Independent auditors from AuditConnect visited our office for a multi-day audit to renew our ISAE 3402 Type II report. MIcompany passed the audit with flying colours once more, the auditor did not report any deviations in the controls. Furthermore, all employees passed the internal exam in April.
As a service organisation, we recognise the importance of being compliant and of having internal control measures to mitigate risks. We have set up and implemented these control measures and we execute them continuously. Each year, we compose a Service Organisation Report (SOC) which is checked by an independent auditor using the ISAE 3402 assurance standard. The scope of an ISAE 3402 report consists of controls over information technology and operational processes which impact the finance of an organisation. For a Type II report, the external auditor does not only report on the suitability of the design of the controls, but also on the operating effectiveness during a predefined period.
The report concerns our internal control measures which are relevant to the internal control of the entities that make use of the report, with relation to their financial reporting. The auditor concluded that the report offers assurance that our internal control measures have been set up properly, and they have been implemented correctly during 2018: not a single deviation was reported. The report is available upon request for our clients and their accountants.
Furthermore, to make sure all employees are up to date with compliance policies, we train and test all employees each year by organising a compliance exam. In this exam, compliance-related steps in a project are tested. Lastly, we have a yearly internal audit during summer. In the internal audit, two employees test internal processes and a sample of projects on compliance.