The International Auditing and Assurance Standards Board has published a new standard to address reports on the operation and effectiveness of controls at service organizations.

The new standard, International Standard on Assurance Engagements (ISAE) 3402, Assurance Reports on Controls at a Service Organization, offers guidance on the description, design, and operating effectiveness of controls relating to the broad range of services that are typically provided by third-party service organizations. That might include everything from assisting with processing transactions to performing complete business functions.

The Satyam scandal was a sobering reminder of the importance of strong controls over information that is handled and provided by outside service organizations. Under rules for public or private company audits, U.S. companies rely on “SAS 70” reports issued by service organizations indicating the nature and extent of their controls over key information that affects financial reporting. The new standard serves as a “global benchmark,” said IAASB Chairman Arnold Schilder, for reporting on controls at service organizations, which will facilitate the needs of those who use such services and their auditors.

The American Institute of Certified Public Accountants is working on a similar standard, Proposed Statement on Standards for Attestation Engagements, Reporting on Controls at a Service, said Judith Sherinsky, technical manager for audit and attest standards. The AICPA’s Auditing Standards Board, which sets standards for non-public entities, is seeking to make its standards consistent, or converged, with international standards, she said.

For public companies, the Public Company Accounting Oversight Board has a section in its Auditing Standard No. 5 that gives auditors direction on how to rely on an audit report from a service organization. AS5 governs an integrated audit of financial statements with an audit of internal control over financial reporting.