INTERNATIONAL STANDARD ON AUDITING 402 AUDIT CONSIDERATIONS RELATING TO ENTITIES USING SERVICE ORGANIZATIONS CONTENTS

Similar documents
SRI LANKA AUDITING STANDARD 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) CONTENTS

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS

Using the Work. of an Expert. HKSA 620 Issued June 2005

Audit Risk. Exposure Draft. IFAC International Auditing and Assurance Standards Board. October Response Due Date March 31, 2003

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

Auditing Standards and Practices Council

PROFESSIONAL LEVEL PART-A: OVERVIEW OF AUDITING AND ASSURANCE

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Audit Documentation. HKSA 230 Issued February Effective for audits of financial information for periods beginning on or after 15 June 2006

2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS. Preface

The Auditor s Responses to Assessed Risks

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

10-B Service organizations ISAE 3402 Significant issues

Planning an Audit of Financial Statements

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

SRI LANKA AUDITING STANDARD 620 USING THE WORK OF AN EXPERT CONTENTS

CLARIFIED INTERNATIONAL STANDARDS ON AUDITIING WHAT DOES IT MEAN FOR AUDITORS IN THE UK AND IRELAND?

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 520

IAASB Agenda Item (September 2008) Page Agenda Item (MARKED FROM EXPOSURE DRAFT)

Survey of Stakeholder Perspectives of Audit Quality Detailed Discussion of Survey Results

SRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

International Standard on Auditing (Ireland) 500 Audit Evidence

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

WATCH WORDS FROM THE PEER REVIEW PROCESS

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

Report on Inspection of Deloitte, S.L. (Headquartered in Madrid, Kingdom of Spain) Public Company Accounting Oversight Board

PHILIPPINE STANDARD ON AUDITING 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

APB ETHICAL STANDARD 3 (REVISED) LONG ASSOCIATION WITH THE AUDIT ENGAGEMENT

Auditing Standards and Practices Council

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

Report on Inspection of PricewaterhouseCoopers Audit (Headquartered in Neuilly-Sur-Seine, French Republic)

STATEMENT OF AUDITING STANDARDS 430 AUDIT SAMPLING

Performance Auditing

Report on Inspection of K. R. Margetson Ltd. (Headquartered in Vancouver, Canada) Public Company Accounting Oversight Board

Chapter 4. Risk Assessment. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin

International Standard on Auditing (UK) 620 (Revised June 2016)

IFAC Ethics Committee Meeting Agenda Item 6 February 2005 New York, United States

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

) ) ) ) ) ) ) ) ) ) ) )

Standard on Assurance Engagements ASAE 3500 Performance Engagements

February 23, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

AUDITING (PI) & AUDIT PRACTICE (P2) EXAMS ARTICLE

Review of agreed-upon procedures engagements questionnaire

Preparing an audit report for Limited Partnerships

Report on Inspection of KAP Purwantono, Sungkoro & Surja (Headquartered in Jakarta, Republic of Indonesia)

Reporting on Pro Forma Financial Information

Guidance: Transition for Logbooks for RCA Applications under RG 180 Auditor registration (2016)

SRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

IAASB Main Agenda (December 2011) Agenda Item

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Quality Control Review Checklist

The Board of Directors of the Wirtschaftsprüferkammer: Consideration on the Proportionate (Scaled) Performance of an Audit on the Basis of the ISA

PREFACE TO THE MALAYSIAN QUALITY CONTROL, AUDITING, REVIEW, OTHER ASSURANCE AND RELATED SERVICES PRONOUNCEMENTS

TIS Section 8800, Audits of Group Financial Statements and Work of Others

Report on Inspection of KPMG Audit Limited (Headquartered in Hamilton, Bermuda) Public Company Accounting Oversight Board

AUSTRALIAN GAAS 2007 AUDITING STANDARDS CHECKLISTS

Continuing Professional Development (CPD) Requirements for New Zealand Licensed Auditors

Annual Assessment of the External Auditor

IAASB CAG PAPER. IAASB Clarity Project Issues on Exposure of Proposed ISA 500 (Redrafted) and ISA 530 (Redrafted)

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

Audit Evidence This section is effective for audits of financial statements for periods ending on or after December 15, 2012.

