92 paragraphs found
See ASA 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management , paragraphs 9-10 . …
Whether the use of a service organisation increases a user entity’s risk of material misstatement depends on the nature of the services provided and the controls over these services; in some cases, the use of a service organisation may decrease a user …
A type 2 report may be intended to satisfy the needs of several different user auditors; therefore tests of controls and results described in the service auditor’s report may not be relevant to assertions that are significant in the user entity’s …
If a service organisation uses a subservice organisation, the service auditor’s report may either include or exclude the subservice organisation’s relevant control objectives and related controls in the service organisation’s description of its system and …
A service organisation may be required under the terms of the contract with user entities to disclose to affected user entities any fraud, non‑compliance with laws and regulations or uncorrected misstatements attributable to the service organisation’s …
When a user auditor is unable to obtain sufficient appropriate audit evidence regarding the services provided by the service organisation relevant to the audit of the user entity’s financial report, a limitation on the scope of the audit exists. This may …
Complementary user entity controls means controls that the service organisation assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives, are identified in the description of its …
Report on the description and design of controls at a service organisation (referred to in this Auditing Standard as a type 1 report) means a report that comprises: A description, prepared by management of the service organisation, of the service …