Financial institutions often rely on outsourced vendors for mission-critical products and services and the banking regulators are very concerned that institutions may not be properly overseeing these relationships. This webinar is designed to assist you with using SSAE 16 reports as part of your risk management and internal audit efforts.
Vendor services range from loan and deposit processing to obtaining appraisals from appraisal management companies. Some of these vendors integrate directly with the institution’s transaction processing, while others are used in developing accounting estimates and decision-making processes. Since vendor operations cannot be controlled directly, institutions need to rely on third-party SSAE 16 audits to have some assurance that the vendor’s operations will not adversely affect the institution’s operations and financial results in compliance with regulatory guidance.
The risks of inadequate oversight can be significant – there can be insufficient vendor support, compliance gaps, and significant internal control weaknesses. Often these risks are hidden from institutions and only surface when it’s too late. That’s why the regulators are concerned about how you manage and monitor these relationships. Understanding how to use SSAE 16 reports will help you mitigate outsourced vendor relationship risks.
This webinar is designed to assist you with using SSAE 16 reports as part of your risk management and internal audit efforts. Agenda items include:
• Identifying when you need a vendor’s SSAE 16 report to comply with regulatory guidance
• Evaluating what type of report is needed – you may need more than one
• Recognizing what to look for in the reports and how to use that information to mitigate risks
• Understanding when changes to your operations may be warranted as a result of the reports
• Determining if an Agreed Upon Procedures report may be a suitable alternative to a SSAE 16 report
Participate so you can:
• Protect your institution from regulatory compliance risks
• Identify gaps in vendor due diligence
• Improve audit results
Who Should Attend
• Risk Managers
• Internal auditors
• Managers responsible for vendor relationships
• Training was on topic and enough in plain English for a beginner to understand.
• This was a very informative training with a lot of good insights.
• Very Good
• It was worth the money and I learned about the SOC2 and SOC3 reports which I was not familiar with.