Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
182<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Paragraph #<br />
Relevant Extracts from ISAs<br />
402.19 The user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall <strong>in</strong>quire of management of the user entity whether the service<br />
organizati<strong>on</strong> has reported <str<strong>on</strong>g>to</str<strong>on</strong>g> the user entity, or whether the user entity is otherwise aware of,<br />
any fraud, n<strong>on</strong>-compliance with laws and regulati<strong>on</strong>s or uncorrected misstatements affect<strong>in</strong>g<br />
the f<strong>in</strong>ancial statements of the user entity. The user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall evaluate how such matters<br />
affect the nature, tim<strong>in</strong>g and extent of the user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s further audit procedures, <strong>in</strong>clud<strong>in</strong>g<br />
the effect <strong>on</strong> the user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s c<strong>on</strong>clusi<strong>on</strong>s and user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s report. (Ref: Para. A41)<br />
In resp<strong>on</strong>d<strong>in</strong>g <str<strong>on</strong>g>to</str<strong>on</strong>g> the assessed risks, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r would c<strong>on</strong>sider the follow<strong>in</strong>g matters.<br />
Exhibit 15.3-3<br />
Address<br />
Can Necessary<br />
Evidence Be<br />
Obta<strong>in</strong>ed from<br />
with<strong>in</strong> Entity?<br />
Determ<strong>in</strong>e Extent<br />
of Reliance That<br />
Can Be Placed <strong>on</strong><br />
the Type 1 or Type<br />
2 Report<br />
Test<strong>in</strong>g User<br />
Records and<br />
C<strong>on</strong>trols<br />
Obta<strong>in</strong><strong>in</strong>g Audit<br />
Evidence from<br />
the Service<br />
Organizati<strong>on</strong><br />
Mak<strong>in</strong>g Inquiries<br />
about Significant<br />
Events (Fraud, etc.)<br />
Descripti<strong>on</strong><br />
If yes, obta<strong>in</strong> sufficient appropriate audit evidence c<strong>on</strong>cern<strong>in</strong>g the relevant f<strong>in</strong>ancial<br />
statement asserti<strong>on</strong>s <strong>in</strong>volved.<br />
If no, perform additi<strong>on</strong>al procedures <str<strong>on</strong>g>to</str<strong>on</strong>g> obta<strong>in</strong> evidence, such as us<strong>in</strong>g another audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> perform procedures at the service organizati<strong>on</strong> <strong>on</strong> the user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s behalf.<br />
• C<strong>on</strong>sider the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s professi<strong>on</strong>al competence and <strong>in</strong>dependence and<br />
adequacy of standards under which the report was issued;<br />
• Evaluate whether the descripti<strong>on</strong> and design of c<strong>on</strong>trols at the service organizati<strong>on</strong><br />
is at a date or for a period that is appropriate for the user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s purposes;<br />
• Evaluate the sufficiency and appropriateness of the evidence provided by the report<br />
for the understand<strong>in</strong>g of the user entity’s <strong>in</strong>ternal c<strong>on</strong>trol relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit; and<br />
• Determ<strong>in</strong>e whether complementary user-entity c<strong>on</strong>trols identified by the service<br />
organizati<strong>on</strong> are relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the user entity and, if so, obta<strong>in</strong> an understand<strong>in</strong>g of<br />
whether the user entity has designed and implemented such c<strong>on</strong>trols.<br />
Note that a type 1 report provides no evidence that the <strong>in</strong>ternal c<strong>on</strong>trols at the<br />
service organizati<strong>on</strong> operated effectively over a period of time. If a type 2 report is<br />
not available, it may be necessary for the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r <str<strong>on</strong>g>to</str<strong>on</strong>g> perform tests of c<strong>on</strong>trols at the<br />
service organizati<strong>on</strong>, or use another audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r <str<strong>on</strong>g>to</str<strong>on</strong>g> perform such tests.<br />
Where possible, obta<strong>in</strong> sufficient appropriate audit evidence c<strong>on</strong>cern<strong>in</strong>g the relevant<br />
f<strong>in</strong>ancial statement asserti<strong>on</strong>s from the records held by the user entity.<br />
If user records are not sufficient, obta<strong>in</strong> audit evidence about the operat<strong>in</strong>g<br />
effectiveness of c<strong>on</strong>trols at the service organizati<strong>on</strong> by:<br />
• Obta<strong>in</strong><strong>in</strong>g a type 2 report, if available;<br />
• Perform<strong>in</strong>g appropriate tests of c<strong>on</strong>trols at the service organizati<strong>on</strong>; or<br />
• <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> another audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r <str<strong>on</strong>g>to</str<strong>on</strong>g> perform tests of c<strong>on</strong>trols at the service organizati<strong>on</strong> <strong>on</strong><br />
behalf of the user audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r.<br />
Inquire of management whether they have become aware (or received notice from<br />
the service organizati<strong>on</strong>) of any fraud, n<strong>on</strong>-compliance with laws and regulati<strong>on</strong>s, or<br />
uncorrected misstatements that could affect the f<strong>in</strong>ancial statements.