Controls at the service organisation―controls over the achievement of a control objective that is covered by the service auditor’s assurance report.  (Ref: Para.  A3 …

Controls at a subservice organisation―controls at a subservice organisation to provide reasonable assurance about the achievement of a control …

Criteria―benchmarks used to evaluate or measure the underlying subject matter.  The “applicable criteria” are the criteria used for the particular …

Inclusive method―method of dealing with the services provided by a subservice organisation, whereby the service organisation’s description of its system includes the nature of the services provided by a subservice organisation, and that subservice …

Internal audit function―a function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control …

Internal auditors―those individuals who perform the activities of the internal audit function.  Internal auditors may belong to an internal audit department or equivalent …

Report on the description and design of controls at a service organisation (referred to in this ASAE as a “type 1 report”) ―a report that comprises: The service organisation’s description of its system; A written statement by the service organisation …

Report on the description, design and operating effectiveness of controls at a service organisation (referred to in this ASAE as a “type 2 report”) ―a report that comprises: The service organisation’s description of its system; A written statement by the …

Service auditor―an assurance practitioner who, at the request of the service organisation, provides an assurance report on controls at a service …

Service organisation―a third‑party organisation (or segment of a third‑party organisation) that provides services to user entities that are likely to be relevant to user entities’ internal control as it relates to financial …