cross-icon
System and Organization Controls
(SOC) Readiness

System and Organization Controls (SOC) reports play a crucial role for third-party service providers to establish confidence in their controls environment by user entities. SOC reports not only reflect on the effectiveness of internal controls but serve as a comprehensive and unified document to simultaneously provide information and address queries of several user entities.

View Capabilities
Capabilities
System and Organization Controls
(SOC) Readiness Offerings
01
SOC 1 / SOC 2 Scope Definition and Alignment
Scope your SOC 1 and SOC 2 programs aligned to your services cover process relevant to Internal Controls over Financial reporting to user entities (SOC 1), or the criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (SOC 2).
02
Define your SOC Controls Framework
Develop a comprehensive framework covering commitments to user entities, impact of your third-parties, and design effective test procedures which results in a solid foundation for your SOC program.
03
Readiness Assessment
Evaluate the Design and Operating Effectiveness of your controls environment to identify areas of opportunities or potential concerns prior to a formal audit.
04
Report Drafting Guidance
We assist you in drafting a structured SOC report to exhibit your commitments to user entities and as per the reporting standard.
Our Insights
Real Problems, Real Thinking
Audit Trail Ensuring Financial Integrity and Accountability
Audit Trail Ensuring Financial Integrity and Accountability
India’s IT landscape has experienced a dramatic shift over recent decades, moving away from traditional, paper-dependent bookkeeping methods to a vibrant, tech-powered ecosystem. Today, organizations depend on — ranging from enterprise resource planning (ERP) tools to cloud platforms — not only to boost efficiency but also to safeguard compliance, security, and data accuracy of financial reporting. This change entails additional responsibility since keeping thorough records helps to prove financial integrity and responsibility. An audit trail acts as the "black box" of an organization—a kind of financial journal that captures every activity. It records who did what, when, and how within the financial system. This creates a straightforward way to verify the accuracy and accountability of financial records. Think of it as holding a backstage pass that lets you peek behind the curtain—offering complete visibility into every transaction for transparency, tracking access to sensitive data to bolster security, and capturing system changes to ensure compliance. With their growing importance, audit trails are now a legal must-have in India, following regulatory mandates that came into effect on April 1, 2023. The push for audit trail comes straight from the Companies (Accounts) Rules, 2014, where Rule 3(1) says any organization using accounting software—whether it's ERP systems or even web portals—must have a permanent audit trail that can't be turned off. It’s got to automatically track every change, stamp it with a timestamp, and keep those records on hand for audits. Meanwhile, auditors, under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014, must double-check that this feature was running all year, and wasn't tampered with. This rule isn't just for large organizations—it applies to every Indian organization. Whether it's nonprofits under Section 8 or foreign entities, it covers everything from standalone to consolidated financial statements.
  • 2-3 Min Read
Emerging Risks and Trends: What Lies Ahead in the Near Future
Emerging Risks and Trends: What Lies Ahead in the Near Future
In a dynamic and fast-paced global environment, organizations are navigating ever-increasing challenges driven by technological advancements, environmental demands, and changing societal expectations. These changes blur traditional risk boundaries and create a complex, interconnected risk landscape. As a result, it has become imperative for internal audit functions and organizations as a whole to develop the ability to identify, understand, and mitigate risks, enabling them to achieve resilient and sustainable growth. These emerging threats also provide internal audit teams with an opportunity to demonstrate agility, prudence, and strategic insights, thereby reinforcing their role in enhancing organizational resilience and long-term value creation. Business continuity risks are probable disruptions that hinder an organization's ability to operate effectively and deliver essential services. The disruptions may arise from multiple sources such as natural calamities, technological disruption, cybersecurity incidents, geopolitical conflicts, and supply chain disruptions. The COVID-19 pandemic or Suez Canal blockage were recent and powerful examples of how such risks can severely impact global operations. Continuity risks are highly interconnected and interdependent. A minor disruption in one part of the chain can trigger a domino effect, leading to operational and financial consequences globally. Thus, strengthening operational resilience is essential for maintaining stakeholder trust and sustaining long-term value delivery. Human capital risk is the vulnerability organizations encounter in attracting, retaining, and developing their talent. Employees are the most valuable assets and vital pillars of any organization. Failure to manage talent effectively can significantly impact business continuity, innovation, and competitive edge.
  • 2-5 Min Read
VIEW ALL INSIGHTS
Driving Impact
Our Technology Risk Advisory
Leadership Team
cross-icon
Gaurav Khandelwal
Gaurav Khandelwal
Partner & Leader - Risk Advisory
Gaurav is a Risk Advisory Practice Leader at Pierag Consulting, one of the fastest-growing firms in the advisory space. A Chartered Accountant by profession, he is a seasoned Governance, Risk, and Compliance professional with over 20 years of experience in consulting and industry. An ex-Big 4 leader, he is renowned for advising clients on managing risks and assisting large-scale organizations in implementing robust governance frameworks across sectors such as real estate, infrastructure, consumer products, beverages, hospitality, and healthcare. In his industry role, Gaurav was instrumental in driving the culture and implementing frameworks across governance, risk, and compliance. Under his leadership, Tata Realty won prestigious accolades, including the Risk and Compliance Awards at ICICI Lombard and the CNBC TV18 India Risk Management Awards. Earlier, in his leadership roles at Big 4, he led multiple risk-based internal audit engagements for diverse clients, including companies engaged in the operations and maintenance of roads, steel manufacturing across multiple locations, leading players in the Indian credit card market, and liquor manufacturers with several bottling units. He has also worked on enterprise risk management engagements, developing frameworks to effectively identify and address strategic and operational risks through structured monitoring and reporting mechanisms. For instance, he assisted a leading footwear company in re-assessing its ERM framework, prioritizing key risks, and co-developing a comprehensive mitigation plan. Gaurav has extensive experience in compliance program implementation, where he has been responsible for setting up compliance functions and reporting structures, ensuring comprehensive mapping of legal and regulatory requirements across functions, and strengthening ongoing compliance monitoring. Additionally, he successfully managed end-to-end IFC implementation for one of India’s leading healthcare brands, covering 24 hospitals across the country.

