The first step is the inventory of the scope of the ISAE3000 report, on the basis of which a planning for the audit trail is drawn up.
The aim here is to determine the planning of the 'ISAE3000 audit' or 'ISAE3000 implementation process'.
A choice must be made whether it concerns consultancy work or the actual audit.
After the scope and planning have been determined, a risk analysis is carried out and the management objectives are drawn up.
The purpose of this is to further specify the objective of the audit from the actual performance or implementation.
During the third phase, the pre-audit will be performed on the implemented control mechanisms. Through the pre-audit, the possible findings can be mitigated.
The goal is it
identify the potential findings and mitigate them before the actual audit takes place.
During the fourth and final phase, the audit will be performed or support will be provided for the implementation of the audit. This is for the benefit of unburdening.
The aim is to perform the audit or support in obtaining an ISAE3000 assurance report in Type 1 or Type 2.
For an introduction to Cyberus, with the consultants and IT auditors about SOC2, please feel free to contact us.
This can be done via virtual appointment or simply at our office with a cup of coffee.
Our office is located at the HSD (the Hague Security Delta) in The Hague next to Den Haag Laan van NOI station. Parking is available under the building.