Page 218 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 218
CA Ravi Taori
c) That it has disclosed to the service auditor any of the following of which it is aware
• Non-compliance with laws and regulations, fraud, or uncorrected deviations attributable to the service
organization that may affect one or more user entities.
• Design deficiencies in controls
• Instances where controls have not operated as described and
Any events subsequent to the period covered by the service organization’s description of its system up to the date
of the service auditor’s assurance report that could have a significant effect on the service auditor’s assurance
report.
Acceptance and changes in terms of engagement:
Acceptance and changes in terms of engagement: Before, accepting such an engagement, it has to be ensured by
service auditor that necessary capabilities and competence to carry out such engagement are possessed by him. It
also needs to be ensured that the criteria to be applied by the service organization to prepare the description of
its system will be suitable and available to user entities and their auditors and the scope of the engagement and
the service organization’s description of its system will not be so limited that they are unlikely to be useful to
user entities and their auditors. If the service organization requests a change in the scope of the engagement
before the completion of the engagement, the service auditor shall be satisfied that there is a reasonable
justification for the change.
(CNO 3402.080) Reporting
The service auditor’s assurance report shall include the following basic elements: -
1. Title: A title that clearly indicates the report is an independent service auditor’s assurance report.
2. Addressee
3. Identification of
3A. Service Organization’s Description: The service organization’s description of its system, and the service
organization’s assertion, which includes the matters for a type 2 report, or for a type 1 report.
3B. Parts Not Covered by Auditor’s Opinion: Those parts of the service organization’s description of its system,
if any, that are not covered by the service auditor’s opinion.
3C. Reference to Complementary User Entity Controls: If the description refers to the need for
complementary user entity controls, a statement that the service auditor has not evaluated the suitability of design
or operating effectiveness of complementary user entity controls, and that the control objectives stated in the
service organization’s description of its system can be achieved only if complementary user entity controls are
suitably designed or operating effectively, along with the controls at the service organization.
3D. Activities of Subservice Organization: If services are performed by a subservice organization, the nature of
activities performed by the subservice organization as described in the service organization’s description of its
system.
4. Statement of Service Organization's Responsibility: A statement that the service organization is responsible
for:
4A.Prepation: Preparing the description of its system, and the accompanying assertion, including the
completeness, accuracy and method of presentation of that description and that assertion.
4B. Providing Services: Providing the services covered by the service organization’s description of its system.
4C. Stating the Control Objectives: Stating the control objectives (where not identified by law or regulation,
or another party, for example, a user group or a professional body) and
4D. Designing and Implementing Controls: Designing and implementing controls to achieve the control
objectives stated in the service organization’s description of its system.
5. Identification of Criteria: Identification of the criteria, and the party specifying the control objectives.
6. Service Auditor's Responsibility Statement: A statement that the service auditor’s responsibility is to express
an opinion on the service organization’s description, on the design of controls related to the control objectives
www.auditguru.in 11.10