Tolerable rate of deviation―A rate of deviation in the operation of control procedures as designed in respect of which the assurance practitioner seeks to obtain an appropriate level of assurance that the rate of deviation set by the assurance …

User entity―An entity that uses a service organisation. …

For the purposes of this ASAE, terms have the same meaning as in ASAE 3000 and in addition, the following terms have the meanings attributed …

Attestation engagement on controls―A reasonable or limited assurance engagement in which a party other than the assurance practitioner, being the responsible party or evaluator, evaluates the design against the control objectives, and, if included in the …

Anomaly―A deviation in a sample that is demonstrably not representative of deviations in a population. …

Carve-out method―A method of dealing with controls operating at a third party, which are integral to the system or control component which is subject to the engagement, whereby that third party’s relevant control objectives and related controls are …

Compensating control―A control which makes up for a deficiency in another control in mitigating the risks that threaten achievement of a control …

Complementary user entity controls―Controls that an entity, which is a service organisation, assumes, in the design of its service, will be implemented by user entities or clients, and which, if necessary to achieve control objectives stated in the …

Components of control―The integrated components which comprise the system of control, as defined by the control framework applied. (Ref: Para. A9 …

Control objective―The aim or purpose of a particular aspect of controls. Control objectives relate to risks that controls seek to mitigate and may be categorised by the framework applied, such as operational (economy, effectiveness and efficiency), …