Risk Assurance covers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required.
We can help with:
- Working with Audit professionals to help create trust and confidence in their financial reporting and internal control over financial reporting
- Business growth, by providing assurance to clients and other stakeholders related to internal controls
- Business improvement, by assessing risks and controls related to business imperatives, such as launching new products/services, implementing new technologies or remediating control issues
- Providing industry/sector insights and thought leadership with a focus on risk and control matters
How we can help
Companies, investors and other stakeholders rely on our independent assessment services to make business decisions. We provide an unbiased assessment of the risks and the effectiveness of related controls.
Service Organizations Control Reporting (SOCR)
We provide the preparation towards assurance and confidence to external stakeholders — in line with applicable assurance standards like SOC1, SOC2, ISAE3402 and others.
Our SOCR services are designed to help service organizations:
- Build trust and confidence for organizations that operate information systems and provide business process services supporting financial reporting in the delivery processes and controls through a report they can deliver to their clients and client's external auditors.
- To meet the needs of a broad range of users who require information and assurance about the controls that affect the security, privacy, confidentiality, availability, and processing integrity of the systems.
- Service Organization Control reporting according to AICPA SSAE 16 (SOC 1) or ISAE 3402 or AICPA AT101 (SOC 2 or SOC 3), etc.
ISO management system certification
Providing an accredited attestation statement intended for the general public on the quality of an implemented management system in accordance with the respective ISO standard (like ISO27001, ISO20000 and ISO14001), or helping an organization prepare to obtain one.
The ISO Certification service is aimed at providing implementation of and actual certification according to ISO standards and other similar frameworks. Certification is done through a separate EY-owned company called EY CertifyPoint.
- Management system implementation or certification (under accreditation) in the area of Information Security (ISO27001), Quality (ISO9001), IT Service Management (ISO20000), Business Continuity Management (ISO22301), Environmental Management (ISO14001)
- Unaccredited certification against existing standards like Privacy Seal, Webtrust, CSA Star (Cloud), etc.
Financial Audit IT Integration
The execution of IT-related audit procedures in support of financial statement audits and reporting on internal control over financial reporting
This service contains the execution of IT-related audit procedures (including IT-related procedures beyond ITGCs) in support of financial statement audits and reporting on internal control over financial reporting (Integrated and Non-Integrated audits). Our balance of experience and skills in IT and business processes supports our Assurance practice in delivering audits.
- IT General controls testing
- Application and IT dependent controls testing
- Electronic audit evidence testing
We can provide support as well as an assessment to the board of directors and senior management with respect to regulatory compliance.
We help organizations to manage regulatory compliance risks and help organizations to prevent claims, penalties, fines and litigation from their regulatory bodies (law or oversight).
- Develop compliance management framework
- Regulatory compliance tool implementation
- Specific compliance assessments (HIPAA, FCPA, FDA/GxP)
We provide support as well as an assessment to the board of directors and senior management with respect to regulatory or contractual compliance.
Our services are aimed at providing an assessment to the board of directors and senior management with respect to contractual compliance. We help organizations to manage their contractual compliance risks and help organizations to prevent claims, penalties, fines and litigation from their contracting parties.
- Software license management
- Vendor risk services