Reining in Third Party Risks

October 14, 2015
Mark Bednarz, Partner, O’Connor Davies
Kevin Secrest, IT Audit Manager, University of Pennsylvania

Course Description

Today more colleges and universities are utilizing outsourced providers to reduce costs, improve operations and generate new revenue sources. Each new relationship can expose institutions to a wide range of risks. Developing an effective third party management is a mainstay of cost management, operational efficiency, and monitoring risk.

Attendees will have a greater understanding of third party risk and how outsourced providers can negatively impact colleges and universities. The course will also provide suggestions on how to incorporate third party relationships into your internal audit risk assessment as well as value-added recommendations for enhancing a third party management program.

Learning Objectives
Understand the types of risks that should be addressed when transitioning functions to third party providers.

  1. Identify opportunities to improve third party risk management program

  2. Enhance internal audit risk assessment process to address strategic initiatives

  3. Identify red flags with third party relationships

  4. Understand Service Organization Control reports and how to utilize them

Presenter Biography

Mark Bednarz, CPA, CISA, CFE is a Partner in O’Connor Davies Risk Advisory Group. He combines more than twenty years of public accounting, IT consulting and Fortune 500 experience. Mark’s extensive experience includes internal audit, business reengineering, forensic accounting, Oracle implementations, regulatory attestation, risk management, Sarbanes-Oxley consulting, IT audits and governance and service organization control reporting (SOC) attestations. His higher education experience includes internal audit transformation projects, forensics, financial and IT internal audit engagements for private and public institutions.

He is a frequent presenter and training evaluator for several professional organizations related to Governance, Risk and Compliance.  He has also serves as an author and contributing editor to articles that appear newsletters and publications as well as conducts webinars.

Kevin Secrest, CISA, CRISC is the IT Audit Manager for the University of Pennsylvania (“Penn”). He has diverse experience across 15 years providing IT audit and advisory/consulting services; 5 years with the federal government, 6+ with a global professional services firm, and now 4 years in the higher education/healthcare industries. At Penn, he is responsible for leading his team in conducting risk-based audits and providing advisory/consulting services across the University and University of Pennsylvania Health System. He collaborates with security and privacy resources on initiatives designed to promote awareness of IT risks and current/emerging issues to faculty, staff, students, and researchers.