Key Expertise and Achievements

  • Risk-Based Internal Audits and Internal Controls Assurance
  • IFC/SOX Readiness, Implementation, and Compliance
  • Enterprise Risk Management Frameworks and Mitigation Planning
  • Business Process Reengineering and Regulatory Compliance
  • Large-scale IFC implementation in the healthcare industry (24 hospitals)
  • Award-winning governance and compliance leadership at Tata Realty.
cross-icon
Dipesh Khushalani
Dipesh Khushalani
Director - Technology Risk Advisory

Dipesh's journey is a testament to the amalgamation of passion and diverse experiences. His enthusiasm for computer games and experimentation with technology laid the groundwork for a career in this field. He has built a comprehensive skillset from his tenures at leading firms like KPMG India and SBI Cards, specializing in a wide range of areas including Privacy (GDPR, DPDPA), Cybersecurity, IT Audits, IT SOX, SOC 1 & SOC 2 reporting, and Business Continuity Planning.

Dipesh is a Certified Information Systems Auditor (CISA) and holds an MBA in Information Systems and Security, along with a PG Diploma in Cyber Laws.

His broad expertise extends across multiple sectors such as BFSI, NBFCs, Manufacturing, Aviation, and Telecom.

Dipesh brings a holistic perspective to his work, with his interests in dramatics, filmmaking, and martial arts honing the creativity and adaptability needed to thrive in the dynamic technology risk domain.

View all Leaders
Secure Your Technology Landscape
Ensure your IT environment is resilient and compliant with evolving regulations. Our Technology Risk Advisory services help you identify gaps, enhance control effectiveness, and build confidence in your technology landscape.