ISAE 3402 (International Standard on Assurance Engagements) / SSAE 18 (Statement on Standards for Attestation Engagements) an independent assessment report as per the ISAE 3402/ SSAE 18 provides the confidence on control procedures, adequacy and reasonable assurance of our service delivery and information security, data privacy related controls. SSAE 18 is relevant for the US market while ISAE 3402 is relevant for the rest of the world. The assessment report illustrates the positive effects of properly functioning and articulated control environment to an organization’s senior management and our clients.
Outsourcing companies (Expleo clients) are looking for third-party assurance to provide their clients (Expleo) with comfort about their internal control environment. Replacing SAS 70, ISAE 3402 / SSAE 18 standards remain the most widely employed approach to demonstrate third-party assurance, providing coverage to users of outsourced services. The SSAE 18 “attestation” standard and the ISAE 3402 “assurance” standard essentially share a common framework derived from the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), which put forth SSAE 18, and the International Auditing and Assurance Standards Board (IAASB) of The International Federation of Accountants (IFAC), which put forth ISAE 3402. This common framework between SSAE 18 and ISAE 3402 is one that represents a migration, adoption, and ultimately, an acceptance of globally accepted accounting standards, such as those of the International Financial Reporting Standards (IFRS), which are essentially the standards, interpretations and framework adopted by the International Accounting Standards Board (IASB).
Internal process audit team carries out regular process audits on compliance to the established process, customer service delivery fulfilment and Information Security controls. Over and above external auditors carry out periodical assessment as part of the aforesaid certifications. These are very much essential to ensure that the organizational processes are in conformity with those committed to the customers in terms of the customer agreements as well.