Answer-first summary for fast verification
Answer: The bank should review all third-party audit reports of a vendor that are publicly available.
## Explanation **Option A is the most appropriate recommendation** because: - **Third-party audit reports** provide independent verification of the vendor's internal controls, financial stability, and operational processes - **Publicly available audit reports** (such as SOC 1/SOC 2 reports) offer transparency about the vendor's risk management practices - This approach aligns with **regulatory guidance** on third-party risk management, which emphasizes due diligence through independent verification - Reviewing audit reports helps identify potential operational risks before entering into contracts **Why the other options are less appropriate:** - **Option B**: Compensating vendor representatives mainly with commissions could create misaligned incentives and potentially encourage aggressive sales practices that don't serve customers' best interests - **Option C**: Completely preventing vendor access to critical systems/data is impractical for a marketing vendor who needs certain information to perform their function effectively This approach represents **prudent operational risk management** by conducting proper due diligence on third-party vendors before establishing significant business relationships.
Author: LeetQuiz .
Ultimate access to all questions.
Q-29. The senior management team of a small regional bank has established a committee to review procedures and implement best practices related to entering into significant contracts with third-party vendors. The committee is reviewing one proposed relationship with a third-party vendor who would have a significant responsibility for marketing the bank's financial products to potential customers. In establishing policies to reduce the operational risk associated with this potential vendor contract, which of the following recommendations would be most appropriate?
A
The bank should review all third-party audit reports of a vendor that are publicly available.
B
The bank should ensure that a vendor's sales representatives are compensated mainly with commissions from the sale of the bank's products.
C
The bank should prevent a third-party vendor from having access to any of its critical systems or data.
No comments yet.