When outsourcing (parts of) ICT, it is vitally important that the service delivery organisation is dependable, because the outsourcing company remains responsible for the activities they have outsourced.
Benefits of ISAE 3402
SAE 3402 is the International Standard on Assurance Engagements number 3402. An ISAE 3402 audit report offers service delivery organisations the following benefits and opportunities:
Offering assurance to clients
It is important for the service delivery organisation to be able to demonstrate that they control the services they provide to the highest standard. An ISAE 3402 report allows ICT service provides to objectively assure their clients.
Increasing the quality of internal control
An ISAE 3402 report charts the goals, processes, risks en measures of a service delivery organisation. Potential risks are defined as well as the measures to diminish or eliminate these risks.
Improving chances of success in procurement tenders
Increasingly, an ISAE 3402 report is among the selection criteria in procurement procedures. Having this report is a clear commercial advantage over the competition who do not have one.
ISAE 3402 is the international standard for outsourcing. It prevents you from having to conform to different local standards. More and more, supervisory institutions demand control of the entire international supply chain (including service provides like application providers, data centers and cloud providers. Financial institutions demand ISAE 3402 as standard reporting from suppliers.
Decreasing audit costs
ISAE 3402 is a unique standard which is internationally accepted by auditors. This eliminates repetitive control work in the supply chain as the auditor of the client can depend on the 3402 statement of the service provider’s auditor.
Drafting and certifying an ISAE 3402 report
Professionally describing processes and control in your organisation requires a substantial effort. Realising an ISAE 3402 report with the support of the Risk Practice will provide a professional result at ultimately lower cost. We will work with you to chart out the most significant risks and document these in a risk matrix. We then create additional measures to guarantee the control goals. We guide you through the audit process to ensure it meets de ISAE 3402 reporting timelines. Should you choose to create the report internally, we can provide the certification for you. We have NOREA certified auditors who are accomplished in creating as well as certifying ISAE 3402 reports.
For more information on ISAE 3402:
If you would like to know more about wat our Risk Practice can mean for you, please contact Michael Schoevaart RE RA at (+31)(0)637602737. He would be pleased to tell you what added value ISAE 3402 can bring to your organisation.