Sharia Assurance (ISAE 3000)

Our Sharia assurance practice is conducted in light of the most widely recognized international standard, ISAE 3000. Under this service, the scope of work is sized to your specific Sharia governance, controls and investment needs and the level of assurance designed accordingly.

Our assurance not only helps to strengthen your credibility with regulators and external audiences, but also provides confidence internally by assuring your executives, and board of directors that processes and controls are in conformance to the laid down Sharia directives.

Elevate stakeholder confidence with ISAE 3000

As external Sharia assurance becomes integrated with wider corporate reporting, organizations are seeking Sharia governance, products and controls assurance to support reliability of their reported performance. In some countries like Bahrain, Oman and Pakistan external Sharia assurance has already become mandatory on Islamic banking licensees operating in the country. But unlike financial accounting, the measurement and collection of Sharia compliance controls and reporting continues to evolve, so normal processes, checks and measures may not be in place. It is here our service, in light of ISAE 3000 report, provides assurance that the processes and controls included in your reporting are actually in place and operating effectively at your institution. Apart from greater credibility, key benefits of Sharia assurance with ISAE 3000 reporting includes:

  • Attestation that information provided in your Sharia compliance reporting is reliable and presents a fair picture
  • A trusted report with relevant and focused information on Sharia governance, products and controls to communicate internally and externally
  • Confidence in actions taken by management to reduce exposure to Sharia non-compliance
  • Feedback on effectiveness of controls and processes
  • Guidance on quality of internal Sharia audit and product implementation reporting.

How we can support you

With the changing landscape of regulatory requirements both internal and external stakeholders are demanding trust and transparency in Sharia compliance controls and reporting. Towards this end, we conduct an independent external Sharia audit of your current Sharia compliance reporting structure, assessing how effective it is and how it measures up to criteria laid down by Sharia directives. Additionally, our service will be in accord to ISAE 3000 which is an international attestation practice which allows you to receive a report based upon a recognized, international standard. Examples for illustration are provided below.

Example 1

An Islamic bank provides a suite of Sharia compliant products and investments. The central bank  requires the Islamic bank to report on the effective operation of Sharia governance and operations. The control report provided by the Islamic bank will be audited by us in accordance with the ISAE 3000 standard. After completing an in-depth assessment (and subject to satisfactory audit completion) we issue an assurance report which reflects the existence and effectiveness of Sharia governance.

Example 2

A large financial institution reports on Sharia compliance to their Central Sharia Supervisory Board (CSSB). The criteria for reporting is provided by CSSB. As your external Sharia auditor we will provide Sharia assurance on the reporting; considering the criteria provided by CSSB. This Sharia Assurance will be provided in accordance with the ISAE 3000 standard. The CSSB and other users of our Sharia Assurance report will receive attestation that information being provided is accurate and is based on international assurance practice. They also know that the information provided is in compliance with the relevant Sharia criteria.

What are the requirements for ISAE 3000?

The ISAE 3000 requirements are included on the IFAC website which can be downloaded here. The standard includes the following components: Ethical Requirements (under the IESBA code), Quality Control procedures (ISQC 1 requirements), Planning and Audit procedures, Reporting requirements, and Professional Skepticism. The five key components of the assurance engagement under this standard are:

  • A three-party relationship involving: the external Sharia auditor, a responsible party and intended users.
  • Appropriate subject matter.
  • Suitable criteria.
  • Sufficient, appropriate evidence to support the conclusion.
  • A conclusion contained within a written report.

Why would ISAE 3000 Sharia Assurance report benefit you?

Our ISAE 3000 guided Sharia audit report allows you to demonstrate and foster a strong Sharia control environment. This report can be used by your management and SSB to assess the overall health of your internal Sharia control environment. Also depending on the type of Sharia assurance report, the public can gain assurance over key areas such as management of Sharia non-compliance affairs, effectives in controls, existence of governance, availability of systems, integrity of internal Sharia reporting arrangements, independency and processes.

What’s the difference between Sharia Assurance under ISAE 3000 and SSB certification?

  • The completion of ISAE 3000-Sharia Assurance is accompanied with a formal attestation, and not just a certificate of Sharia compliance
  • SSB certification reflects a point in time, but an ISAE 3000-Sharia Assurance can cover a period, therefore providing a greater level of Sharia compliance assurance
  • SSB certification only focuses on the product contracts and to an extent the respective policies while ISAE 3000-Sharia Assurance is more flexible. Extended principles, controls and systems can be scoped in as desired – covering the principles that are relevant to you and your stakeholders

Your benefits under can also include:

  • Reputation and Commercial edge – a method to differentiate your Islamic financial institution or product from its competitors.
  • International assurance – provides reasonable assurance on Sharia governance and controls to a broad range of clients with a single international reporting standard under ISAE 3000.
  • Regulatory requirements – demonstrates to regulatory bodies that Sharia controls are in place and operating effectively.
  • Improve controls – generates awareness on the importance of Sharia controls and embeds a strong control culture within the organization.