Page 217 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 217
CA Ravi Taori
Type 2 Report Description: Whereas type 2 report is a report on the description, design and operating
effectiveness of controls at a service organization.
(CNO 3402.060) How such an Engagement is Proceeded with?
(Shortcut: CUSTOMISED WA (W’app)
Compliance with ethical requirements:
Compliance with ethical requirements: The service auditor shall comply with relevant ethical requirements,
including those pertaining to independence, relating to assurance engagements.
Obtaining an Understanding of the Service organization’s system:
The service Auditor shall obtain an understanding of the service organization’s system, including controls that
are included in the scope of engagement
Assessing of Suitability of the Criteria:
The service auditor shall assess whether the service organization has used suitable criteria in preparing the
description of its system, in evaluating whether controls are suitably designed, and, in the case of a type 2 reports,
in evaluating whether controls are operating effectively.
Determination of Management and Those charged with governance and communication with them:
The service auditor shall inquire of, request representations from, communicate with, or otherwise interact with
the service organization wherever required. The service auditor shall determine the appropriate persons within
the service organization’s management or governance structure with whom to interact.
Obtaining evidence regarding Operating effectiveness of controls:
When providing a type 2 report, the service auditor shall test those controls that the service auditor has
determined are necessary to achieve the control objectives stated in the service organization’s description of its
system and assess their operating effectiveness throughout the period.
Determination of Materiality:
When planning and performing the engagement, the service auditor shall consider materiality with respect to
the fair presentation of the description, the suitability of the design of controls and, in the case of a type 2 report,
the operating effectiveness of controls.
Understanding the Internal audit function:
If the service organization has an internal audit function, the service auditor shall obtain an understanding of
the nature of the responsibilities of the internal audit function and of the activities performed in order to
determine whether the internal audit function is likely to be relevant to the engagement in order for the service
auditor to use specific work of the internal auditors
Subsequent Events:
The service auditor shall inquire whether the service organization is aware of any events subsequent to the period
covered by the service organization’s description of its system up to the date of the service auditor’s assurance
report that could have a significant effect on the service auditor’s assurance report.
Obtaining Evidence regarding the design of controls:
The service auditor shall determine which of the controls at the service organization are necessary to achieve the
control objectives stated in the service organization’s description of its system and shall assess whether those
controls were suitably designed
Obtaining evidence regarding the Description:
The service auditor shall obtain and read the service organization’s description of its system and evaluate whether
those aspects of the description included in the scope of engagement are fairly presented.
Asking for Written Representations:
The service auditor shall request the service organization to provide written representations: -
a) That reaffirm the assertion accompanying the description of the system.
b) That it has provided the service auditor with all relevant information and access agreed to and
www.auditguru.in 11.9
