ISAE 3402

Service providers, data centers and companies that provide outsourced accounting-relevant business processes or IT services confirm to their clients the existence of a functioning internal control system including the relevant processes by means of certification.

We support your company in the preparation and planning of international standards such as ISAE 3402, SSAE 18 or the German IDW PS 951 standard. Service providers and companies that provide accounting-relevant business processes or IT services confirm to their clients with an ISAE 3402 report that they have a functioning internal control system with regard to the processes outsourced to them. SSAE 18 is the US version of this auditing standard and is very similar in content to ISAE 3402, which is why reports according to SSAE 18 or IDW PS 951 can also be created on the basis of the same preparations.

If you have already carried out an ISAE 3402 audit in the past and require further consulting, we will optimize or modify the service-related internal control system in consultation with you, thereby achieving considerable overall cost savings.

Our audit approach

Our approach to an audit involves various stages:

  • Recording of the existing internal control system and the relevant processes
  • Definition of a target requirement under determination of an existing delta
  • Definition of objectives and timetable, taking into account necessary resources
  • Inspection of existing documents
  • Creation of a schedule with milestones and creation of a Control Set
    (conducting interviews, evaluation of results)
  • Coordination of the service-related Control Set with the auditors
  • Accompanying the audit

For existing certifications of these standards, we support you with regard to the optimization or modification of existing control systems and processes.

Our standards

There are various standards for internal control systems (ICS) that are relevant depending on the focus of your business activity.

ISAE 3402 is an internationally recognized auditing standard for internal control systems (ICS).

For companies that require certification according to US auditing standards, we prepare for certification according to the new auditing standard SSAE 18, which replaced the SSAE 16 standard.

As part of an audit in accordance with IDW PS 951, we control the existence of an appropriate internal control system for service providers. An audit in accordance with Type 1 or Type 2 confirms the implementation of a service-related internal control system at the agreed audit time (Type 1), or the effectiveness of the implemented controls over a predefined audit period (Type 2).

The outsourcing of operational processes does not release outsourcing companies from their responsibility for the outsourced processes.