Site Search Site Search

Loading Results

Third Party Risk and Assurance

Outsourcing is essential for many businesses, with third-party service providers relied on for critical functions such as technology, finance and operations. While outsourcing offers benefits, it also introduces risk, including compliance with regulatory requirements (e.g., APRA Prudential Standards, Sustainability Standards, SOCI Act), reputational impacts, and operational vulnerabilities such as data breaches and service disruptions.
Management, boards and shareholders now demand greater confidence and transparency on the controls implemented by third-party providers, along with effective monitoring practices to oversee these partnerships effectively.

How we can help

PwC’s Third-Party Risk and Assurance practice is designed to help both organisations and service providers build trust with stakeholders, regulators and the broader market. This includes emerging areas such as operational resilience, cyber security, sustainability and artificial intelligence.

We assist service providers in offering enhanced transparency to their customers over their governance and control practices. By demonstrating sound control practices that have been independently examined, you assure customers of your commitment to secure, resilient and ethical operational standards.

Our assistance to organisations who are large consumers of services extends to advisory services on third party service risk management programs. We understand that all organisations are different – with unique risk appetites and cost constraints. We ensure that you have all the right levers in place to hold your service providers accountable for the commitments they have made to you whilst managing the key risks to your business, in an efficient way.

 

Services include

Third-party assurance reporting

Independent examination of the robustness of a provider’s systems, processes, controls and compliance practices across a wide array of subject matters, including technology (including Software as a Service, Platform as a Service), Business Process Outsourcing, etc. This includes traditional controls assurance reports: GS007, ASAE 3402 (SOC 1), ASAE 3150 (including SOC 2 reports). It also includes the application of these standards to new and emerging subject matters, such as AI, operational resilience and sustainability, first in a readiness phase ahead of service providers commencing a reporting regime with their external stakeholders.

Regulatory assurance

Bringing the rigour and robustness of a PwC audit to ensure compliance with regulatory obligations to build trust with stakeholders.

Independent third-party audits/vendor assessments

Conducting one-off or periodic due diligence over your service providers to ensure they are appropriately managing the risks they pose to your organisation, including pre implementation reviews.

Benchmarking assessments

Conducting one-off or periodic due diligence over your service providers to ensure they are providing a service that is commensurate with other alternatives available in the market, from our unique perspective across the industry.

Review and uplift of third-party risk management and vendor governance practices

To enhance the maturity of practices, better align with regulatory standards and drive greater operational efficiencies.

Video series 

Third party trust: The need for transparency in an evolving risk and regulatory landscape

Modern business ecosystems involve a complex web of third party relationships, relied upon for critical functions such as technology and operations. These supply chain arrangements and independencies are coming under increasing regulatory scrutiny, particularly in the Financial Services sector.

At PwC, we understand your role as a service provider goes beyond delivering high-quality performance; it's about engaging openly with your customers and stakeholders. They expect you to deliver services resiliently, sustainably, and ethically.

With evolving regulations concerning operational resilience and data governance, along with AI and sustainability standards, service providers face growing demands for transparency. We see this as an exciting opportunity to redefine trust and transparency within the industry.

Join our PwC thought leaders as we delve into these emerging risks and regulations. Together, we'll explore how you can meet the call from your stakeholders for enhanced transparency.

 

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Nicola Costello

Nicola Costello

Partner, Digital and AI Trust Leader, PwC Australia

Tel: +61 2 8266 0733

Linkedin Follow Email
Darren Ross

Darren Ross

Partner, Assurance Risk and Digital Trust, PwC Australia

Tel: +61 422 000 238

Linkedin Follow Email
Carley Bryce

Carley Bryce

Partner, Assurance Risk and Digital Trust, PwC Australia

Tel: +61 (2) 8266 2028

Email
Deanna Chesler

Deanna Chesler

Partner, Assurance Risk and Digital Trust, PwC Australia

Tel: +61 414 914 834

Linkedin Follow Email
Pia Chakravarti

Pia Chakravarti

Partner, Assurance, PwC Australia

Tel: +61 421 023 913

Linkedin Follow Email
John Tomac

John Tomac

Partner, Sustainability Reporting and Assurance, PwC Australia

Tel: +61 282 661 330

Linkedin Follow Email
Joanna Del Vecchio

Joanna Del Vecchio

Director, Assurance Risk and Digital Trust, PwC Australia

Tel: +61 423 616 833

Linkedin Follow Email
David Ma

David Ma

Director, AI Assurance, PwC Australia

Tel: +61 2 8266 3071

Email
Hide