See ASAE 3402 Assurance Reports on Controls at a Service Organisation, which applies to an assurance engagement to provide an assurance report for use by user entities and their auditors, on the controls at a service organisation that provides a service to user entities that is likely to be relevant to user entities’ internal control as it relates to financial reporting.

The assurance practitioner applies ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment when obtaining an understanding of controls for the purposes of the audit of a financial report, standards on review engagements when obtaining an understanding of controls for the purposes of the review of a financial report or ASAE 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information, as revised in June 2014, and any subject matter specific standard when understanding controls for the purposes of an assurance engagement on subject matters other than historical financial information.