This Guidance Statement provides guidance to:

1. user auditors in applying Auditing Standard ASA 402 Audit Considerations Relating to an Entity Using a Service Organisation, when using reports on controls at a service organisation, and other Australian Auditing Standards, when using service auditor’s reports on financial information as audit evidence relating to investment management services provided by the service organisation; and
2. service auditors in applying Standard on Assurance Engagements ASAE 3402 Assurance Reports on Controls at a Service Organisation, when engaged to report on controls, and other Australian Auditing Standards, when engaged to report on financial information, relating to components of user entities for which investment management services are provided by the service organisation.

Part A of this Guidance Statement (paragraphs 20-50) provides guidance to user auditors but is to be read in conjunction with, and is not a substitute for referring to the requirements and application material contained in, ASA 402, when using a service auditor’s report on controls, or Australian Auditing Standards, when using a service auditor’s report on financial information. This Guidance Statement is applicable to user auditors when:

1. the services provided are part of the user entity’s information system, including related business processes, relevant to financial reporting;^[1]
2. audit evidence required by the user auditor regarding internal controls and/or assertions is located at the service organisation; and
3. reports on controls at the service organisation and/or a service auditor’s report on specified assertions or a financial statement of the user entity’s balances or transactions relating to the services provided by the service organisation are available.

Part B of this Guidance Statement (paragraphs 51-90) provides guidance to the service auditor but is to be read in conjunction with, and is not a substitute for referring to the requirements and application material contained in ASAE 3402, when reporting on controls, and Auditing Standard ASA 805,^[2] when reporting on financial information.

ASA 402 does not apply to services provided by financial institutions which are limited to processing of transactions that are specifically authorised by the user entity.^[3] Therefore reports prepared under ASAE 3402 are not usually necessary for banks processing clients’ account transactions or brokers processing clients’ securities transactions. Nor does ASA 402 apply to transactions relating to financial interests in other entities when those interests are accounted for and reported to interest holders. Therefore, reports under ASAE 3402 are not generally necessary for unitised funds or other investments of an entity for which prices are publicly available. However, unitised funds or other investments may use service organisations to provide investment management services, in which case it is appropriate for the service organisation to provide a type 1 or 2 report. Unitised funds and unit pricing of those funds are addressed in the control objectives within this Guidance Statement only in the context of service organisations which provide investment management services to unitised funds.