Skip to main content

Introduction to Third Party Assurance

Build customer confidence and instil trust by demonstrating your commitment to independent third-party assurance

What is Third-Party Assurance?

Third-party assurance involves independent and objective assessments of the controls and processes used by service organisations and other companies. It provides assurance that organisations are effectively managing risks, complying with regulations, and meeting contractual obligations.

Our Third-Party Assurance team provide businesses and their customers with tailored, independent assurance over their operations.

What we do

The evolving business landscape sees companies increasingly relying on external service providers, bringing efficiency but also challenges in data security, internal controls, and customer trust. To address this, providers are using third-party assurance programs to demonstrate robust risk management. Independent assurance offers transparency and builds confidence by assuring customers of their data and operational security. We offer a comprehensive suite of customisable Third-Party Assurance services, aligning with industry standards, to meet the specific needs of providers and their customers.

Key benefits of third party independent assurance

Third-party assurance framework

Independent examination of an organisation's controls that are relevant to financial reporting. It is specifically designed to meet the needs of user entities and their auditors who are evaluating the impact of a service organisation's controls on the user entity's own financial statements.

Examination of controls performed by a service organisation relevant to internal control over financial reporting, including financial ledgers, revenue, collections, payroll, purchasing, payments, pensions, asset management, settlement, inventory, logistics and general IT controls.

Independent examination of controls related to specific Trust Service Categories (TSC) (security, availability, confidentiality, processing integrity and/or privacy) supporting the achievement of principal service commitments and system requirements. The applicable criteria may be extended to cover compliance with other standards and frameworks, e.g. ISO 27001 in a SOC 2+.

Independent examination with the same underlying scope as a SOC 2, however with the issuance of a “slimmed down” report that is intended to be made public for general use.

Implementation and maintenance of a cyber risk management program including examination of entity’s cybersecurity capabilities (NIST CSF, ISO 27001, AICPA TSC, NCSC CAFF, CSA Cloud Controls Matrix (CCM), etc).

Direct assurance or assurance over subject matter information on a variety of subjects beyond traditional financial information. Examinations can include compliance with regulations, sustainability reports, cybersecurity controls, data privacy practices, third-party outsourcing, among other subjects.