Tag: ISAE 3402

Real Capital | ISAE 3402

Real Capital | ISAE 3402

“Although we were under the assumption that processes had been properly and completely arranged, points still emerged that needed to be added in the context of ISAE 3402. Risklane has made several suggestions that could be directly implemented in existing processes, with which the ISAE 3402 statement could still be obtained. The practical approach and the extent to which they can make suggestions by all the companies they supervise have resulted in us being able to add extra value to our processes quickly and easily.”
– Lennard Hoekstra, Partner Valuations

“Through the implementation of ISAE 3402, Spring Real Estate has further professionalised internal procedures, so that valuations are demonstrably carried out by the highest quality requirements. Improvement initiatives identified by the Risklane team during the implementation have been followed up by Spring Real Estate in a pragmatic and adequate manner ”
– Koen van der Aa, Associate Manager Risklane

Summary

Spring Real Estate has grown into a national real estate consultancy organization since its foundation in 2011. Spring Real Estate advises tenants and investors of commercial real estate on transactions and valuations. The services consist of Agency (offices, industrial spaces, retail), Capital Markets (commercial and residential), Management, MidCap Investments, Valuations, Media, and Online Lead Generation. Research and knowledge form the basis of their advice. In the coming years, they will focus on expanding their services to all important economic regions in the Netherlands to provide their clients with optimal advice.

Together with Risklane, Spring Real Estate took up the challenge to implement ISAE 3402 in the organization to identify and minimize risks.

Challenge

Implementing the control framework allows Spring Real Estate the opportunity to demonstrate that they carry out valuations based on the applicable requirements according to the NRVT guidelines. The NRVT guidelines provide a formal framework with rules that cannot be deviated from by registered appraisers. Practical guidelines with practical recommendations were also provided which formed the basis of the implementation.

The biggest challenge was not so much implementing the control framework but making all control actions that were already taken within the organization measurable. In the interviews conducted by the Risklane team, it soon became clear that valuation procedures had already been set up in accordance with the NRVT guidelines but were insufficiently demonstrable. Spring has managed to realize this demonstrability in short term through a targeted implementation plan.

The cooperation between Risklane and Spring Real Estate went well and has led to a professional result: a successful implementation of ISAE 3402. Recently, Conclude Accountants has conducted the ISAE 3402 Type I audit which will be followed by an ISAE 3402 Type II audit in the second half of this year.

Solution & results

The ISAE 3402 implementation gives Spring Real Estate the ability to demonstrate that valuations are carried out in accordance with the NRVT guidelines and that risks within this process are minimized by using an effective and professional control framework.

Rebo Real Estate | ISAE 3402

Rebo Real Estate | ISAE 3402

“Although we were under the assumption that processes had been properly and completely arranged, points still emerged that needed to be added in the context of ISAE 3402.  Securance has made several suggestions that could be directly implemented in existing processes, with which the ISAE 3402 statement could still be obtained. The practical approach and the extent to which they can make suggestions by all the companies they supervise have resulted in us being able to add extra value to our processes quickly and easily.”
– Lennard Hoekstra, Partner Valuations

“Through the implementation of ISAE 3402, Spring Real Estate has further professionalised internal procedures, so that valuations are demonstrably carried out by the highest quality requirements. Improvement initiatives identified by the Risklane team during the implementation have been followed up by Spring Real Estate in a pragmatic and adequate manner ”
– Koen van der Aa, Associate Manager Securance.

Summary

Spring Real Estate has grown into a national real estate consultancy organization since its foundation in 2011. Spring Real Estate advises tenants and investors of commercial real estate on transactions and valuations. The services consist of Agency (offices, industrial spaces, retail), Capital Markets (commercial and residential), Management, MidCap Investments, Valuations, Media, and Online Lead Generation. Research and knowledge form the basis of their advice. In the coming years, they will focus on expanding their services to all important economic regions in the Netherlands to provide their clients with optimal advice.

Together with Securance, Spring Real Estate took up the challenge to implement ISAE 3402 in the organization to identify and minimize risks.

Challenge

Implementing the control framework allows Spring Real Estate the opportunity to demonstrate that they carry out valuations based on the applicable requirements according to the NRVT guidelines. The NRVT guidelines provide a formal framework with rules that cannot be deviated from by registered appraisers. Practical guidelines with practical recommendations were also provided which formed the basis of the implementation.

The biggest challenge was not so much implementing the control framework but making all control actions that were already taken within the organization measurable. In the interviews conducted by the Securance team, it soon became clear that valuation procedures had already been set up in accordance with the NRVT guidelines but were insufficiently demonstrable. Spring has managed to realize this demonstrability in short term through a targeted implementation plan.

The cooperation between Securance and Spring Real Estate went well and has led to a professional result: a successful implementation of ISAE 3402. Recently, Conclude Accountants has conducted the ISAE 3402 Type I audit which will be followed by an ISAE 3402 Type II audit in the second half of this year.

Solution & results

The ISAE 3402 implementation gives Spring Real Estate the ability to demonstrate that valuations are carried out in accordance with the NRVT guidelines and that risks within this process are minimized by using an effective and professional control framework.

