ISAE 3402 was developed to provide an international assurance standard
allowing public accountants to issue a report for use by user
organizations and their auditors (user auditors) on the controls at a
service organization that are likely to impact or be a part of the user
organization’s system of internal control over financial reporting.
A yearly ISAE 3402 report at ICC provides Clients and Partner Organizations and their internal and external auditors with information on policies, procedures and controls that may be relevant to their internal control structures and financial statements.
During the last biennium, the scope of ICC’s ISAE 3402 continued to be revised to ensure continuous and improved coverage of assurance requirements for ICC’s Clients and Partner Organizations.
ICC completed a SAS 70 Type II audit in In February 2011. SAS 70 stands for Statement on Auditing Standards No. 70. It was at the time the most commonly-used standard for auditing service providers.
The SAS 70 audit report was delivered to ICC Partners and their Internal Auditors to provide an understanding of the effectiveness of ICC’s internal controls and its ability to deliver quality, managed services. As of 15 June 2011, the SAS 70 standard was superseded. ICC is audited under the ISAE 3402 standard. Like SAS 70, ISAE 3402 is globally recognised as the standard for auditing service providers. It focuses on audits of internal controls that may impact or relate to financial reporting.
Independent auditors have performed an ISAE 3402 Type
II audit of ICC’s internal control framework, covering the period 1
January to 30 June 2013. ICC’s internal control framework is based on
COBIT 4.12 framework for ICT management and governance. The ISAE 3402
Type II Auditor's Report conclusion is an unqualified opinion, meaning
that the auditors did not observe evidence of control weaknesses during
the period under review. ISAE 3402 Type II Auditor’s Report provides ICC
Partners with a detailed description of ICC’s internal ICT controls and
an independent assessment of whether these controls were suitably
designed and operated effectively for the audit period.
The International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization, was issued in December 2009 by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). ISAE 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.