Third party trust

Build and deliver trust in your ecosystem

In today’s business landscape, outsourcing remains a prevalent practice among organisations, which rely on third party service providers for cost-efficient access to various services and forms of support, including cloud and financial technology services, and human resource management.

Despite the benefits of outsourcing, it also exposes organisations to special risks, such as regulatory, reputational and operational risks through the potential loss of sensitive data, and possible disruptions to critical business services and financial reporting.

The management, board and shareholders of organisations demand confidence in the controls and compliance capabilities of suppliers, vendors and service organisations. They expect that organisations have the processes in place to effectively oversee third party arrangements.

Hence, organisations must ensure that third parties/ service providers meet a certain level of governance, rigour and consistency in order to build trust and be able to make outsourcing decisions with confidence.

How our third party trust services can help you

We have a team of dedicated professionals who are experienced and knowledgeable about third party risks, the relevant frameworks and assurance standards, controls identification and reporting. By identifying and managing key risks related to security, technology and third party relationships, we help your organisation maintain stakeholder trust and its reputation.

Controls reporting

1. Third party assurance reports

Through controls assurance reports like OSPAR, SOC 1 and SOC 2, third party service providers can accurately communicate information about their service controls and processes to potential clients.

In preparation for the issuance of these reports, our digital audit team can:

  • Conduct a ‘pre-attestation’ readiness review, where we will work closely with your organisation to evaluate the adequacy of your existing controls with regards to reporting requirements and identify gaps and weaknesses.
  • Assess your organisation’s control posture against relevant frameworks for the issuance of OSPAR and SOC2 reports in accordance with the ISAE3000 assurance standard.
  • Assist your organisation with controls reporting to meet your customers’ financial reporting requirements (internal control over financial reporting) through the issuance of SOC 1 reports in accordance with the ISAE3402 assurance standard.
2. Other reports

Our digital audit professionals can help to evaluate your organisation’s controls design and operations, and communicate the information to specific stakeholders through independent reports issued under the ISAE 3000 / SSAE 3000 standard.

Examples of such reporting requirements include:

  • The assessment of banks’ compliance with the Singapore Deposit Insurance Corporation (SDIC) requirements.
  • The assessment of banks’ MAS Electronic Payment System (MEPS+) by the Monetary Authority of Singapore (MAS).

Independent third-party audits/ vendor assessments

Third party/ outsourcing related risks are treated as key risks in any organisation’s security posture and as such, organisations are required to constantly address such risks for trusted co-existence and partnership with their third parties/ service providers/ vendors.

In particular, banks are required to assess their third parties at regular time intervals in order to comply with regulatory requirements.

PwC’s digital audit professionals can assess and review outsourcing arrangements and third parties using established frameworks, such as the Association of Banks in Singapore (ABS) Outsourced Service Provider’s Audit Report (OSPAR) and American Institute of Certified Public Accountants( AICPA) System and Organisation Controls 2 (SOC2) Trust Service Criteria, or with any other focus areas as required by your organisation to ensure compliance to service level agreements (SLA), contractual obligations and requirements.

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

See Hong Pek

See Hong Pek

Digital Audit and Assurance Leader, PwC Singapore

Tel: +65 9638 7021

Anthony Dias

Anthony Dias

Partner, Digital Audit and Assurance, PwC Singapore

Tel: +65 9731 1450

Nur Ashikin Ahmad

Nur Ashikin Ahmad

Partner, Digital Audit and Assurance, PwC Singapore

Tel: +65 9637 5072

Hide