92 paragraphs found
Smaller entities may use external bookkeeping services ranging from the processing of certain transactions (for example, payment of payroll taxes) and maintenance of their accounting records, to the preparation of their financial report. The use of such …
A service organisation may establish policies and procedures that affect the user entity’s internal control. These policies and procedures are at least in part physically and operationally separate from the user entity. The significance of the controls …
The significance of the controls of the service organisation to those of the user entity also depends on the degree of interaction between its activities and those of the user entity. The degree of interaction refers to the extent to which a user entity …
The contract or service level agreement between the user entity and the service organisation may provide for matters such as: The information to be provided to the user entity and responsibilities for initiating transactions relating to the activities …
There is a direct relationship between the service organisation and the user entity and between the service organisation and the service auditor. These relationships do not necessarily create a direct relationship between the user auditor and the service …
Public sector auditors generally have broad rights of access established by legislation. However, there may be situations where such rights of access are not available, for example when the service organisation is located in a different jurisdiction. In …
Public sector auditors may also use another auditor to perform tests of controls or substantive procedures in relation to compliance with law, regulation or other …
The user entity may establish controls over the service organisation’s services that may be tested by the user auditor and that may enable the user auditor to conclude that the user entity’s controls are operating effectively for some or all of the …
In this situation, the user auditor may perform tests of the user entity’s controls over payroll processing that would provide a basis for the user auditor to conclude that the user entity’s controls are operating effectively for the assertions related to …
As noted in ASA 315, [7] in respect of some risks, the user auditor may judge that it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures. Such risks may relate to the inaccurate or incomplete …