5 Must-Ask Questions to Effectively – and Securely – Onboard Vendors

Author: ISACA
Date Published: 19 February 2020

New best practices from global IT association ISACA outline key steps to take during the onboarding process.

Schaumburg, IL, USA – It is quite common today for enterprises to outsource certain activities to vendors to lower costs. However, with each new vendor, an element of risk is added, and businesses must rely on auditors to ensure successful and effective vendor relationships. Auditors can learn the best practices for providing effective oversight of vendor risk management programs and onboarding in a new paper from ISACA sponsored by Galvanize, “Audit Oversight for Onboarding Vendors.”

There are five key areas where auditors can lend their expertise: resource and program management, onboarding requests, the remediation process, technology and assessment services, and vendor reporting. The paper offers actionable steps auditors can take to manage each area, as well as outlines essential questions to ask during each area of the onboarding process, including:

Is there a technology solution in place with ready-to-use standard content and workflows, with customization options if needed?
Beyond the contract, is the vendor compliant with a security framework and applicable privacy regulations?
Has the adequacy of the vendor’s business continuity and disaster recovery plans been assessed?
Is there a central solution capturing risk acceptance and documentation for audit visibility?
Is there a sufficient escalation process when vendor risk changes?

“Although there are standardized processes for vendor onboarding, businesses should not assume these are ‘one size fits all’ and immune from risk,” says Dapo Ogunkola, CISA, CRISC, Internal Audit Manager of Wealth & Asset Management at EY, and an expert reviewer for the white paper. “Audit plays an essential role in the process to help enterprises minimize risk and effectively and efficiently maintain vendor relationships.”

Professionals can also reinforce this knowledge by listening to the upcoming webinar, How Audit Can Provide Oversight for Vendor On-boarding, releasing from ISACA and Galvanize on 17 March 2020 at 12 pm (EDT) / 11 am (CDT) / 9 am (PDT) / 4:00 PM (UTC). Torsten Larson, director of solutions consulting at Galvanize, provides actionable takeaways auditors can use when providing oversight of an established vendor risk management program.

To read the complimentary white paper, visit Audit Oversight for Onboarding Vendors. To access the webinar, visit https://www.isaca.org/education/online-events/lms_w031720. Find additional educational resources from ISACA at www.isaca.org/resources.

About Galvanize

Galvanize builds award-winning, cloud-based security, risk management, compliance, and audit software to drive change in some of the world’s largest organizations. We’re on a mission to unite and strengthen individuals and entire organizations through the integrated HighBond software platform. With more than 6,300 customer organizations in 130 countries, Galvanize is connecting teams in many Fortune 1,000 and S&P 500 companies, and hundreds of government organizations, banks, manufacturers, and healthcare organizations. Whether these professionals are managing threats, assessing risk, measuring controls, monitoring compliance, or expanding assurance coverage, HighBond automates manual tasks, blends organization-wide data, and broadcasts it in easy-to-share dashboards and reports.

Learn more at wegalvanize.com

About ISACA

For more than 50 years, ISACA (www.isaca.org) has advanced the best in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations. Through the CSX, COBIT and CMMI solutions, ISACA enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its 145,000 members who work in information and cyber security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews