IT Assurance & audit
You want your customers – and your future customers – to be convinced about the quality and safety of your organization and services. How can you do that? IT Assurance can provide service organizations with recognized audit and reports facilities.
Clearly ‘in control’ with IT Assurance
As a service organization you perform services for your customers, such as payroll, providing hosting or management services. Your customers want assurance that the services they outsource to you to meet the required quality criteria. Are your systems secure and in order? Are you prepared in case of fraud and what would you do to counter process disturbances? Your customers want risks to be limited to the bare minimum. This means that internal control and continuity of your organization and services need to be properly in check. Also, your future customers want certainty before they sign up. IT Assurance offers audit and reporting to bring your commitment to quality into focus.
ISAE 3402 audit and reporting
ISAE 3402 audit and reporting facilitates service organizations to demonstrate they are clearly ‘in control’. With ISAE3402 audit and reporting you get insight and certainty about your process management and the safety of your services and organization. Independent IT Assurance and associated declarations confirm the quality of your services. This is why ISAE3402 is eminently suitable as a means to provide transparency about your internal controls. Both to your customers, your prospects, as well as to their accountants.
How does an ISAE 3402 audit work?
IT Assurance using an ISAE3402 audit is generally divided into three phases:
1 Pre-audit phase
In this phase, the focus is on determining the scope, performing a risk analysis and the establishment of a Control Framework. The Control Framework is a set of control objectives and related control measures. These are the points that we test during the audit. At this stage we can also optionally do a baseline assessment to determine where possible areas of improvement will come to light in the formal audit. With these improvement points we can make a head start, before the actual audit and reporting.
2 Audit phase
Based on the installed control framework, we formally test the controls by means of an audit. We record and assess the findings that emerge during the audit.
3 Report phase
Following on from the audit results, we prepare an ISAE report. The ISAE 3402 standard sets specific requirements for reporting, such as a statement from the management of the organization, a statement by the auditor and a detailed description of the control system. The report describes the process and control measures as implemented within a specific time period, or as were effective during the reporting period. We denote this as being a type 1 or type 2 report respectively.
The advantages of an ISAE 3402 audit and reporting
With SAE 3402 you give out a clear message to your customers and to the outside world about the quality of your organization and services. An ISAE 3402 audit is one of the most powerful resources in the field of IT assurance:
- ISAE 3402 is an internationally recognized standard: recognizable and valuable
- ISAE 3402 audit and reporting helps to strengthen your risk management: promoting quality
- ISAE 3402 reports ensure that your organization is visibly in control: an investment that pays for itself
Want to learn more?
Want more information about IT Assurance? Make an appointment with our specialists in IT consultancy. Check out our other services in the field of Audit & Assurance, International Business Consultancy and Company Legal Advice.