Guide to Using International Standards on Auditing in - IFAC

More documents

Recommendations

Info

178 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Paragraph # 402.8 (continued) Relevant Extracts from ISAs (d) Service audi<strong>to</strong>r—An audi<strong>to</strong>r who, at the request of the service organization, provides an assurance report on the controls of a service organization. (e) Service organization—A third-party organization (or segment of a third-party organization) that provides services <strong>to</strong> user entities that are part of those entities’ information systems relevant <strong>to</strong> financial reporting. (f) Service organization’s system—The policies and procedures designed, implemented and maintained by the service organization <strong>to</strong> provide user entities with the services covered by the service audi<strong>to</strong>r’s report. (g) Subservice organization—A service organization used by another service organization <strong>to</strong> perform some of the services provided <strong>to</strong> user entities that are part of those user entities’ information systems relevant <strong>to</strong> financial reporting. (h) User audi<strong>to</strong>r—An audi<strong>to</strong>r who audits and reports on the financial statements of a user entity. (i) User entity—An entity that uses a service organization and whose financial statements are being audited. Many entities (including very small ones) often outsource certain financial processing activities such as: • Payroll; • Internet sales; • IT services; • Asset management (inven<strong>to</strong>ry warehousing, investments, etc.); and • Bookkeeping services. This would include processing of transactions, maintaining accounting records, and preparing financial statements. These third-party organizations (providing services relevant <strong>to</strong> financial reporting) are referred <strong>to</strong> as “service organizations.” Where service organizations are used, the audi<strong>to</strong>r needs <strong>to</strong> consider the effect of such arrangements on the entity’s internal control. This includes: • Obtaining sufficient information <strong>to</strong> assess the risks of material misstatement; and • Designing an appropriate response. In smaller entities, the outsourced services may well be important <strong>to</strong> the ongoing operation of the entity, but may not be relevant <strong>to</strong> the audit. This would occur where there are sufficient internal controls within the entity <strong>to</strong> address the risks of material misstatement, or where substantive audit procedures can be performed <strong>to</strong> address the identified risks. CONSIDER POINT <strong>Using</strong> a service organization <strong>to</strong> prepare financial statements does not relieve management (and those charged with governance) of their responsibilities for the financial statements.
179 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts There are two types of reports that service organizations can provide <strong>to</strong> their users: • Type 1 reports — description and design of controls at a service organization These reports provide evidence about the design and implementation of controls, but not their operating effectiveness. Such reports may be informative, but are of limited use <strong>to</strong> the audi<strong>to</strong>r in understanding whether the key controls at the service organization operated effectively during the period being audited. • Type 2 reports — description, design, and operating effectiveness of controls These reports can be used by the audi<strong>to</strong>r <strong>to</strong> consider whether: – The controls tested by the service organization audi<strong>to</strong>r are relevant <strong>to</strong> the entity’s transactions, account balances, disclosures, and related assertions, and – The service organization audi<strong>to</strong>r’s tests of controls and the results are adequate (i.e., the length of the period covered by the service organization audi<strong>to</strong>r’s tests, and the time elapsed since the performance of those tests). Risk Assessment Paragraph # Relevant Extracts from ISAs 402.9 When obtaining an understanding of the user entity in accordance with ISA 315, the user audi<strong>to</strong>r shall obtain an understanding of how a user entity uses the services of a service organization in the user entity’s operations, including: (Ref: Para. A1-A2) (a) The nature of the services provided by the service organization and the significance of those services <strong>to</strong> the user entity, including the effect thereof on the user entity’s internal control; (Ref: Para. A3-A5) (b) The nature and materiality of the transactions processed or accounts or financial reporting processes affected by the service organization; (Ref: Para. A6) (c) The degree of interaction between the activities of the service organization and those of the user entity; and (Ref: Para. A7) (d) The nature of the relationship between the user entity and the service organization, including the relevant contractual terms for the activities undertaken by the service organization. (Ref: Para. A8-A11) 402.10 When obtaining an understanding of internal control relevant <strong>to</strong> the audit in accordance with ISA 315, the user audi<strong>to</strong>r shall evaluate the design and implementation of relevant controls at the user entity that relate <strong>to</strong> the services provided by the service organization, including those that are applied <strong>to</strong> the transactions processed by the service organization. (Ref: Para. A12-A14) 402.11 The user audi<strong>to</strong>r shall determine whether a sufficient understanding of the nature and significance of the services provided by the service organization and their effect on the user entity’s internal control relevant <strong>to</strong> the audit has been obtained <strong>to</strong> provide a basis for the identification and assessment of risks of material misstatement. 402.12 If the user audi<strong>to</strong>r is unable <strong>to</strong> obtain a sufficient understanding from the user entity, the user audi<strong>to</strong>r shall obtain that understanding from one or more of the following procedures: (a) Obtaining a type 1 or type 2 report, if available; (b) Contacting the service organization, through the user entity, <strong>to</strong> obtain specific information; (c) Visiting the service organization and performing procedures that will provide the necessary information about the relevant controls at the service organization; or (d) <strong>Using</strong> another audi<strong>to</strong>r <strong>to</strong> perform procedures that will provide the necessary information about the relevant controls at the service organization. (Ref: Para. A15-A20)
Page 1 and 2:
Guide to</
Page 3 and 4:
3 Guide to
Page 5 and 6:
5 Guide to
Page 7 and 8:
Disclaimer This Guide</stro
Page 9 and 10:
9 Guide to
Page 11 and 12:
11 Guide t
Page 13 and 14:
13 2. Clarified ISAs In March 2009,
Page 15 and 16:
15 Guide t
Page 17 and 18:
17 Guide t
Page 19 and 20:
Volume 1 Core Concepts
Page 21 and 22:
21 Guide t
Page 23 and 24:
23 Guide t
Page 25 and 26:
25 Guide t
Page 27 and 28:
27 Guide t
Page 29 and 30:
29 Guide t
Page 31 and 32:
31 Guide t
Page 33 and 34:
33 Guide t
Page 35 and 36:
35 Guide t
Page 37 and 38:
37 Guide t
Page 39 and 40:
39 Guide t
Page 41 and 42:
41 Guide t
Page 43 and 44:
43 Guide t
Page 45 and 46:
45 Guide t
Page 47 and 48:
47 Guide t
Page 49 and 50:
49 Guide t
Page 51 and 52:
51 5. Internal Control — Purpose
Page 53 and 54:
53 Guide t
Page 55 and 56:
55 Guide t
Page 57 and 58:
57 Guide t
Page 59 and 60:
59 Guide t
Page 61 and 62:
61 Guide t
Page 63 and 64:
63 Guide t
Page 65 and 66:
65 Guide t
Page 67 and 68:
67 Guide t
Page 69 and 70:
69 Guide t
Page 71 and 72:
71 Guide t
Page 73 and 74:
73 Guide t
Page 75 and 76:
75 Guide t
Page 77 and 78:
77 6. Financial Statement Assertion
Page 79 and 80:
79 Guide t
Page 81 and 82:
81 Guide t
Page 83 and 84:
83 Guide t
Page 85 and 86:
85 Guide t
Page 87 and 88:
87 Guide t
Page 89 and 90:
89 Guide t
Page 91 and 92:
91 Guide t
Page 93 and 94:
93 Guide t
Page 95 and 96:
95 Guide t
Page 97 and 98:
97 Guide t
Page 99 and 100:
99 Guide t
Page 101 and 102:
101 Guide
Page 103 and 104:
103 Guide
Page 105 and 106:
105 Guide
Page 107 and 108:
107 Guide
Page 109 and 110:
109 Guide
Page 111 and 112:
111 Guide
Page 113 and 114:
113 Guide
Page 115 and 116:
115 10. Further Audit Procedures Ch
Page 117 and 118:
117 Guide
Page 119 and 120:
119 Guide
Page 121 and 122:
121 Guide
Page 123 and 124:
123 Guide
Page 125 and 126:
125 Guide
Page 127 and 128: 127 Guide
Page 145 and 146: 145 12. Related Parties Chapter Con
Page 161 and 162: 161 14. Going Concern Chapter Conte
Page 171 and 172: 171 15. Summary of Other ISA Requir
Page 177: 177 Guide
Page 205 and 206: 205 16. Audit Documentation Chapter
Page 229 and 230:
229 Guide
Page 231 and 232:
231 Guide
Page 233 and 234:
233 Guide
Page 235 and 236:
235 Guide
show all

Guide to Using International Standards on Auditing in - IFAC

Create successful ePaper yourself

Delete template?

Save as template?