CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
IIA seeks public input on third-party risk assessment requirements
The Institute of Internal Auditors (IAA) is seeking feedback on new requirements that would establish baseline standards for how internal audit functions should assess third-party governance, risk management and control processes within organizations.
Open for public comment until April 20, the third-party topical requirement is designed to provide internal auditors with a consistent framework for evaluating risks associated with vendor relationships, outsourcing and supply chains. This marks the second in a series of requirements following cybersecurity standards released in February.
“Particularly in light of geopolitical shifts that are driving global trade and supply chain disruptions, third-party relationships can present a number of threats to organizations including operational, reputational and compliance risks,” said Anthony Pugliese, president and CEO of the IIA, which serves internal audit professionals worldwide.
While the requirements don’t mandate that specific risk areas be included in audit plans, they provide practitioners…
