Skip to main content
Perspective:
Perspective
11 Nov 2020
4 minute read

Third Party Assurance

Take control of third-party risk with a strong third-party assurance program

Today, there is a growing awareness of organisations that outsourcing functions of their business to a third party introduces certain risks.

As a consequence it is critical for user organisations to manage any potential risk and obtain proper assurance and transparency over those services outsourced to a third party. One of the most effective ways which service organisations (i.e. third parties) can communicate information about its risk management and controls is through a Service Auditor Report. Deloitte offers a range of Third Party Assurance services such as ISAE 3402, SSAE 18, ISAE 3000, SOC 1, SOC 2, SOC 3 and Agreed-Upon Procedures (AUP) reporting.

Deloitte has developed a comprehensive and structured approach for Third Party Assurance services. Our methodology for preparing and delivering service auditor reports follows a phased approach which is customised to meet specific business needs of our clients. Our approach incorporates a risk-centric focus, while also identifying the effective and efficient methods for identifying scope, testing controls and executing the tasks and activities associated with third-party assurance reporting.

Third-Party benefits and risks

Third parties — whether traditional vendors, business partners or inter-affiliates — often reduce time to market, lower service delivery costs and improve customer experiences. An extended enterprise can allow a company to access specialised talent not available in-house, driving product or service innovation. The use of third parties can also help an institution to better focus on its core capabilities.

But along with the benefits come additional risks. It is important for companies to be aware of all of the risks that may be typically associated with outsourcing, including, but not limited to reputational, control, compliance, privacy, financial,operational and information security risks. Outsourcing any component of a company’s business to a service organisation can introduce any or all of these risks — either directly or indirectly. Direct risks are typically associated with the actual processing or hosting of data. Indirect risks, which can be equally as critical, are normally associated with how the data is managed (or mismanaged) and the clients’ perception of the relationship between the provider and users of outsourced services. To effectively manage these risks, executives rely on specific reports (see Service Auditor Reporting Options) from their service organisations.

Did you find this useful?

Yes
No

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey

Key Contacts

Trevor Wright

Associate Director | Risk Advisory Africa
+27 11 209 8244

Michele Townsend

IT & Specialised Assurance (ITSA) Leader | Risk Advisory Africa
+27 11 806 5992

Recommendations

Infrastructure as an economic stimulus | Deloitte Global

In unprecedented times like today, governments around the world are faced with enormous pressures to make significant infrastructure investments and generate both an immediate boost and long term growth.
Perspective
5 minute read

Third party ecosystem: Why rethink third party risk?

As third party ecosystems continue to expand exponentially,important questions are being asked by boards of directors andother stakeholders regarding the risk to the extended enterprise.
Perspective
5 minute read

Third Party Assurance: Service Auditor Reporting | Risk | Deloitte Africa

Perspective
4 minute read

Cognitive computing for risk management | Deloitte Global | Risk Advisory

Learn how cognitive computing applications are being used for risk management, mining often ambiguous data for indicators of known and unknown risks.
Perspective
5 minute read