Controls Assurance Audit (ISAE 3402 Type I and II) for Payroll Bureau
A subsidiary of a global consulting firm which is a payroll solutions provider for United Kingdom and overseas based organisations. Key payroll services provided by the Client includes fully outsourced payroll management service, payroll processing and payroll payment services.
The Client engaged us to undertake a first year International Standard on Assurance Engagements (ISAE) 3402 Type 1 audit to provide assurance to its clients over the controls operated within the service. The controls encompassed the payroll services provided to various clients across the different payroll services, industry groups and jurisdictions.
How we helped
Our experienced business risk and information security consultants invested the time to develop an intimate knowledge of the Client’s business, ensuring that they understood the operating model and key risks within the service. We reviewed the service risk assessment and relevant control objectives ensuring that these addressed key financial
control considerations for their clients. We identified the suite of key controls in place across the payroll services relevant for each control objective and planned and executed our audit in accordance with the ISAE 3402 standard covering both business and Information Technology controls. We discussed our findings throughout the audit ensuring that the Client was aware of all matters that could impact the final report and the reasons for that assessment as these were identified. We made sure that the client understood the rationale for all the control exceptions identified in the audit report.
As a first year ISAE 3402 audit we provided relevant guidance to management ensuring that they understood the requirements of the Standard. Our experience of similar services enabled us to efficiently identify key control gaps and short-comings in the design of some key controls. We provided management with useful recommendations for the resolution of the identified exceptions. We developed a control assessment framework for the ongoing maintenance and oversight of key
controls for the Client that will assist in ensuring they are prepared for the next audit.