16
ISA 402 (REVISED AND REDRAFTED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANISATION
ISA 402 deals with the responsibility the auditor has to obtain sufficient appropriate audit evidence when an entity uses a service organisation. For the purposes of ISA 402, the definition of a ‘service organisation’ is:
A third-party organisation (or segment of a third-party organisation) that provides services to user entities that are part of those entities’ information systems relevant to financial reporting.
[ISA402.8 (e)]
Today it is becoming increasingly common for businesses to outsource certain functions of their business. For example, payroll is often outsourced to a dedicated payroll agency in order to ease the administrative burdens for the entity. Where an entity outsources certain aspects of its business, the auditor needs to obtain an understanding of the nature and significance of the services provided by the service organisation together with the effect on the user-entity’s internal controls. The objective here is to consider the risk of material misstatement and design audit procedures which are specifically responsive to those risks.
Obtaining an Understanding of the Services Provided by a Service Organisation, Including Internal Control
Auditors have a duty to gain an understanding of the entity which they are auditing together with an understanding of the environment in which the entity operates in accordance with provisions laid down in ISA 315. This ...
