cross-icon
System and Organization Controls
(SOC) Readiness

System and Organization Controls (SOC) reports play a crucial role for third-party service providers to establish confidence in their controls environment by user entities. SOC reports not only reflect on the effectiveness of internal controls but serve as a comprehensive and unified document to simultaneously provide information and address queries of several user entities.

View Capabilities
Capabilities
System and Organization Controls
(SOC) Readiness Offerings
01
SOC 1 / SOC 2 Scope Definition and Alignment
Scope your SOC 1 and SOC 2 programs aligned to your services cover process relevant to Internal Controls over Financial reporting to user entities (SOC 1), or the criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (SOC 2).
02
Define your SOC Controls Framework
Develop a comprehensive framework covering commitments to user entities, impact of your third-parties, and design effective test procedures which results in a solid foundation for your SOC program.
03
Readiness Assessment
Evaluate the Design and Operating Effectiveness of your controls environment to identify areas of opportunities or potential concerns prior to a formal audit.
04
Report Drafting Guidance
We assist you in drafting a structured SOC report to exhibit your commitments to user entities and as per the reporting standard.
Our Insights
Real Problems, Real Thinking
Audit Trail Ensuring Financial Integrity and Accountability
Audit Trail Ensuring Financial Integrity and Accountability
India’s IT landscape has experienced a dramatic shift over recent decades, moving away from traditional, paper-dependent bookkeeping methods to a vibrant, tech-powered ecosystem. Today, organizations depend on — ranging from enterprise resource planning (ERP) tools to cloud platforms — not only to boost efficiency but also to safeguard compliance, security, and data accuracy of financial reporting. This change entails additional responsibility since keeping thorough records helps to prove financial integrity and responsibility. An audit trail acts as the "black box" of an organization—a kind of financial journal that captures every activity. It records who did what, when, and how within the financial system. This creates a straightforward way to verify the accuracy and accountability of financial records. Think of it as holding a backstage pass that lets you peek behind the curtain—offering complete visibility into every transaction for transparency, tracking access to sensitive data to bolster security, and capturing system changes to ensure compliance. With their growing importance, audit trails are now a legal must-have in India, following regulatory mandates that came into effect on April 1, 2023. The push for audit trail comes straight from the Companies (Accounts) Rules, 2014, where Rule 3(1) says any organization using accounting software—whether it's ERP systems or even web portals—must have a permanent audit trail that can't be turned off. It’s got to automatically track every change, stamp it with a timestamp, and keep those records on hand for audits. Meanwhile, auditors, under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014, must double-check that this feature was running all year, and wasn't tampered with. This rule isn't just for large organizations—it applies to every Indian organization. Whether it's nonprofits under Section 8 or foreign entities, it covers everything from standalone to consolidated financial statements.
  • 2-3 Min Read
Emerging Risks and Trends: What Lies Ahead in the Near Future
Emerging Risks and Trends: What Lies Ahead in the Near Future
In a dynamic and fast-paced global environment, organizations are navigating ever-increasing challenges driven by technological advancements, environmental demands, and changing societal expectations. These changes blur traditional risk boundaries and create a complex, interconnected risk landscape. As a result, it has become imperative for internal audit functions and organizations as a whole to develop the ability to identify, understand, and mitigate risks, enabling them to achieve resilient and sustainable growth. These emerging threats also provide internal audit teams with an opportunity to demonstrate agility, prudence, and strategic insights, thereby reinforcing their role in enhancing organizational resilience and long-term value creation. Business continuity risks are probable disruptions that hinder an organization's ability to operate effectively and deliver essential services. The disruptions may arise from multiple sources such as natural calamities, technological disruption, cybersecurity incidents, geopolitical conflicts, and supply chain disruptions. The COVID-19 pandemic or Suez Canal blockage were recent and powerful examples of how such risks can severely impact global operations. Continuity risks are highly interconnected and interdependent. A minor disruption in one part of the chain can trigger a domino effect, leading to operational and financial consequences globally. Thus, strengthening operational resilience is essential for maintaining stakeholder trust and sustaining long-term value delivery. Human capital risk is the vulnerability organizations encounter in attracting, retaining, and developing their talent. Employees are the most valuable assets and vital pillars of any organization. Failure to manage talent effectively can significantly impact business continuity, innovation, and competitive edge.
  • 2-5 Min Read
VIEW ALL INSIGHTS
Driving Impact
Our Technology Risk Advisory
Leadership Team
Gaurav Khandelwal
Gaurav Khandelwal
Partner & Leader - Risk Advisory
Dipesh Khushalani
Dipesh Khushalani
Director - Technology Risk Advisory
Ankush Sharma
Ankush Sharma
Associate Director – Technology Risk Advisory
Piyush Paliwal
Piyush Paliwal
Associate Director – Technology Risk Advisory
cross-icon
Gaurav Khandelwal
Gaurav Khandelwal
Partner & Leader - Risk Advisory
Gaurav is a Risk Advisory Practice Leader at Pierag Consulting, one of the fastest-growing firms in the advisory space. A Chartered Accountant by profession, he is a seasoned Governance, Risk, and Compliance professional with over 20 years of experience in consulting and industry. An ex-Big 4 leader, he is renowned for advising clients on managing risks and assisting large-scale organizations in implementing robust governance frameworks across sectors such as real estate, infrastructure, consumer products, beverages, hospitality, and healthcare. In his industry role, Gaurav was instrumental in driving the culture and implementing frameworks across governance, risk, and compliance. Under his leadership, Tata Realty won prestigious accolades, including the Risk and Compliance Awards at ICICI Lombard and the CNBC TV18 India Risk Management Awards. Earlier, in his leadership roles at Big 4, he led multiple risk-based internal audit engagements for diverse clients, including companies engaged in the operations and maintenance of roads, steel manufacturing across multiple locations, leading players in the Indian credit card market, and liquor manufacturers with several bottling units. He has also worked on enterprise risk management engagements, developing frameworks to effectively identify and address strategic and operational risks through structured monitoring and reporting mechanisms. For instance, he assisted a leading footwear company in re-assessing its ERM framework, prioritizing key risks, and co-developing a comprehensive mitigation plan. Gaurav has extensive experience in compliance program implementation, where he has been responsible for setting up compliance functions and reporting structures, ensuring comprehensive mapping of legal and regulatory requirements across functions, and strengthening ongoing compliance monitoring. Additionally, he successfully managed end-to-end IFC implementation for one of India’s leading healthcare brands, covering 24 hospitals across the country.

