92 paragraphs found
When obtaining an understanding of internal control relevant to the audit in accordance with ASA 315, [4] the user auditor shall evaluate the design and implementation of relevant controls at the user entity that relate to the services provided by the …
The user auditor shall determine whether a sufficient understanding of the nature and significance of the services provided by the service organisation and their effect on the user entity’s internal control relevant to the audit has been obtained to …
If the user auditor is unable to obtain a sufficient understanding from the user entity, the user auditor shall obtain that understanding from one or more of the following procedures: Obtaining a type 1 or type 2 report, if available; Contacting the …
In determining the sufficiency and appropriateness of the audit evidence provided by a type 1 or type 2 report, the user auditor shall be satisfied as to: The service auditor’s professional competence and independence from the service organisation; and …
If the user auditor plans to use a type 1 or type 2 report as audit evidence to support the user auditor’s understanding about the design and implementation of controls at the service organisation, the user auditor shall: Evaluate whether the description …
In responding to assessed risks in accordance with ASA 330 , the user auditor shall: Determine whether sufficient appropriate audit evidence concerning the relevant financial report assertions is available from records held at the user entity; and, if …
When the user auditor’s risk assessment includes an expectation that controls at the service organisation are operating effectively, the user auditor shall obtain audit evidence about the operating effectiveness of those controls from one or more of the …
If, in accordance with paragraph 16(a) of this Auditing Standard, the user auditor plans to use a type 2 report as audit evidence that controls at the service organisation are operating effectively, the user auditor shall determine whether the service …
If the user auditor plans to use a type 1 or a type 2 report that excludes the services provided by a subservice organisation and those services are relevant to the audit of the user entity’s financial report, the user auditor shall apply the requirements …
The user auditor shall enquire of management of the user entity whether the service organisation has reported to the user entity, or whether the user entity is otherwise aware of, any fraud, non‑compliance with laws and regulations or uncorrected …