[ppt]deloitte powerpoint template — top tips for use tpa... · web viewauthor deloitte created...
TRANSCRIPT
1 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
Third-Party Assurance (TPA) Optimization and Control Rationalization
2 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization
For large, complex service organizations, a thoughtful approach to assurance can save time, money, and lead to more satisfied clients and prospects
Understand Integrate Rationalize Enhance
Identify reporting requirements – internal and external
Report definition and inventory
Integrate control testing requirements across the enterprise to reduce work effort
Regulatory requirement mapping
Level set scope and report type requirements
Identification of redundant controls
Identification of control gaps and areas of improvement
Streamline overall TPA approach to better respond to customer queries
Implement salesforce training
Implement regular optimization activities related to TPA trends and industry
TPA Optimization
Monitor
Execute on-going monitoring activities related to third-party assurance requirements, testing, and reporting including common approach
Establish continuous monitoring techniques and technology
3 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization - Understand
• Identify internal reporting requirements – SOX, financial audit, operational audits, service level agreements, key performance indicators, etc.
• Identify external reporting requirements – regulatory, industry, and customer
• Report definition and inventory• Reporting type (SOC 1, SOC 2,
AT101, Agreed Upon Procedures, etc.)
• Inventory of reports – internal, customer facing, regulators
• Define TPA environment based on steps above
Understand Integrate Rationalize MonitorEnhance
TPA Optimization
Key Activities: TPA report inventory, regulatory requirement inventory, and extended enterprise mapping
4 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization - Integrate
• Integrated control assessments:• Construction of customer facing
integrated requirements dashboards• Identification of targeted efficiency
areas (where there is overlap)• Creation of new controls/scope to
better meet integrated requirements• Regulatory assessments:
• Identification of legislative and other regulatory requirements
• Utilization of an integrated requirements framework
• Mapping control framework to global regulatory requirements
• Identification of gaps• Building global regulatory
testing/monitoring approach
Understand Integrate Rationalize MonitorEnhance
TPA Optimization
Key Activities: integrated control framework, regulatory control mapping
5 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization – Rationalize
• Level set scope and report type requirements• What report types best fit
customer/regulator need?• Do the report periods align and meet
customer requirements?• Identification of redundant controls
• Identification and definition of key controls across multiple reporting frameworks
• Utilizing integrated controls, can efficiencies be identified?
• Identification of control gaps and areas of improvement
• Do control gaps exist? If so, remediation efforts should be aligned with broader risk/controls framework
Understand Integrate Rationalize MonitorEnhance
TPA Optimization
FDICIA Privacy 3rd PartyGLBA Basel II SEC ● ● ●
Functional Leads
Compliance Managers
Information SecurityLegal Audit Service/
Arch LeadsCompliance Managers
Lines of Business Corporate IT
INTEGRATED RISK & COMPLIANCE MANAGEMENT
Common Data and Technology Architecture
Common Risk & Compliance Management Processes
Common Risk & Compliance Governance and Requirements
Key Activities: rationalized control set, gap assessment, and risk and control map
6 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization – Enhance
Understand Integrate Rationalize MonitorEnhance
TPA Optimization
Key Activities: salesforce training sessions, TPA report repository, customer query process improvement assessment, and report readiness assessments
How does a service organization enhance their brand through third-party assurance?• Streamline overall TPA approach to better respond to customer queries• Implement salesforce training• Implement regular optimization activities related to TPA trends and industry
How does a service organization utilize TPA reporting for a competitive advantage?• Understanding trends and hot topics related to assurance (SOC 2, cyber risk attestations, etc.)
and implementing into the TPA process• Performing readiness exercises and efficiently mapping controls to new requirements• Utilizing online tools/portals for ease of report delivery (for current and prospective customers)
7 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization – Monitor
Understand Integrate Rationalize MonitorEnhance
TPA Optimization
• Establishing monitoring activities• People: identification of the right skillsets and stakeholders related to third-party assurance
across the organization• Process: identification of an efficient and effective process for managing third-party
assurance reporting • Technology: Automated Control Execution (ACE) for continuous monitoring
• Utilization of analytics to automate and test controls • Real-time monitoring rather than point in time testing• Testing and design efficiencies
Key Activities: implementation of continuous monitoring technology, third-party assurance monitoring control assessment
8 Third Party Assurance Optimization and Control Rationalization Copyright © 2016 Deloitte Development LLC. All rights reserved.
TPA Optimization – Conclusion
Understand Integrate Rationalize Enhance
Increased outsourcing and regulations are raising the bar on OSPs
Complexity of environment and customer requirements are driving needs and confusion at the same time
Better way to efficiently do this, create sales opportunities through differentiation, and streamline internal processes
TPA Optimization
Monitor
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.
As used in this document, “Deloitte Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2016 Deloitte Development LLC. All rights reserved.36 USC 220506Member of Deloitte Touche Tohmatsu Limited