Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPA AUD Flashcards > AUD 3 Internal Control 15 - 4 Service Organizations > Flashcards

AUD 3 Internal Control 15 - 4 Service Organizations Flashcards

1
Q

Service Organizations

Many companies use various types of service bureaus to assist them with the processing of routine transactions.

Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities.

A

Service Organizations

Many companies use various types of service bureaus to assist them with the processing of routine transactions.

Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities.

When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit.

It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks.

Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor.

The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client.

The report on internal control structure by the service organization’s auditor will describe the services of the organization that are covered by the report and a description of the auditor’s procedures.

This will enable the auditor of one of the service organization’s customers to understand the overall impact of the service organization’s work on the internal control structure of the customer.

Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

The report of the service organization’s auditor will assist the customer’s auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization’s work.

This will not, however, be considered a basis for determining the effectiveness of the customer’s internal control structure, so the use of the report is not a division of responsibility.

As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Service Organizations

When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit.

It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

A

Service Organizations

Many companies use various types of service bureaus to assist them with the processing of routine transactions.

Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities.

When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit.

It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks.

Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor.

The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client.

The report on internal control structure by the service organization’s auditor will describe the services of the organization that are covered by the report and a description of the auditor’s procedures.

This will enable the auditor of one of the service organization’s customers to understand the overall impact of the service organization’s work on the internal control structure of the customer.

Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

The report of the service organization’s auditor will assist the customer’s auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization’s work.

This will not, however, be considered a basis for determining the effectiveness of the customer’s internal control structure, so the use of the report is not a division of responsibility.

As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Service Organizations

The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks.

A

Service Organizations

Many companies use various types of service bureaus to assist them with the processing of routine transactions.

Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities.

When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit.

It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks.

Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor.

The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client.

The report on internal control structure by the service organization’s auditor will describe the services of the organization that are covered by the report and a description of the auditor’s procedures.

This will enable the auditor of one of the service organization’s customers to understand the overall impact of the service organization’s work on the internal control structure of the customer.

Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

The report of the service organization’s auditor will assist the customer’s auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization’s work.

This will not, however, be considered a basis for determining the effectiveness of the customer’s internal control structure, so the use of the report is not a division of responsibility.

As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Service Organizations

Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor.

The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client.

A

Service Organizations

Many companies use various types of service bureaus to assist them with the processing of routine transactions.

Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities.

When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit.

It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks.

Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor.

The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client.

The report on internal control structure by the service organization’s auditor will describe the services of the organization that are covered by the report and a description of the auditor’s procedures.

This will enable the auditor of one of the service organization’s customers to understand the overall impact of the service organization’s work on the internal control structure of the customer.

Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

The report of the service organization’s auditor will assist the customer’s auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization’s work.

This will not, however, be considered a basis for determining the effectiveness of the customer’s internal control structure, so the use of the report is not a division of responsibility.

As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Service Organizations

The report of the service organization’s auditor will assist the customer’s auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization’s work.

This will not, however, be considered a basis for determining the effectiveness of the customer’s internal control structure, so the use of the report is not a division of responsibility.

As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

A

Service Organizations

Many companies use various types of service bureaus to assist them with the processing of routine transactions.

Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities.

When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit.

It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks.

Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor.

The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client.

The report on internal control structure by the service organization’s auditor will describe the services of the organization that are covered by the report and a description of the auditor’s procedures.

This will enable the auditor of one of the service organization’s customers to understand the overall impact of the service organization’s work on the internal control structure of the customer.

Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

The report of the service organization’s auditor will assist the customer’s auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization’s work.

This will not, however, be considered a basis for determining the effectiveness of the customer’s internal control structure, so the use of the report is not a division of responsibility.

As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Service Organizations

Transactions processed by service organization
(payroll processing) (AU-C 402/AT-C 320)

  1. Test of Control in place at client.
  2. Test of Control in place at service organization by another auditor.
  3. Get report from the other Auditor (service auditor).
  4. A service auditor should inquire of management about subsequent events.
A

Service Organizations

Transactions processed by service organization
(payroll processing) (AU-C 402/AT-C 320)

  1. Test of Control in place at client.
  2. Test of Control in place at service organization by another auditor.
  3. Get report from the other Auditor (service auditor).
  4. A service auditor should inquire of management about subsequent events.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Service Organizations

Transactions processed by service organization
(payroll processing) (AU-C 402/AT-C 320)

  1. Test of Control in place at client.
  2. Test of Control in place at service organization by another auditor.
    2. 1 Report on whether controls have been implemented and controls operating effectiveness.
  3. Get report from the other Auditor (service auditor).
    3. 1 Expresses an opinion on management’s assertions:
    3. 2 The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor.
    3. 3 Description of the Scope and nature of procedures performed.
    3. 4 ID party specifying objectives.
    3. 5 ID purpose of engagement.
    3. 6 ID parties Intended use.
  4. A service auditor should inquire of management about subsequent events.
A