Compilation Engagements

Standards on Auditing

Implementation Tool for Auditors

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board

Report on Inspection of KPMG SAS (Headquartered in Bogota, Republic of Colombia) Public Company Accounting Oversight Board

ASB Meeting January 12-15, 2015

AUDIT COMMITTEE CHARTER

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom)

US U.S. AAM vs. DTTL AAM A Refresher Deloitte Touche Tohmatsu

INSTRUCTION ON METHODOLOGY ON PERFORMING FINANCIAL AUDIT AND REGULARITY AUDIT ( Official Gazette of MN, no. 07/15 from 17 th February 2015)

Compilation Engagements

International Federation of Accountants. Guide to Compilation Engagements

SAMPLING AND ERROR EVALUATION RSM US LLP. All Rights Reserved.

INTERNATIONAL STANDARD ON AUDITING 580 WRITTEN REPRESENTATIONS CONTENTS

Reporting on an Examination of Controls at a Service Organization Relevant to User Entities Internal Control Over Financial Reporting

Planning an Audit 259

AICPA Peer Review Program Compliance: Responding to Latest Developments

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

) ) ) ) ) ) ) ) ) ) ) ) REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST. PCAOB Release No July 26, 2005

NOVEMBER 2016 PROFESSIONAL EXAMINATIONS AUDIT & ASSURANCE (PAPER 2.3) CHIEF EXAMINER S REPORT, QUESTIONS & MARKING SCHEME

Report on Inspection of Navarro Amper & Co. (Headquartered in Taguig City, Republic of the Philippines)

Audit & Assurance (AAA) Module outline. Last updated: 29 January 2018 AAA118 module outline. charteredaccountantsanz.com

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)

The Role of Analytics in Auditing The Importance of What the Numbers Indicate and Lack to Indicate

Basel Committee on Banking Supervision. Consultative Document. External audits of banks. Issued for comment by 21 June 2013

New auditing regime: checklist [1]

Internal Audit Annual Assertion on Internal Auditing. for Financial Year

Auditing Standard for Islamic Financial Institutions No. 6

Transcription:

INTERNATIONAL STANDARD ON 402 AUDIT CONSIDERATIONS RELATING TO ENTITIES (Effective for audits of financial statements for periods beginning on or after December 15, 2004) CONTENTS Paragraph Introduction... 1-3 Consideration of the Auditor... 4-10 Service Organization Auditor s Report... 11-18 International Standard on Auditing (ISA) 402, Audit Considerations Relating to Entities Using Service Organizations should be read in the context of the Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services, which sets out the application and authority of ISAs. ISA 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, ISA 330, The Auditor s Procedures in Response to Assessed Risks, and ISA 500, Audit Evidence gave rise to conforming amendments to. The conforming amendments are effective for audits of financial statements for periods beginning on or after December 15, 2004 and have been incorporated in the text of. 419

Introduction AUDIT CONSIDERATIONS RELATING TO ENTITIES 1. The purpose of this International Standard on Auditing (ISA) is to establish standards and provide guidance to an auditor where the entity uses a service This ISA also describes the service organization auditors reports which may be obtained by the entity s auditors. 2. The auditor should consider how an entity s use of a service organization affects the entity s internal control so as to identify and assess the risk of material misstatement and to design and perform further audit procedures. 3. A client may use a service organization such as one that executes transactions and maintains related accountability or records transactions and processes related data (for example, a computer systems service organization). If the entity uses a service organization, certain policies, procedures and records maintained by the service organization may be relevant to the audit of the financial statements of the client. Considerations of the Auditor 4. A service organization may establish and execute policies and procedures that affect the entity s internal control. These policies and procedures are physically and operationally separate from the entity. When the services provided by the service organization are limited to recording and processing the entity s transactions and the entity retains authorization and maintenance of accountability, the entity may be able to implement effective policies and procedures within its When the service organization executes the entity s transactions and maintains accountability, the entity may deem it necessary to rely on policies and procedures at the service 5. In obtaining an understanding of the entity and its environment, the auditor should determine the significance of service organization activities to the entity and the relevance to the audit. In doing so, the auditor obtains an understanding of the following, as appropriate: Nature of the services provided by the service Terms of contract and relationship between the entity and the service Extent to which the entity s internal control interact with the systems at the service The entity s internal control relevant to the service organization activities such as: o Those that are applied to the transactions processed by the service 420

