Trust & Transparency Solutions

Traditional and modern control reporting solutions to build trust with stakeholders – All Eyes on Trust

Provide transparency and build trust to address compliance requirements, remain competitive and sustain long-term growth

In an environment where organisations rely on a complex network of third parties and their subcontractors, increased regulatory scrutiny, data privacy expectations and an overall demand for greater transparency are driving the need for assurance beyond ‘just’ traditional reporting on financial controls.

Transparency can provide organisations with the trust they are looking for in this complex web of third parties, subcontractors or fourth parties and their end consumers. As a result, delivering such transparency can translate into a significant competitive advantage in terms of being aware of and responding to process and control weaknesses and improving overall operating efficiency, and it can create an opportunity to reduce costs by avoiding the duplication of operational and compliance efforts.

Applied controls reporting standards

Third-Party Assurance – Controls over Financial Reporting

(ISAE 3402, SOC 1®, SSAE 18)

Through the use of controls assurance reports (i.e. US-related SOC 1® (in the past according to SAS 70 and later SSAE 16, currently SSAE 18), or internationally accepted ISAE 3402) we provide transparency into organisations’ functions, processes, technology and controls that impact clients’ financial transactions and financial reporting processes. Typically, the traditional user audience of such reports are accounting departments and internal and external audit stakeholders.

Third-Party Assurance – Beyond Controls over Financial Reporting

(ISAE 3000, PS 950, SOC 2®)

Emerging technology and regulatory developments such as block chain, cloud, electronic patient health information, GDPR, and outsourcing regulation require organisations to look beyond the risks related to financial reporting.

Through the use of controls assurance reports (referred to as SOC 2® or ISAE 3000 / SAS 950 using relevant and applicable industry controls standards, e.g. Trust Service Criteria or COSO/CoBiT Frameworks), we provide organisations and (internal and external) stakeholders with comfort when it comes to operational risk areas focusing on, for example, information security, (data) privacy, service availability, integrity and confidentiality. The typical (end) user audience of our reports is broad and ranges from internal / intra-group service recipients (e.g. IT shared service centres), recipients of outsourced services (e.g. data centre co-location services, cloud service providers, managed technology / IT services), regulators, customers and sometimes even the public in general.

Other Specific Vendor Controls Attestations – Assurance

(SOC 2+, SOC 3, HITRUST)

As the demand for trust and transparency in specific industry domains increases, we provide organisations with attestation solutions (e.g. SOC 2+ or SOC 3®) based on the latest control frameworks.
For example, we deliver attestation services in the health / pharma sector. Supported by PwC US, we deliver readiness, remediation and certification as a Certified HITRUST Assessor. We assist in the implementation of the HITRUST Controls Standard Framework (CSF) as the foundation of an organisation’s security and privacy controls / compliance programme for controlling risks related to patient health information (PHI).

Attestations of Compliance Management Systems

(SAS 980, PS 980, NAS 980)

With the issuing of the Swiss Audit Standard 980 standards and guidelines regarding compliance management systems (CMS), we are able to assist organisations with addressing the different principles outlined in this standard. Our readiness, gap analysis and attestation activities tackle the required compliance culture, objective, risk, overall programme and organisation aspects of an organisation's legal, tax, corporate social responsibility (CSR) oversight or other compliance management systems.

An increased demand for trust is highlighting the significance of having robust and reportable governance, risk, compliance, operational and IT controls in place.

Ralf HofstetterTrust and Transparency Solutions, PwC Switzerland

What are we doing for our clients?

We understand that our clients want a business partner who can help them establish a robust and reportable internal control framework. An internal control framework that meets the expectation of their customers, regulatory bodies and other stakeholders. Our team independently assesses and concludes on the effectiveness of our client's internal control framework in line with Swiss and/or international assurance standards.

For both situations, we have developed leading methodologies that minimise the impact on our clients' businesses. By applying our proven methodologies, we're able to meet our client's expectations and issue high-quality state-of-the-art controls reports within a short time. Would you like to know more about how we approach an independent assessment of our clients' control frameworks in line with Swiss and/or international assurance standards? 

Learn more

Get in touch with our experts

Contact us

Ralf Hofstetter

Trust & Transparency Solutions, PwC Switzerland

Tel: +41 58 792 5625

Cristian Manganiello

Leader Controls Assurance, PwC Switzerland

Tel: +41 58 792 56 68