Audit Templates (Standalone)

This spreadsheet is meant to analyze the current list of rules, regulations and guidelines pertaining to third-party suppliers. A detailed list can be found on Tab 2 of this worksheet. Additionally, the SIFMA Vendor Working Group recommends a life-cycle approach to supplier risk management. The tabs on this worksheet represent the life-cycle phases as defined by the Office Of the Comptroller Of the Currency (OCC).

This workbook can also be used to help a firm profile itself against the requirements set forth by the OCC. The RACI method has been embedded to help companies determine who is involved regarding a specific compliance point and their role. If no one is involved then that should be highlighted as an item requiring a corrective action plan. The roles in the RACI profiling method are:

• Responsible: This is a person, who performs a task or work and he/she is responsible for the work.
• Accountable: the primary person in charge of the task or work (e.g. department/division head) .
• Consulted: Person, who gives feedback and contributes when required.
• Informed: Person in charge who needs to know the action or decision taken.