Third Party Audits: Biting the Bullet

You may also like...

1 Response

  1. Christian Cooper says:

    When most people think of auditing, digging through books and records immediately comes to mind. In my experience many compliance experts wouldn’t view anything less a true “audit”. Conducting this type of traditional auditing on 3rd parties provides obvious risk mitigation benefits; however it can come with some major draw backs to the business. One of the biggest risks from an operational perspective is that that a good 3rd party provider decides to deny the audit rights and severs their relationship with the business. In many cases these “high risk” 3rd parties are those which are most important to the company’s success (in emerging markets) and often may be in high demand in the market place which makes it easy for them to move on. Secondly if the 3rd party does comply with the audit many times this can cause damage to the relationship between the 3rd party and the company. These are risks worth taking if you have identified serious red flags or have other strong indicators of wrong doing, but may not be if you are basing your actions on soft indicators such as CPI, revenue, and length of relationship. Compliance and internal audit professional’s needs to be strategic in these efforts and should consider first utilizing the data they have available and secondly using create ways to evaluate risk through less invasive ways before diving in head first.