Service Organizations – User Auditors Flashcards
When the user auditor has relied on the report of a service auditor to support the user auditor’s understanding of the services provided by a service organization, including internal controls, what matters should the user auditor evaluate regarding the service auditor?
The user auditor should be satisfied about (1) the service auditor’s professional competence and independence and (2) the standards that the service auditor followed in issuing the report.
What is meant by the term “service organization”?
An organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting
According to AICPA professional standards, what are the user auditor’s objectives when the user entity uses the services of a service organization?
The user auditor’s objectives are (1) to obtain an understanding of the nature and significance of the services provided and their effect on the user entity’s internal control relevant to the audit sufficient to assess the risks of material misstatement and (2) to design and perform audit procedures that are responsive to those risks.
What is meant by the term “user auditor”?
An auditor who audits and reports on the financial statements of a user entity
When might the user auditor’s report appropriately refer to the service auditor’s report?
The user auditor may refer to the service auditor in the user auditor’s report containing a modified opinion, if that reference would be helpful to understanding the user auditor’s modification. (There should be no reference to the service auditor in the user auditor’s report containing an unmodified opinion.)
What is meant by the term “user entity”?
An entity that uses a service organization and whose financial statements are being audited
When the user auditor has relied on the report of a service auditor to support the user auditor’s understanding of the services provided by a service organization, including internal controls, what matters should the user auditor evaluate regarding the service auditor’s report?
The user auditor should (1) evaluate whether the report provides sufficient appropriate evidence for understanding the user entity’s relevant internal controls and (2) determine whether any complementary user entity controls identified by the service organization are relevant in assessing the risks of material misstatement.
What is meant by the term “service auditor”?
A practitioner who reports on controls at a service organization
What is meant by the term “complementary user entity controls”?
Controls that management of the service organization assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve the control objectives stated in management’s description of the service organization’s system, are identified as such in that description
Why is the user auditor obligated to obtain an understanding of the services provided to a user entity by a service organization, including its internal controls?
The services of the service organization may be relevant to the audit of a user entity when those services (and the controls over those services) affect the user entity’s information system related to financial reporting and safeguarding of assets.
