The following is a link to a short video discussion about auditing third-party risks from the Institute of Internal Auditors, CLICK HERE FOR THE VIDEO.
The discussion is interesting for what it says, and what it doesn’t say. Of course it’s only a short video and does not purport to cover anywhere near the entire topic, and the video also is only part I. The discussion also focuses only on negative risks, e.g., the risk of negative catastrophe such as from cyber breach, but what about a more positive risk such as a resulting shortage of product materials because new product demand surpasses the highest estimates?
Internal audit and other people who are involved in third-party risk need to avoid working in silos. The video doesn’t mention the audit committee, or internal audit’s charter, or the involvement of legal counsel, for example. What about the risk of faulty or dangerous product produced or materials used by a third-party vendor? The discussion does touch on evaluating whether to end or terminate the contract with a third-party vendor – how does internal audit do that – bring in legal right?
In any event, I’m just using the video to prompt some discussions, which certainly was the intent of the video.
Best, Dave Tate, Esq. (San Francisco / California), and click on the following link for my audit committee guide – and please tell other people who would be interested, CLICK HERE FOR A BLOG POST WITH A LINK TO THE GUIDE – JUST CLICK THE LINK – YOU DON’T NEED TO PROVIDE ANY INFORMATION