Assurance services for service organizations (ISAE, SSAE, SOC2, SOC3)
Assurance services for service organizations
Assurance on the internal control environment increases the level of confidence in the reliability of the service provider's processes.
Assurance on the internal control environment increases the level of confidence
KPMG provides assurance services using ISAE 3000, ISAE 3402, SSAE 16 along with Trust Services Principles and Criteria established by the Assurance Services Executive Committee (ASEC) of the AICPA. In the context of ISAE standard been officially acknowledged in Russia, an actual issue of qualitative ISAE audit arise for Russian companies.
KPMG has a long-standing hands-on experience in assurance tests regarding service organizations controls, including IT services providers. Organizations are increasingly adverting to outsourcing services to support key business processes in order to focus on the crucial objectives, reduce costs and quickly implement new application functionality. With respect to the increasing level of global competition, new threats, regulatory requirements, management responsibility for the outsourced processes, organizations are increasingly focusing on monitoring and managing risks associated with the relationship with their external suppliers.
The evolution of outsourcing models introduced new standards for reporting on service organization controls (SOC1, SOC2, SOC3), designed to meet the requirements of outsourcing services consumers on the information reliability.
SOC reporting can improve the position of a service organization on the market and attract new customers by increasing confidence in the effectiveness of internal controls on the side of the service organization, transparency and reliability of outsourced processes. SOC-certification reduces the number and scope of internal and external audit from their clients. In addition, the report on the internal control environment of the service provider is a requirement of the majority of large companies.