ISAE 3000 is the standard for assurance over non-financial information. ISAE 3000 is issued by the International Federation of Accountants (IFAC). The standard consists of guidelines for the ethical behavior, quality management and performance of an ISAE 3000 engagement.
Generally ISAE 3000 is applied for audits of internal control, sustainability and compliance with laws and regulations. ISAE 3402 states that assurance engagements should be performed in accordance with the ISAE 3000 standard.
ISAE 3000 recognizes two types of reports, a type 1 and a type 2 report. A type 1 report provides assurance on the suitability of design and existence of controls and type 2 report provides assurance on suitability of design, existence and operational effectiveness.
ISAE 3000 audit
In the ISAE 3000 standard no detailed guidelines are included for the performance of the engagement. This implies that the auditor use professional judgement for the scope, amount of controls tested and testing methods.
An ISAE 3000 report generally consists of a description of the scope, the norm against which the report is tested, a description of the control framework and a detailed description of the risk management system and a control matrix consisting of the risks, the related control objectives and the related controls.