ISAE 3402

ISAE 3402 was developed to provide an international assurance standard allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.

A yearly ISAE 3402 report at ICC provides Clients and Partner Organizations and their internal and external auditors with information on policies, procedures and controls that may be relevant to their internal control structures and financial statements.

During the last biennium, the scope of ICC’s ISAE 3402 continued to be revised to ensure continuous and improved coverage of assurance requirements for ICC’s Clients and Partner Organizations.

ICC completed a SAS 70 Type II audit in In February 2011. SAS 70 stands for Statement on Auditing Standards No. 70. It was at the time the most commonly-used standard for auditing service providers.

The SAS 70 audit report was delivered to ICC Partners and their Internal Auditors to provide an understanding of the effectiveness of ICC’s internal controls and its ability to deliver quality, manag​ed services. As of 15 June 2011, the SAS 70 standard was superseded. ICC is audited under the ISAE 3402 standard. Like SAS 70, ISAE 3402 is globally recognised as the standard for auditing service providers. It focuses on audits of internal controls that may impact or relate to financial reporting.

Independent auditors have performed an ISAE 3402 Type II audit of ICC’s internal control framework, covering the period 1 January to 30 June 2013. ICC’s internal control framework is based on COBIT 4.12 framework for ICT management and governance. The ISAE 3402 Type II Auditor's Report conclusion is an unqualified opinion, meaning that the auditors did not observe evidence of control weaknesses during the period under review. ISAE 3402 Type II Auditor’s Report provides ICC Partners with a detailed description of ICC’s internal ICT controls and an independent assessment of whether these controls were suitably designed and operated effectively for the audit period.

The International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization, was issued in December 2009 by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). ISAE 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.