Third-party risk management can be seen as the Russian nesting doll of challenges when it comes to information security, compliance, and certainly IT audit. As the business world continues to move toward interconnectedness and businesses are leveraging software and services that aren’t developed in-house, more risks are presented to the enterprise. Simply put, organizations depend on third parties to function.
When it comes to IT auditors addressing these risks, the devil is in the details, according to Baan Alsinawi, President at TalaTek. The business will ultimately have to accept some level of risk, but understanding and communicating those risks are integral in taking the right steps to measurably reduce them.
“Not all businesses are created equal,” Alsinawi told Internal Audit Insights in a recent video interview. “When it comes to risk there really needs to be a business focus…there needs to be awareness within the organization about what matters most to them.”
In the full interview below, Alsinawi provides an update on the state of third-party risk management as it relates to IT auditors and sheds light on the hidden traps they should look out for as it relates to trusted business partners.