How is an ISAE 3402 audit different from an ISAE 3000 or SOC 2 audit?
SOC stands for System and Organisation Controls. A SOC 2 audit focuses not only on financial processes but also on the Trust Services Criteria defined by the American Institute of Certified Public Accountants (AICPA). These Trust Services Criteria are security, availability, processing integrity, confidentiality and privacy. As a result, SOC 2 is much more targeted at information security and privacy than ISAE 3402, which focuses exclusively on financial processes.
The ISAE 3402 standard applies if financial processes have been outsourced to a service organisation, such as a provider of payroll accounting, back-office, asset management or credit management services. The scope of an ISAE 3000 assurance engagement is much broader than an organisation’s control of outsourced financial processes. An ISAE 3000 engagement can provide assurance on security services and privacy control (including GDPR) and – in the Netherlands – ENSIA and DigiD.
Why would an ISAE 3402 audit be useful for my business?
The ISAE 3402 standard applies if financial processes have been outsourced to a service organisation, such as a provider of payroll accounting, back-office, asset management or credit management services. These are parties providing a service on which assurance must be expressed in the financial statements.
Obtaining an ISAE 3402 report
For us to be able to issue an ISAE 3402 report, you need to have in place a framework of standards we can use as a benchmark. We will describe this framework and your internal control structure in our report. Aspects that will be covered include your organisational and consultation structure, objectives, risk management procedures, supervision and controls. As a result, our report will not only offer your customers insight into the reliability and quality of your service provision, but it will also give them confirmation in a third-party memorandum (TPM) that you have internal controls in place and that these controls are effective.
Want to make the right start with ISAE 3402? We can help by:
- Setting up a framework for you.
- Having our certified IT auditors review your framework.