The Future of Third-Party Assurance (TPA) Reporting

Organisations are more dependent than ever on third parties to fulfil critical business processes across their ecosystems. Outsourcing business functions, controls and data handling does not outsource the risk. As such, there is a need for transparency and monitoring over the activities and controls in place across third (and fourth) parties to ensure they are suitably robust and in line with the risk profile and appetite set.

Third-party governance and monitoring is emerging as a key focus area, all the way up to the Board level. Regulatory scrutiny is increasing, requiring more direct oversight and ongoing due diligence by Management and the Board on third-party risk and assurance matters. Additionally, we are seeing third-party incidents and customer service disruptions are on the rise, often with immediate public visibility and greater severity, including; customer, reputational, regulatory and financial consequences.

In this report we provide a summary of insights gained from:

• Surveying the global TPA community, along with interviewing a selection of Deloitte clients to gain further perspectives on the preliminary survey results.
• Our experience having worked with a range of clients across multiple industries and geographies globally.

This report shares:

• Current and emerging third-party risks and trends.
• Insights into the current and future landscape of TPA reporting.
• Useful perspectives from the global TPA community.

The key areas of insight relating to the future of TPA reporting have been summarised into 5 key themes:

1. Emerging needs for TPA reporting
2. Purpose, relevance and value of TPA reports
3. Digital journey and control transformation 
4. Integrated monitoring tools
5. Monitoring activities of nth parties