Thread Options
#288649 - 12/14/04 05:03 PM Vendor Auditing
Viking Princess Offline
Platinum Poster
Viking Princess
Joined: Nov 2004
Posts: 952
Stockton, California
Does anyone have any suggestions for a starting point in regards to auditing vendors? I am looking for information regarding outsourcing requirements and 3rd party servicers?? Any websites or regulations would be most helpful. Thank you!
_________________________
"For with God NOTHING shall be impossible."

Return to Top
Audit
#288650 - 12/14/04 05:50 PM Re: Vendor Auditing
DogLover Offline
100 Club
DogLover
Joined: Aug 2003
Posts: 146
Sunny Florida
You might refer to the Interagency Guidelines Establishing Standards for Safeguarding Customer Information and/or the FFIEC website.

Return to Top
#288651 - 12/14/04 06:10 PM Re: Vendor Auditing
Viking Princess Offline
Platinum Poster
Viking Princess
Joined: Nov 2004
Posts: 952
Stockton, California
I did read through GLBA in regards to safe guarding customer information. Obviously a contract is going to be in place. I was wondering if I would just be auditing the contract, ensuring that is has safe guards in place for proecting customer information. Just wondering if this is all I would be able to audit? Thanks dl for your suggestion.
_________________________
"For with God NOTHING shall be impossible."

Return to Top
#288652 - 12/14/04 06:56 PM Re: Vendor Auditing
PT5792 Offline
New Poster
PT5792
Joined: May 2003
Posts: 12
Oklahoma
Refer to OCC Bulletin 2001-47.

Return to Top
#288653 - 12/15/04 10:40 PM Re: Vendor Auditing
Rangers Fan Offline
Gold Star
Rangers Fan
Joined: Dec 2001
Posts: 345
Be sure to include the due diligence requirements (same FFIEC procedures) like reviewing the 3rd party service provider's SAS70 report and any other audits (like their own internal ones). Of course this one would mainly be for your core providers or larger companies that are actually required to have the external audits performed.

Return to Top
#288654 - 12/16/04 02:08 PM Re: Vendor Auditing
Anonymous
Unregistered

Besides the before mentioned items, we also request the audited financial statements of our critical vendors or if publicly traded pull a D&B. Our credit analyst reviews the financial information and prepares a write-up of the trends for the company. If you see a vendor with negative financial trends, it may be time to begin looking for a new vendor.

Return to Top
#288655 - 12/17/04 05:05 PM Re: Vendor Auditing
SwankyFrank Offline
100 Club
SwankyFrank
Joined: Oct 2004
Posts: 146
Earth
Quote:

Does anyone have any suggestions for a starting point in regards to auditing vendors? I am looking for information regarding outsourcing requirements and 3rd party servicers?? Any websites or regulations would be most helpful. Thank you!




Yes. I had to perform 3rd party audits as well as internal satelite sites. You should start with the Vendor contract and any service level agreement documents that may be in effect for that vendor and go from there. 3rd party vendors, while they should know the regs, usually dummy up at contract time because compliance with certain regs inflates their price and makes them appear non-competitive. Not all customers care about, or are covered by a reg. Often the Client will miss placing a requirement in the service level agreement, and when later discovered after the contract has been signed, you pay through the nose.

You should begin by ensuring that any process, deadline, or procedure that a reg might require if you were doing the function internally is in the contract and/or SLA and then verify that it is being followed appropriately.

Return to Top
#288656 - 12/20/04 06:04 PM Re: Vendor Auditing
Viking Princess Offline
Platinum Poster
Viking Princess
Joined: Nov 2004
Posts: 952
Stockton, California
Thank you Swanky, do you mind sharing how you set up your audit template? There are so many things I feel I need to include in my template that I feel a little overwhelmed at where to start. Any guideance there? Thanks again for everyone's assistance. This has been awesome.
_________________________
"For with God NOTHING shall be impossible."

Return to Top
#288657 - 12/20/04 08:34 PM Re: Vendor Auditing
Anonymous
Unregistered

Oh also forgot to mention - do state to state requirements apply to this audit? I haven't seen anything so far that is specific to state but than again I've only begun my research.

Return to Top
#288658 - 12/27/04 05:51 PM Re: Vendor Auditing
Anonymous
Unregistered

Swanky, do you mind sharing how you set up your audit template on Vendor Auditing to me also? Thanks

Return to Top
#288659 - 12/30/04 02:06 PM Re: Vendor Auditing
SwankyFrank Offline
100 Club
SwankyFrank
Joined: Oct 2004
Posts: 146
Earth
I sent a PM to ene0712, perhaps he will forward to you. IMHO, you cannot use a canned template when preparing to audit a vendor. What you will be reviewing will be largely determined by the regs governing the outsourced function, your contract with the vendor, and/or any service level agreements with the vendor or downstream processes. This should be your starting point and should be done before you set foot in the vendors door. You should also examine the vendors financial statement, and pull a D&B at minimum. You don't want to risk a critical function to a vendor that may not exist a year from now. Once that is done, you should audit the vendor as if the function were still in-house.

Return to Top
#288660 - 12/30/04 06:38 PM Re: Vendor Auditing
Viking Princess Offline
Platinum Poster
Viking Princess
Joined: Nov 2004
Posts: 952
Stockton, California
Anon I'll be more than happy to forward the pm to you if you'll pm me with your addy or name.

Thanks!
_________________________
"For with God NOTHING shall be impossible."

Return to Top

Moderator:  Andy_Z