172 paragraphs found
Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives related to the reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable law and …
The definition of “controls at the service organisation” includes aspects of user entities’ information systems maintained by the service organisation, and may also include aspects of one or more of the other components of internal control at a service …
Management and governance structures vary by jurisdiction and by entity, reflecting influences such as different cultural and legal backgrounds, and size and ownership characteristics. Such diversity means that it is not possible for this ASAE to specify …
Criteria need to be available to the intended users to allow them to understand the basis for the service organisation’s statement about the fair presentation of its description of the system, the suitability of the design of controls and, in the case of …
In an engagement to report on controls at a service organisation, the concept of materiality relates to the system being reported on, not the financial reports/statements of user entities. The service auditor plans and performs procedures to determine …
Obtaining an understanding of the service organisation’s system, including controls, included in the scope of the engagement, assists the service auditor in: Identifying the boundaries of that system, and how it interfaces with other systems. Assessing …
Considering the following questions may assist the service auditor in determining whether those aspects of the description included in the scope of the engagement are fairly presented in all material respects: Does the description address the major …
From the viewpoint of a user entity or a user auditor, a control is suitably designed if, individually or in combination with other controls, it would, when complied with satisfactorily, provide reasonable assurance that material misstatements are …
The written representations required by paragraph 38 are separate from, and in addition to, the service organisation’s statement, as defined at paragraph 9(o) …