The Institute of internal Auditors Philippines, Inc.

The Institute of Internal Auditors (IIA) Philippines is a professional organization dedicated to the advancement of the internal audit profession in the country. Our members, who work in internal auditing, risk management, governance, internal control, information technology audit, education and security, came from various industry or sectors in the Philippines and belong to a global network of almost 200,000+ professionals from more than 170 countries and territories sharing a common vision of a global profession of internal auditing.

The Institute of Internal Auditors Philippines Inc. (IIAP) was registered with SEC in 1982 and formerly known as The Institute of Internal Auditors, Inc. – Manila Chapter. It was founded on August 14, 1948 by Mr. Santiago F. Dela Cruz Sr. along with a small group of accountants actively engaged in the profession. Mr. Dela Cruz, who is considered to be the moving spirit of the association, is the same man who, two years earlier than IIAP, co-established the Philippine College of Commerce and Business Administration (PCCBA) which we now know as the University of the East.

The IIAP despite some struggles during its formative years was able to attain full-fledged stature as a professional association upon earning its “Institute” status from The Institute of Internal Auditors (IIA Global) in 1990. At the time, IIAP is 1 of the 6 (six) chapters in the Pacific Region (others were in Bombay, Tokyo, Sydney, Melbourne and Ceylon). On its 75th Anniversary Celebration and Global Business Meeting last 16-17 July 2016 at New York Hilton Midtown, the IIAP was acknowledged as the 3rd Chapter organized by the IIA Global since the latter’s founding in 1941 still then headquartered in New York City, USA

https://iia-p.org/

Contact us

Thei Parungao

training@iia-p.org

Event Details

Using third parties invariably presents a variety of risks for organizations, including strategic, reputational, regulatory, operational, financial, transactional, security, compliance, and other risks. However, when utilized effectively, third parties can also provide tremendous value in terms of specialized knowledge, increased capacity, reduced overhead, and more customized business solutions. Internal audit should be at the front of managing the risks associated with third parties by independently reviewing, evaluating, and reporting on the related business practices.


This course provides an overview on third-party risk management, including governance structure and risk management processes. It also specifies contracting, monitoring, and contract termination elements of the third-party relationship. Finally, the content defines the role of internal audit as it relates to various phases of the third-party management audit engagement, including planning, defining scope and objectives, testing, and reporting.


Learning Objective(s):

  • Recognize the elements and attributes of third-party risk management.
  • Recognize risks and controls associated with contracting third parties.
  • Recognize the areas where internal audit can monitor third parties.
  • Differentiate types of third-party risk management governance structures.
  • Differentiate key elements of Type 1 and Type 2 assurance reports for the operation of critical third-party organizations.
  • Differentiate the evaluation criteria for engagements of third parties.
  • Understand third-party due diligence policies and procedures.
  • Understand the testing phase and the need to determine the essential criteria element(s) for evaluating the organization's third-party risk management framework and process.


What You Will Learn

Defining Third Parties

  • What are Third Parties and Examples
  • Recent Trends
  • Why Organizations leverage external resources


Elements of Third-Party Risk Management Program

  • Risk Management Approach
  • Third-Party Risk Management Framework
  • Risk Appetite
  • Third-Party Risk Management Governance
  • The Elements of Third-party Provider Management Processes


The Elements of Third-party Provider Management Processes

  • Sourcing
  • Due Diligence
  • Contracting
  • Monitoring
  • Issue Resolution
  • Termination


The Role of Internal Audit in Auditing Third-Party Risk Management


Audit Planning

  • Gather information to understand the area or process under review.
  • Conduct a preliminary risk assessment of the area or process under review.
  • Form engagement objectives.
  • Establish engagement scope.
  • Allocate resources.
  • Document the plan.


Assess Risks and Controls

  • Understand the Inherent Risks
  • Preliminary Evaluation of Risks
  • Understand the Business Partner's environment, processes, and controls
  • Determine which processes and activities to audit


Testing and Evaluating Third-party Risk Management

  • Audit the third-party risk management framework (e.g., risk appetite, governance, methodology)
  • Audit the third-party risk management process (e.g., procurement audit)
  • Audit a component of the third-party risk process (e.g., contracts audit)
  • Third-Party Risks and Red Flags/Warning Signs
  • Audit Considerations of Fourth Parties


Reporting

  • Engagement results
  • Conclusions
  • Recommendations, and/or action plans



Case Studies


Seminar Conclusion

  • Plan for Action


Speakers

Michael Cabatuando (ASPAC Privacy Compliance Head and Data Protection Officer at Johnson & Johnson)

Michael Cabatuando

ASPAC Privacy Compliance Head and Data Protection Officer at Johnson & Johnson

Sponsors and Partners

Member's rate

Standard Price₱995

Non-member's rate

Standard Price₱1,995