ISAE3402

ISAE 3402

Third Party Assurance

ISAE3402: Financial Services Assurance Reporting.

Organizations and departments are more often outsourcing services to specialized suppliers, including SaaS suppliers and Service providers. External regulators are more often requiring suppliers to provide assurance about the services provided, including all subcontractors. This can be done by carrying out an ISAE3402 audit at the service provider, after which an IAsssurance is issued as an ISAE3402 statement. We at Cyberus have certified Auditors and Consultants, and understand how we can relieve organizations in obtaining and maintaining an ISAE3402 statement. The Cyberus Consultants assist organizations, from SMEs to Corporates, with obtaining the ISAE3402 assurance as an IT Audit and Compliance partner. In addition, the Cyberus Auditors are able to perform ISAE3402 audits and issue assurance statements. For more information feel free to contact us!

Achieve ISAE 3402 Statement'


We from Cyberus unburden you in obtaining an ISAE 3000 statement.


In the implementation of the actual IT Audit, Cyberus offers transparency and efficiency in the implementation of the ISAE 3402 audit.


Cyberus uses 4 phases for both audit and advice for ISAE 3402


Phase 1

Scoping &
Planning

The first step is the inventory of the scope of the ISAE3402 report, on the basis of which a planning for the audit trail is drawn up.


The aim here is to determine the planning of the 'ISAE3402 audit' or 'ISAE3402 implementation process'.


A choice must be made whether it concerns consultancy work or the actual audit.

Level 2

Risk profile &
goal

After the scope and planning have been determined, a risk analysis is carried out and the management objectives are drawn up.


The purpose of this is to further specify the objective of the audit from the actual performance or implementation.




Phase 3

Pre-audit &
Mitigation

During the third phase, the pre-audit will be performed on the implemented control mechanisms. Through the pre-audit, the possible findings can be mitigated.


The goal is it

identify the potential findings and mitigate them before the actual audit takes place.

Phase 4

Audit &
Assurance

During the fourth and final phase, the audit will be performed or support will be provided for the implementation of the audit. This is for the benefit of unburdening.


The aim is to perform the audit or support in obtaining an ISAE3402 assurance report in Type 1 or Type 2.

Third Party Assurance Financial Services

In recent years, the outsourcing of parts of the activities by (user) organizations to service organizations has expanded enormously. Examples include the outsourcing of financial services to third parties for mortgages, asset management, pensions and payrolling. Disruptions to these outsourced services can have a major impact on the user organizations and the proper functioning of these processes is therefore of vital importance to the user organizations. It is precisely for this reason that user organizations want periodic reports on the quality of outsourced services. These period reports must be drawn up by independent auditors and are referred to as ISAE reports. An ISAE 3402 (International Standard on Assurance Engagements) report for IT service organizations is suitable for service organizations that want to provide user entities with assurance about controls relevant to the financial reporting of these user organizations.

Additional information: ISAE3402 Type 1/2

An ISAE 3402 report is an assurance report drawn up by the independent auditor that provides insight into the quality of the outsourced activities of a service organization to the user organization. The ISAE 3402 has been specifically developed for outsourcing that has an (indirect) connection with the financial reporting of the outsourcing organization. An ISAE 3402 report is characterized by the following properties: Standard structure Service Organization Control reports Judgment with a reasonable degree of certainty Possibility of variant Type I and Type II (explained below) Minimum review period for a type II of 6 months Intended for an audience that understands the content understand the purpose of the report (management of the Service Organization itself, management of user organization, users in selecting potential service organization, accountants, auditors and regulatory authorities). In the case of a Type I Service Organization Control report, the auditor tests the adequacy of the controls described to achieve the stated control objective and determines their implementation. The control measures are determined as they have been implemented at a certain time. A type II report describes the process and controls as they have operated during a predetermined period of time (minimum 6 months). The scope of an ISAE 3402 audit and report is determined by the process design within your organization: all controls that are relevant (directly or indirectly) for financial reporting must be included. In addition to financial processes, this can also concern non-financial processes. The scope of an ISAE 3402 audit is composed by our specialists in consultation with you.

acquaintance

For an introduction to Cyberus, with the consultants and IT auditors about SOC2, please feel free to contact us.


This can be done via virtual appointment or simply at our office with a cup of coffee.


Our office is located at the HSD (the Hague Security Delta) in The Hague next to Den Haag Laan van NOI station. Parking is available under the building.


 In contact met Cyberus

Share by: