Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatoreLearningBreadcrumb SeparatorMembers-only Webinar: Auditing Third Party Risk Management

IIA Members-Only Webinar Series

Auditing Third Party Risk Management

February 19, 2019
1:00–2:00 p.m. ET


This webinar will assist internal auditors in becoming better informed and educated on risks related to third-party providers and how their organization manages them. Risks across the full vendor life cycle will be discussed, including the appropriate sourcing, ongoing management, and termination of vendors. This webinar will also explore risks resulting from the types of services being provided and the sensitivity of data being shared is covered. Finally, we will discuss considerations for planning and executing third-party risk audits appropriate to the size, scale, and risks facing an organization.

Learning Objectives

  • Learn about key roles, responsibilities, and risks involved in managing third-party providers.
  • Learn how to design a third-party risk audit coverage approach.
  • Get tips on how to approach assessing third-party risk management activities across the business, oversight, and control functions.

Course Duration: 1 hour
CPEs Available: 1
Knowledge Level: Basic
Field of Study: Auditing
Prerequisites: None
Advance Preparation: None
Delivery Method: Group Internet Based


Tim PenroseTim Penrose
Senior Managing Director, Deputy Chief Auditor, TIAA

As Senior Managing Director, Deputy Chief Auditor within the Internal Audit Division at TIAA, a Fortune 100 financial services organization, Tim Penrose serves as a member of TIAA’s Enterprise Leadership Group (ELG). He leads a team of audit professionals across multiple locations in providing end-to-end audit coverage of Institutional Financial Services and the Institutional businesses, as well as Client Services & Technology. Tim has over 19 years of internal audit, consulting, risk and information technology experience working within multiple global organizations.

Prior to joining TIAA, Tim was a Senior Manager at Ernst & Young within Risk and Technology Advisory Services, providing internal audit, risk management, technology advisory, and project management services within leading organizations across multiple industries. Tim’s experience also includes risk and technology related roles with Citigroup, Intel, and the Department of Defense.

Tim currently serves as Vice Chair of IIA's Financial Services Guidance Committee (FSGC), as well as on the Board of Directors for the Charlotte Chapter of the IIA. He graduated with a Computer Engineering degree from Mississippi State University and obtained his MBA from the University of South Carolina. Tim is a Certified Internal Auditor (CIA) and maintains several other professional certifications.

Tim PenroseJeanette York
Director, Financial Services Global Standards & Guidance, The IIA

Jeanette York is The IIA’s director of Financial Services Global Standards & Guidance, responsible for managing the production of internal audit guidance tailored to financial services firms with the support of the Financial Services Guidance Committee. 

Ms. York began her career as an internal auditor in the Big 4 performing control self-assessment and internal audit engagements that expanded into advising clients on enterprise risk management (ERM) and Sarbanes-Oxley programs as the methodologies developed. York spent several years as a consultant advising government-sponsored entities and multinational banks on topics including the interaction of internal audit and risk management, credit risk, lending compliance, model validation, and balance sheet management.