Third Party Reporting - Standards and Guidelines |
|
|
|
Page 2 of 3
There are some significant Third Party Reporting applicable standards, procedures and guidelines used for attestation or assurance audits or reviews, and it includes:
- ISACA - Information Systems Audit and Control Association - Standards;
- IAASB - International Auditing and Assurance Standards Board:
- ISAE 3000 - Assurance Engagements Other Than Audits or Reviews of Historical Financial Information;
- ISAE 3402 - SAS 70 Examinations, CICA 5970 - Service Organization Reports, for outsourced services.
- IFAC - International Federation of Accountants - ISRS 4400 - Engagements to Perform Agreed Upon Procedures Regarding Financial Information;
- ISACA - ITAF - Information Technology Assurance Framework;
- ISACA - IT AUDIT AND ASSURANCE GUIDELINE - Guideline G20 Reporting;
- ISO/IEC - Series - 27001 (17799), 9001, 15408, 14001...most notable:
- 27001 - Information technology, Security techniques, Information security management systems, Requirements;
- 9001 - Quality Management System;
- 15408 - The Common Criteria for Information Technology Security Evaluation;
- PCI-DSS - PCI Security Standards Council - Data Security Standard for payment card systems;
- COBIT / ITGI (IT Governance Institute) - Framework for IT Governance and Control:
- AICPA - American Institute of Certified Public Accountants
- SSAE - Statements on Standards for Attestation Engagements, SSAE No. 10, 11 - designated to issue pronouncements on attestation matters;
- SOC (Service Organization Control) 1, 2, 3 - internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service;
- SysTrust, WebTrust (focuses on risk areas related to e-commerce activities).
|