Product Image

Service Organizations: Applying SAS No. 70, as Amended – AICPA Audit Guide

Publisher: AICPA
Availability: In Stock
See Below To Add To Cart

Description

This Audit Guide provides guidance to service auditors engaged to issue reports on a service organization’s controls and to user auditors engaged to audit the financial statements of entities that use service organizations. Many entities use outside service organizations to accomplish tasks that affect the entity’s financial statements. Service organizations provide services ranging from performing a specific task under the direction of an entity to replacing entire business units or functions of an entity. Updated with conforming changes as of March 1, 2008, this guide includes guidance on the risk assessment standards (SAS Nos. 104-111).  This edition of the guide has also been conformed to reflect the Defining Professional Requirements standard (SAS No. 102).

The guide summarizes applicable requirements and practices, and delivers "how-to" advice for handling audit issues common to Service Organizations.  The appendices include examples of service auditors’ reports, an illustrative representation letter for a service auditor’s engagement, and an entire re-print of AU section 324, Service Organizations (AICPA, Professional Standards), AU section 324 (AICPA, PCAOB Standards and Related Rules, PCAOB Standards, As Amended), AU Section 9324, Service Organizations: Auditing Interpretations of Section 324 (AICPA, Professional Standards), and AU section 9324 (AICPA, PCAOB Standards and Related Rules, PCAOB Standards, As Amended).

For a topical listing of subject matter by chapter, click on the Table of Contents tab.

