Dans le domaine des risques et de l’externalisation (outsourcing) de services, la norme SAS 70 a fait sa place, mais c’est dorénavant l’ISAE 3402 qui se profile comme le standard de référence pour apprécier les prestations de tiers.
Déléguer une activité ne signifie aucunement en transférer sa responsabilité. Au contraire et ces rapports apportent une réponse formelle en terme d’assurance de la qualité du système de contrôle interne (SCI) mis en place pour l’activité déléguée.
Voici quelque références qui vous permettront de mieux comprendre les contours de ce nouveau standard et ses différences par rapport au SAS 70.
Du cabinet d’audit PWC :
The International Auditing and Assurance Standards Board (IAASB), an independent standard-setting board, has addressed several of these issues by proposing a new standard focused on enhancing auditors’ consideration of internal controls at service organisations. The proposed International Standard on Assurance Engagements (ISAE) 3402, Assurance Reports on Controls at a Service Organisation, is a subject matterspecific standard developed under the IAASB’s International Framework for Assurance Engagements. The proposed ISAE 3402 standard is not intended to replace the country specific standards, but rather provide a reporting option for service organisations to address the challenges previously described.
via Goodbye SAS 70 Hello ISAE 3402?
Du cabinet d’audit Ernst&Young:
What changes does ISAE 3402 bring ?
The biggest change requires service organisation management to publicly sign-off that controls have been operating effectively for the period coveed by the report.
ISAE 3402 considers that this sign-off requires additional activities by the service organisation, including:
- A fuller description of the processes and controls they operate for users.
- A risk analysis of those processes, so management can attest that the controls address these risks sufficiently.
- Management has undertaken sufficient work to assess whether controls have operated effectively.
via New gold standard to change third party assurance
D’autres liens utiles ici :
- La norme INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (ISAE) 3402 (cache )
- le site de l’International Auditing and Assurance Standards Board (IAASB)
- un groupe LinkedIn pour l’ISAE 3402