Page 215 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 215

CA Ravi Taori

         (CNO 3400.140) Documentation
         Documentation Importance:
         •  Matters  important  in  providing  evidence  to  support  the  report  on  examination  of  prospective  financial
         information, and evidence of adherence to this SAE should be documented.

                         SAE 3402 Assurance Reports on Controls at a Service Organisation

         (CNO 3402.020) Introduction
         SAE 3402 Overview:
         • SAE 3402 addresses assurance engagements by a professional accountant in public practice. The goal is to
         provide a report on controls at a service organization, which is used by user entities and their auditors.
         Relevance to User Entities:
         • The service provided by the organization should be relevant to user entities’ internal control, especially as it
         pertains to financial reporting.
         Relation to SA 402:
         • This SAE complements SA 402. Reports generated in line with SAE 3402 can offer suitable evidence under SA
         402.
         Scope of SAE 3402
         Applicability of SAE 3402:
         • applies only when the service organization is responsible for, or otherwise able to make an assertion about, the
         suitable design of controls
         Exclusions from the Standard:
         (a) Does not address engagements solely reporting on whether controls operated as described.
         (b) Does not cater to reports on controls unrelated to user entities' financial reporting internal control, like
         controls over production or quality.
         What is a Service Organisation?
         Definition of Service Organisation:
         • A third-party entity or a segment thereof that offers services impacting user entities' internal controls over
         financial reporting.
         Definition of  User Entity:
         • An entity that avails the services of a service organization.
         Why  controls  of  a  service  organization  are  important  to  a  user  entity’s  internal  controls  relating  to
         financial reporting?– (Controls at SO)
         1. Definition of "Controls at Service Organization":
         • Encompasses elements of user entities’ systems managed by the service organization. This might involve a
         service organization’s control environment, monitoring, and control activities related to provided services.
         2A. Relevance to User Entity's Internal Controls:
         • Controls at a service organization may impact user entities' internal controls over financial reporting, especially
         regarding account balances, transaction classes, or disclosures.
         2B. Example of Payroll Processing:
         • A company outsources payroll processing, relying on the service organization for accurate payrolls and timely
         statutory due remittances. Late remittances by the service organization could cause liabilities for the user entity.
         2C. Determining Relevance:
         • Deciding the relevance of a service organization's operational and compliance controls requires professional
         judgment, considering the control objectives set by the service organization and the suitability of criteria.
         3. Exclusions from Controls:


        www.auditguru.in                                                                                   11.7
   210   211   212   213   214   215   216   217   218   219   220