ISA 402 - Audit Considerations Relating to an Entity Using a Service Organization Flashcards
ISA 402: Audit Considerations Relating to an Entity Using a Service Organization.
- Responsibility of an Auditor with regards to the Entity that make use of Services from Service Organization.
Will come across 4 important terms in this section, ie:
User Entity, User Auditor, Service Organization, and Service Auditor.
User Entity:
* Use Service from Service Organization.
User Auditor:
* Auditor of User Entity.
Service Organization:
* Take up work outsourced by User Entity.
Service Auditor:
* Auditor of Service Organization.
This is basically outsourcing whereby a User Entity outsource Business Activity to the Service Entity.
- If this Service has an Impact on the User Entity’s
> Information System,
> Business operations,
> Financial Statements.
Then all these become relevant to the Audit that you are going to carry out.
> Thus, as the User Auditor, we must check whether:
> Has the User Entity outsourced any activity?
> Is the outsourced Activity relevant for Audit?
> If yes, then the corresponding controls related to the Activity are checked.
How do we tell that these are relevant? Certain criteria is used:
Activities are relevant for an Audit if they Impact on User Entity’s:
> Information System
> Business Operations,
> Financial Statements.
Service Entity, what we need to understand:
> Understand the Nature and significance of the transaction.
> Materiality of the transaction rendered by Service Organization.
> Degree of interaction with Service Organization to understand the Risk.
> Inspecting contractual agreement.
Evaluate the Design and Implementation of Controls by user Entity with regards to Outsourced Service.
Alternate actions taken by User Auditor:
> Ask for Type 1 / Type 2 Report.
> Communicate with Service Organization.
> Visit the Service Organization.
> Appoint an External Auditor to conduct the Audit.
Also check with the User Entity if they have any doubt or indication of Misstatement.
> User Auditor is Not required to give reference of the work used of Service Entity or Service Auditor.
User Auditor is responsible for all the Opinion.
When reference is given as required by Laws or Regulations, User Auditor will remain responsible for all Opinion given.
ISA 402: Type 1 Report and Type 2 Report:
> Document of Description regarding design and implementation of Internal Control of Service Entity on a particular day.
It is prepared by Management of Service Organization.
It is signed by the Service Auditor.
Type 2 Report:
> It is reflecting operating effectiveness of the Control over a specified period of time.
> It is prepared by Management of Service Organization and signed by the Service Auditor.
ISA 402: Sub Service Organization
> Service Entity can also outsource part of the Service Activity to another Entity called, Sub Service Organization.
If the information for Sub Service Organization Impacts User Entity Financial Statements, then that information is relevant for User Entity Audit.
ISA 402: Types of Methods:
Carve-Out Method:
> Report given by Service Auditor does not include the description of Controls related to Service provided by Sub Service Organization. Hence, User Auditor will apply procedure of ISA 402 on Sub Service Organization.
Inclusive Method:
> Report given by Service Auditor includes the description of Controls related to Service provided by Sub Service Organization.
