5.6. CLIENT CONTROL CONSIDERATIONS
From the perspective of the client organization, the most important information contained in a service auditor's report are the client control considerations. Client control considerations are procedures that the service organization recommends that each client organization implement. These controls complement the controls at the service organization to enhance the level of control over client organization transactions and data. The controls at the client organization and the service organization comprise the overall control environment for the process being evaluated.
Within a service auditor's report, client control considerations are sometimes described immediately after each description of policies and procedures and tests performed. Client control considerations may also be grouped together in a separate section or in a matrix. Exhibits 5.5, 5.6, 5.7, and 5.8 provide lists of client control considerations corresponding to the service organizations in Exhibits 5.1 through 5.4, respectively. Each control objective does not necessarily require a client control consideration.
When performing an audit of a process that utilizes a service organization, the internal auditor should examine the service auditor's report and confirm that each client control consideration has been implemented at the client organization. If not, the auditor should determine the reason the client control considerations were not implemented, assess the potential risks ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
