Significant deficiency in internal control means a deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgement, is of sufficient importance to merit the attention of those charged with governance.  …

Complementary user entity controls means controls that the service organisation assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives, are identified in the description of its …

Report on the description and design of controls at a service organisation (referred to in this Auditing Standard as a type 1 report) means a report that comprises: A description, prepared by management of the service organisation, of the service …

Report on the description, design, and operating effectiveness of controls at a service organisation (referred to in this Auditing Standard as a type 2 report) means a report that comprises: A description, prepared by management of the service …

Service auditor means an auditor who, at the request of the service organisation, provides an assurance report on the controls of a service …

Service organisation means a third‑party organisation (or segment of a third‑party organisation) that provides services to user entities that are part of those entities’ information systems relevant to financial …

Service organisation’s system means the policies and procedures designed, implemented and maintained by the service organisation to provide user entities with the services covered by the service auditor’s …

Subservice organisation means a service organisation used by another service organisation to perform some of the services provided to user entities that are part of those user entities’ information systems relevant to financial …

User auditor means an auditor who audits and reports on the financial report of a user entity.  …

User entity means an entity that uses a service organisation and whose financial report is being audited. …