The user auditor shall determine whether a sufficient understanding of the nature and significance of the services provided by the service organisation and their effect on the user entity’s system of internal control has been obtained to provide an …

If the user auditor is unable to obtain a sufficient understanding from the user entity, the user auditor shall obtain that understanding from one or more of the following procedures: Obtaining a type 1 or type 2 report, if available; Contacting the …

Using a Type 1 or Type 2 Report to Support the User Auditor’s Understanding of the Service Organisation …

In determining the sufficiency and appropriateness of the audit evidence provided by a type 1 or type 2 report, the user auditor shall be satisfied as to: The service auditor’s professional competence and independence from the service organisation; and …

If the user auditor plans to use a type 1 or type 2 report as audit evidence to support the user auditor’s understanding about the design and implementation of controls at the service organisation, the user auditor shall: Evaluate whether the description …

In responding to assessed risks in accordance with ASA 330 , the user auditor shall: Determine whether sufficient appropriate audit evidence concerning the relevant financial report assertions is available from records held at the user entity; and, if …

Tests of Controls …

When the user auditor’s risk assessment includes an expectation that controls at the service organisation are operating effectively, the user auditor shall obtain audit evidence about the operating effectiveness of those controls from one or more of the …

Using a Type 2 Report as Audit Evidence that Controls at the Service Organisation Are Operating Effectively …

If, in accordance with paragraph 16(a) of this Auditing Standard, the user auditor plans to use a type 2 report as audit evidence that controls at the service organisation are operating effectively, the user auditor shall determine whether the service …