Have you included vendor audit/ contract compliance as part of your audit plan?
Vendor Risk is becoming a greater concern as organization is outsourcing increasing amount of work.
Earlier there used to be a handful of vendors and type of goods and services used to be limited to what an organisation can not do its own.
Today any activity which is not core to the organization gets outsourced. Controls which were embedded into process, now managed by external parties. Besides, one time risk assessment at the time of vendor enrollment, organisation does not have any monitoring mechanism to ensure that vendor is following the standards, s/he is expected to follow.
Its important for auditors to consider the risk emanating from vendors in their annual internal audit plan and ensure that organisation has processes to monitor the vendor and contracts allow internal auditor to visit vendors and assess compliance with contracts.
Some of the risks which need to be factored in are:
- Violation of code of conduct
- Violation with anti corruption policies
- Exploitation of labour
- Violation of labour laws
- Weak IPR related controls
- Weak internal controls in operations
- Lack of HSE controls and monitoring
- Lack of training to employees
- Weak employee on-boarding controls
- Lack of professional due diligence.
- Collusion
- Overcharging
Call for action:
Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.
Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.
(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)