Yunyao&Xueling&Shiyu

1. Climate change and sustainability services

EY teams can help companies understand the risks and opportunities arising from climate
change and sustainability issues.
EY’s global Climate Change and Sustainability Services (CCaSS) teams understand the
evolving pressures surrounding these challenges. As a result, they can help companies to
respond by understanding and evaluating the broader value impacts and outcomes, identifying
the opportunities, and supporting the reporting of nonfinancial performance risks to their
stakeholders.
 In Climate and Decarbonization, EY teams can help organizations on their
decarbonization journey as they seek to: Identify potential climate risks and
opportunities, Develop and implement a climate strategy, and Communicate performance
with stakeholders. This may include assistance with: carbon foot printing, qualitative and
quantitative climate risk and opportunity assessment Climate change scenario analysis
and stress testing, etc.
 Environment, health, and safety services. EY teams can help clients reduce the risks
and consequence of adverse impacts on EHS, and support clients as they make strategic
and operational decisions that can help drive effective productivity outcomes and
positive employee engagement.
 support ESG reporting and disclosures. EY teams can support clients as they seek to
integrate ESG and sustainability into business strategy and improve and communicate
their ESG and sustainability performance to stakeholders. This can help businesses:
Increase the value of sustainability and supply chain strategies, reduce costs, and so on.

2. Forensic & Integrity services

EY Forensic & Integrity Services assists companies and their legal counsel in investigating facts,
resolving disputes and addressing regulatory challenges, helping organizations protect and restore
their corporate and financial reputations, and better managing ethical and reputational risks.

Their integrated approach ranges from enhancements in areas of perceived weakness or issues —
including governance, controls, culture and data insights — to full organizational design and
structural implementation. It can also help develop stronger partnerships with suppliers and work
more effectively with employees, investors, regulators and influencers.

In the Forensic & Integrity Services, EY can help with Forensic & Integrity Service Offerings,
Investigation, Dispute Resolution, Discovery & Analytics, Integrity & Compliance, Privacy &
Cyber Response, Transaction Forensics, Crisis management and incident response services.

3. Technology Risk Assurance

EY assess controls around security, privacy, confidentiality, availability and processing integrity in
technology.
They provide an independent assessment is undertaken to:
 Test management’s assertion over business processes and controls in the IT environment
 Test business process and controls against specific attestation and agreed-upon procedures
 standards
EY’s approach assists companies with building stronger relationships with customers, investors,
business partners and other stakeholders, by providing increased confidence in communications
regarding internal controls. The increased confidence is provided through resulting assurance or
attestation reports such as SOC1, SOC2, International Standard on Assurance Engagements (ISAE
3402) and others.

4. Service Organization Controls Reporting (SOCR)

EY offers independent assessments that test management’s assertion over business processes and
controls in the IT environment. SOCR brings value to a service organization and its customers,
who want assurance that a provider’s control environment meets globally recognized standards.

SOCR helps companies build that trust with their partners by providing an independent opinion on
the extent to which their controls are designed to address key risks and allow them to operate
effectively.

They provide this assurance to their SOCR clients using a range of globally recognized reporting
frameworks, including:
 SOC 1/ISAE3402 for processes related to financial statement reporting
 SOC 2/ISAE3000 for other processes, including privacy and GDPR processes and controls
 SOC for Cybersecurity
 SOC for Supply Chain
 ISO27001 where the need is certification of an information security management system