Auditing Third Party Agreements - Common Pitfalls from IT to Construction
Overview:
Third party agreements cover everything from cleaning to the provision and operation of strategic information technology systems. From the simplest of services to the most complex, such agreements can bring significant benefits including economies, more effective services than could be delivered in house and expert knowledge and skills. However, this comes at a price: strategic risks and new uncertainties can hide within such agreements.
Learn to mitigate the risks at all stages of the relationship:
- Lifecycle management vetting
- Negotiating and Contracting
- Performance management
- Contingency planning
- Ending the relationship
Strategic risks can appear obvious, such as an Information Technology contractor loosing Personally Identifiable Information. They may be more obscure, often organizations contract with third parties to help manage risk, but the consequences of failure will remain. Risk can never be fully transferred to third parties. Due diligence can help the organization by preventing relationships with unsuitable third parties. Effective procurement procedures and strong contracts can reduce risks further. Learn pitfalls in these fundamental controls.
Why should you Attend: Relationships with third parties extend the threat footprint of the organization. Every contractual relationship comes with risks attached. It is imperative that organizations are aware of, and can mitigate these risks. This session will highlight common pitfalls and realistic controls that can help protect your organization. Security breaches from third parties can expose your organization. Non-performance of contractual requirements can result in significant financial losses. Third party management is a strategic risk and failure can be catastrophic. The exposure of critical secrets by Edward Snowden is only one of many recent cases where third parties have had negative consequences for their partners.
From data privacy issues with staff and customer personally identifiable information to trade secrets, the dependency on third parties can pose a fundamental threat. Organizations have added exposure from the activities of their related third parties. Learn to mitigate risk by effectively contracting, vetting, and monitoring third parties. Contracts often work in favor of the third party. They are being hired for expertise and often have an advantage in understanding potential pitfalls that are likely to arise. Learn to identify such risks and ensure a level playing field. Examples from the fields of technology and construction will be presented. Fraud and misrepresentation can bring added dangers that far exceed any initial monetary loss. Understand how effective monitoring and control can minimize issues and result in early detection.
Areas Covered in the Session:
- Establishing healthy relationships
- Identifying the risks
- Relationship lifecycle - communication
- Contracting
- Due Diligence
- Performance measurement and management
- Third party frauds
- Information security
Who Will Benefit:
- Auditors, Audit Managers (AVP, Director, VP etc.)
- IT Auditors
- Risk Managers
- Procurement Professionals