Nkonki News

NEW ASSURANCE STANDARDS: ISAE 3402

• ISAE 3402 brings greater assurance for service sector

This new global assurance standard was introduced in June 2011 and it supersedes SAS 70. It will have significant effect on processes and internal controls. It also requires that internal auditors must ensure that this new assurance standard is adhered to.

Under the new, wider Service Organisation Controls (SOC) framework that was released by American Institute of Certified Public Accountants (AICPA), outsourcers and service organisations can no longer issue a SAS 70 report , instead they must now replace it with the new global assurance standard ISAE 3402 and US equivalent SSAE16, which together are known as SOC1 reports

Although the changes will, have less impact on the internal auditors' role, as compared to the service auditor, that relies entirely on the internal auditor's report

SOC1 provides the same assurance as before and it will also include an independent service auditor's opinion covering the same areas of SAS 70 opinion.

Please note that the SSAE 16 and ISAE 3402 will provide the same information and assurance

Next steps for management and outsourcers:

• The success of the new standard depends entirely on the attitude of and co-operation between the affected parties toward this standard. The affected parties are client management; service organisation management; service auditor; internal assurance provider (internal auditor); and external assurance provider (external auditor).
• For 2011 reports, management should start discussing these new standards with clients and also offer them support during this transition.

Five things that assurance providers must do with other affected parties:

• Discuss this new standard.
• Confirm the scope of the assurance report with management.
• Ensure that the terms of the assurance engagement are in line with the new standard's requirements.
• Execute risk assessment procedures.
• Identify the basis for assertion on the operating effectiveness of controls.