You can outsource your IT, for example, to try to achieve higher efficiency and cost reduction. In outsourcing, contractual agreements are made and recorded in Service Level Agreements (SLAs). In an SLA, your provider and you define the agreements on a service or product, and you agree on the performance indicators and quality standards, in order to test these later.
If you want more assurance on the internal controls of the service provider, an SSAE 16 audit can be conducted. In an SSAE 16, the internal controls of the service are audited by an independent IT auditor, and the judgment is communicated to you.
The SSAE 16 standard is the American successor of the SAS70 statement and is prepared based on the ISAE 3402. There is more emphasis on risk identification and management compared to the SAS 70 statement. Parties who operate under the rules of the pan-European audit firm IFAC are mainly held to the ISAE 3402, whereas parties affiliated with the American audit firm AICPA, are held to the SSAE 16.
There are two types of investigation:
We have years of substantial experience in conducting SSAE 16 and ISAE 3402 Audits.