Trust and Transparency

Reporting on controls at a service organization

Data analytics

Provide transparency and establish trust to communicate the right information to the right people at the right time

Today’s marketplace is crowded, and customers – whether businesses or individuals are more discerning than ever. For organizations to succeed, they need to be trusted. Stakeholders are looking for information that is clear, relevant, and reliable. Information they can trust.

In line with international standards, we help organizations respond to demands for increased transparency and industry comparability, and increase the credibility of that reporting.

Issues and challenges

Transparency of outsourced activities

Companies continue to turn to outsourcing as a means of reducing costs and improving efficiencies. As more companies outsource transaction processing or share sensitive data, the demand for trust and greater transparency across organizations’ internal controls increases. So, too, does the need for auditor reporting on those internal controls at a third party entity (or “service organization”) either through the following assurance reports:

  • ISAE 3402 (Internal controls over financial reporting) or SOC 1 equivalent
  • ISAE 3000 with reference to trust service criteria or SOC 2 equivalent
  • SOC 2+ Vendor Controls Attestation

Explore each option by clicking the links below:

ISAE 3402

ISAE 3000

SOC 2+

Compliance with contractual and regulatory requirements

As outsourcing becomes more prevalent, so does the need for assurance around vendor operations, processes and controls - especially with higher-risk data. Customers want their vendors to provide assurance over a range of general and industry-specific concerns, including third party management, third party data security and privacy, regulatory compliance, availability, processing integrity, and confidentiality either through the following assurance reports:

  • ISAE 3402 (Internal controls over financial reporting) or SOC 1 equivalent
  • ISAE 3000 with reference to trust service criteria or SOC 2 equivalent
  • SOC 2+ Vendor Controls Attestation

Explore each option by clicking the links below:

ISAE 3402

ISAE 3000

SOC 2+

Readiness for assurance reporting

Completing an assurance report engagement can be overwhelming for some service organizations. Assistance of a trusted business advisor in defining the appropriate scope, conducting control gap assessment, and guidance on remediation activities will help the organization successfully complete either of the following assurance reports:

  • ISAE 3402 (Internal controls over financial reporting) or SOC 1 equivalent
  • ISAE 3000 with reference to trust service criteria or SOC 2 equivalent
  • SOC 2+ Vendor Controls Attestation

Explore each option by clicking the links below:

ISAE 3402

ISAE 3000

SOC 2+

Managing multiple assurance requests

Regulators, user organizations and business partners are seeking greater transparency over operations while organizations face increasing challenges in responding to multiple assurance requests from their customers. Increasing demands for transparency from user organizations, regulators, third-party auditors are driving companies to expand their Trust and Transparency Solutions (“TTS”) portfolios. But the strain of managing these portfolios can become very burdensome for even the most forward-thinking organizations.

Engaging PwC as Trust and Transparency Solutions (“TTS”) Portfolio Manager can help ease the burden of managing expanding TTS portfolios while reducing the associated time and expense. Click the link below for more information.

Portfolio Management

How we can help

Third Party Assurance - Controls over Financial Reporting

(ISAE 3402)

Companies continue to turn to outsourcing as a means of reducing costs and improving efficiencies. As more companies outsource transaction processing or share sensitive data, the demand for trust and greater transparency across organizations’ internal controls increases. So, too, does the need for auditor reporting on those internal controls at a third party entity (or “service organization”).

Learn more

 

Third Party Assurance - Beyond Controls over Financial Reporting

[ISAE 3000 with Reference to AICPA’s Five(5) Trust Service Criteria]

With the continued growth of data driven business solutions, there is also an increasing demand for assurance over the management and security of sensitive data. Companies who rely on third parties to use, store, and dispose of critical data need comfort that their service provider’s control environment is strong and able to protect both financial and non-financial information.

Learn more

 


Other Specific Vendor Controls Attestations

(SOC 2+ Implementation Support)

As outsourcing becomes more prevalent, so does the need for assurance around vendor operations, processes and controls - especially with higher-risk data. Customers want their vendors to provide assurance over a range of general and industry-specific concerns, including third party management, third party data security and privacy, regulatory compliance, availability, processing integrity, and confidentiality.  

Learn more

 

Portfolio Management

(Trust and Transparency Solutions Portfolio Management)

PwC will act as dedicated “Oversight” function for a client’s entire TPA portfolio and be responsible for centralized metrics & reporting to reports delivery is on target and key stakeholders are aware of progress/results.

Learn more

 

Contact us

Maria Rosell S. Gomez

Maria Rosell S. Gomez

Risk Assurance Partner, PwC Philippines

Tel: +63 (2) 8845 2728

Michelle L. Meneses

Michelle L. Meneses

Risk Assurance Director, PwC Philippines

Tel: +63 (2) 8845 2728

Dareen Andrea Belmoro

Dareen Andrea Belmoro

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Lalaine Aviles

Lalaine Aviles

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Dyan Rose Esguerra

Dyan Rose Esguerra

Risk Assurance Assistant Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Follow PwC Philippines

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide