“With companies outsourcing more responsibilities to third parties, the risks associated with outside firms are also increasing. While chief risk officers are often called upon to manage those risks, however, it is internal auditors who are responsible for setting up processes to identify third-party risk factors.”