As part of its Annual Assurance Plan, the Office of
Internal Audit conducted an internal audit of IT
third-party risk management in WFP. The audit covered the
period from 1 January 2023 to 31 December 2023. With over
163 long-term agreements with Information Technology
service providers and five major private sector
technological partnership agreements, third-party risk
management is critical to WFP in managing risks along the
life cycle of a third-party vendor, from the sourcing
through the due diligence, monitoring of risks to the
termination of the contract relationship. Third-party risk
management outlines how an organization assesses, selects,
and monitors its vendors to ensure that they meet the
organization’s requirements and standards for quality,
security, and compliance. Based on the results of the
audit, the Office of Internal Audit has come to an overall
conclusion of some improvement needed.