Skip to main content

ISAE 3402

Home Risk Services ISAE 3402

At ARC People, we understand the importance of reliable and transparent reporting. Our ISAE 3402 services are designed to help organizations improve their internal controls and prepare for external audits.

Common challenges with ISAE 3402

When obtaining an ISAE 3402 statement, we see that there can be many challenges. Some examples include:

This image fits a textual summary that talks about the main gaps or challenges that organizations have in complying with the ISAE3402 standard. ARC People helps organizations bridge the gaps.

  • Scope and delineation of the "system": What exactly is covered by the service, which locations, applications and processes, and which subservice organizations? Unclear scope leads to gaps or duplication.

  • Control design and documentation: Control goals are not sharp, controls too generic or only "on paper." Procedures, work instructions and evidence sources lack consistency.

  • Evidence quality and population completeness: The auditor cannot determine population completeness or evidence is not timely, authentic or traceable.

  • IT general controls and IAM: Access management, change management, backups and logging are often the weakest link.

  • Continuity over the entire period and dealing with exceptions: Type II requires operation throughout the period. Incidents and control gaps are detected late or not properly remediated and reported.

Our ISAE 3402 services

Despite several of our colleagues having been responsible for providing external ISAE 3402 assurance statements to organizations in the past, we do not provide external assurance from ARC People. Instead, we primarily assist in upgrading existing frameworks and controls. Or we take on the execution of periodic ISAE audits and/or communication with the external reviewer. Specifically, this results in the following pallet of services:

  • Together with you, we determine the appropriate ISAE 3402 scope, so that the ISAE 3402 audit will assess all relevant processes and controls.
  • Implementation of your ISAE controls. Whether Type I (the design and implementation of controls) or Type II (operational effectiveness over a period of time).
  • Support towards ISAE 3402 Compliance, giving you assurance that your internal controls are going to meet the ISAE 3402 standard.
  • Delivering an ISAE 3402 Report that is clear and transparent to your stakeholders.
  • Communication with the external reviewer, to clarify shared expectations and ward off any unnecessary questions.
  • Employing data analysis techniques or automating evidence gathering to achieve greater efficiency.
  • Understanding (the real meaning of) ISAE reports you get from your suppliers.

Why choose ARC People?

At ARC People, we have years of experience in conducting ISAE 3402 audits and supporting organizations in improving their internal controls. On an interim basis or on a more continuous basis. Our expert auditors have in-depth knowledge of the ISAE 3402 standard and are dedicated to providing high-quality services that meet your specific needs.

Topics Risk services

More information on this topic

Are you interested in learning more about this topic? If so, please contact me or one of my colleagues. We are ready to answer your questions and help you further.

Our expert team, with years of experience, is ready to support you and offer personalized advice tailored to your specific situation. We strive to respond to your inquiries as quickly as possible so that you are always helped quickly.

Get in touch
Roy van Buuren

Roy van Buuren

Senior Manager of IT Audit & Risk

06-42095266

Sander Willems

Sander Willems

Senior Manager of Risk & Compliance

06-39081688

Contact form

Phone: 085-2733025

E-mail: info@arcpeople.nl

Address:
Julianalaan 15
1213 AP Hilversum