Understanding SOC & ISAE reporting
Outsourcing tasks or entire functions to third-party providers allows many companies to operate more efficiently. However, it is crucial for these providers to maintain a strong system of internal controls. Outsourced providers generally provide their clients with assurance through independent third-party audit reports such as ISAE 3402 / SOC 1 or SOC 2. These reports are increasingly required as a prerequisite for engagement and not only fulfil customer requirements but also help attract new business.
Such assurance is especially important in sectors like payroll, pension administration, investment management, fund administration, IT services, software provision, finance servicing, and financial transaction processing.
There are several types of assurance reports available, and we can help you choose the right one for your business:
SOC 1 & ISAE 3402: An assurance report that focuses on a service organisation’s system of internal controls relevant to financial reporting.
SOC 2: An assurance report that covers non-financial reporting controls related to security, availability, processing integrity, confidentiality, and privacy.
Other third-party assurance reports: Assurance reports to meet specific industry or customer requirements, such as, SOC3, SOC for Supply Chain, SOC for Cybersecurity, ISAE 3000, ISAE 3410, Agreed upon procedures (AUP), SOC 2+ reports for applicable industry standards.
As your independent auditor, we can demonstrate to your clients that you have effective controls in place. As your assurance partner, we provide smart, strategic guidance throughout the entire assurance process – from scoping to final audit.
If you require expert support and guidance for your third-party assurance reporting needs, please get in touch with Maria Gannon, Head of Third Party Assurance and Risk Management.
The European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) have issued a discussion paper examining the potential review of the Investment Firms Regulation (IFR) and Investment Firms Directive (IFD), which sets capital and risk management requirements for investment firms in the European Union.
After several years in development, the newly crafted AI Act has entered into force following its publication in the Official Journal of the European Union. Designed to regulate artificial intelligence (AI), it aims to create better conditions for its innovation and application. The act is part of the EU Digital Regulation package, which includes other significant regulations such as the General Data...
Stay informed on the latest industry updates with the Forvis Mazars financial services newsletter. Designed for professionals and those passionate about the sector, we provide relevant news, insights on regulatory priorities and expert predictions for future developments.
Build technological resilience so you can operate with confidence
Helping you create a resilient framework and culture that keeps you a step ahead of uncertainty
Effective oversight and assurance for your extended enterprise
Build trust with a robust approach to technology, processes and controls
Protect your strategic vision through a dynamic approach to internal audit
Embed a risk management culture into your business strategy
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.