The Institute of internal Auditors Philippines, Inc.

The Institute of Internal Auditors (IIA) Philippines is a professional organization dedicated to the advancement of the internal audit profession in the country. Our members, who work in internal auditing, risk management, governance, internal control, information technology audit, education and security, came from various industry or sectors in the Philippines and belong to a global network of almost 200,000+ professionals from more than 170 countries and territories sharing a common vision of a global profession of internal auditing.

The Institute of Internal Auditors Philippines Inc. (IIAP) was registered with SEC in 1982 and formerly known as The Institute of Internal Auditors, Inc. – Manila Chapter. It was founded on August 14, 1948 by Mr. Santiago F. Dela Cruz Sr. along with a small group of accountants actively engaged in the profession. Mr. Dela Cruz, who is considered to be the moving spirit of the association, is the same man who, two years earlier than IIAP, co-established the Philippine College of Commerce and Business Administration (PCCBA) which we now know as the University of the East.

The IIAP despite some struggles during its formative years was able to attain full-fledged stature as a professional association upon earning its “Institute” status from The Institute of Internal Auditors (IIA Global) in 1990. At the time, IIAP is 1 of the 6 (six) chapters in the Pacific Region (others were in Bombay, Tokyo, Sydney, Melbourne and Ceylon). On its 75th Anniversary Celebration and Global Business Meeting last 16-17 July 2016 at New York Hilton Midtown, the IIAP was acknowledged as the 3rd Chapter organized by the IIA Global since the latter’s founding in 1941 still then headquartered in New York City, USA

Contact us

Thei Parungao

Event Details

Using third parties invariably presents a variety of risks for organizations, including strategic, reputational, regulatory, operational, financial, transactional, security, compliance, and other risks. However, when utilized effectively, third parties can also provide tremendous value in terms of specialized knowledge, increased capacity, reduced overhead, and more customized business solutions. Internal audit should be at the front of managing the risks associated with third parties by independently reviewing, evaluating, and reporting on the related business practices.

This course provides an overview on third-party risk management, including governance structure and risk management processes. It also specifies contracting, monitoring, and contract termination elements of the third-party relationship. Finally, the content defines the role of internal audit as it relates to various phases of the third-party management audit engagement, including planning, defining scope and objectives, testing, and reporting.

Learning Objective(s):

  • Recognize the elements and attributes of third-party risk management.
  • Recognize risks and controls associated with contracting third parties.
  • Recognize the areas where internal audit can monitor third parties.
  • Differentiate types of third-party risk management governance structures.
  • Differentiate key elements of Type 1 and Type 2 assurance reports for the operation of critical third-party organizations.
  • Differentiate the evaluation criteria for engagements of third parties.
  • Understand third-party due diligence policies and procedures.
  • Understand the testing phase and the need to determine the essential criteria element(s) for evaluating the organization's third-party risk management framework and process.

What You Will Learn

Defining Third Parties

  • What are Third Parties and Examples
  • Recent Trends
  • Why Organizations leverage external resources

Elements of Third-Party Risk Management Program

  • Risk Management Approach
  • Third-Party Risk Management Framework
  • Risk Appetite
  • Third-Party Risk Management Governance
  • The Elements of Third-party Provider Management Processes

The Elements of Third-party Provider Management Processes

  • Sourcing
  • Due Diligence
  • Contracting
  • Monitoring
  • Issue Resolution
  • Termination

The Role of Internal Audit in Auditing Third-Party Risk Management

Audit Planning

  • Gather information to understand the area or process under review.
  • Conduct a preliminary risk assessment of the area or process under review.
  • Form engagement objectives.
  • Establish engagement scope.
  • Allocate resources.
  • Document the plan.

Assess Risks and Controls

  • Understand the Inherent Risks
  • Preliminary Evaluation of Risks
  • Understand the Business Partner's environment, processes, and controls
  • Determine which processes and activities to audit

Testing and Evaluating Third-party Risk Management

  • Audit the third-party risk management framework (e.g., risk appetite, governance, methodology)
  • Audit the third-party risk management process (e.g., procurement audit)
  • Audit a component of the third-party risk process (e.g., contracts audit)
  • Third-Party Risks and Red Flags/Warning Signs
  • Audit Considerations of Fourth Parties


  • Engagement results
  • Conclusions
  • Recommendations, and/or action plans

Case Studies

Seminar Conclusion

  • Plan for Action

Number of CPE units: 3


  1. Cancellations received 48 hours before the seminar date and no-show will be charged 50% of the registration fee. Request for refund of the remaining fee must be done through email. Expect at least two weeks of processing time upon verification of refund.
  2. Substitutions are allowed if the membership status of the two participants is the same; otherwise, the difference in the ticket price must be settled.


IIAP's new bank account information under UNIONBANK OF THE PHILIPPINES (UBP)

Note that the submission of Proof of Payment is still mandatory for Official Receipt (OR) issuance.


Bank Details

Account Name : Institute of Internal Auditors Philippines, Inc.


Branch : Insular Ayala-Paseo Branch

Bank Address : GF Insular Life Building Ayala Avenue corner

Paseo de Roxas Makati City

Swift Code : UBPHPHMM

Account no. : 0030 6000 2627 (Peso Checking Account)

Purpose of Transactions : for Seminar/Events Registration and Membership Fees

IMPORTANT! Mandatory submission of proof of payment

via IIAP Website :

Email it to

Privacy Notice: We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP Seminars. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information.

By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.


Michael Cabatuando, CIA, CCSA, CPA, CRMA, MBA, CICA, CrFA, CIPP/E (Director, Global Privacy of Johnson and Johnson International (Singapore) PTE LTD)

Michael Cabatuando, CIA, CCSA, CPA, CRMA, MBA, CICA, CrFA, CIPP/E

Director, Global Privacy of Johnson and Johnson International (Singapore) PTE LTD

Sponsors and Partners

Member's rate

Standard Price₱995

Non-member's rate

Standard Price₱1,995