Definitions

8

For the purposes of this Auditing Standard, the following terms have the meanings attributed below:

8(a)

Complementary user entity controls means controls that the service organisation assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives, are identified in the description of its system. 

8(b)

Report on the description and design of controls at a service organisation (referred to in this Auditing Standard as a type 1 report) means a report that comprises:

  1. A description, prepared by management of the service organisation, of the service organisation’s system, control objectives and related controls that have been designed and implemented as at a specified date; and
  2. A report by the service auditor with the objective of conveying reasonable assurance that includes the service auditor’s opinion on the description of the service organisation’s system, control objectives and related controls and the suitability of the design of the controls to achieve the specified control objectives.

8(c)

Report on the description, design, and operating effectiveness of controls at a service organisation (referred to in this Auditing Standard as a type 2 report) means a report that comprises:

  1. A description, prepared by management of the service organisation, of the service organisation’s system, control objectives and related controls, their design and implementation as at a specified date or throughout a specified period and, in some cases, their operating effectiveness throughout a specified period; and
  2. A report by the service auditor with the objective of conveying reasonable assurance that includes:
    1. The service auditor’s opinion on the description of the service organisation’s system, control objectives and related controls, the suitability of the design of the controls to achieve the specified control objectives, and the operating effectiveness of the controls; and
    2. A description of the service auditor’s tests of the controls and the results thereof.

8(d)

Service auditor means an auditor who, at the request of the service organisation, provides an assurance report on the controls of a service organisation. 

8(e)

Service organisation means a third‑party organisation (or segment of a third‑party organisation) that provides services to user entities that are part of those entities’ information systems relevant to financial reporting. 

8(f)

Service organisation’s system means the policies and procedures designed, implemented and maintained by the service organisation to provide user entities with the services covered by the service auditor’s report. 

8(g)

Subservice organisation means a service organisation used by another service organisation to perform some of the services provided to user entities that are part of those user entities’ information systems relevant to financial reporting.

8(h)

User auditor means an auditor who audits and reports on the financial report of a user entity. 

8(i)

User entity means an entity that uses a service organisation and whose financial report is being audited.