Regulatory Compliance, Governance and Security

May 16 2010   1:56PM GMT

ISAE 3402 | The New Global Standard for Assurance Reporting on Service Organizations has Arrived!



ISAE 3402: The International Standard on Assurance Engagements, “Assurance Reports on Controls at a Service Organization”, is the new global standard for assurance reporting on service organizations. What’s interesting to note about ISAE 3402 is that there are two (2) critical components that service organizations will now have to adhere to: (1). The service organization must produce a description of it’s “system”. (2). The service organization must also provide a written statement of assertion. This differs from the popular SAS 70 auditing standard where no written statement of assertion was required and a description of “controls” was only required, not a description of the “system”.

In short, expect ISAE 3402 to bring about significant changes for reporting on service organizations-due in large part to the two (2) requirements put forth by the ISAE 3402 standard itself that differ from SAS 70.

Also, SAS 70 is effectively being replaced and superseded by Statement on Standards for Attestation Engagements No. 16 (SSAE 16), with it becoming effective for reporting periods ending on or after June 15, 2011.

SSAE 16 and ISAE 3402 are essentially similar standards, with some slight technical variations. They are the convergence of auditing standards that have resulted in a more unified and transparent framework for reporting on controls at service organizations.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: