Technology, data and (digital) privacy are one of the most important elements of the digital era we are currently in. Evolving technologies and digital transformations around the globe are happening at a breakneck pace and it is becoming harder for organisations to keep up. This is why IT activities are often outsourced to a third party. Because technology processes concern sensitive and strategy-critical activities, however, organisations are in desperate need for guarantees regarding their partners’ reliability and their capability to take over control of these processes.
The ISAE 3402
The International Standard on Assurance Engagements (ISAE) 3402 is an internationally recognised assurance standard for outsourcing activities that are related to financial reporting. To get recognised in the ISAE 3402 standards, a report created by an independent auditor and it indicates whether an organisation has the qualifications to be ‘in-control’ of their clients’ processes. This means the organisation is checked, among other things, on its risk management, security system, privacy and anti-fraud measures. Once this third party is certified they can be marked as a reliable service provider. This helps other organisations in their decision-making process to determine the right solution provider.
Within the ISAE 3402 there are two types of reports: type I and type II. In a type I report the structure and origin of the organisation is examined and it includes a detailed description of the steps needed to implement control measures. In order to receive a type II report, the functionality of these preferred control measures have to be examined for a certain period of time.
Before an organisation can hope to obtain a ISAE 3402 recognition, there are strict requirements an organisation has to meet. An auditor will examine all kinds of workflows and activities and document them for a report. Once an organisation gets a hold on the assurance it will help to reduce their clients’ concerns for a collaboration in activities as sensitive and strategy-critical as financial processes. Which makes the ISAE 3402 type II so valuable.
A critical process
At Actuals.io we validate millions of financial transactions by our clients every day. It is a service that can’t just be compared to others easily. Since we wanted our workflow to be as safe and secure as possible, we re-examined our services in order to be certified in the ISAE 3402 standards. Victory was ours, as Crowe Foederer gave us the ISAE 3402 type II report over 2019. Since our services will be re-examined every year, we can continuously guarantee both our clients as ourselves that we can put up with the responsibilities that come with the role of solution provider in financial reporting.