Third-Party Assurance & Vendor Risk Management

Armanino is a leading provider of third-party assurance and vendor risk management services. Our approach is collaborative and coordinated. We synchronize the third-party assurance services for our clients with their ongoing SOC, SOX and external audit programs. This helps to create a clear line of sight for all parties and relevant controls, and to ensure that issues or industry trends are addressed quickly and resolution steps are taken to tackle those issues collaboratively.

Additionally, Armanino views continuous improvement as vital for all aspects of third-party assurance and vendor risk management programs. We review our clients’ people, processes and technology to make sure that best practices are in place to ensure efficiency and effectiveness of their controls.

Standardized Information Gathering (SIG) questionnaire

 This tool allows Armanino to assess and collect the information necessary to conduct an initial assessment of a service provider’s controls. The information is collected once and used to meet the requirements for the hundreds of vendor security questionnaires that are issued annually to our clients.

Shared Assessments Agreed-Upon Procedures

 We leverage the Shared Assessments model based upon the SIG to perform an AUP engagement that our clients can share with their current and prospective customers.

Standardized Control Assessment (SCA)

 These procedures are used by Armanino to conduct onsite and additional validation assessments, verifying clients’ responses to the SIG.

Vendor Risk Management Maturity Model (VRMMM)

 Armanino provides benchmarking data to clients using this model, providing them with a report on the maturity of their third-party risk management programs in comparison to industry best practices.