    Some common examples of suppliers that impact organizations' financial reporting are those that process financial transactions that the organization reports in their financial statements. Some examples include payroll processing, benefits providers, ... More

Polls