Service Organizations

Transactions processed by service organization
(payroll processing) (AU-C 402/AT-C 320)

  1. Test of Control in place at client.
  2. Test of Control in place at service organization by another auditor.
    2. 1 Report on whether controls have been implemented and controls operating effectiveness.
  3. Get report from the other Auditor (service auditor).
    3. 1 Expresses an opinion on management’s assertions:
    3. 2 The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor.
    3. 3 Description of the Scope and nature of procedures performed.
    3. 4 ID party specifying objectives.
    3. 5 ID purpose of engagement.
    3. 6 ID parties Intended use.
  4. A service auditor should inquire of management about subsequent events.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Service Organizations

Transactions processed by service organization
(payroll processing) (AU-C 402/AT-C 320)

  1. Test of Control in place at client.
  2. Test of Control in place at service organization by another auditor.
    2. 1 Report on whether controls have been implemented and controls operating effectiveness.
  3. Get report from the other Auditor (service auditor).
    3. 1 Expresses an opinion on management’s assertions regarding:
    3. 11 Management’s description of the service organization’s system fairly presents the system that was designed and implemented during the period.
    3. 12 The controls related to the control objectives stated in management’s description were suitably designed and operated effectively during the period.
    3. 2  The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor.
3. 3  Description of the Scope and nature of procedures performed.

3. 4  ID party specifying objectives.
3. 5  ID purpose of engagement.
3. 6 ID parties Intended use.
  4. A service auditor should inquire of management about subsequent events.
A

Service Organizations

Transactions processed by service organization
(payroll processing) (AU-C 402/AT-C 320)

  1. Test of Control in place at client.
  2. Test of Control in place at service organization by another auditor.
    2. 1 Report on whether controls have been implemented and controls operating effectiveness.
  3. Get report from the other Auditor (service auditor).
    3. 1 Expresses an opinion on management’s assertions regarding:
    3. 11 Management’s description of the service organization’s system fairly presents the system that was designed and implemented during the period.
    3. 12 The controls related to the control objectives stated in management’s description were suitably designed and operated effectively during the period.
    3. 2  The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor.
3. 3  Description of the Scope and nature of procedures performed.

3. 4  ID party specifying objectives.
3. 5  ID purpose of engagement.
3. 6 ID parties Intended use.
  4. A service auditor should inquire of management about subsequent events.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of transactions that are processed by the service organization;
  • Interaction between the activities of the user entity and of the service organization;
  • The nature of the relationship between the entities; and
  • Contractual terms for activities performed by the service organization.
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of transactions that are processed by the service organization;
  • Interaction between the activities of the user entity and of the service organization;
  • The nature of the relationship between the entities; and
  • Contractual terms for activities performed by the service organization.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Service Organizations

As part of ob____ing an un________ing of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Service Organizations

As part of obtaining an understanding of the inte____ con____s of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a cl____ using a ser____ organization, the auditor should obtain an understanding as to how the client uses the service organization.

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the aud____ should obtain an un________ing as to how the client uses the service organization.

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to h__ the cl____ uses the service organization.

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client u__s the ser____organization.

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

• The na____ of the ser____s provided;

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

• The nature of the services provided;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The sign________ of the ser____s to the user entity;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the us__ e___ty;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The ef____ on the u___ entity’s internal control;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s int_____ con____;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The na____ and mat________ of transactions that are processed by the service organization;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of transactions that are processed by the service organization;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of tra_________s that are pro____ed by the service organization;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of transactions that are processed by the service organization;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of transactions that are processed b_ the ser____ organization;
A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

  • The nature of the services provided;
  • The significance of the services to the user entity;
  • The effect on the user entity’s internal control;
  • The nature and materiality of transactions that are processed by the service organization;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

• Inte______ bet____the activities of the user entity and of the service organization;

A

Service Organizations

As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization.

