The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

How can you nurture stakeholder trust if compliance requirements are constantly changing?

Risk Assurance

Risk Assurance covers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required.

We can help with:

  • Working with Audit professionals to help create trust and confidence in their financial reporting and internal control over financial reporting
  • Business growth, by providing assurance to clients and other stakeholders related to internal controls
  • Business improvement, by assessing risks and controls related to business imperatives, such as launching new products/services, implementing new technologies or remediating control issues
  • Providing industry/sector insights and thought leadership with a focus on risk and control matters

How we can help

Companies, investors and other stakeholders rely on our independent assessment services to make business decisions. We provide an unbiased assessment of the risks and the effectiveness of related controls.

Service Organisations Control Reporting (SOCR)

We provide the preparation towards assurance and confidence to external stakeholders – in line with applicable assurance standards like SOC1, SOC2, ISAE3402 and others.

Our SOCR services are designed to help service organisations:

  • Build trust and confidence for organisations that operate information systems and provide business process services supporting financial reporting in the delivery processes and controls through a report they can deliver to their clients and client's external auditors.
  • To meet the needs of a broad range of users who require information and assurance about the controls that affect the security, privacy, confidentiality, availability, and processing integrity of the systems.

Example offerings:

  • Service Organisation Control reporting according to AICPA SSAE 16 (SOC 1) or ISAE 3402 or AICPA AT101 (SOC 2 or SOC 3), etc.

ISO management system certification

Providing an accredited attestation statement intended for the general public on the quality of an implemented management system in accordance with the respective ISO standard (like ISO27001, ISO20000 and ISO14001), or helping an organisation prepare to obtain one.

The ISO Certification service is aimed at providing implementation of and actual certification according to ISO standards and other similar frameworks. Certification is done through a separate EY-owned company called EY CertifyPoint.

Example offerings:

  • Management system implementation or certification (under accreditation) in the area of Information Security (ISO27001), Quality (ISO9001), IT Service Management (ISO20000), Business Continuity Management (ISO22301), Environmental Management (ISO14001)
  • Unaccredited certification against existing standards like Privacy Seal, Webtrust, CSA Star (Cloud), etc.

Financial Audit IT Integration

The execution of IT-related audit procedures in support of financial statement audits and reporting on internal control over financial reporting

This service contains the execution of IT-related audit procedures (including IT-related procedures beyond ITGCs) in support of financial statement audits and reporting on internal control over financial reporting (Integrated and Non-Integrated audits). Our balance of experience and skills in IT and business processes supports our Assurance practice in delivering audits.

Example offerings:

  • IT General controls testing
  • Application and IT dependent controls testing
  • Electronic audit evidence testing

Regulatory Compliance

We can provide support as well as an assessment to the board of directors and senior management with respect to regulatory compliance.

We help organisations to manage regulatory compliance risks and help organisations to prevent claims, penalties, fines and litigation from their regulatory bodies (law or oversight).

Example offerings:

  • Develop compliance management framework
  • Regulatory compliance tool implementation
  • Specific compliance assessments (HIPAA, FCPA, FDA/GxP)

Contractual Compliance

We provide support as well as an assessment to the board of directors and senior management with respect to regulatory or contractual compliance.

Our services are aimed at providing an assessment to the board of directors and senior management with respect to contractual compliance. We help organisations to manage their contractual compliance risks and help organisations to prevent claims, penalties, fines and litigation from their contracting parties.

Example offerings:

  • Software license management
  • Vendor risk services

Contact us

Latest thinking