Internal Controls Assurance & Compliance Attestations | Xcina Consulting

Internal Controls Assurance and Compliance Attestations

Deliver independent and credible assurance over internal controls to all your stakeholders.


Why are internal controls so important?

Demands from customers, management, and investors for more robust internal controls have increased dramatically over the last few years. The need to verify management assertions about the effectiveness of internal controls has further increased due to the number of accounting frauds, misrepresentation, and supplier breaches witnessed.

Xcina’s internal controls assurance services and frameworks provide an effective way to tell your customers and prospects how robust your organisation’s internal controls are, and consequently how trustworthy their information is.

Our internal control frameworks provide an efficient and independent way for organisations to provide assurance on the design and operating effectiveness of their internal controls to all stakeholders.

Our independent internal controls assurance activities, audits and assessments are geared to:

  • Provide you with independent and credible assurance over the design and operation of your internal controls. Firms that do not have these independent reports are consistently screened out of tender processes.
  • Help your organisation overcome the scepticism that is naturally associated with information provided by management as part of sales or compliance requirements. Trust and confidence are derived from having an independent party test the controls.
  • Reduce your administrative burden of responding to multiple requests for the same information from prospects, customers, and their advisors.
  • Mitigate the risk of inconsistent information provision to customers as they are all provided with the same standard report.
  • Differentiate your organisation’s service or product from competitors by providing more reassurance over the process and delivery. Providing independent assurance over outsourced processes and systems is a great marketing tool.
  • Allow your organisation to benefit from the significant skills and expertise of independent experts in evaluating the effectiveness of internal controls to achieve specified objectives.
  • Design and implement internal control systems across your organisation.


Gain confidence and clarity. Take the next step ...



Controls and Compliance Attestations Brochure




Independent Internal Control Assurance and Compliance Attestations Services


Controls Assurance

We support your organisation in the following areas:

  • Supporting First, Second and Third Lines of Business with their internal control assessments and audits.
  • International Standard on Assurance Engagements (ISAE) 3402 and Statement on Standards for Attestation Engagements (SSAE) 18 SOC 1 – organisations seeking to provide their customers with independent assurance over the design and operating effectiveness of internal controls over financial reporting (ICFR).
  • SSAE 18 SOC 2 – provide independent assurance about the organisation’s internal control compliance with the AICPA’s Trust Service Criteria (TSC) – Security, Availability, Processing Integrity, Confidentiality and Privacy. Only the Security criteria is mandatory.
  • Sarbanes Oxley (SOX) – for US public companies and their directors who are required by the Sarbanes -Oxley Act of 2002 to implement certain practices in financial record keeping, internal control and reporting.
  • Audit and Assurance Faculty (AAF) 01/20 – developed by the Institute of Chartered Accountants in England and Wales (ICAEW) these reports provide assurance on the internal controls within service organisations. This release is similar to the ISAE 3402 and the SSAE 18 standards.
  • Risk and Control Self Assessment (RCSA) – we’ll assess and examine your organisation’s operational risks and will provide reasonable assurance that all your business objectives will be met.

Increasing assurance and confidence with controls assurance consulting

  • Our expertise in ISAE3042 / SSAE 18 SOC1 and SOC 2 engagements enables an accurate scoping of the work ensuring an efficient process.
  • Our integrated teams are comprised of experts in finance, operations and technology, ensuring a more efficient interaction with clients; we speak the same language.
  • Our experience with third-party management programmes ensures a focus on delivering the assurance that matters to your management, customers, and investors.
  • Our flexible approach means that we can work to your individual circumstances – timelines, maturity of existing controls, improvement requirements and customer requirements.
  • Our flexible pricing means that we can provide you with a fixed cost quote for any component of the process including scoping, readiness assessment/gap analysis, remediation and the independent audit report.
Controls Assurance

How Xcina’s Internal Control Consultancy can help your business

Controls Assurance

  • Our focus on risk management services ensures we are not conflicted and can concentrate on achieving your specific requirements.
  • We understand the commercial and regulatory drivers for providing assurance to internal and external stakeholders.
  • We have deep industry expertise and experience in taking organisations from a standing start to achieving compliance in a sustainable and pragmatic manner.
  • We operate across the entire delivery spectrum – from developing business cases, defining the scope, developing a project plan, undertaking remediation, testing, documenting the results, and issuing independent auditors’ reports.
  • Our top-down, risk-based approach enables a cost-effective implementation and execution of the engagement. Our focus on key risks and controls impacting objectives rationalises effort and ensures a sustainable process.

What our clients say

Xcina have been supporting us for a few years in successfully meeting our requirement for independent Controls and Compliance attestations. Xcina have always taken a pragmatic and collaborative perspective, which has been a refreshing change from the approach adopted by some auditors, where it feels as though the auditors are working through a pre-defined checklist with little appreciation of the relative importance of the controls themselves. As our company has grown, and our customers have become larger, we have experienced a big increase in the number of Requests for Proposals (RFP’s), Security Questionnaires, Requests from Customers Auditors which all ask for evidence that we have an effective control framework. The work with Xcina has been essential in enabling us to respond to these requests. It has also improved our Control Environment, providing a framework and foundation for growth.

Ian Maddison-Roberts, VP Operations, Kimble

Discover how we have supported organisations like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>