Our methodology to create transparency and generate trust
Our methodology to create transparency and generate trust between service providers and service recipients
PwC’s Trust & Transparency Solutions (TTS) team helps providers and recipients of outsourced services manage regulatory and business requirements so they can concentrate on their specific core business.
Our proven and leading controls reporting methodology provide you the following benefits:
- A unique and independent perspective on your organisation.
- A clear view on whether the expectations of all customers and their stakeholders are being met.
- An effective internal control framework aligned with your customers' expectations.
- A transparency knowledge transfer opportunity which enhances your company’s service quality.
- A state-of-the-art high quality controls reports in line with Swiss and, where needed, international assurance standards (such as ISAE 3402, ISAE 3000, PS 950, PS 980, SOC 1®, SOC 2®).
- An opportunity to be informed about the latest ‘niche’ control reporting standards* that might be beneficial for the industry and/or territory you are doing business in.
Focus on core competences
Outsourcing key processes (and their underlying internal controls) allows a company to minimise the cost of business and focus on its own core processes. Having an expert service provider take care of the middle and back office, technology and other non-critical functions gives you the comfort of knowing your business operations are running smoothly and that you are compliant with applicable laws and regulations.
A wide variety of processes are being outsourced to specialist back office and technology service providers. Common examples in the financial services sector are asset management, fund accounting, custody, know your customer (KYC), transfer agency, retirement plan record-keeping, mortgage processing, payment processing/servicing, underwriting and claims processing services. Beyond the financial services sector, a wide range of managed (technology) services are being outsourced, including document management (archiving and destruction), cloud infrastructure (IaaS, PaaS, SaaS), payroll, secure logistics, data centre facilities, helpdesks and many other administrative and technology services.
Yet service providers, especially those working for the financial services and health industries, have to demonstrate to their customers and their customers’ stakeholders that they can provide complete, accurate, and secure transaction processing, and have well-controlled IT and transaction processing environments.
On the other side of the equation, recipients of outsourced services have to monitor the services delivered on a regular basis to make sure they're not only working for the business, but that they’re also compliant with the rules and regulations for the relevant industry.
PwC's methodology
PwC’s methodology for service providers
- Perform a suitability assessment where we guide you through a preliminary assessment of the effective controls in place. Through interviews and limited testing, we help you identify where your controls need improving.
- Deliver recommendations for controls where documentation or effectiveness is inadequate for attestation / audit purposes.
- Prepare controls report in accordance with (an) applicable standard(s) and PwC’s audit methodology so service recipients and their stakeholders can see whether controls are implemented and effective in design (Type 1) and operation (Type 2). The output is an independent auditor’s report (opinion) accompanied by a description of control objectives / criteria, control activities, test procedures performed and related test results.
- Where needed, a review of master service contracts and service level agreements to assure the contracting parties that the necessary areas are covered.
- Preparation of a controls report in accordance with (an) applicable standard(s) and PwC’s audit methodology to demonstrate to service recipients and their stakeholders whether controls are implemented and effective in design (Type 1) and operation (Type 2). The output is an independent auditor’s report (opinion) accompanied by a description of control objectives / criteria, control activities, test procedures performed and related test results.
- Where needed, a review of master service contracts and service level agreements to assure the contracting parties that the necessary areas are covered.
PwC’s methodology for service recipients
- Interprete controls reports to help the service recipients clearly understand the effectiveness of the service provider’s control system.
- Support provider management activities (e.g. defining the requirements for the services provided or choosing a service provider).
- Define and implement third party monitoring activities so the quality of the services delivered by the service provider can be controlled (i.e. third party risk management or TPRM).
- Carry out ad hoc audit of outsourced services to ensure they comply with service recipient policies and industry-specific laws / regulations.
- Assist in situations where a service recipient perceives its service providers to be underperforming. In such cases, we identify the root causes of the underperformance and lay out an action plan for how to best move forwards.
PwC offers a wide range of standardised or, where needed, customised services designed to enhance your service quality. Ultimately, we work with the objective to establish trust between the provider and the recipient of outsourced services.
Contact us
