Compliance Services
ISAE 3402 Reports International Stakeholders Trust
When your clients and their auditors operate across borders, they need assurance reports issued under internationally recognized standards. ISAE 3402 Type I and Type II reports from a dual US-Swiss firm, delivered with the rigor and credibility that global stakeholders expect.
What Is an ISAE 3402 Report?
ISAE 3402 is the international standard issued by the International Auditing and Assurance Standards Board (IAASB) for assurance reports on controls at a service organization. It is the global equivalent of the US SSAE 18 standard that underpins SOC 1 reports.
ISAE 3402 reports are essential for service organizations whose clients or their auditors operate under International Standards on Auditing (ISAs). They provide independent assurance that your controls over financial reporting processes are suitably designed and operating effectively.
Auditsuisse is a US CPA firm with Swiss operations, uniquely positioned to deliver ISAE 3402 reports that satisfy both international and US stakeholders. Our dual-jurisdiction presence means your report carries credibility whether your clients are in Zurich, London, or New York.
What's Included
Comprehensive ISAE 3402 Engagement
Control Environment Assessment
Thorough evaluation of your internal control environment, including IT general controls and business process controls relevant to your clients' financial reporting.
Control Objective Evaluation
Detailed evaluation of each control objective and related controls to verify they are suitably designed and, for Type II reports, operating effectively over the reporting period.
Type I & Type II Reports
Formal ISAE 3402 assurance report — Type I for design effectiveness at a point in time, or Type II for both design and operating effectiveness over a period.
Management Statement Guidance
Support in preparing accurate management statements and system descriptions that meet ISAE 3402 requirements and international auditing expectations.
Complementary Controls Documentation
Clear documentation of complementary user entity controls that your clients' auditors need to complete their own audit procedures.
Subservice Organization Approach
Expert guidance on the inclusive and carve-out methods for subservice organizations within your control environment, aligned with ISAE 3402 requirements.
Our Process
From Planning to Report Delivery
Scoping
Define control objectives, identify in-scope systems and processes, and establish the report type and reporting period with your team.
Preparation
Review system descriptions, assess control design against ISAE 3402 requirements, and identify any gaps requiring remediation before fieldwork.
Examination
Perform detailed testing of controls through inquiry, observation, inspection, and re-performance procedures aligned with international auditing standards.
Reporting
Issue the final ISAE 3402 assurance report with our practitioner's opinion, management letter, and recommendations for ongoing compliance.
Frequently Asked Questions
What is ISAE 3402?
ISAE 3402 is an international assurance standard for reporting on controls at service organizations. It is the international equivalent of SSAE 18 (SOC 1) and provides assurance to user entities and their auditors that a service organization has effective controls relevant to financial reporting. ISAE 3402 reports are widely recognized across Europe, Asia-Pacific, and other international markets.
What is the difference between ISAE 3402 and SOC 1?
Both ISAE 3402 and SOC 1 (SSAE 18) address controls at service organizations relevant to financial reporting, but they follow different standards bodies. SOC 1 follows AICPA standards and is primarily used in the United States, while ISAE 3402 follows IAASB standards and is recognized internationally. Many organizations obtain both reports to satisfy stakeholders across jurisdictions.
Do I need both ISAE 3402 and SOC 1?
If your organization serves both US and international clients, obtaining both reports is often advisable. US-based auditors typically require SOC 1 reports, while European and international auditors prefer ISAE 3402. Auditsuisse can conduct a single audit engagement that produces both reports simultaneously, reducing cost and effort.
Get Started
Ready for Your ISAE 3402 Report?
Our dual US-Swiss team delivers ISAE 3402 reports that satisfy auditors and regulators across jurisdictions, with the precision and efficiency of a focused specialist firm.