An audit of the type ISAE 3402 documents proper IT conditions at a company and serves as proof that the company complies with legal requirements and good IT practice.
Some companies get an ISAE 3402 made due to requirements from customers and partners; others get them to send a signal of credibility and security to existing and potential customers. Often there is simply a legal requirement that within certain industries or services you must have an auditor's statement, or that you must use a supplier who has an auditor's statement.
The statement relates to all business processes around IT functions that are part of or may affect the financial reporting: Development, operation, emergency preparedness, documentation, etc. It also relates to the completely impractical, such as the physical conditions, such as how servers / data centers are located.
Addo Sign and Visma Consulting, where we operate under, have therefore had an ISAE 3402 report prepared so that our customers can see that we live up to given legislation and IT practice.
The report can be found here