Skip to content
BOL Conferences
Thread Options
#1942846 - 07/18/14 03:48 PM vendor management audit
phyl Offline
New Poster
Joined: Aug 2010
Posts: 9
South Dakota, USA
I was wondering if anyone had an example of an audit they performed on their vendors. This is our first year of doing an audit and really don't have a clue. I would appreciate anything you can provide.

Return to Top
Risk Management
#1945906 - 07/25/14 04:10 PM Re: vendor management audit phyl
dcl1963 Offline
100 Club
Joined: Feb 2006
Posts: 178
LA
One of my jobs is internal auditor and compiling vendor management docs on our vendors, so our vendor management is audited during external IT audit since I can't audit myself. Wish I had an audit sample for you. External auditor reviews our Vendor Management Policy for adequacy with regulatory requirements and verifies our policy requirements for a vendor are followed and supporting docs are in file. We (policy) requires additional review on vendors that we spend $5000 or more with annually and are rated high/moderate risk. A file is developed that includes a Vendor and Service Provider Risk Rating Form we complete, contract, depending on type of vendor file includes SSAE16/SOC 1, insurance, financials, business continuity plan, FFIEC Report of Examination; they verify that all of the items required by policy are current, reviewed, in file.
_________________________
In God we trust, all others pay cash. . . Jean Shepherd

Return to Top
#1964781 - 09/25/14 06:51 PM Re: vendor management audit dcl1963
GenerousLife Offline
Diamond Poster
Joined: Feb 2002
Posts: 1,466
USA
If you are an OCC bank, the guidance that was published in 2013-29 will give you some very specific guidance on Third Party Relationships.

We started by using the dollar amount to search for the top tier of vendors to do due diligence on and quickly discovered that dollars are not a good measure of the risk. We then started looking at the third parties that have access to or store our customer information. This helped us quite a bit.

It is a process and a big one. We have now added staff to handle this process.

Good luck.
_________________________
"No problem can withstand the assault of sustained thinking." ~ Voltaire
"Sustained thinking gives me a headache." ~Me

Return to Top

Moderator:  Andy_Z