Issues in ISAE 3402 reports

Many enterprises outsource a portion of their operations, including information systems, to service enterprises.

Risk Management

ISAE 3000

ISAE3000 provides quidance for auditors for providing assurance under a specific framework, which is not a framework for annual reporting. This implies that an engagement conducted under ISAE3402 also is required to be in accordance with the regulations included in ISAE3000.

ISAE 3402 and ISO 27001

What are the differences between ISAE 3402 and ISO 27001? ISO 27001 is a security standard that includes guidelines for the information protection of an organization. On the other hand, ISAE 3402 is an audit standard to report on outsourced activities.

ISAE 3402, IT and SOx 404

On this page the requirements of the PCAOB AS 5 standard to satisfy sections 302 and 404 of the Sarbanes-Oxley Act (2002). The focus of the chapter is on the information technology (IT) implications of the audit of SOx compliance. It is important to understand these requirements and their relevance to designing and implementing internal controls.

Application controls and ISAE 3402

Application controls refer to controls over the processing of transactions and data within an application and are, therefore, specific to each application. The objectives of application controls, which may be manual or automated, are to ensure the accuracy, integrity, reliability and confidentiality of the records and the validity of the entries made therein, resulting from both manual and programmed processing.

Organizations are highly dependent on automated processing of information by a host of applications that are the foundation for the preparation of financial statements.

ISAE 3402, COSO and COBiT 5

The Role of the COSO Framework and the Relationship to ISAE 3402