Risk Assurance & Advisory

Third-Party Assurance & Vendor Risk Management

Outsourcers and their vendors are under increasing scrutiny for control weaknesses that can enable fraud and cyberattacks. Clients want assurance that their vendors are protecting their data and assets with effective, secure third-party controls and risk management.

Our Approach

Collaborative and Coordinated

Armanino is a leading provider of third-party assurance and vendor risk management services. Our approach is collaborative and coordinated. We synchronize the third-party assurance services for our clients with their ongoing SOC, SOX and external audit programs. This helps to create a clear line of sight for all parties and relevant controls, and to ensure that issues or industry trends are addressed quickly and resolution steps are taken to tackle those issues collaboratively.

Additionally, Armanino views continuous improvement as vital for all aspects of third-party assurance and vendor risk management programs. We review our clients’ people, processes and technology to make sure that best practices are in place to ensure efficiency and effectiveness of their controls.

Standardized Information Gathering (SIG) questionnaire

 This tool allows Armanino to assess and collect the information necessary to conduct an initial assessment of a service provider’s controls. The information is collected once and used to meet the requirements for the hundreds of vendor security questionnaires that are issued annually to our clients.

Shared Assessments Agreed-Upon Procedures

 We leverage the Shared Assessments model based upon the SIG to perform an AUP engagement that our clients can share with their current and prospective customers.

Standardized Control Assessment (SCA)

 These procedures are used by Armanino to conduct onsite and additional validation assessments, verifying clients’ responses to the SIG.

Vendor Risk Management Maturity Model (VRMMM)

 Armanino provides benchmarking data to clients using this model, providing them with a report on the maturity of their third-party risk management programs in comparison to industry best practices.

Experts
Kevin Guy - Risk Assurance & Advisory
Managing Director

Kevin brings 24 years of experience in third party compliance, internal audit, process redesign, finance, and operat...

Liam Collins - Partner, Audit - San Francisco CA | Armanino
Partner
Liam has more than 18 years of assurance and consulting experience, including 10 years with Big Four firms. He leads th...
Need to Talk?

We're Here For You

If you have any questions or just want to reach out to one of our experts, use the form and we'll get back to you promptly.