ISAE 3402 / SSAE 16 examinations (replacing SAS 70)
Reinforcing confidence in your services
Challenges
Outsourcing is a growing trend and companies increasingly depend on third-party providers to deliver critical services. Companies often depend on many providers to deliver any number of services, including:
- Information technology
- Finance and accounting
- Customer care
- Human resource and benefits management
- Payment and administration
- Custody
- Fund administration
- Transfer agency
- Management companies
Consequently, outsourcing companies are looking for third-party assurance to provide their clients with comfort about their internal control environment. Replacing SAS 70, ISAE 3402/SSAE 16 standards will remain the most widely employed approach to demonstrate third-party assurance, providing coverage to users of outsourced services. ISAE 3402/SSAE 16 reporting, in coordination with your internal control assessment activities, can help:
- Identify your company’s most business-critical, process-based relationships
- Pinpoint existing internal and outsourcing organisation gaps in processes and controls that may increase risk
- Enhance existing activities with a more encompassing framework for internal controls - one that achieves compliance with Sarbanes-Oxley financial reporting control requirements and helps improve internal risk management and business partner performance
Our ISAE 3402/SSAE 16 services can bring an organisation value through improved third-party risk management and performance, and include:
- Determining the spectrum of required ISAE 3402/SSAE 16 coverage required
- Executing ISAE 3402/SSAE 16 examinations for outsourcers and service providers
- Expanding the scope of ISAE 3402/SSAE 16 reporting based on assessment
Deloitte services offering
In response to the market demand for enhanced risk oversight and transparency, service organization control reports have become increasingly prevalent in the marketplace since the issuance of Statements on Auditing Standards No. 70, Service Organizations (SAS70) in 1992.
In order to meet heightened expectations and to fit the modern frameworks of assurance standards, the IAASB (International Auditing and Assurance Standards Board) and the AICPA (American Institute of Certified Public Accountants) issued new standards, namely the ISAE 3402 and SSAE 16, replacing the former SAS 70. The new standards have become effective for assurance reports covering periods ending on or after 15 June 2011.
Our approach in conducting ISAE 3402 / SSAE 16 examination is unique in terms of benefit that we commit to deliver. Deloitte will put at your disposal experienced industry professionals recognised as experts in their field together with qualified auditors with in-depth experience in control reviews. We are convinced that the availability of industry experts is a key differentiating factor in our approach as it enables us to advise you in a proactive manner on how to align with leading market practices.
Contacts
Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.