Page 47 - CA Final PARAM Digital Book.

P. 47

(b)
➢ Sufficient Understanding should be obtained Services Received & SO, so that
auditor can go for Identification & Assessment of RMM.
The user auditor shall determine whether a sufficient understanding of the nature and significance
of the services provided by the service organisation and their effect on the user entity’s internal
control relevant to the audit has been obtained to provide a basis for the identification and
assessment of risks of material misstatement.

Sources of Information –
Information on the nature of the services provided by a service organisation may be available from
a wide variety of sources, such as 1. the contract or service level agreement between the user
entity and the service organisation; 2. system overviews; 3. technical manuals; 4. user
manuals; 5. reports by service organizations; 6. reports by the service auditor; 7. internal
auditors or regulatory authorities on controls at the service organisation; 8. including
management letters, if available.

Knowledge obtained through the user auditor’s experience with the service organisation, for
example through experience with other audit engagements, may also be helpful in obtaining an
understanding of the nature of the services provided by the service organisation. This may be
particularly helpful if the services and controls at the service organisation over those services are
highly standardized.
(c)
➢ If Sufficient understanding is not obtained from User Entity, then following
procedures can give auditor better understanding. (In sequence of ease of doing
procedures)
Type 1 or Type 2 Report / Contact SO through UE / Using Another Auditor
/ Visiting SO
If the user auditor is unable to obtain a sufficient understanding from the user entity, the
user auditor shall obtain that understanding from one or more of the following procedures:
• Contacting the service organisation, through the user entity, to obtain specific
information;
• Obtaining a Type 1 or Type 2 report, if available;
• Using another auditor to perform procedures that will provide the necessary
information about the relevant controls at the service organisation.
• Visiting the service organisation and performing procedures that will provide the
necessary information about the relevant controls at the service organisation;
Author’s Note: -
•
It is a Kind of Master answer for SA 402 covering more than a single topic. Please consider the question
asked and don’t just write the entire answer.
Choose the relevant part of answer on the basis of question asked.

QNO Factors to decide relevance of SO Services Old Course – (M18E, N21E)
52.100 TITANIUM CNO--SA402.060 New Course – (SM23)
Durafone Mobile Co. Ltd. have pan India presence and market leader in mobile operation. It has
outsourced all its revenue operation including accounting functions to Set Solutions (P) Ltd. As an Auditor
of the mobile company, enumerate the factors to be taken into consideration related to its financial
reporting.

In the course of audit of FIN Limited you observed that processing of accounting data was given to a third
party on account of certain considerations like cost reduction, own computer working to full capacity. FIN
Limited used a service organisation to record transactions and process related data. As an auditor, what
would be your considerations regarding the nature and extent of activities undertaken by service
organisation to determine whether those activities are relevant to the audit and, if so, to assess their effect
on audit risk. Discuss with reference to relevant Standard on Auditing.
www.auditguru.in PARAM 2.26 | P a g e

42 43 44 45 46 47 48 49 50 51 52