Guide to Using International Standards on Auditing in - IFAC

More documents

Recommendations

Info

180 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Where service organizations are used, the audi<strong>to</strong>r would consider the matters set out in the exhibit below. Exhibit 15.3-2 Address What Services (Relevant <strong>to</strong> the Audit) are Provided? What Relevant Internal Controls are in Place? Extent of Reliance Placed on Controls in Place at Service Organization? Description • Identify: – The nature of services provided, – Materiality of transactions processed, and – Accounts or financial reporting processes affected. • Review the terms of the contract or service-level agreement between the user entity and the service organization. • Determine the degree of interaction (activities) between the service organization and the entity. • Review reports by service organizations, service audi<strong>to</strong>rs (including management letters), internal audi<strong>to</strong>rs, or regula<strong>to</strong>ry authorities on controls at the service organization. • Are the controls at the service organization relevant <strong>to</strong> the audit? If no, a substantive approach is sufficient. If yes, the audi<strong>to</strong>r must get comfort that the controls at the service organization are appropriately designed and implemented. • Are there controls established by the user (that could be tested) that mitigate material-processing risks, regardless of controls at the service organization? For example, user controls over payroll could include: – Comparing data submitted <strong>to</strong> the service organization with reports from the service organization after data processing, – Re-computing a sample of the payroll amounts for clerical accuracy, and – Reviewing the <strong>to</strong>tal amount of the payroll for reasonableness. • Obtain any type 1 or type 2 reports available. Contracts with service organizations often include the provision of such reports; • Contact the service organization <strong>to</strong> obtain specific information; • Visit the service organization and perform required procedures; or • Use another audi<strong>to</strong>r <strong>to</strong> perform required procedures. CONSIDER POINT Check the wording of service organization reports for possible restrictions as <strong>to</strong> use. Such restrictions can apply <strong>to</strong> management, the service organization and its cus<strong>to</strong>mers, and the entity’s audi<strong>to</strong>rs.
181 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Risk Response Paragraph # Relevant Extracts from ISAs 402.13 In determining the sufficiency and appropriateness of the audit evidence provided by a type 1 or type 2 report, the user audi<strong>to</strong>r shall be satisfied as <strong>to</strong>: (a) The service audi<strong>to</strong>r’s professional competence and independence from the service organization; and (b) The adequacy of the standards under which the type 1 or type 2 report was issued. (Ref: Para. A21) 402.14 If the user audi<strong>to</strong>r plans <strong>to</strong> use a type 1 or type 2 report as audit evidence <strong>to</strong> support the user audi<strong>to</strong>r’s understanding about the design and implementation of controls at the service organization, the user audi<strong>to</strong>r shall: (a) Evaluate whether the description and design of controls at the service organization is at a date or for a period that is appropriate for the user audi<strong>to</strong>r’s purposes; (b) Evaluate the sufficiency and appropriateness of the evidence provided by the report for the understanding of the user entity’s internal control relevant <strong>to</strong> the audit; and (c) Determine whether complementary user entity controls identified by the service organization are relevant <strong>to</strong> the user entity and, if so, obtain an understanding of whether the user entity has designed and implemented such controls. (Ref: Para. A22-A23) 402.15 In responding <strong>to</strong> assessed risks in accordance with ISA 330, the user audi<strong>to</strong>r shall: (a) Determine whether sufficient appropriate audit evidence concerning the relevant financial statement assertions is available from records held at the user entity; and, if not, (b) Perform further audit procedures <strong>to</strong> obtain sufficient appropriate audit evidence or use another audi<strong>to</strong>r <strong>to</strong> perform those procedures at the service organization on the user audi<strong>to</strong>r’s behalf. (Ref: Para. A24-A28) 402.16 When the user audi<strong>to</strong>r’s risk assessment includes an expectation that controls at the service organization are operating effectively, the user audi<strong>to</strong>r shall obtain audit evidence about the operating effectiveness of those controls from one or more of the following procedures: (a) Obtaining a type 2 report, if available; (b) Performing appropriate tests of controls at the service organization; or (c) <strong>Using</strong> another audi<strong>to</strong>r <strong>to</strong> perform tests of controls at the service organization on behalf of the user audi<strong>to</strong>r. (Ref: Para. A29-A30) 402.17 If, in accordance with paragraph 16(a), the user audi<strong>to</strong>r plans <strong>to</strong> use a type 2 report as audit evidence that controls at the service organization are operating effectively, the user audi<strong>to</strong>r shall determine whether the service audi<strong>to</strong>r’s report provides sufficient appropriate audit evidence about the effectiveness of the controls <strong>to</strong> support the user audi<strong>to</strong>r’s risk assessment by: (a) Evaluating whether the description, design and operating effectiveness of controls at the service organization is at a date or for a period that is appropriate for the user audi<strong>to</strong>r’s purposes; (b) Determining whether complementary user entity controls identified by the service organization are relevant <strong>to</strong> the user entity and, if so, obtaining an understanding of whether the user entity has designed and implemented such controls and, if so, testing their operating effectiveness; (c) Evaluating the adequacy of the time period covered by the tests of controls and the time elapsed since the performance of the tests of controls; and (d) Evaluating whether the tests of controls performed by the service audi<strong>to</strong>r and the results thereof, as described in the service audi<strong>to</strong>r’s report, are relevant <strong>to</strong> the assertions in the user entity’s financial statements and provide sufficient appropriate audit evidence <strong>to</strong> support the user audi<strong>to</strong>r’s risk assessment. (Ref: Para. A31-A39)
Page 1 and 2:
Guide to</
Page 3 and 4:
3 Guide to
Page 5 and 6:
5 Guide to
Page 7 and 8:
Disclaimer This Guide</stro
Page 9 and 10:
9 Guide to
Page 11 and 12:
11 Guide t
Page 13 and 14:
13 2. Clarified ISAs In March 2009,
Page 15 and 16:
15 Guide t
Page 17 and 18:
17 Guide t
Page 19 and 20:
Volume 1 Core Concepts
Page 21 and 22:
21 Guide t
Page 23 and 24:
23 Guide t
Page 25 and 26:
25 Guide t
Page 27 and 28:
27 Guide t
Page 29 and 30:
29 Guide t
Page 31 and 32:
31 Guide t
Page 33 and 34:
33 Guide t
Page 35 and 36:
35 Guide t
Page 37 and 38:
37 Guide t
Page 39 and 40:
39 Guide t
Page 41 and 42:
41 Guide t
Page 43 and 44:
43 Guide t
Page 45 and 46:
45 Guide t
Page 47 and 48:
47 Guide t
Page 49 and 50:
49 Guide t
Page 51 and 52:
51 5. Internal Control — Purpose
Page 53 and 54:
53 Guide t
Page 55 and 56:
55 Guide t
Page 57 and 58:
57 Guide t
Page 59 and 60:
59 Guide t
Page 61 and 62:
61 Guide t
Page 63 and 64:
63 Guide t
Page 65 and 66:
65 Guide t
Page 67 and 68:
67 Guide t
Page 69 and 70:
69 Guide t
Page 71 and 72:
71 Guide t
Page 73 and 74:
73 Guide t
Page 75 and 76:
75 Guide t
Page 77 and 78:
77 6. Financial Statement Assertion
Page 79 and 80:
79 Guide t
Page 81 and 82:
81 Guide t
Page 83 and 84:
83 Guide t
Page 85 and 86:
85 Guide t
Page 87 and 88:
87 Guide t
Page 89 and 90:
89 Guide t
Page 91 and 92:
91 Guide t
Page 93 and 94:
93 Guide t
Page 95 and 96:
95 Guide t
Page 97 and 98:
97 Guide t
Page 99 and 100:
99 Guide t
Page 101 and 102:
101 Guide
Page 103 and 104:
103 Guide
Page 105 and 106:
105 Guide
Page 107 and 108:
107 Guide
Page 109 and 110:
109 Guide
Page 111 and 112:
111 Guide
Page 113 and 114:
113 Guide
Page 115 and 116:
115 10. Further Audit Procedures Ch
Page 117 and 118:
117 Guide
Page 119 and 120:
119 Guide
Page 121 and 122:
121 Guide
Page 123 and 124:
123 Guide
Page 125 and 126:
125 Guide
Page 127 and 128:
127 Guide
Page 129 and 130: 129 Guide
Page 145 and 146: 145 12. Related Parties Chapter Con
Page 161 and 162: 161 14. Going Concern Chapter Conte
Page 171 and 172: 171 15. Summary of Other ISA Requir
Page 179: 179 Guide
Page 205 and 206: 205 16. Audit Documentation Chapter
Page 231 and 232:
231 Guide
Page 233 and 234:
233 Guide
Page 235 and 236:
235 Guide
show all

Guide to Using International Standards on Auditing in - IFAC

Create successful ePaper yourself

Delete template?

Save as template?