Page 42 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 42
CA Ravi Taori
a. The service auditor’s opinion on the description of the service organisation’s system, control objectives and
related controls, the suitability of the design of the controls to achieve the specified control objectives, and the
operating effectiveness of the controls; and
b. A description of the service auditor’s tests of the controls and the results thereof.
(CNO-SA402.140) Obtaining an Understanding of the Services (Risk Assessment Procedures)
Understanding Services: -When obtaining an understanding of the user entity in accordance with SA 315, the
user auditor shall obtain an understanding of how a user entity uses the services of a service organisation in the
user entity’s operations, including: -
SERVICE
1A. Nature of Services: The nature of the services provided by the service organisation and the significance of
those services to the user entity, including the effect thereof on the user entity’s internal control. Information on
nature of services provided by a user organization may be available from sources such as user manuals, contract
between the user entity and service organization, reports by service auditors etc.
1B. Nature and Materiality of the Transactions: The nature and materiality of the transactions processed, or
accounts or financial reporting processes affected by the service organisation. In certain situations, the
transactions processed, and the accounts affected by the service organisation may not appear to be material to
the user entity’s financial statements, but the nature of the transactions processed may be significant and the user
auditor may determine that an understanding of those controls is necessary in the circumstances.
2A. Nature of the relationship: The nature of the relationship between the user entity and the service
organisation, including the relevant contractual terms for the activities undertaken by the service organisation.
2B. Degree of interaction: The degree of interaction between the activities of the service organisation and those
of the user entity. The degree of interaction refers to the extent to which a user entity is able to and elects to
implement effective controls over the processing performed by the service organisation. For example, a high
degree of interaction exists between the activities of the user entity and those at the service organisation when
the user entity authorises transactions and the service organisation processes and does the accounting for those
transactions.
3. Understanding of Internal Control Relevant to the Audit: When obtaining an understanding of internal
control relevant to the audit in accordance with SA 315, the user auditor shall evaluate the design and
implementation of relevant controls at the user entity that relate to the services provided by the service
organisation, including those that are applied to the transactions processed by the service organisation.
(CNO-SA402.160) Sufficient understanding.
1. Sufficient understanding from User Entity: The user auditor shall determine whether a sufficient
understanding of the nature and significance of the services provided by the service organisation and their effect
on the user entity’s internal control relevant to the audit has been obtained to provide a basis for the identification
and assessment of risks of material misstatement.
2. Sufficient understanding from SO: If the user auditor is unable to obtain a sufficient understanding from
the user entity, the user auditor shall obtain that understanding from one or more of the following procedures:
-
2A. Contacting SO: Contacting the service organisation, through the user entity, to obtain specific information.
2B. Type 1 / Type 2: Obtaining a Type 1 or Type 2 report, if available
2C. Using another auditor: Using another auditor to perform procedures that will provide the necessary
information about the relevant controls at the service organisation.
2D. Visiting the service organisation: Visiting the service organisation and performing procedures that will
provide the necessary information about the relevant controls at the service organisation or
www.auditguru.in 2.22
