Insights into Third Party Assurance Reporting

Deloitte releases the first in a series of quarterly newsletters providing insights into Third Party Assurance reporting. A few key insights from the benchmarking analysis include:

• Receiving a third party subservice providers audited controls report is not enough – stakeholders should be doing more to review and understand the results and how they impact their organisation
• Most third party service organisations do not classify software vendors as material outsourced providers. We encourage organisations to re-evaluate this position.
• Increasingly more types of service providers are issuing third party assurance reports to their clients, however significant gaps remain for example payroll providers, gateway providers, loan administrators and IT infrastructure providers)

In this newsletter we outline our view on some  better practice s for managing and monitoring third party providers.