Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorAuditing Third Party Risk IT
Course Description Course Outline Bring Us On Site  

Auditing Third Party Risk - IT

Course Description

As organizations further their reliance on third party service providers, regulatory bodies around the world have increased their level of scrutiny regarding third party provider’s abilities to properly protect sensitive and internally used data and information assets. 

Today’s organizations are expected to demonstrate strong, third-party governance and risk management. Organizations that establish a third-party management program gain and maintain a clear understanding of their external provider’s controls and shortcomings through analysis of Statement of Control (SOC) reports, contract administration, service level agreement (SLA) reporting, and annual third-party risk assessments.

Internal auditors need a basic understanding of third party risk. Without this knowledge, internal auditors may not fully comprehend IT objectives and the 1associated risks inherent in using third parties, and may lack the ability to assess or audit the design or effectiveness of controls related to those risks. 

The self-study Auditing Third-Party IT Risk course delivers an introduction to third-party risk concepts, and emphasizes the significant role that the business units and IT play in establishing and maintaining third-party relationships. Further, this course guides internal auditors in building proficiencies for assessing third-party vendors.

Learning Objective(s):

  • List the elements and attributes of third-party risk management.
  • Explain risks and controls associated with contracting third parties. 
  • Describe the areas where internal audit can monitor third parties.
  • Identify the types of third-party risk management governance structures. 
  • Recognize key elements of Type 1 and Type 2 assurance reports for the operation of critical third-party organizations.  
  • Describe evaluation criteria for engagements of third parties. 
  • Discuss third-party due diligence policies and procedures. 
  •  Identify the testing phase and essential criteria element(s) for evaluating the organization’s third-party risk management framework and process.  
Course Duration: 1 day(s)
CPEs Available: 1.8
Knowledge Level: Basic
Field of Study: Information Technology
Advance Preparation: 
Delivery Method: QAS Self-Study