Third Party Assurance

Organisations increasingly rely on outsourced service providers to operate certain processes and activities on their behalf. As businesses seek assurance that their risks are being mitigated effectively for their own governance purposes, service providers are facing increasing demands from existing and potential customers, for assurance that they can rely upon too. This type of assurance can be provided through a Third Party Assurance (TPA) report. A common example of this is a System and Organisation Controls (SOC) report, which provides an independent and objective assessment of an organisation’s controls to users of its services.

Download our brochure

BDO's Risk and Advisory Services (RAS) team offers independent assurance and advice over the design and operation of internal control frameworks. We have been carrying out control assurance assessments for many years for a wide range of service providers.

We can provide the following reports:


This report provides independent assurance over the key internal controls at a service organisation which are relevant to the client company’s financials.


An independent assurance report on a service organisation’s controls, based on the American Institute of Certified Public Accountants (AICPA) standards, to cover areas outside of financial reporting.

These reports are based on the Trust Services Criteria, including the five categories of Security, Availability, Processing Integrity, Confidentiality and Privacy.


This is a high level report that covers similar areas to a SOC 2 report, but is intended to be less technical and more user-friendly.

A SOC 3 report can be shared widely and is suitable for marketing purposes.

SOC for Cybersecurity

This is an independent assurance report which utilises a standard method for reporting enterprise-wide cybersecurity risk management.

Agreed Upon Procedures (AUP)

This is report of findings based on carrying out a specific test or reviewing a particular business process.

It lays out the facts but does not provide an overall opinion.

Benefits of TPA for existing and prospective customers 

This overview represents some of the many benefits our customers experience when engaging BDO to provide a TPA report. This enables them to provide attestation to their existing and prospective customers.

Allows the organisation to be transparent about their processes in a controlled manner and strengthen the trust between the organisation and investors. Helps you to differentiate your service offering from your competitors, creating a competitive advantage. Remove the burden of having to manage and respond to multiple stakeholder requests for information related to internal controls: assess once, assure many. Independent assurance of the service offering being provided to your client. An external look at the control environment enabling the opportunity to indicate gaps and identify control improvements. TPA Report Trust Transparency Independent view Differentiator Less intrusion Controls improvement Controls assurance

Which SOC is Right for You?

SOC reporting allows you to develop trust with your stakeholders by proactively assessing the controls in place to mitigate risk and being transparent about the effectiveness of these efforts.
With all of the SOC reports available, it can be challenging to determine which report best addresses your needs. The key is to consider the risks that your clients are most focused on.

The following summary will help you to choose the right SOC report for your needs

  SOC1 SOC2 SOC3 SOC for
A Service Organisation (One that provides services to user entities)  
Any Type of Organisation      
Financial Reporting      
Process Integrity    
Restricted (Users) 1 2    
Unrestricted (General Use)    

1Auditors, Management.
2Management, User entities, Regulators, Specified parties.

If you’d like to know more about BDO’s SOC reporting services please contact us for more information.