Service Auditor Reporting
Outsourcing is a growing trend and companies increasingly depend on third-party providers to deliver critical services. Ten years ago only one or two major third party services providers may have been used for a limited number of companies outsourcing core operations (e.g. payroll or pension administration or IT services) but now organisations often depend on many providers to deliver any number of services.
Consequently service providers (or third party providers) are looking to provide their customers, and their customers’ auditors, with an understanding of controls in place at the service provider and, in certain instances, evidence to determine whether controls over the outsourced service at the service provider are effective.
The International Auditing and Assurance Standards Board (IAASB) issued the new international standard ISAE 3402 for engagements to report on controls at service organisations. At the same time the American Institute of Certified Public Accountants (AICPA) have replaced the SAS 70 with SSAE 16. While the standards drafted by the IAASB and AICPA are not significantly different from each other, nor from the present standard, they do present some changes from SAS 70 that may prove challenging for some service organisations.
- We have specifically trained teams that are providing suites of reports to a series of Swiss and international clients.
- With the changes in core standards and new standards available, we have prepared various materials and methodologies to help service providers adopt or transition to the new standards.
- We can explain the differences between the reports, support the decision making process for selecting the correct report for a service provider and also assist in the transition from one reporting framework to another.
How Deloitte can help