Outsourced Service Providers: What You Don’t Know Can Hurt You
While utilizing outsourced service providers (OSPs) is popular, companies must understand the wide range of risks associated with vendor relationships. A Service Organization Controls report per AICPA standards (SOC 1, 2 or 3) is a start, but far from sufficient to fully guard against cyber-security, competency, ethics, accountabilities, and other risks. Dependencies on key venders significantly change an organization’s risk profile, and therefore the necessary control response. Companies need to utilize a risk-based approach to consider additional screening, monitoring controls, and communication protocols with key OSPs. Learn a three-tiered approach, grounded in the COSO-2013 Framework, to better understand objectives, risks, and controls revolving around OSPs to protect shareholder value.