Hi!
How about something like, "Does the vendor perform transaction processing activities on our behalf?" Something to capture if they're involved in input/processing/output activities which feed into your organization. As for compliance in general, I usually ask whether or not we rely on the third party in some way in order to remain in compliance with any particular regulation. NPI data sharing usually also impacts the compliance risk, but is often more effectively covered under other risk categories (like operational/cyber or data).
These are just a couple possible examples, does anyone else have some feedback on how to capture materiality applicable to financial reporting?
Original Message:
Sent: 06-08-2021 03:36 PM
From: Anonymous Member
Subject: Inherent Risk Questionnaire
This message was posted by a user wishing to remain anonymous
We are in the process of revising our inherent risk questionnaire. I'm looking for examples to address compliance risk and identification of third party's material to financial reporting. Appreciate your feedback in advance.