PDF Print E-mail

The Evolution of a New Global Standard on Assurance Reporting | ISAE 3402

ISAE 3402 came about for a number of reasons, each important in their own regard. By truly understanding the evolution of this new global assurance standard, all participants involved will gain greater clarity and usability for ISAE 3402 as a whole.

Migration to Global Accounting Standards and the Growing needs of Service Organizations
Currently, a number of country specific standards dominate the landscape for reporting on service organizations, ranging from the AICPA SAS 70 (which is being superseded by SSAE 16) to the Canadian CICA 5970.  Other notable standards used include the following:  AU Guidance Statement (GS) 007, the JP Audit Standards Committee Report No. 18, Germany's IDW PS 951, along with the UK's AAF01/06 and AAF02/07.  Though these standards continue to provide acceptable reporting for service organizations, a major shift has been underway in adopting true globally accepted accounting practices. This shift has resulted in the ISAE 3402 standard, which coincides with the growing needs of outsourcing entities around the world (many which are identified as service organizations) to undergo an assurance engagement that is globally accepted, rather than relying on country specific standards.

As accounting standards become more transparent and unified throughout the world, service organizations are able to fulfill their regulatory compliance requirements for purposes of reporting on internal controls with ISAE 3402, Assurance Reports on Controls at a Service Organization. Gone will be the days of using any number of country specific standards and hoping they suffice for the complex regulatory compliance requirements of user entities, such as publicly traded companies, regulatory bodies, governmental entities, and other notable users of these reports. Please note that the purpose of ISAE 3402 was not to directly replace country specific standards, but to provide optional reporting for service organizations.

Limitations of the AICPA SAS 70 Auditing Standard
The AICPA SAS 70 auditing standard has been an extremely effective, to say the least, ever since it's inception in 1992. However, in today's regulatory compliance arena, the use of a SAS 70 audit is finding its limitations; hence one reason the AICPA is superseding it with an "attestation" standard (SSAE 16).  Of concern is that service organizations are now being faced with a myriad of requirements from a lengthy list of user entities having to rely on the SAS 70 audit. And because these audits were technically designed for auditor to auditor reports, they now lack necessary information needed to suffice for today's regulatory compliance appetite. There is no service organization assertion included in a SAS 70 report, which differs from the ISAE 3402, which requires management of the service organization to assert.  The "assertion" clause within the ISAE 3402 standard now gives all steak-holders (user auditors, user entities such as publicly traded companies, regulatory bodies, governmental entities, etc.) greater clarity and confidence on assurance reporting for service organizations.
 
3 Reasons to Choose NDB, LLP
  • Cost-effective, fixed fee audits
  • Nationally and Globally Recognized CPA Firm
  • Years of Experience Performing Assurance and Attestation Reporting

Fill out the following form to inquire about NDB's ISAE 3402 Services:
  or Reset
 
Copyright © 2010 The ISAE 3402 Resource Guide. All Rights Reserved.