Which of the following will BEST help an organization evaluate the control environment of several third-party vendors?
A. Review vendors’ performance metrics on quality and delivery of processes.
B. Review vendors’ internal risk assessments covering key risk and controls.
C. Obtain independent control reports from high-risk vendors.
D. Obtain vendor references from third parties.
A. Review vendors’ performance metrics on quality and delivery of processes.
B. Review vendors’ internal risk assessments covering key risk and controls.
C. Obtain independent control reports from high-risk vendors.
D. Obtain vendor references from third parties.