The understanding will include:

• Interaction between the activities of the user entity and of the service organization;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: • Interaction between the a_____ies of the u___ entity and of the service organization;
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: • Interaction between the activities of the user entity and of the service organization;
26
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: • Interaction between the a____ies of the user entity and of the ser____ organization;
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: • Interaction between the activities of the user entity and of the service organization;
27
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: • Inter_____ between the activities of the u___ entity and of the ser____ organization;
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: • Interaction between the activities of the user entity and of the service organization;
28
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The na____ of the rela_______ between the entities;
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities;
29
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship bet____ the e_____ies;
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities;
30
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Cont_______ t___s for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
31
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities per____ed b_ the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
32
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities per____ed by the ser____ organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
33
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The un__________ing will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
34
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The na____ of the services provided; * The sign________ of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
35
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The ef____ on the user entity’s internal con____; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
36
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The na____ and materiality of tra_________s that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
37
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and ma______y of tran______s that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
38
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Inter_____ between the activities of the us__ entity and of the serv____ organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
39
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The na____ of the rela_______ between the en____es; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
40
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual t___s for activities performed by the ser____ organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
41
Service Organizations As part of o______ing an understanding of the internal con____s of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.
42
Service Organizations The auditor will also ev________ the int______ con____s established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
43
Service Organizations The auditor will also evaluate the internal controls est______ed by the us__ e___ty to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
44
Service Organizations The auditor will also evaluate the internal controls established by the user entity to admi_____ the rela________ with the ser____ organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
45
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The e_____y may, for example, ha__ con___s to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
46
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to v____y the ac_____y of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
47
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the out___ of the se_____ organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
48
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The au_____ will u__ the un_______ing of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
49
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the na____ and sig________ of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
50
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the ser____s pr____ed b_ the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
51
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the e_____y’s related con____s, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
52
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to id_____y and a____ss risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
53
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess r___s of ma_____ misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
54
Service Organizations The au_____ will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.
55
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
56
Service Organizations In some cases, the au_____ will be un____ to ob____ a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity.
57
Service Organizations In some cases, the auditor will be unable to obtain a suffi_____ under_____ing of the nature and significance of the relationship with a service organization using the resources available through the user entity.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity.
58
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the na____ and sign_________ of the relat_______ with a service organization using the resources available through the user entity.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity.
59
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relat_______ with a ser____ organization using the res______s available through the user entity.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity.
60
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the au_____ will obtain a sufficient understanding by pe_____ing one or more of the following: • Obtaining and reading a type 1 or type 2 report, if available;
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Obtaining and reading a type 1 or type 2 report, if available;
61
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Ob____ing and r___ing a type 1 or type 2 report, if available;
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Obtaining and reading a type 1 or type 2 report, if available;
62
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Obtaining and reading a type 1 or type 2 re____, if available;
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Obtaining and reading a type 1 or type 2 report, if available;
63
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain info________ from contact with the ser____ organization, through the user entity;
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity;
64
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtain information from contact with the service organization, through the user entity; * Ap__y proc______s directly to the operations of the service organization;
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization;
65
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Apply procedures di_____ly to the ope______s of the service organization;
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Apply procedures directly to the operations of the service organization;
66
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Apply procedures directly to the operations of the service organization; or * U__ the w__k of another aud____ applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
67
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Use the work of an______ au_____ applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Use the work of another auditor applying procedures designed to obtain the necessary information.
68
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Use the work of another auditor ap___ing pro_____es designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Use the work of another auditor applying procedures designed to obtain the necessary information.
69
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Use the work of another auditor applying procedures de____ed to obtain the ne_______y information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: • Use the work of another auditor applying procedures designed to obtain the necessary information.
70
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will ob____ a suf_____ understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
71
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Ob_______g and r____ing a type 1 or type 2 report, if available; * Ob____ information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
72
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a t__e 1 or t__e 2 re____, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
73
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain info_______ from contact with the ser____ organization, through the u___ entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
74
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * A__ly pro_______s directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
75
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the op________s of the ser____ organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
76
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * U__ the w__k of another au_____ applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
77
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor ap___ing pro_______s designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
78
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures de____ed to ob___n the necessary info________.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
79
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will ob____ a sufficient und________ing by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.
80
Service Organizations There are t__ reports that the auditor of a service organization may issue: * A type 1 report * A type 2 report
Service Organizations There are two reports that the auditor of a service organization may issue: * A type 1 report * A type 2 report
81
Service Organizations There are two reports that the auditor of a se____ organization may issue: • A t___ 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. • A t___ 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
82
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the s_____ility of the d____n of the controls. • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the op____ing effe_____ess of the controls.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
83
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a re____ on management’s de________n of the service organization’s system of controls and the suitability of the design of the con____s. • A type 2 report is a re____ on management’s de________n of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the con____s.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
84
Service Organizations There are two reports that the au_____ of a se_____ organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
85
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s des______ of the system; o Management’s written ass_____n that, in all material respects, based on appropriate criteria, o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions.
