Auditing Vendor Management - ITG215


Vendor Management has become an important topic for auditors in the last three years because significant amounts are often spent without proper oversight and management. This typically results in organizations spending more than necessary while relying on vendors whose quality and practices may be inconsistent with your expectations.

This seminar addresses the risks related to vendor screening and performance, and the best techniques to monitor them. Identifying issues is certainly important, but it is also essential to avoid engaging questionable vendors so this seminar provides techniques to prevent this problematic condition. Participants will examine the objectives, risks and controls specific to this process, and through discussions, exercises and a case study practice what is learned.

Don’t wait until a costly issue surfaces requiring investigation and remediation. Learn how to audit this high-risk process effectively, save your company money, prevent reputation damage, and avoid the problematic conditions that poor vendor contracting lead to.

What you will learn



  • What it means in this context and why it is important
  • Establishing the appropriate governance framework
  • Prevention is better than trying to cure
  • Tools and techniques

Vendor Selection:

  • How do you know you are selecting the right vendors?
  • Trusting vendors: Should you?


  • Essential language in today’s environment
  • Contracting with vendors and providers of your hardware and software vendor management platform
  • Does Legal Counsel know what to do?

Software Vendor Management:

  • Software License Model – Understanding License Agreements
  • Version control and upgrades
  • Testing
  • Software License Compliance without spending excessive amounts of time

Performance Monitoring:

  • Metrics for measuring performance
  • Best practices for effective monitoring


  • Old computer equipment
  • Hardware upgrades
  • Software distribution
  • Mergers and acquisitions
  • Virtualization

Hardware Vendor Management:

  • Top 10 things to look for in the hardware contract
  • Choosing the right hardware vendors for your current and future needs
  • Governance, monitoring and metrics
  • Components of effective back-up plans and inventory management programs
  • Compatibility
  • Exposures: Theft and damage

Cloud Service Providers and 3rd Party Computing Vendors:

  • Types of vendors, cloud service providers and Cloud Certifications
  • Common mistakes made when moving to the Cloud
  • Identifying the risks and educating management on them
  • Top 20 Questions to ask before and after moving to the Cloud
  • Evaluating and selecting a qualified Cloud Service Provider
  • Preparing and moving your data to the Cloud – It’s more than Copy and Paste
  • What should, and should not be moved to the Cloud.
  • Cloud Migration Strategy Checklist

Access Management:

  • Non-security issues to consider before picking a Cloud Service Provider
  • Beware of Shadow Clouds
  • Identity Access Management
  • Meeting compliance requirements

Data Protection:

  • Encryption: The Key
  • Don’t’ forget Internet Service Providers
  • Evaluating data interfaces
  • Monitoring: What IT and management should be doing

Further information

ACI Learning
ACI Learning
3 Days
Scheduled dates
Course type:
Amsterdam, Atlanta, GA, Bandar Seri Begawan, Boston, MA, Burlington, MA, Cape Town, Charlotte, NC, Chicago, IL, Dallas, TX, Denver, CO, Dubai, Dublin, Dublin, OH, Hong Kong, Houston, TX, Las Vegas, NV, London, Manila, New York, NY, Oman, Orlando, FL, Philadelphia, PA, San Antonio, San Diego, CA, San Francisco, CA, Seattle, WA, Singapore, Virtual Training Room Only, Washington, DC

Contact Information

ACI Learning

6855 S. Havana St.
Suite 230
80112 USA