You should prepare for an exam before you're officially given notice of it. There are items to have ready ideally 3 or 4 months before any potential exam window.
Anticipate what you know examiners are going to ask for, either based on prior exams or on the flow of a typical examination.
What to Have Ready
Here are 8 examples of items to have ready:
1. A copy of your third party program and associated documents
2. An organization chart for those involved with third party risk management
3. Job descriptions and bio's for key members of the team to demonstrate adequate experience and training
4. A complete inventory of your third parties, ideally ranked by level of risk
5. Samples of your critical/high risk third parties and supporting documentation
6. Evidence of adequate review and timely tracking of important documents such as financials, SSAE 18 reports and contracts
7. Evidence of reports to keep senior management and the board informed of third party activities
8. Remediation of any prior examination issues
Get these items prepared now rather than waiting for the exam. And, make sure you can quickly and easily access them when the time comes.
For more exam prep tips, check out our Examination Preparation GuideBook.
