Third Party Assurance

Overview

Clients need greater transparency and more demand is now placed on how service providers are managing risks such as supply chain, covering service levels, sustainability and regulatory/legal commitments.

Services businesses are impacted by regulations to provide transparency for clients. These include assuring platforms for asset and wealth management, clearing, settlement and exchange, IT systems and platforms, and assurance over market infrastructure, eCommerce, fulfilment and logistics platforms, critical business systems such as payment infrastructure and payroll systems, and cyber security systems, assuring resilience, privacy and security controls.

Organisations need trust to succeed. Stakeholders need trustworthy information that is clear, relevant, and reliable. In line with international standards, we help organisations respond to demands for increased transparency and industry comparability, and increase the credibility of that reporting.

Companies turn to outsourcing to reduce costs and improve efficiencies. As more companies outsource transaction processing or share sensitive data, the demand for trust and greater transparency across internal controls increases. As does the need for auditor reporting on those internal controls at a third-party entity (or ‘service organisation’).

We have deep experience in providing assurance over control reports covering the full range of service provider needs. Our assurance is rigorous, focused and designed to enhance customer confidence in the reporting from service providers. Our work enhances transparency and establishes trust to communicate the right information to the right people at the right time.

 

Businessman looking thoughtful while using a cellphone in an office.
Group of business people on a video conference discussing third part insurance.

Issues you may be facing

  • Organisations are dependent on service providers to fulfil critical business processes
  • Transparency of outsourced activities with clients and client needs
  • Compliance with contractual and regulatory requirements in the industry
  • Readiness for assurance reporting
  • Managing multiple assurance requests 

 

How we can add value

Assurance reports come in various types, such as the ISAE 3402/ISAE 3000/SOC 1 that focuses on financial reporting controls, and SOC 2 that covers controls related to security, availability, processing integrity, confidentiality, and privacy.

A third-party assurance report assures users of a service organisation’s internal controls to achieve common business objectives.

These reports are designed as a communication to oversight functions, user entities, its auditors, and specified parties (based on report type), who have generally received similar reports in the past and have an understanding of what the reports will include.

Crucially, the assurance report includes a PwC-branded opinion for readers to understand that the controls have been independently assessed.

Reporting on controls at a service organisation

ISAE 3402/SOC 1/SOC 2/ISAE 3000 assurance reports provide assurance over the design and operation of controls or financial reporting information at a third party or service organisation.

  • ISAE 3402 (Internal controls over financial reporting) or SOC 1 equivalent An ISAE 3402 assurance report is further broken down into two types:
    • Type 1 -  The focus of this assurance report on internal controls over financial reporting is based on an assurance report, at a point in time, specific to a specified date.
    • Type 2 - The focus of this assurance report on internal controls over financial reporting is based on an assurance report, over a period of time, usually a financial period of twelve months.
  • ISAE 3000 with reference to trust service criteria or SOC 2 equivalent, SOC 2+ Vendor Controls Attestation

Considerations

  • Trust is critical for choosing a service provider with access to private data. These reports show that your controls are effectively operating across people, technology, and data layers, going beyond just documents.
  • Complying with your commitments shows that your contractual obligations to business clients are being satisfied and that the commitments made to regulators are being met.
  • Challenging your controls identifies any gaps in the operational application of your controls and where to apply remediation efforts.

Competitive advantage shows how strong and effective your controls are compared to your competitors. This gives your stakeholders more confidence in your business. When interested third parties receive an independent assurance report on something important to them, they make fewer requests, which reduces disruption to your business. Showing good governance is important and gives third parties more confidence that they can rely on the governance described in the report.

  • Assurance reports are common in the industry and can provide valuable insights into how your controls compare to those of your competitors. This helps your management team understand what good practices look like in the industry and how your organisation’s controls measure up to industry standards and best practices.

 

Why us?

Our credentials

We have extensive experience issuing and preparing third-party assurance reports for technology clients. Our experience and tried-and-tested approach will avoid unnecessary re-work, additional costs, or burden on management.

Value add

Choosing a ‘Big Four’ accounting firm may often cost more, but our extensive experience helping clients with similar reporting can prevent unexpected costs and provide a better experience.

Insight

We will analyse your reporting and benchmark it against industry standards, and recommend process and control improvements.

One assurance

We can use both internal audit and TPA assistance to improve efficiency. Including audit and TPA in an audit and assurance policy gives boards and audit committees more control and awareness of data reliability.

Efficient and effective approach

We have made significant investment in on-shore and off-shore delivery centres of excellence that allow us to manage costs while providing high-quality services.

Delivery model

We will use our technology investments in project management, evidence collection, and telecommunication software to manage the audit process smoothly and provide more value and efficiency.

Challenges

To have a successful TPA strategy, it’s important to align certification and assurance reporting with an organisation’s business objectives. Once a TPA roadmap is established, preparation is key. This includes defining risks and controls that are mapped to the respective assurance reporting, designing and documenting controls, readiness assessment and remediation assistance.

Assurance reporting helps identify control exceptions that could cause challenges and result in penalties, brand risk, or loss of business.  

This effort requires knowledge of various reporting standards, and we can help clients prepare for TPA reporting efficiently and effectively.

Risk excellence

Service organisation:

Service organisations experience improved risk management and stronger alignment of controls to risks, leading to more efficient audits. More transparency and insight in risks and the framework managing them leads to increased market confidence. ISAE 3402 also reduces the need for multiple audits and business interruption.

Users

Security and risk concerns are reduced with detailed insight and external confirmation from a professional auditor. This improves understanding and alignment with supplier processes and increases comfort with outsourced aspects of the business. It also improves efficiency in reviewing and assessing external audits.

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}
Follow us

Required fields are marked with an asterisk(*)

Please enter your message

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Gerhard Rossouw

Gerhard Rossouw

Director, PwC South Africa

Tel: +27 (0) 79 883 6573

Calista Kwasha

Calista Kwasha

Associate Director, PwC South Africa

Tel: +27 (0) 82 521 9123

Chika Skeyile

Chika Skeyile

Senior Manager, PwC South Africa

Tel: +27 (0) 74 933 3414

Dennis Chiteme

Dennis Chiteme

Senior Manager, PwC South Africa

Tel: +27 (0) 73 622 4913

Heinrich Fabricius

Heinrich Fabricius

Senior Manager, PwC South Africa

Tel: +27 (0) 82 768 4832

Hide