Key Expertise and Achievements

  • Risk-Based Internal Audits and Internal Controls Assurance
  • IFC/SOX Readiness, Implementation, and Compliance
  • Enterprise Risk Management Frameworks and Mitigation Planning
  • Business Process Reengineering and Regulatory Compliance
  • Large-scale IFC implementation in the healthcare industry (24 hospitals)
  • Award-winning governance and compliance leadership at Tata Realty.
cross-icon
Dipesh Khushalani
Dipesh Khushalani
Director - Technology Risk Advisory

Dipesh's journey is a testament to the amalgamation of passion and diverse experiences. His enthusiasm for computer games and experimentation with technology laid the groundwork for a career in this field. He has built a comprehensive skillset from his tenures at leading firms like KPMG India and SBI Cards, specializing in a wide range of areas including Privacy (GDPR, DPDPA), Cybersecurity, IT Audits, IT SOX, SOC 1 & SOC 2 reporting, and Business Continuity Planning.

Dipesh is a Certified Information Systems Auditor (CISA) and holds an MBA in Information Systems and Security, along with a PG Diploma in Cyber Laws.

His broad expertise extends across multiple sectors such as BFSI, NBFCs, Manufacturing, Aviation, and Telecom.

Dipesh brings a holistic perspective to his work, with his interests in dramatics, filmmaking, and martial arts honing the creativity and adaptability needed to thrive in the dynamic technology risk domain.

