As part of its Annual Assurance Plan, the Office of Internal Audit conducted an internal audit of IT third-party risk management in WFP. The audit covered the period from 1 January 2023 to 31 December 2023. With over 163 long-term agreements with Information Technology service providers and five major private sector technological partnership agreements, third-party risk management is critical to WFP in managing risks along the life cycle of a third-party vendor, from the sourcing through the due diligence, monitoring of risks to the termination of the contract relationship. Third-party risk management outlines how an organization assesses, selects, and monitors its vendors to ensure that they meet the organization’s requirements and standards for quality, security, and compliance. Based on the results of the audit, the Office of Internal Audit has come to an overall conclusion of some improvement needed.