Menu Close

Case Study

Control Assurance Audit (ISAE3402 Type II) for Asset Management Organisation

The client

Channel Islands Asset Management Organisation

The work

Our Client has offices in the Channel Islands and mainland UK and had received requests from both current and potential investors to detail its internal control framework.

This documentation had to take the form of a Service Organisation Control (SOC) report.

Following discussion, it was agreed that the SOC report that provided a best fit for the client’s requirements was an ISAE 3402 Type II report (International Standards for Assurance Engagements No. 3402).

A Type II report describes the service organisation’s controls in addition to detailed testing to determine the operating effectiveness of the service organisation’s controls over a minimum six-month period.

How we helped

We held a workshop with Client stakeholders to discuss the different types of SOC reports and to propose the most appropriate (being ISAE 3402) based on the understanding of the business and its detailed requirements.

We then assisted the Client in documenting its ‘System’ to highlight the processes, policies, procedures and operational activities that supported the core activities relevant to user entities (e.g. their customers) as required in an ISAE 3402 report.

Following the Client attesting to the now completed accurate documentation for its System, we tested specific controls to determine the System’s overall operating effectiveness and documented this in a report, adhering to the requirements of ISAE 3402 reporting standards.

Value added

We successfully navigated the Client through the complex matrix of assurance reports explaining the benefits and best fit for different types of organisations.

The provision of the correct type of report and our assistance in clearly documenting the System for the Client, meant that it was able to provide the report to its investors in order to clearly demonstrate the controls in place within the business and, additionally, that those controls had been operating effectively for the previous six-month period. This enabled the Client’s investors to have comfort that there was a robust control framework in place.

Customer reviews

What our clients say

Get in touch

If you would like to talk about your risk management requirements, submit your details and one of our consultants will be in touch.