Page 215 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 215
CA Ravi Taori
(CNO 3400.140) Documentation
Documentation Importance:
• Matters important in providing evidence to support the report on examination of prospective financial
information, and evidence of adherence to this SAE should be documented.
SAE 3402 Assurance Reports on Controls at a Service Organisation
(CNO 3402.020) Introduction
SAE 3402 Overview:
• SAE 3402 addresses assurance engagements by a professional accountant in public practice. The goal is to
provide a report on controls at a service organization, which is used by user entities and their auditors.
Relevance to User Entities:
• The service provided by the organization should be relevant to user entities’ internal control, especially as it
pertains to financial reporting.
Relation to SA 402:
• This SAE complements SA 402. Reports generated in line with SAE 3402 can offer suitable evidence under SA
402.
Scope of SAE 3402
Applicability of SAE 3402:
• applies only when the service organization is responsible for, or otherwise able to make an assertion about, the
suitable design of controls
Exclusions from the Standard:
(a) Does not address engagements solely reporting on whether controls operated as described.
(b) Does not cater to reports on controls unrelated to user entities' financial reporting internal control, like
controls over production or quality.
What is a Service Organisation?
Definition of Service Organisation:
• A third-party entity or a segment thereof that offers services impacting user entities' internal controls over
financial reporting.
Definition of User Entity:
• An entity that avails the services of a service organization.
Why controls of a service organization are important to a user entity’s internal controls relating to
financial reporting?– (Controls at SO)
1. Definition of "Controls at Service Organization":
• Encompasses elements of user entities’ systems managed by the service organization. This might involve a
service organization’s control environment, monitoring, and control activities related to provided services.
2A. Relevance to User Entity's Internal Controls:
• Controls at a service organization may impact user entities' internal controls over financial reporting, especially
regarding account balances, transaction classes, or disclosures.
2B. Example of Payroll Processing:
• A company outsources payroll processing, relying on the service organization for accurate payrolls and timely
statutory due remittances. Late remittances by the service organization could cause liabilities for the user entity.
2C. Determining Relevance:
• Deciding the relevance of a service organization's operational and compliance controls requires professional
judgment, considering the control objectives set by the service organization and the suitability of criteria.
3. Exclusions from Controls:
www.auditguru.in 11.7