Xcina Case Study

Controls Assurance Audit (ISAE 3402 Type I and II) for Payroll Bureau

The client

A subsidiary of a global consulting firm which is a payroll solutions provider for United Kingdom and overseas based organisations. Key payroll services provided by the Client includes fully outsourced payroll management service, payroll processing and payroll payment services.

The work

The Client engaged us to undertake a first year International Standard on Assurance Engagements (ISAE) 3402 Type 1 audit to provide assurance to its clients over the controls operated within the service. The controls encompassed the payroll services provided to various clients across the different payroll services, industry groups and jurisdictions.

How we helped

Our experienced business risk and information security consultants invested the time to develop an intimate knowledge of the Client’s business, ensuring that they understood the operating model and key risks within the service. We reviewed the service risk assessment and relevant control objectives ensuring that these addressed key financial control considerations for their clients. We identified the suite of key controls in place across the payroll services relevant for each control objective and planned and executed our audit in accordance with the ISAE 3402 standard covering both business and Information Technology controls. We discussed our findings throughout the audit ensuring that the Client was aware of all matters that could impact the final report and the reasons for that assessment as these were identified. We made sure that the client understood the rationale for all the control exceptions identified in the audit report.

Value added

As a first year ISAE 3402 audit we provided relevant guidance to management ensuring that they understood the requirements of the Standard. Our experience of similar services enabled us to efficiently identify key control gaps and short-comings in the design of some key controls. We provided management with useful recommendations for the resolution of the identified exceptions. We developed a control assessment framework for the ongoing maintenance and oversight of key controls for the Client that will assist in ensuring they are prepared for the next audit.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>