Third party risk

Do you offer cloud-based services, technology platforms or security operations where a control failure or data loss could impact your customers? Are your customers demanding greater visibility over your IT or business control environments?

The services you provide to customers often allow them to have a sharper focus on their core activities, reduce cost and get them closer to their own customers. As a third party, demonstrating to your customers effective design and operation of key controls will be a key differentiator for you in the market.  

At RSM we provide assurance over the controls operated by third parties through a range of service auditor reports, including:

  • SOC 1
  • SOC 2
  • SOC 3
  • ISAE 3402/3000 
  • AAF

Could your business benefit?

If you are a provider of technology, security or software services, or in Fintech, and want to evidence the effective design and operation of your controls, we can help you.

You will benefit from:

A reduced number of audit requests received from your customers and third parties. This enables you to focus your time and effort on what you do best.

Creating a competitive advantage by demonstrating the effective design and operation of key controls in line with internationally recognised standards to your customers.

Reduced risk that a control failure leads to adverse publicity, regulatory scrutiny and fines, and financial loss.

Insights into control improvements that could reduce your operating costs and improve business performance.

Our approach

We offer a range of different service auditor reports depending on the type of third-party assurance standards in place and the requirement of your customers. We tailor our approach to your business’ requirements, ensuring that your assurance project is a success.

We offer assistance to help you prepare or be the service auditor who completes the evaluations and provides you with the report.

We typically help our clients in four areas:

  • Understanding your customers’ requirements – We help you understand and prioritise your customers’ requirements, putting the key areas of focus at the top the agenda.
  • Scoping and selecting a standard – We help you select the most appropriate standard, identify what services and supporting technology is in scope and determine the best frequency of assurance reporting.
  • Develop a controls framework – We help you prepare the control objectives and activity narrative, and identify the supporting evidence needed. An early review also helps you to identify any control gaps, focus your remediation efforts, and avoid surprises later down the line.
  • Scoping and selecting a standard – We evaluate the controls by typically performing a Type 1 (design evaluation) and Type 2 (design and operating effectiveness). You can then share the report with your customers and their auditors.

For more information about project assurance support please contact Sheila Pancholi, Steve Snaith, and Paul O’Leary