Third party assurance: Steps to ensure effective controls

Creating multiple reports for third party assurance like SAS 70 and ISO 27001 pose major issues for Indian BPOs. Here are a few best practices.

Indian IT service providers or business process outsourcing (BPO) companies that have to deal with third party assurance processes are today bogged down by multiple reports. They have to deal with multiple audits for financial, operational, security and risk controls. Apart from these, they have to take care of internal audits, ISO audits, SAS (Statement on Auditing Standards) 70 audits, customer’s audits and so on. These BPOs, not only have to deal with all of these, they have to spend humungous amount of money behind all this documentation. However, there may be a way out with regard to third party assurance - wherein all these audits and reports can be combined or their numbers significantly reduced. In this tip we will identify some significant trends as well

About the author:  Sanjoy Sen is the senior director for enterprise risk services at Deloitte Touche Tohmatsu India Pvt Ltd.

Read more on Regulatory compliance and standard requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.