PDF Print E-mail

The Importance of an ISAE 3402 Readiness Assessment for Service Organizations

The ISAE 3402 standard will require service organizations to undertake additional procedures that may very well have not been mandated by country or region specific standard, such as that of the AICPA SAS 70 or the CICA 5970.Deliverables such as describing the service organization's "system" along with providing a written statement of assertion, just to name a few, are critical examples of the changes being brought about by ISAE 3402.

As a result of the new global standard on assurance reporting, service organizations would highly benefit from an ISAE 3402 Readiness Assessment. Conducted by a competent practitioner who is well-versed in the changes on assurance reporting for service providers, an ISAE 3402 Readiness Assessment can have significant benefits. 

Topics to cover within an ISAE 3402 Readiness Assessment would include the following:

  • Understanding the changes brought about by the ISAE 3402 standard and how it differs from country or region specific standards, such as that of SAS 70 and CICA 5970.
  • Identifying the scope of the ISAE 3402 engagement, which would encompass the following criteria:
    • If a previous country or region specific standard was used in the past, what relevancy does the prior service auditor's report have in relation to the new ISAE 3402 standard?
    • What control objectives and related controls are to form the basis for the new ISAE 3402 audit and do these control objectives consider the relevancy for user entities reporting purposes?
    • Have all subservice organizations, if any, been identified and will these respective subservice organizations control environments be represented within the context of the final ISAE 3402 assurance report?  Additionally, will the "carve-out method" or the "inclusive method" be used regarding these subservice organizations?
    • How many physical locations (additional service organization locations) are to be included in the scope of the audit?
  • What role, if any, will the service organization's internal audit function play in the role of the audit? Additionally, if the internal audit function is deemed to be relevant for the scope of the audit, the service auditor will undertake a series of activities to determine if the professionalism and objectivity of the internal audit function is acceptable.
  • Providing guidance and recommendations to the service organization for developing a comprehensive and in-depth œservice organization's description of its "system", which includes a number of essential components.
  • Additionally, providing guidance and recommendations to the service organization for developing a written statement of assertion as required by the ISAE 3402 standard.
  • Providing the service organization with ISAE 3402 Readiness Questionnaires for properly identifying any gaps or deficiencies within the current control environment that will require remediation prior to commencement of the audit.
  • Providing the service organization with as needed resources, such as policies, procedures, and other essential documents, for assisting in any areas of remediation.

The ISAE 3402 standard brings about new reporting requirements for which service organizations must be prepared to meet, thus a Readiness Assessment should be looked upon as highly recommended, not merely an option. A qualified service auditor with applicable experience in assurance reporting will be able to provide your organization with an ISAE 3402 Readiness Assessment.
 
3 Reasons to Choose NDB, LLP
  • Cost-effective, fixed fee audits
  • Nationally and Globally Recognized CPA Firm
  • Years of Experience Performing Assurance and Attestation Reporting

Fill out the following form to inquire about NDB's ISAE 3402 Services:
  or Reset
 
Copyright © 2010 The ISAE 3402 Resource Guide. All Rights Reserved.