Third Party Attestation

Organisations grapple with rapidly evolving risks facing their companies. For example, outsourcing helps companies around the world increase efficiency and productivity. But these same companies face a basic challenge: loss of control. Some of these risks evolve through the implementation of increasingly complex supply chains managed by third parties and the contracts that manage them. Companies want certainty that their external service providers have internal controls that are designed effectively and operating as intended.

Third party attestation (TPA) has become an increasingly important tool for creating trust and efficiency across supply chains and vendor relationships. There are many different frameworks and standards that enable the provision of independent assurance that can help provide that confidence. These cover from financial and operational controls, through to non-financial information.

Identifying and mitigating risk is one of the most critical issues facing organisations today. As the types and complexities of threats continue to multiply, it is increasingly difficult for management teams and directors to think strategically about risks and address them in a way that complies with the requirements of regulators and the needs of customers and other stakeholders. These challenges are particularly acute for businesses that outsource aspects of their operations, infrastructure and controls.

TPA involves certifying the business processes of outsourced service providers to ensure that proper procedures are being followed and that vendors can be trusted to complete their designated tasks. TPA can play a critical role in helping business leaders think holistically about the risks their organisations face while also bringing rigour and discipline to the company’s risk management and compliance efforts both for their outsourced providers as well as for their own internal processes.

TPA and the related reports can be implemented in many ways and across different emerging focus areas internationally. Specifically, we are seeing increased focus on:

  • Cybersecurity and artificial intelligence
  • Data privacy
  • Supply chain management
  • Regulatory compliance
  • Evolving ESG transparency demands

How we can support you
There is not a “one size fits all” assurance pathway. Considering the maturity and location of your business and the unique challenges you face; we will support you through the critical choices you have to make. The assistance we can provide include the following:

  • Understand and map the reporting and assurance options available
  • Assess your current state of readiness
  • Provide options on how to bridge any gaps
  • Provide independent assurance and confidence

A Global Third Party Assurance team
Depending on your business model, you may find that we call on and work with colleagues across our international network to provide the support you need. Our international network of BDO member firms spans more than 1,500 offices in 160+ countries. It is the fifth largest international accountancy and business services firm with revenues of over $10bn. These considerable resources and reach are coordinated to help you achieve your objectives.

The various attestation standards that have been implemented internationally are as follows:

International Attestation Services

  • ISAE 3000 and 3402 in South Africa and across Europe
  • GS007 or ASAE 3402 in Australia
  • AAF 01/06 in United Kingdom
  • ASAE 3402 in New Zealand

USA Attestation Services

  • SOC for Cybersecurity
  • SOC 1, SOC 2, and SOC 3
  • SOC 2 Plus (i.e., HITRUST, HIPAA)
  • WebTrust for Certification Authorities