Carve‑out method―method of dealing with the services provided by a subservice organisation, whereby the service organisation’s description of its system includes the nature of the services provided by a subservice organisation, but that subservice …

Complementary user entity controls―controls that the service organisation assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives stated in the service organisation’s description …

Control objective―the aim or purpose of a particular aspect of controls.  Control objectives relate to risks that controls seek to …

Controls at the service organisation―controls over the achievement of a control objective that is covered by the service auditor’s assurance report.  (Ref: Para.  A3 …

Controls at a subservice organisation―controls at a subservice organisation to provide reasonable assurance about the achievement of a control …

Criteria―benchmarks used to evaluate or measure the underlying subject matter.  The “applicable criteria” are the criteria used for the particular …

Inclusive method―method of dealing with the services provided by a subservice organisation, whereby the service organisation’s description of its system includes the nature of the services provided by a subservice organisation, and that subservice …

Internal audit function―a function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control …

Internal auditors―those individuals who perform the activities of the internal audit function.  Internal auditors may belong to an internal audit department or equivalent …

Report on the description and design of controls at a service organisation (referred to in this ASAE as a “type 1 report”) ―a report that comprises: The service organisation’s description of its system; A written statement by the service organisation …