ISAE 3402 / SSAE 16 examinations (replacing SAS 70)

Reinforcing confidence in your services


ISAE 3402 / SSAE 16 examinations

Outsourcing is a growing trend and companies increasingly depend on third-party providers to deliver critical services. Companies often depend on many providers to deliver any number of services, including:

  • Information technology
  • Finance and accounting
  • Customer care
  • Human resource and benefits management
  • Payment and administration
  • Custody
  • Fund administration
  • Transfer agency
  • Management companies

Consequently, outsourcing companies are looking for third-party assurance to provide their clients with comfort about their internal control environment. Replacing SAS 70, ISAE 3402/SSAE 16 standards will remain the most widely employed approach to demonstrate third-party assurance, providing coverage to users of outsourced services. ISAE 3402/SSAE 16 reporting, in coordination with your internal control assessment activities, can help:

  • Identify your company’s most business-critical, process-based relationships
  • Pinpoint existing internal and outsourcing organisation gaps in processes and controls that may increase risk
  • Enhance existing activities with a more encompassing framework for internal controls - one that achieves compliance with Sarbanes-Oxley financial reporting control requirements and helps improve internal risk management and business partner performance

Our ISAE 3402/SSAE 16 services can bring an organisation value through improved third-party risk management and performance, and include:

  • Determining the spectrum of required ISAE 3402/SSAE 16 coverage required
  • Executing ISAE 3402/SSAE 16 examinations for outsourcers and service providers
  • Expanding the scope of ISAE 3402/SSAE 16 reporting based on assessment