Closing the Gaps in Third-Party Risk Management: Defining a Larger Role for Internal Audit
More and more organizations are coming to rely on third-party relationships to achieve business objectives. This report provides insight into how internal audit can plan for managing third-party risk.
The IIA Research Foundation holds security settings on our eBooks and PDFs that prevent printing and copying.
Third-party relationships are growing in importance to all types of organizations in all industries. Helping to manage and control the risks associated with a company’s relationships with third parties would seem to be a natural role for an internal audit department.
In view of this emerging risk, the Internal Audit Foundation and Crowe Horwath LLP conducted a cross-industry survey of 164 chief audit executives to assess the level of involvement of internal audit in monitoring third-party relationships.
- A surprisingly large percentage of survey respondents indicated that their organizations make limited use of internal audit resources in managing and controlling risks (82%).
- At the same time, more than 65% of the internal audit executives in the survey described their organizations’ reliance on third parties as either “significant” or “extensive.”
- Survey respondents also noted that there is a lack of consensus about ownership of third-party risk.
When the respondents were asked who has the primary day-to-day responsibility for evaluating and overseeing third-party risk in their companies, the answers varied widely. This research report gives internal audit leaders key perspectives that will help them plan for their involvement in building and managing a third-party risk program at their organizations.
Sponsored by Crowe Horwath LLP
Item Number: 10.5029