Skip to main content

Third Party Assurance

Take control of third-party risk with a strong third-party assurance program

Third Party Assurance

Take control of third-party risk with a strong third-party assurance program

Today, there is a growing awareness of organisations that outsourcing functions of their business to a third party introduces certain risks. As a consequence it is critical for user organisations to manage any potential risk and obtain proper assurance and transparency over those services outsourced to a third party. One of the most effective ways via which organisations (i.e. third parties) can communicate information about its risk management and controls is through a Service Auditor Report. Deloitte offers a range of third party assurance services such as Assurance Reporting (e.g. ISAE 3402, SSAE 16 (SOC 1), ISAE 3000, SOC 2 and SOC 3) and agreed-upon procedures (AUP) reporting.

A structured approach

Deloitte has developed a comprehensive and structured approach for service auditor reporting. Our methodology for preparing and delivering service auditor reports follows a phased approach which is customised to meet specific business needs of our clients. Our approach incorporates a risk-centric focus, while also identifying the effective and efficient methods for identifying scope, testing controls and executing the tasks and activities associated with third-party assurance reporting.

The enclosed brochure provides more information about Deloitte's methodology for service auditor reporting and what it can do for your company.

Latest articles on Third Party Assurance:

SOC 2+ reporting | Third party assurance optimisation

Managing risk from every direction

More on Third Party Assurance

Third-party reporting proficiency with SOC 2+

Providing assurance with regard to the American Institute of Certified Public Accountants’ (AICPA) Trust Service Principles (TSPs) may be sufficient for some outsource service providers’ (OSPs) customers. But others may require greater detail. For this reason, the AICPA has created SOC 2+

This extensible framework allows OSPs’ auditors (also known as service auditors) to incorporate various industry standards, such as the National Institute of Standards and Technology (NIST) and the International Standardization Organization (ISO), into one SOC 2 report.

Third-party assurance optimisation

Outsource service providers are increasingly managing core business and IT processes for clients, which entails gaining unprecedented access to sensitive data and connectivity to critical systems. But when outsource service providers are more tightly integrated with day-to-day operations, they also have an impact on their clients’ internal control environments. Companies, therefore, are holding outsource service providers to the same level of risk monitoring and regulatory compliance that they hold themselves.

As demand for third-party assurance reports increases, how can outsource service providers implement a more streamlined approach for dealing with both customer and regulatory requirements?