o How the entity identifies and manages risks related to use of the service Service organization s capability and financial strength, including the possible effect of the failure of the service organization on the entity. Information about the service organization such as that reflected in user and technical manuals. Information available on controls relevant to the service organization s information systems such as general IT-controls and application controls. 6. The auditor would also consider the existence of third-party reports from service organization auditors, internal auditors, or regulatory agencies as a means of obtaining information about the internal control of the service organization and about its operation and effectiveness. When the auditor intends to use work of the internal auditor, ISA 610, Considering the Work of Internal Auditing provides guidance on evaluating the adequacy of the internal auditor s work for the auditor s purposes. 6a. The understanding obtained may lead the auditor to decide that the control risk assessment of the risk of material misstatement will not be affected by controls at the service organization; if so, further consideration of this ISA is unnecessary. 7. If the auditor concludes that the activities of the service organization are significant to the entity and relevant to the audit, the auditor should obtain a sufficient understanding of the service organization and its environment, including its internal control, to identify and assess the risks of material misstatement and design further audit procedures in response to the assessed risks. The auditor assesses the risks of material misstatement at the financial statement level and at the assertion level for classes of transactions, account balances and disclosures. 8. If the understanding obtained is insufficient, the auditor would consider the need to request the service organization to have its auditor perform such risk assessment procedures to supply the necessary information, or the need to visit the service organization to obtain the information. An auditor wishing to visit a service organization may advise the entity to request the service organization to give the auditor access to the necessary information. 9. The auditor may be able to obtain a sufficient understanding of internal control affected by the service organization by reading the third-party report of the service organization auditor. In addition, when assessing the risks of material misstatement, for assertions affected by the service organization s internal controls, the auditor may also use the service organization auditor s report. If the auditor uses the report of a service organization auditor, the auditor should consider making inquiries concerning that auditor s professional 421

competence in the context of the specific assignment undertaken by the service organization auditor. 10. The auditor obtains audit evidence about the operating effectiveness of controls when the auditor s risk assessment includes an expectation of the operating effectiveness of the service organization s controls or when substantive procedures alone do not provide sufficient appropriate audit evidence at the assertion level. The auditor may also conclude that it would be efficient to obtain audit evidence from tests of controls. Audit evidence about the operating effectiveness of controls may be obtained by the following: Performing tests of the entity s controls over activities of the service Obtaining a service organization auditor s report that expresses an opinion as to the operating effectiveness of the service organization s internal control for the service organization activities relevant to the audit. Visiting the service organization and performing tests of controls. Service Organization Auditor s Report 11. When using a service organization auditor s report, the auditor should consider the nature of and content of that report. 12. The report of the service organization auditor will ordinarily be one of two types as follows: Type A Report on the Design and Implementation of Internal Control (a) A description of the service organization s internal control, ordinarily prepared by the management of the service organization; and (b) An opinion by the service organization auditor that: (i) The above description is accurate; (ii) The internal control is suitably designed to achieve their stated objectives; and (iii) The internal controls have been implemented. Type B Report on the Design, Implementation and Operating Effectiveness of Internal Control (a) A description of the service organization s internal control, ordinarily prepared by the management of the service organization; and (b) An opinion by the service organization auditor that: (i) The above description is accurate; 422

(ii) (iii) (iv) The internal controls is suitably designed to achieve their stated objectives; The internal controls have been implemented; and The internal controls are operating effectively based on the results from the tests of controls. In addition to the opinion on operating effectiveness, the service organization auditor would identify the tests of controls performed and related results. The report of the service organization auditor will ordinarily contain restrictions as to use (generally to management, the service organization and its customers, and the entity s auditors). 13. The auditor should consider the scope of work performed by the service organization auditor and should evaluate the usefulness and appropriateness of reports issued by the service organization auditor. 14. While Type A reports may be useful to the auditor in obtaining an understanding of the internal control, an auditor would not use such reports as audit evidence about the operating effectiveness of controls. 15. In contrast, Type B reports may provide such audit evidence since tests of control have been performed. When a Type B report is to be used as audit evidence about operating effectiveness of controls, the auditor would consider whether the controls tested by the service organization auditor are relevant to the entity s transactions, account balances, and disclosures, and related assertions, and whether the service organization auditor s tests of control and the results are adequate. With respect to the latter, two key considerations are the length of the period covered by the service organization auditor s tests and the time since the performance of those tests. 16. For those specific tests of control and results that are relevant, the auditor should consider whether the nature, timing and extent of such tests provide sufficient appropriate audit evidence about the operating effectiveness of the internal control to support the auditor s assessed risks of material misstatement. 17. The auditor of a service organization may be engaged to perform substantive procedures that are of use to the entity s auditor. Such engagements may involve the performance of procedures agreed upon by the entity and its auditor and by the service organization and its auditor. 18. When the auditor uses a report from the auditor of a service organization, no reference should be made in the entity s auditor s report to the auditor s report on the service 423

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback