Internal Controls Assurance & Compliance Attestations | Xcina Consulting

Controls and Compliance Attestations

Delivering independent and credible assurance over internal controls to all stakeholders.


How robust are your organisation’s internal controls?

Demands from customers, management, and investors for more robust internal controls have increased dramatically over the last few years. The need to verify management assertions about the effectiveness of internal controls has further increased due to the number of accounting frauds, misrepresentation, and supplier breaches witnessed.

Xcina’s internal controls assurance services provide an effective way to tell customers and prospects how robust the organisation’s internal controls are, and consequently how trustworthy their information is.

Our controls assurance services provide an efficient and independent way for organisations to provide assurance on the design and operating effectiveness of their internal controls to all stakeholders.

Our independent internal controls assurance activities are geared to:

  • Providing independent and credible assurance over the design and operation of internal controls. Firms that do not have these independent reports are consistently screened out of tender processes.
  • Overcoming the scepticism that is naturally associated with information provided by management as part of sales or compliance requirements. Trust and confidence are derived from having an independent party test the controls.
  • Reducing the administrative burden of responding to multiple requests for the same information from prospects, customers, and their advisors.
  • Mitigating the risk of inconsistent information provision to customers as they are all provided with the same standard report.
  • Differentiating the organisation’s service or product from competitors by providing more reassurance over the process and delivery. Providing independent assurance over outsourced processes and systems is a great marketing tool.
  • Benefiting from the significant skills and expertise of independent experts in evaluating the effectiveness of internal controls to achieve specified objectives.
  • Designing and implementing internal controls across the organisation.


Gain confidence and clarity. Take the next step ...



Controls and Compliance Attestations Brochure




Independent internal control assurance services


Controls Assurance

We support your organisation in the following areas:

  • Supporting First, Second and Third Lines of business with their internal control assessments.
  • International Standard on Assurance Engagements (ISAE) 3402 and Statement on Standards for Attestation Engagements (SSAE) 18 SOC 1 – organisations seeking to provide their customers with independent assurance over the design and operating effectiveness of internal controls over financial reporting (ICFR).
  • SSAE 18 SOC 2 – provide independent assurance about the organisation’s internal control compliance with the AICPA’s Trust Service Criteria (TSC) – Security, Availability, Processing Integrity, Confidentiality and Privacy. Only the Security criteria is mandatory.
  • Sarbanes Oxley (SOX) – for US public companies and their directors who are required by the Sarbanes -Oxley Act of 2002 to implement certain practices in financial record keeping, internal control and reporting.
  • Audit and Assurance Faculty (AAF) 01/20 – developed by the Institute of Chartered Accountants in England and Wales (ICAEW) these reports provide assurance on the internal controls within service organisations. This release is similar to the ISAE 3402 and the SSAE 18 standards.

Increasing assurance and confidence with controls assurance consulting

  • Our expertise in ISAE3042 / SSAE 18 SOC1 and SOC 2 engagements enables an accurate scoping of the work ensuring an efficient process.
  • Our integrated teams are comprised of experts in finance, operations and technology, ensuring a more efficient interaction with clients; we speak the same language.
  • Our experience with third party management programmes ensures a focus on delivering the assurance that matters to management, customers, and investors.
  • Our flexible approach means that we can work to your individual circumstances – timelines, maturity of existing controls, improvement requirements and customer requirements.
  • Our flexible pricing means that we can provide you a fixed cost quote for any component of the process including scoping, readiness assessment/gap analysis, remediation and the independent audit report.
Controls Assurance

How Xcina Consulting can help your business

Controls Assurance

  • Our focus on risk management services ensures we are not conflicted and can concentrate on achieving your specific requirements.
  • We understand the commercial and regulatory drivers for providing assurance to internal and external stakeholders.
  • We have deep industry expertise and experience of taking organisations from a standing start to achieving compliance in a sustainable and pragmatic manner.
  • We operate across the entire delivery spectrum – from developing business cases, defining the scope, developing a project plan, undertaking remediation, testing, documenting the results, and issuing the independent auditors report.
  • Our top down, risk-based approach enables a cost effective implementation and execution of the engagement. Our focus on key risks and controls impacting objectives rationalises effort and ensures a sustainable process.

What our clients say

Xcina have been supporting us for a few years in successfully meeting our requirement for independent Controls and Compliance attestations. Xcina have always taken a pragmatic and collaborative perspective, which has been a refreshing change from the approach adopted by some auditors, where it feels as though the auditors are working through a pre-defined checklist with little appreciation of the relative importance of the controls themselves. As our company has grown, and our customers have become larger, we have experienced a big increase in the number of Requests for Proposals (RFP’s), Security Questionnaires, Requests from Customers Auditors which all ask for evidence that we have an effective control framework. The work with Xcina has been essential in enabling us to respond to these requests. It has also improved our Control Environment, providing a framework and foundation for growth.

Ian Maddison-Roberts, VP Operations, Kimble

Discover how we have supported organisations like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>