Outsourcing and cloud computing service engagements are fraught with financial, security and other risks, especially if dealing with an unproven service provider. Obtaining a third party assurance report with respect to a service provider’s internal controls can provide some comfort. However, customers are often confused about what kind of assurance report they should obtain.
Canadian Standard on Assurance Engagements 3416 (CSAE 3416), Reporting on Controls at a Service Organization, is the Canadian accounting standard for reviewing and reporting on controls at a service organization. It is issued by the Auditing and Assurance Standards Board (AASB) and is equivalent … Continue Reading
At McCarthy Tétrault’s 3rd Annual Technology Law Summit, Charles Morgan, Barry Sookman, George Takach (all of McCarthy Tétrault) and John Chang of PricewaterhouseCoopers were featured in the Innovation in Outsourcing panel. Top takeaway tips from the session include:
Do your Diligence: You would never buy a company without performing comprehensive diligence first, and you should take the same approach to signing an outsourcing contract. Diligence ought to be thorough and rigorous – go to the facility where your data will be stored and ask tough questions about network latency, data security, service levels, technical infrastructure and privacy.… Continue Reading