ISAE 3402

It supersedes SAS 70. and puts more emphasis on procedures for the ongoing monitoring and evaluation of controls.

[2] An ISAE 3402 attestation including an audit report is regarded as a quality criterion for service providers that distinguishes them from competitors.

[3] It also pays for a customer to contract with a service provider that holds an ISAE 3402 attestation: the auditor of the customer can rely on the attestation of the service organization, resulting in a reduced necessary audit budget.

It is also known as "Internal Control Framework over Financial Reporting" (ICFR)[citation needed].

In order to be able to read and understand an ISAE 3402 report, some core terms are essential: