SSAE 18: A Practical Analysis for 3rd Party Risk Management

SSAE 18: A Practical Analysis for 3rd Party Risk Management

I’ve read a ton of SSAE 18 analyses ranging from comic book style infographics with inadequate, lightweight, poorly explained content to others that are very detailed, well written analyses targeting auditors. I particularly like Ryan Buckner’s concise, practical analysis in ACCOUNTING TODAY. In any case, I’ve had many requests from our Certified Regulatory Vendor Program Managers (CRVPM’s) to write one for those who manage vendor management programs…so I’ve done so. I question a couple of the points included in the SSAE 18 requirements which make a couple of “perfect world” assumptions and have included my “What If’s” in my analysis. So follow this link, have a read through and let me know what you think. And to those audit firms who conduct these types of engagements, you might want to think about enhancing your knowledge of what a 3rd party’s vendor management program should really look like before you venture out in the field. After all, you’re expected to enhance your knowledge in order to “minimize the risk of material misstatement”!

2017-03-16T12:42:05+00:00 March 10th, 2017|3rd Party Risk, Audit, Risk, Vendor Management|0 Comments