Organisations across all sectors continue to outsource key activities and processes to third party service providers for a variety of business and operational reasons.

The use of third parties does not preclude an organisation from still having to manage the risk associated with such outsourced arrangements.

Our Services

Our team supports clients with a wide range of third party risk management services including the design and implementation of TPRM risk management frameworks, contract assurance programs, risk assessments, third party audits and/or advice on best-fit performance monitoring and reporting mechanisms.

Obtaining assurance on third party internal controls has become commonplace. Our team provides attestation and assurance services to a wide range of third party service providers across technology, life sciences, professional services, and logistics. Obtaining a SOC (Service Organisation’s System Controls) report or similar attestation report, is a genuine value-add and credible solution to the management and oversight of third party providers and their respective risk and control environments.

These reports can take the form of SOC 1, 2 or 3 report or alternatively a tailored attestation report:

  • SOC 1 report - Assurance report that reports on a service organisation's system of internal controls that are relevant to the internal controls over financial reporting of a user organisation
  • SOC 2 / SOC 3 reports - Focus on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system


Why Grant Thornton

Grant Thornton performs all of its SOC and attestation services engagements in accordance with the relevant professional assurance standards – i.e. ISAE 3402 or SSAE 18.

Our clients attest that they derive tangible benefits from engaging a SOC assurance review and report annually. The ultimate benefit being one of protecting and enhancing the value of their business by:

  • achieving competitive advantage in the marketplace in having this control oversight mechanism in place;
  • adding weight to their business proposition and risk management capabilities in tendering for new business;
  • providing assurance to existing clients to support and protect their business relationship;
  • enhancing reputational credibility as an outsourced service provider in the market place;
  • achieving operational efficiency by reducing management time spent answering client and/or auditor queries;
  • supporting the proactive management of their control environment via identification and remediation of risk/control matters raised in the SOC report itself; and
  • satisfying assurance requirements of other parties – such as Board of Directors/ Audit Committees/ Regulators.
Sara McAllister
Partner - Head of Business Risk Services
Sara McAllister
Office close to you

13-18 City Quay

Dublin 2

D02 ED70


Subscribe to our mailing list

Update your subscriptions for Grant Thornton publications and events.