86
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Ma________’s description of the system; o Ma________’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an op_____ in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
87
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the sy____; o Management’s wri_____ ass______n that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
88
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s des_______ of the sy____; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
89
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on m_________’s de_______ of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
90
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of co_____s and the s_____ity of the de____ of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
91
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s wri_____ ass______ that, in all ma_____ respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
92
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A re____ the ser____ auditor, expressing an op_____ in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
93
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in rel_____ to m__________’s written as_______s.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
94
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the su______ty of the de____ of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report the service auditor, expressing an opinion in relation to management’s written assertions.
95
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions.
96
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s wr____ ass_______ that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
97
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The des______ of the sys____ fairly presents the system that was designed and implemented as of a specified date
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date
98
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system f___ly pre____s the system that was designed and implemented as of a specified date
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date
99
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the sys____ that was de____ed and im_______ed as of a specified date
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date
100
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a sp_____ed d___ and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
101
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Con____s related to obj______s stated in management’s description were suitably designed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
102
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in m_________t’s des_______ were suitably designed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
103
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were s_____ly de____ed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
104
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to a______ those obj______s;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
105
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a re____ on management’s des_______ of the ser____ organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
106
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the sy____ fairly presents the system that was de____ed and im_______ed as of a specified date and ▪ Co_____s related to objectives stated in management’s description were suitably designed to achieve those obj______s;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives;
107
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s des_______ of the system; o Management’s written ass______ that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opi_____ in relation to management’s written ass______s.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions.
108
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The de________ of the system fairly pr______s the system that was designed and implemented as of a specified date and ▪ Co_____s related to ob______s stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions.
109
Service Organizations There are two reports that the auditor of a service organization may issue: --------- • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions. ---------- • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: --------- • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions. ---------- • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
110
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a re____ on management’s de________ of the service organization’s system of con____s and the suitability of the design of and the operating effectiveness of the controls.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
111
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the s_____ility of the de____ of and the o____ing eff_______ss of the controls.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls.
112
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on m_________’s des_____ of the service organization’s system of controls and the suitability of the design of and the op____ing eff_______ess of the con____s. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
113
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o M_________’s description of the system; o M_________’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an op______ in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
114
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s des_______of the sy____; o Management’s wr_____ ass______ that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
115
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in a__ ma_____ res_____s, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
116
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, ex_____ing an opinion in relation to management’s written ass______s and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
117
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and de_____ing the tests of co_____s per_____ed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
118
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the re____s of those t____.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
119
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the ser____ au_____, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
120
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s des______ of the system; o Management’s written ass______ that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opi_____ in relation to management’s written ass_____s and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
121
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s wr_____ ass_____ that, in all material respects, based on app_______ criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
122
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The de_______ of the sy____ fairly presents the system that was designed and implemented as of a specified date,
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date,
123
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system f___ly pr_______s the sy____ that was designed and implemented as of a specified date,
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date,
124
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was de____ed and im_______ed as of a specified d___,
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date,
125
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Con____s related to obj_____s stated in management’s des_______ were suitably designed to achieve those objectives
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives
126
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were s______ly de____ed to achieve those obj______s,
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives,
127
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls r_______d to obj______es stated in management’s description were suitably designed to achieve those objectives,
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives,
128
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to ach_____ those obj_____s, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
129
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The con____s related to the specified obj_____s were operating effectively throughout the specified period;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
130
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were op_____ing eff______ly throughout the specified period;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
131
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the sp_____ied pe____;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
132
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the op_____ing eff_______ess of the co_____s. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
133
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a re____ on management’s des_______ of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written as_______ that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period;
134
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the sy____; o Management’s written ass______ that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, ex______ing an op_____ in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
135
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the op____ing ef_______ess of the con____s. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
136
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the sy____ fairly presents the system that was designed and implemented as of a specified date, ▪ Con____s related to obj_____s stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
137
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The co_____s related to the specified objectives were op_____ing eff______ly throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
138
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.
139
Service Organizations To rely upon a type 1 or type 2 report, the auditor should: * Determine that the date of a type 1 report, or the period covered by a type 2 report is appropriate for the auditor’s needs; * Evaluate whether the evidence provided by the report is appropriate and sufficient for the purpose of obtaining an understanding of the user’s internal control; and * Determine if the user entity has developed controls that are complementary to those of the service organization that address risks of material misstatement relating to relevant assertions in the user’s financial statements.
Service Organizations To rely upon a type 1 or type 2 report, the auditor should: * Determine that the date of a type 1 report, or the period covered by a type 2 report is appropriate for the auditor’s needs; * Evaluate whether the evidence provided by the report is appropriate and sufficient for the purpose of obtaining an understanding of the user’s internal control; and * Determine if the user entity has developed controls that are complementary to those of the service organization that address risks of material misstatement relating to relevant assertions in the user’s financial statements.

CPA AUD Flashcards (62 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions