Improve your company’s vendor management process with the best-practice steps in this audit program sample. This audit program outlines a detailed assessment framework that includes governance reviews; organizational structure evaluations; insurance coverage verification; reliance on subcontractor analysis; human resources management, including training and onboarding processes; performance evaluations; termination procedures; and incentive compensation programs.

Additionally, it assesses technology controls related to information security and disaster recovery plans. By systematically examining these areas through specific assessment activities and criteria/testing plans provided in the document's tables, potential risks and deficiencies within the vendor’s operations can be identified. This ensures that vendors maintain the necessary standards of quality and control to protect the contracting organization from legal, financial, operational or reputational risks associated with third-party engagements.

Sample audit steps include:

• Obtain the third party's policy and procedure manuals relevant to its business practices, which align to its service agreement with the bank.
• Verify that the third party has relevant policies and procedures documented and evaluate whether they are readily accessible to employees.
• Verify that the third party has a process in place to review and approve policies and procedures regularly.
• Obtain the third party's organizational charts and verify that they have created organizational charts.