cross-icon
Ankush Sharma
Ankush Sharma
Associate Director – Technology Risk Advisory
“Clarity amidst complexity, resilience amidst uncertainty.” Guided by this belief, Ankush has built his career on transforming risks into opportunities for resilience and growth. A Chartered Accountant who cleared the exam at the young age of 21, Ankush’s entry into the profession was inspired by his mother’s dream. While becoming a CA fulfilled her vision, his own passion leaned towards technology — a pursuit that naturally drew him into the world of Technology Risk Advisory, where he could combine his financial foundation with his curiosity for IT. Ankush’s professional journey began with his articleship at Dewan P.N. Chopra & Co., followed by industrial training at Gaursons India, which gave him early exposure to audits, controls, and governance. Over the next 12+ years, his career spanned Wipro Infotech, AXA XL, British Council, Teleperformance, and now Pierag Consulting. As the first employee in Pierag’s Technology Risk practice, Ankush played a pivotal role in building and scaling the service line. His career spans both the Indian market and extensive international experience, collaborating with teams across the US, UK, and more than 100 countries. This global exposure has given him a deep understanding of diverse regulatory environments and best practices. He has advised enterprises on SOC 1/SOC 2, HITRUST, PCI DSS, TPRM, and large-scale SOX/ICOFR programs, with most engagements spanning banking, insurance, telecommunications, and e-commerce industries. From guiding Fortune 100 firms on global SOX programs to enabling India’s largest airline to achieve data privacy compliance, Ankush has consistently delivered outcomes that combine regulatory rigor with business agility, while also leading ERP transformations, cybersecurity frameworks, and global risk advisory programs where he is recognized for bringing clarity and structure to complexity. What sets Ankush apart is his visionary approach: he views every engagement not just as a compliance exercise, but as a chance to build trust, transparency, and accountability in the digital age. Colleagues recognize him as a strategist who simplifies complexity, while clients value his ability to embed governance without slowing business momentum. Outside work, Ankush embraces the open road, often embarking on road trips across India — from the mountains to the coasts — journeys that reflect his resilience, curiosity, and determination to reach new horizons. A passionate coffee lover, his weekends are devoted to family and friends over thoughtful conversations, while weekdays often find him sharing the same enthusiasm for coffee and dialogue with colleagues — moments that keep him both grounded and inspired. What began as fulfilling his mother’s dream has evolved into his own passion for technology. Today, Ankush embodies resilience, foresight, and integrity — living proof that inherited dreams and personal vision together can create a powerful path forward. Professional Qualifications and Certifications:
  • Chartered Accountant
  • Bachelor of Commerce
  • ISO 27001:2022 Lead Auditor
  • ISO 27001:2022 Lead Implementer
  • Six Sigma Green Belt
 Expertise:
  • SOX & ICOFR Compliance
  • SOC 1 / SOC 2 & HITRUST Readiness
  • ERP Risk & Controls (SAP, Oracle Fusion, NetSuite)
  • Data Privacy & Cybersecurity (GDPR, DPDP, HIPAA, PCI DSS)
  • Third-Party Risk Management
Client sectors include, but are not limited to: BFSI, ITES, Manufacturing, Pharmaceuticals, Telecommunications, E-Commerce, and Healthcare.  
cross-icon
Piyush Paliwal
Piyush Paliwal
Associate Director – Technology Risk Advisory

Piyush Paliwal’s professional journey reflects his commitment to bridging technology, risk, and business needs to create value-driven solutions for clients across industries. With over 9 years of experience spanning Deloitte USI, Deloitte Canada, HCL Technologies, and now Pierag Consulting, Piyush has developed deep expertise in Technology Risk Advisory, specializing in internal controls, IT audits, compliance, and risk assessments, delivering solutions across geographies including the US, Canada, UK, South Asia, and India.

At Pierag, he leads complex engagements in areas such as Risk-based Internal Audits, SOX compliance, SOC reporting readiness, ITGC reviews, IFC/ICOFR, SSAE18 assessments, and IT Application Controls. His expertise also extends to specialized areas such as Third-Party Risk Management (TPRM), Enterprise Risk Management (ERM), Data Privacy, Cybersecurity, GRC tools, IAM solutions, and regulatory frameworks like SOX, ICFR, COSO, and COBIT—helping organizations build robust compliance and control environments.

Piyush’s work spans a broad spectrum of industries, including Telecom, Technology, Manufacturing, eCommerce, FMCG, BFSI, and Life Sciences & Healthcare. Beyond technical delivery, he has played a pivotal role in client relationship management, practice building, training, and quality reviews, as well as leading teams to navigate diverse regulatory requirements. His international experience—particularly his secondment with Deloitte Canada—has further sharpened his perspective on global compliance and risk.

He holds a Master of Business Administration (Finance) and a Bachelor of Engineering (IT). He is also a certified ISO 27001:2022 Lead Implementor and ISO 42001:2023 Lead Implementor (Intertek), demonstrating his commitment to staying ahead in information security and emerging AI governance. Piyush’s expertise in working with enterprise systems such as SAP, PeopleSoft, Windows, UNIX, SQL Server, and Oracle etc. adds further depth in aligning technology environments with internal control frameworks and regulatory guidance for complex and high-growth organizations.

Recognized as a trusted advisor, Piyush brings not just strong domain knowledge but also the ability to connect business priorities with technology controls, making him a leading voice in the Technology Risk Advisory space.

View all Leaders
Secure Your Technology Landscape
Ensure your IT environment is resilient and compliant with evolving regulations. Our Technology Risk Advisory services help you identify gaps, enhance control effectiveness, and build confidence in your technology landscape.