MIcompany renews ISAE 3402 Type II report with no deviations noted

Independent auditors from AuditConnect visited our office for a multi-day audit to renew our ISAE 3402 Type II report. MIcompany passed the audit with flying colours once more, the auditor did not report any deviations in the controls. Furthermore, all employees passed the internal exam in April.

As a service organisation, we recognise the importance of being compliant and of having internal control measures to mitigate risks. We have set up and implemented these control measures and we execute them continuously. Each year, we compose a Service Organisation Report (SOC) which is checked by an independent auditor using the ISAE 3402 assurance standard. The scope of an ISAE 3402 report consists of controls over information technology and operational processes which impact the finance of an organisation. For a Type II report, the external auditor does not only report on the suitability of the design of the controls, but also on the operating effectiveness during a predefined period.


The report concerns our internal control measures which are relevant to the internal control of the entities that make use of the report, with relation to their financial reporting. The auditor concluded that the report offers assurance that our internal control measures have been set up properly, and they have been implemented correctly during 2018: not a single deviation was reported. The report is available upon request for our clients and their accountants.


Furthermore, to make sure all employees are up to date with compliance policies, we train and test all employees each year by organising a compliance exam. In this exam, compliance-related steps in a project are tested. Lastly, we have a yearly internal audit during summer. In the internal audit, two employees test internal processes and a sample of projects on compliance.


AI quick scan

Test how your company is performing on developing and implementing AI solutions and platform capabilities:


1.My organisation communicates a clear end-state vision on how AI can transform our business
2.AI initiatives are aligned with the strategic goals of my organisation
3.My organisation has a roadmap that focuses data analytics efforts on large scale business opportunities
4.My organisation succesfully builds high potential proof of concepts with AI
5.AI use cases are developed end-to-end from data to algorithm to an application, such that users can interact with the algorithm
6.AI use cases are automated and operationalized in a production environment
7.AI use cases are fully adopted by the business, without unintended retreat to own judgement
8.AI use cases change the business process fundamentally if adopted
9.AI use case MVP's are continuously being improved, leaving MVP state
10.My organisation succesfully scales impact of AI use cases
11.There is an infrastructure in place for users to approach (a selection of) data
12.There is a possibility to develop models, for example in sandbox like environments
13.Algorithms are operationalized and automatically predict on new data
14.Your organisation has deployed one ore more experiments with modern, for example cloud-based, infrastructure
15.AI platform standards are set and managed
16.Clarity exists on target infrastructure for new solutions
17.Existence of legacy is accepted as a given, but migrations and dependencies are managed with a impact driven mindset
18.AI solutions are in production on scalable modern infrastructure
19.There are standardized operational processes to develop, deploy and maintain models (model management) in modern infrastructure.
20.Users enjoy flexibility to access any data and use it to build solutions with diverse requirements, while still maintaining certain standards managed centrally