Service organization control reporting - the convergences and divergences between ISAE 3402 and SSAE 18 under the scope of SOC 1
Boemer, Marvin
Promotor(s) :
Sougné, Danielle
Date of defense : 21-Jun-2019/25-Jun-2019 • Permalink : http://hdl.handle.net/2268.2/6422
Details
Title : | Service organization control reporting - the convergences and divergences between ISAE 3402 and SSAE 18 under the scope of SOC 1 |
Translated title : | [fr] Certification du contrôle interne des sociétés de service : Les convergences et divergences entre ISAE 3402 et SSAE 18 dans le cadre du rapport SOC 1 |
Author : | Boemer, Marvin ![]() |
Date of defense : | 21-Jun-2019/25-Jun-2019 |
Advisor(s) : | Sougné, Danielle ![]() |
Committee's member(s) : | Garrais, Grace ![]() Tosi, Katty |
Language : | English |
Number of pages : | 141 |
Keywords : | [en] Service Organization Control [en] SOC Reporting [en] Third-Party Assurance [en] Assurance Engagements Standards [en] ISAE 3402 [en] SSAE 18 [en] SOC 1 |
Discipline(s) : | Business & economic sciences > Accounting & auditing |
Target public : | Professionals of domain Student General public |
Institution(s) : | Université de Liège, Liège, Belgique |
Degree: | Master en sciences de gestion, à finalité spécialisée en Financial Analysis and Audit |
Faculty: | Master thesis of the HEC-Ecole de gestion de l'Université de Liège |
Abstract
[en] In an increasingly globalized world, outsourcing is a major phenomenon which has been interconnecting companies for decades. Trying to imagine a world without external service providers is thus virtually impossible nowadays. Outsourcing has enabled companies to externalize important parts of their non-core processes. But this externalization has also led to a transfer of controls (on these processes) to service organizations, while the risks related have remained part of the primary entities.
This asymmetry explains the increase of third-party assurance (TPA) audits, which result in Service Organization Control (SOC) reports. Such reports aim to provide trust and confidence for service organizations over their internal control system to their clients. Among these reports, the SOC 1 report is the most requested certification for service providers. This topic is however not well known by audit professionals and service companies in general. Two major standards share the hegemony over the regulation of this type of report worldwide: the international ISAE 3402 standard and the American SSAE 18 standard. The latter has only been in application since May 2017, and has not been completely assimilated by practitioners yet.
For the above-mentioned reasons, this research thesis addresses Service Organization Control Reporting in general and focuses more specifically on the convergences and divergences between the two standards cited above. The purpose of this thesis is to present the concepts surrounding SOC reporting as well as to provide a quality research work for academics and professionals eager to improve their understanding on the topic.
File(s)
Document(s)
Cite this master thesis
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.