Conclusion | ISAE 3402

“Conclude Accountants / Risklane helped us extremely well with the implementation. This was a tough job since later on in the process a fourth Conclusion company joined the already participating three Conclusion companies. The companies provided more or less the same type of services, but with quite a few differences between them. The young and enthusiastic consultants thought along with us and developed, in close cooperation and pragmatically, a one-size-fits-all control framework. Every year, we are tested in two test periods to see if we are doing what is described in the control framework. These intensive periods can only be passed successfully by working well together and Risklane succeeded to do this.”

– Stefan Hendriks, Manager Quality at Conclusion Future IT

Summary

Conclusion is an ecosystem which consist of independently operating businesses with each their own unique knowledge and expertise, customers, delivery partners, technology vendors and ventures. Without any exceptions the businesses are focused on technology driven solutions, but also on organization and people. On continuous basis Conclusion initiates, facilitates, develops, maintains and innovates because the demands and needs of the customers and the world are changing constantly.

Conclusion wants to be the best IT service provider in the Netherlands; to be seen as partner, service provider and innovator and positively known for their services.

Challenge

During the process of the ISAE 3402 implementation, multiple operating businesses were included in the scope of the ISAE 3402 report. The biggest challenge of this extensive scope was that processes and procedures had to be aligned and all employees from the multiple operating businesses had to work in accordance with these processes and procedures. Due to the nature of the business, Conclusion employees are used to work with both internal applications as client applications. This created a challenge during the audit process, performed by Conclude Accountants, because extensive audit activities had to be performed in order to verify whether processes were performed in accordance with the internal control framework.

Solution

The ISAE 3402 was ultimately realised by effective cooperation between Conclusion staff and Risklane Consultant and efficient project management. Several workshops and meetings with multiple teams of the operating businesses are held to identify risks, determine the impact and the existing working method, and accordingly align individual processes to a Conclusion control system.

The audit was performed focusing on minimizing business processes and optimizing the process as much as possible. By effective project management by Conclusion and guidance from Conclude, all identified challenged were mitigated in an effective way.

Results

Because of the cooperation between Conclusion and Risklane all operating businesses are currently working in accordance with the Conclusion Internal Control Framework. The ISAE 3402 reports serves as a guidelines for performing processes, the associated ISAE 3402 statement provides assurance over these processes to customers of Conclusion.

Share this blog

July 16, 2024

Detecting and bypassing anti-Adversary-in-the-Middle (AitM) tokens Within the Advanced Red...

    July 15, 2024

    What is XXE (XML eXternal Entity) injection? A lot of...

      July 5, 2024

      Is the local administrator’s password reused in your environment? The...