Third Party Assurance

Открыть страницу: на русском языке

Can your customers trust your services?

PwC provides the assurance that your customers are looking for through ISAE 3402, SSAE 16 and Trust Services attestations. ISAE 3402, Trust Services (including WebTrust® and SysTrust®) known as a Third Party Assurance (TPA) are defined as a set of professional assurance and advisory services based on a common framework (that is, a core set of principles and criteria) to address the risks and opportunities inherent in outsourcing business activities.

By providing your customers a Third Party Assurance report, your customers obtain an independent view on your controls and processes.


Issues you are facing Our solutions
  • Outsourcer impacted when several clients (banks) ask, almost simultaneously, to provide permission for their auditors to review IT of the outsourced datacenter and outsourced business processes.
  • IT outsourcers who certified their card processing center in accordance with PCI-DSS standard suppose that it could be extrapolated on the other systems which do not meet this standard.
  • Different IT companies and some Banks develop a number of products intended to support Remote banking services (Client-bank service, Internet banking, mobile banking),however, these products are sometimes unknown and their reliability and security are questioned by users and potential investors.

Assurance related to controls over financial reporting

  • Scope Identification

PwC will assist you with defining the technologies and processes to be included in an ISAE 3402 audit that would meet the audit requirements of your customers.

  • Readiness Assessment

PwC will help you in a preliminary assessment of controls in place. Through interviews and limited testing, we will help you identify where controls need improvement.

  • ISAE 3402 / SSAE 16 audit

Our team will leverage the relationships and experience gained in the Scope Identification and Readiness Assessment to perform an efficient and effective audit of the control objectives defined by management.

Trust Services

Providers of services that do not directly impact user organization’s financial reporting processes and controls may obtain an independent test of non-financial controls through other Trust Services, such as SysTrust or WebTrust.


A major depository with experience in keeping registered securities ownership records, processing registered securities ownership transfer transactions, paying out cash dividends and providing information services to issuers.

Deliverable: SAS 70 reports type 1 and type 2 were issued and provided to customers’ auditors.


Our Project will bring you the following results:

  • A draft set of control activities that you should consider having in place to meet your customers’ expectations. These activities and procedures will provide assurance that the software and services rendered are well controlled. That is, the financial data being processed in systems are complete and accurate and are secure from unauthorized changes. Also Management can use these recommendations to improve controls in preparation for the ISAE 3402 audit.
  • Independent Auditors opinion and the supporting description of control objectives, control activities and related test results that could be provided to your customers and their auditors.
  • An independent assessment of non-financial objectives using SysTrust or WebTrust assurance services for Service providers.