Cushman & Wakefield | ISAE 3402

Cushman & Wakefield | ISAE 3402

“Although we were under the assumption that processes had been properly and completely arranged, points still emerged that needed to be added in the context of ISAE 3402. Risklane has made several suggestions that could be directly implemented in existing processes, with which the ISAE 3402 statement could still be obtained. The practical approach and the extent to which they can make suggestions by all the companies they supervise have resulted in us being able to add extra value to our processes quickly and easily.”
– Lennard Hoekstra, Partner Valuations

“Through the implementation of ISAE 3402, Spring Real Estate has further professionalised internal procedures, so that valuations are demonstrably carried out by the highest quality requirements. Improvement initiatives identified by the Risklane team during the implementation have been followed up by Spring Real Estate in a pragmatic and adequate manner ”
– Koen van der Aa, Associate Manager Risklane

Summary

Spring Real Estate has grown into a national real estate consultancy organization since its foundation in 2011. Spring Real Estate advises tenants and investors of commercial real estate on transactions and valuations. The services consist of Agency (offices, industrial spaces, retail), Capital Markets (commercial and residential), Management, MidCap Investments, Valuations, Media, and Online Lead Generation. Research and knowledge form the basis of their advice. In the coming years, they will focus on expanding their services to all important economic regions in the Netherlands to provide their clients with optimal advice.

Together with Risklane, Spring Real Estate took up the challenge to implement ISAE 3402 in the organization to identify and minimize risks.

Challenge

Implementing the control framework allows Spring Real Estate the opportunity to demonstrate that they carry out valuations based on the applicable requirements according to the NRVT guidelines. The NRVT guidelines provide a formal framework with rules that cannot be deviated from by registered appraisers. Practical guidelines with practical recommendations were also provided which formed the basis of the implementation.

The biggest challenge was not so much implementing the control framework but making all control actions that were already taken within the organization measurable. In the interviews conducted by the Risklane team, it soon became clear that valuation procedures had already been set up in accordance with the NRVT guidelines but were insufficiently demonstrable. Spring has managed to realize this demonstrability in short term through a targeted implementation plan.

The cooperation between Risklane and Spring Real Estate went well and has led to a professional result: a successful implementation of ISAE 3402. Recently, Conclude Accountants has conducted the ISAE 3402 Type I audit which will be followed by an ISAE 3402 Type II audit in the second half of this year.

Solution & results

The ISAE 3402 implementation gives Spring Real Estate the ability to demonstrate that valuations are carried out in accordance with the NRVT guidelines and that risks within this process are minimized by using an effective and professional control framework.

SOC 1 & SOC 2

SOC 1 & SOC 2

The primary and widely used term for service organizations reporting on third-party risks to user organizations is the Systems and Organization Control Report, often referred to as the SOC report. This term was introduced by the American Institute of Certified Public Accountants (AICPA) as a replacement for the SAS70 framework.

Previously, these were known as Service Organization Control reports. SOC encompasses a suite of reports that originated in the United States. ISAE 3402 is aligned with the US Statement on Standards for Attestation Engagements (SSAE) 18 US standard. An ISAE 3402 report delivers assurance on a service organization’s system description and the appropriateness of its control design and operational effectiveness as presented in a Service Auditor’s Report.

ISAE 3402 | SOC 1: In an ISAE 3402 | SOC 1 report, organizations establish their own control objectives and controls and align them with customer requirements. The scope of an ISAE 3402 report typically includes all operational and financial controls that impact financial statements, as well as IT General Controls (e.g., security management, physical and logical security, change management, incident management, and systems monitoring). In essence, if an organization hosts financial information that could affect its client’s financial reporting, pursuing an ISAE 3402 | SOC 1 audit report is the most logical choice and is often requested. ITGCs, operational controls, and financial controls fall within the purview of an ISAE 3402 | SOC 1 audit.

SOC 1: In a SOC 1 audit, control objectives essential for accurately representing internal control over financial reporting (ICOFR) are required. Organizations subject to SEC filings in the United States typically include these objectives.

Given the importance of IT service providers, cloud service providers, and datacenter/housing providers as key suppliers to financial institutions, standards like SAS70, SSAE 18 SOC 1, and ISAE 3402 have gained significant prominence in the IT industry. They have become the most comprehensive and transparent standards for effective IT outsourcing and risk management. Organizations seeking an ISAE 3402 | SOC 1 report often contemplate ISAE 3000 | SOC 2 reports.

ISAE 3000 | SOC 2: In ISAE 3000 | SOC 2 reports, the Trust Services Principles and Criteria (TSPs) are applied. These TSPs consist of specific requirements developed by the AICPA and Canadian Institute of Chartered Accountants (CICA) to provide assurance concerning security, availability, confidentiality, processing integrity, and privacy. An organization can select the specific aspects that align with their customers’ needs. An ISAE 3000 | SOC 2 report may encompass one or more principles. When an organization handles various types of information for clients that do not impact financial reporting, an ISAE 3000 | SOC 2 report is more relevant. In such cases, clients are primarily concerned about the secure handling and availability of their data as stipulated in their agreements. A SOC 2 report, like a SOC 1 report, evaluates internal controls, policies, and procedures.

SOC 1 or SOC 2: Organizations that manage, process, or host systems or information affecting financial reporting should invariably provide an ISAE 3402 | SOC 1 report. ISAE 3000 | SOC 2 is suitable when all systems and processes are unrelated to financial reporting. Datacenter providers, Infrastructure as a Service (IaaS) providers, and Platform as a Service (PaaS) providers often issue hybrid reports, incorporating both an ISAE 3402 | SOC 1 for finance-related processes and systems and an ISAE 3000 | SOC 2 for unrelated processes and systems. The content of both reports is typically identical.