Outsourcing is a growing trend, and companies increasingly depend on third-party providers to deliver critical services.
The purpose of an ISAE3402 review is to provide client auditors with an objective report that expresses an opinion about the control environment of a service organisation. The benefit is an objective opinion about a standardised set of objectives tested only once to minimise business disruption.
Companies often depend on many providers to deliver any number of services. Consequently, outsourcing companies are looking for third-party assurance to provide their clients with comfort about their internal control environment.
Deloitte will perform an ISAE3402 review, which provides an objective report that expresses an opinion about the control environment of a service organisation on which multiple auditors can rely. This will be based on a standardised set of objectives, tested only once in a period, which minimises business disruption and provides the ICT service provider’s clients with proactive assurance. The controls tested are typically those that will have a direct impact on the risk of material misstatement in your financial account balances
Hiring an independent service auditor to perform the review allows your organisation to be subjected to just one internal controls audit. Upon completion, the report is distributed to the service organisation’s users so that their auditors may rely upon its opinion and findings and subsequently limit or eliminate additional substantive audit procedures.
User organisations that obtain a Service Auditor's Report from their service organisation(s) receive valuable information regarding the service organisation's controls and the effectiveness of those controls. The user organisation receives a detailed description of the service organisation's controls and an independent assessment of whether the controls were placed in operation, suitably designed and operating effectively (in the case of a Type II report).