Reining in Third Party Risks
Reining in Third Party Risk
October 14, 2015
Mark Bednarz, Partner, O’Connor Davies
Kevin Secrest, IT Audit Manager, University of Pennsylvania
Today more colleges and universities are utilizing outsourced providers to reduce costs, improve operations and generate new revenue sources. Each new relationship can expose institutions to a wide range of risks. Developing an effective third party management is a mainstay of cost management, operational efficiency, and monitoring risk.
Attendees will have a greater understanding of third party risk and how outsourced providers can negatively impact colleges and universities. The course will also provide suggestions on how to incorporate third party relationships into your internal audit risk assessment as well as value-added recommendations for enhancing a third party management program.
Understand the types of risks that should be addressed when transitioning functions to third party providers.
Identify opportunities to improve third party risk management program
Enhance internal audit risk assessment process to address strategic initiatives
Identify red flags with third party relationships
Understand Service Organization Control reports and how to utilize them
Mark Bednarz, CPA, CISA, CFE is a Partner in O’Connor Davies Risk Advisory Group. He combines more than twenty years of public accounting, IT consulting and Fortune 500 experience. Mark’s extensive experience includes internal audit, business reengineering, forensic accounting, Oracle implementations, regulatory attestation, risk management, Sarbanes-Oxley consulting, IT audits and governance and service organization control reporting (SOC) attestations. His higher education experience includes internal audit transformation projects, forensics, financial and IT internal audit engagements for private and public institutions.
He is a frequent presenter and training evaluator for several professional organizations related to Governance, Risk and Compliance. He has also serves as an author and contributing editor to articles that appear newsletters and publications as well as conducts webinars.
Kevin Secrest, CISA, CRISC is the IT Audit Manager for the University of Pennsylvania (“Penn”). He has diverse experience across 15 years providing IT audit and advisory/consulting services; 5 years with the federal government, 6+ with a global professional services firm, and now 4 years in the higher education/healthcare industries. At Penn, he is responsible for leading his team in conducting risk-based audits and providing advisory/consulting services across the University and University of Pennsylvania Health System. He collaborates with security and privacy resources on initiatives designed to promote awareness of IT risks and current/emerging issues to faculty, staff, students, and researchers.