Who can provide ISAE 3402?
Consultancy firms in the UK and Europe can provide assistance with describing your control framework in compliance with the legal and regulatory frameworks and the best practices. After the description of the control framework a Service auditor should be hired to perform the ISAE 3402 attestation.
What is an ISAE 3402 Type 2 report?
In an ISAE 3402 Type II report, the external auditor reports on the suitability of the design and existence of controls and on the operating effectiveness of these controls in a predefined period.
What is ISAE certification?
The “International Standard on Assurance Engagements” (ISAE 3402) is the international testing standard which assesses the effectiveness of the internal control system (ICS) of service organizations.
What is the scope of an ISAE 3402 engagement?
The scope of an ISAE 3402 engagement is control set of the service organization, or to be more precise the service organizations controls over services, functions performed and applications that are likely to be relevant for the customer and its auditor to evaluate the internal control over financial reporting.
What is the ISA 3402 audit?
ISAE No. 3402 is generally applicable if an independent auditor (“user auditor”) is planning the financial statement audit of an user organization that obtains services from other organizations (“service organization”).
What is the difference between SAS 70 and ISAE 3402?
It supersedes SAS 70. and puts more emphasis on procedures for the ongoing monitoring and evaluation of controls. An ISAE 3402 audit certificate including an audit report is regarded as a quality criterion for service providers that distinguishes them from competitors.
What is carve out in ISAE 3402?
Carve-out method: refers to a method according to which the internal control system of a sub-service provider is not included in the scope of the audit of the service provider. For the service provider’s customer, an ISAE 3402 report with a CARVE-OUT is unfavorable because relevant controls may not have been audited.