ISAE3402

ISAE 3402

Third Party Assurance

ISAE3402: Assurance reporting financial services.

Organizations and departments increasingly outsource services to specialized suppliers, including SaaS suppliers and service providers. External regulators increasingly require that suppliers provide certainty about the services provided, including all subcontractors. This can be done by carrying out an ISAE3402 audit at the service provider, after which an IAssurance is issued as an ISAE3402 statement. At Cyberus, we have certified Auditors and Consultants and understand how we can relieve the burden and burden on organizations in obtaining and maintaining an ISAE3402 statement. The Cyberus Consultants guide organizations, from SMEs to Corporates, in obtaining the ISAE3402 assurance as an IT Audit and Compliance partner. In addition, the Cyberus Auditors are able to carry out ISAE3402 audits and issue assurance statements. For more information please feel free to contact us!

Obtain ISAE 3402 Statement'


We from Cyberus take care of achieving an ISAE 3000 statement.


In the implementation of the actual IT Audit, Cyberus offers transparency and efficiency in the implementation of the ISAE 3402 audit.


Cyberus uses 4 phases for both audit and advice for ISAE 3402


Phase 1

Scoping &
Planning

The first step is to inventory the scope of the ISAE3402 report, on the basis of which a plan for the audit trail is drawn up.


Het doel hierbij is de planning van de 'ISAE3402 audit' of ' ISAE3402 implementatietraject' vast te stellen.


A choice must be made whether it concerns consultancy work or the actual audit.

Level 2

Risk profile &
goal

After the scope and planning determination, a risk analysis is carried out and the management objectives are drawn up.


The purpose of this is to further specify the audit objective of the actual execution or implementation.




Phase 3

Pre-audit &
Mitigatie

During the third phase, the pre-audit will be carried out on the implemented control mechanisms. Through the pre-audit, possible findings can be mitigated.


Het doel is het

identificeren van de mogelijke bevindingen en deze te mitigeren voordat de daadwerkelijke audit en zal plaatsvinden.

Phase 4

Audit &
Assurance

During the fourth and final phase, the audit will be carried out or support will be provided for the implementation of the audit. This is for the sake of relief.


The aim is to carry out the audit or support in obtaining an ISAE3402 assurance report in Type 1 or Type 2.

Third Party Assurance Financial Services

In recent years, the outsourcing of parts of activities by (user) organizations to service organizations has increased dramatically. Examples of this include outsourcing financial services to third parties for mortgages, asset management, pensions and payrolling. Disruptions to these outsourced services can have a major impact on the user organizations and the proper functioning of these processes is therefore of vital importance for the user organizations. Precisely for this reason, user organizations want periodic reports on the quality of outsourced services. These period reports must be drawn up by independent auditors and are called ISAE reports. An ISAE 3402 (International Standard on Assurance Engagements) report for IT service organizations is suitable for service organizations that want to provide user entities with assurance about control measures that are relevant to the financial reporting of these user organizations.

Additional information: ISAE3402 Type 1/2

An ISAE 3402 report is an assurance report drawn up by the independent auditor that provides insight into the quality of the outsourced activities of a service organization to the user organization. The ISAE 3402 has been specifically developed for outsourcing that has an (indirect) connection with the financial reporting of the outsourcing organization. An ISAE 3402 report is characterized by the following properties: Standard structure Service Organization Control reports Judgment with a reasonable degree of certainty Possibility of variant Type I and Type II (explained below) Minimum review period for a type II of 6 months Intended for an audience that understands the content and objective of the report (management of the Service Organization itself, management of user organization, users when selecting potential service organization, accountants, auditors and supervisory authorities). In the case of a type I Service Organization Control report, the auditor tests the adequacy of the described control measures to achieve the stated control objective and determines their implementation. The control measures are determined as they have been implemented at a specific time. A type II report describes the process and control measures as they have operated during a predetermined defined period (minimum 6 months). The scope of an ISAE 3402 audit and report is determined by the process design within your organization: all controls that are relevant (direct or indirect) for financial reporting must be included. In addition to financial processes, this can also concern non-financial processes. The scope of an ISAE 3402 audit is compiled by our specialists in consultation with you.

Introduction

For an introduction to Cyberus, the consultants and IT auditors about SOC2, please feel free to contact us.


This can be done via virtual appointment or simply at our office with a cup of coffee.


Our office is located at the HSD (the Hague Security Delta) in The Hague next to The Hague Laan van NOI station. Parking is available under the building.


In contact met Cyberus

Share by: