Showing posts with label ISA (UK) 402. Show all posts
Showing posts with label ISA (UK) 402. Show all posts

Thursday, April 14, 2022

ISA (UK) 402: Audit Considerations Relating to an Entity Using a Service Organization

 When a user entity utilizes the services of one or more service organizations, this International Standard on Auditing (UK) (ISA (UK)) addresses the user auditor's responsibilities to gather adequate appropriate audit evidence. It explains how the user auditor can use ISA (UK) 315 and ISA (UK) 330 to gain a sufficient understanding of the user entity, including relevant internal controls, to identify and assess the risks of material misstatement, and to design and perform additional audit procedures in response to those risks. When services provided by a service organization, as well as the controls over them, are part of the user entity's information system, including related business activities, relevant to financial reporting, they are relevant to the audit of the user entity's financial statements. The user auditor must comprehend how a user entity uses the services of a service organization in the user entity's activities when developing an understanding of the user entity in accordance with ISA (UK) 315.

When a user entity uses the services of a service organization, the user auditor's objectives are to:

(a) gain a sufficient understanding of the nature and significance of the service organization's services and their impact on the user entity's internal control relevant to the audit to identify and assess the risks of material misstatement; and

(b) design and perform audit procedures responsive to those risks.

Maintenance of the user entity's accounting records is an example of a service organization service that is important to the audit. Regardless of the controls in place at the service organization, the user entity may establish controls over the service organization's services that the user auditor can test, allowing the user auditor to conclude that the user entity's controls are operating effectively for some or all of the related assertions. If a user entity, for example, hires a service organization to conduct its payroll transactions, the user entity can set up controls over the submission and receipt of payroll data to prevent or identify serious misstatements.

 

Practice:

The user auditor shall evaluate the design and implementation of relevant controls at the user entity that relates to the services provided by the service organization, including those that are applied to the transactions processed by the service organization, when obtaining an understanding of internal control relevant to the audit in accordance with ISA (UK) 315.

 

 

Reference:      https://bit.ly/3Mm0kVB