Institute of Internal Auditors: Practice Guide on Auditing Third-Party Risk Management

This document, available to members, was published in November 2018, and explains to audit teams how to understand and assess risks related to the use of third parties. It looks at risks across the full vendor life cycle, including the appropriate sourcing, ongoing management, and termination of vendors. The document also gives a framework for planning and executing third-party risk audits based on the size and type of organization in question.