Page 142 - AAA Integrated Workbook STUDENT S18-J19

P. 142

Chapter 93 4

3.4 Service organisations

ISA 402 Audit Considerations Relating to an Entity using a Service Organisation
deals with the auditor's responsibility to obtain sufficient appropriate evidence when a
client outsources functions to service organisations.

The client may outsource certain functions to another company – a service
organisation, e.g.

 Internal audit

 Receivables collection

 The entire finance function

 Payroll.

The auditor should:

 Gain an understanding of the services being provided.

 Assess the design and implementation of the internal controls of the service
provider.

 Visit the service provider to perform tests of controls.

 Contact the service provider's auditors to request a type 1 or type 2 report:

A Type 1 report provides a description of the design of the controls at the
service organisation prepared by the management of the service organisation. It
includes a report by the service auditor providing an opinion on the description
of the system and the suitability of the controls.

A Type 2 report is a report on the description, design and operating
effectiveness of controls at the service organisation. It contains a report
prepared by management of the service organisation. It includes a report by the
service auditor providing an opinion on the description of the system, the
suitability of the controls, the effectiveness of the controls and a description of
the tests of controls performed by the auditor.

 Consider whether sufficient appropriate evidence has been obtained and the
implications for the auditor's report.

138

137 138 139 140 141 142 143 144 145 146 147