012778

Table of Contents


  • Chapter 1 - Audit Considerations for an Entity That Uses a Service Organization
    • Applying AU Section 314 to the Audit of a User Organization's Financial Statements
      • Risk Assessment Procedures
      • Discussion Among the Audit Team
      • Understanding of the Entity and Its Environment
      • Understanding of Internal Control
    • The Effect of a Service Organization on a User Organization's Internal Control and Planning the Audit of a User Organization's Financial Statements
      • Examples of Service Organizations
      • Audit Planning
    • Sources of Information About a Service Organization
    • The User Auditor's Assessment of the Risks of Material Misstatement
    • Other Types of Internal Control Engagements
  • Chapter 2 - Form and Content of Service Auditor's Reports
    • Types of Service Auditors' Reports
    • Format and Content of Type 1 and Type 2 Reports
    • The Independent Service Auditor's Report
    • Use of a Service Auditor's Report
    • The Service Organization's Description of Controls
      • Aspects of the Control Environment That May Affect the Services Provided to User Organizations
      • Aspects of the Risk Assessment Process That May Affect the Services Provided to User Organizations
      • Aspects of Information and Communication That May Affect a User Organization's Internal Control
      • Aspects of Monitoring That May Affect the Services Provided to User Organizations
      • Level of Detail of the Description of Controls
      • Control Objectives, Related Controls, and Assertions in User Organizations' Financial Statements
    • Information Provided by the Service Auditor
      • The Description of Tests of the Operating Effectiveness of Controls and the Results of Those Tests
      • Other Information a Service Auditor May Provide
    • Other Information Provided by the Service Organization
    • Alternative Methods of Organizing Type 1 and Type 2 Reports
    • Other Matters
      • Engagements Involving Subservice Organizations
      • Certification of Computer Software
  • Chapter 3 - Using Type 1 and Type 2 Reports
    • Determining Whether to Use a Given Type 1 or Type 2 Report
    • Timing Considerations Related to Using a Service Organization's Description of Controls
    • The User Auditor's Consideration of Tests of Operating Effectiveness
    • Complementary Controls That May Be Required at User Organizations
    • Significant Deficiencies and Material Weaknesses
    • Uncorrected Errors at the Service Organization
  • Chapter 4 - Performing a Service Auditor's Engagement
    • Responsibilities of the Service Organization
    • Responsibilities of the Service Auditor
      • Procedures to Report on the Fairness of the Presentation of the Service Organization's Description of Controls
      • Procedures to Report on the Suitability of Design of Controls to Achieve Specified Control Objectives
      • Procedures to Report on the Operating Effectiveness of Controls to Achieve Specified Control Objectives
    • Describing Tests of Operating Effectiveness and the Results of Those Tests
      • Examples of Descriptions of Tests of Operating Effectiveness and the Results of Those Tests
    • Reporting When Controls Are Not Operating Effectively
    • Additional Comments Related to Type 2 Engagements
    • Other Matters Related to Performing a Service Auditor's Engagement
      • Complementary Controls at User Organizations
      • Other Design Deficiencies Irrespective of Specified Control Objectives
      • Changes in the Service Organization's Controls
      • Changes in the Control Objectives to Be Tested
      • Service Auditor's Recommendations for Improving Controls
      • Uncorrected Errors, Fraud, or Illegal Acts at a Service Organization
      • Representation Letter From the Service Organization's Management
      • Elements of the Service Organization's Description That Are Not Covered by the Service Auditor's Report
      • Going-Concern Matters
      • Significant Deficiencies and Material Weaknesses
      • Related Parties
      • Using the Work of Internal Auditors
      • Distribution of Reports
      • Board of Directors' Minutes
      • Legal Letters
      • Engagements to Report on Only the General Computer Controls of a Service Organization
  • Chapter 5 - Service Organizations That Use Other Service Organizations
    • Examples of Subservice Organizations and Subservicing Situations
    • The Effect of a Subservice Organization on a User Organization's Internal Control
    • Responsibilities of Service Organizations, User Auditors, and Service Auditors if Control Objectives Are Established by the Service Organization
      • Responsibilities of Service Organizations
      • Responsibilities of User Auditors
      • Responsibilities of Service Auditors
      • Sample Service Auditor's Report Using the Carve-Out Method
      • Sample Service Auditor's Report Using the Inclusive Method
    • Responsibilities of Service Organizations, User Auditors, and the Service Auditors if Control Objectives Are Established by an Outside Party
    • Subservice Organizations That Hold and Service Securities
  • Appendix
    • Appendix A - Examples of Service Auditors' Reports, Descriptions of Controls Placed in Operation, and Descriptions of Tests of Operating Effectiveness
    • Appendix B - Illustrative Representation Letter for a Service Auditor's Engagement
    • Appendix C - Responsibilities of Service Organizations, Service Auditors, and User Auditors If Subservice Organizations Perform Significant Functions for User Organizations and Control Objectives Are Established by the Service Organization
    • Appendix D - Responsibilities of Service Organizations, Service Auditors, and User Auditors If Subservice Organizations Perform Significant Functions for User Organizations and Control Objectives Are Established by an Outside Party
    • Appendix E - Illustrative Control Objectives for Various Types of Service Organizations
    • Appendix F - AICPA Professional Standards, AU Section 324: Service Organizations
    • Appendix G - AICPA Professional Standards, AU Section 9324: Service Organizations: Auditing Interpretations of Section 324
    • Appendix H - AICPA, PCAOB Standards and Related Rules, AU Section 324: Service Organizations
    • Appendix I - AICPA, PCAOB Standards and Related Rules, AU Section 9324: Service Organizations: Auditing Interpretations of Section 324
    • Appendix J - Major Existing Differences Between AICPA Standards and PCAOB Standards
    • Appendix K - Comparison of Key Provisions of the Risk Assessment Standards to Previous Standards
    • Appendix L - Schedule of Changes Made to the Text From the Previous Edition

012778

Excerpts

This AICPA Audit Guide was prepared by the AICPA SAS No. 70 Task Force to assist auditors in applying generally accepted auditing standards in audits of financial statements of entities that use service organizations and in service auditors' engagements. The AICPA's Auditing Standards Board (ASB) has found the descriptions of auditing standards, procedures, and practices in this Audit Guide to be consistent with existing standards covered by Rule 202, Compliance With Standards (AICPA, Professional Standards, vol. 2, ET sec. 202), and Rule 203, Accounting Principles (AICPA, Professional Standards, vol. 2, ET sec. 203), of the AICPA Code of Professional Conduct.

Auditing guidance included in an AICPA Audit Guide is an interpretive publication pursuant to AU section 150, Generally Accepted Auditing Standards (AICPA, Professional Standards, vol. 1). Interpretive publications are recommendations on the application of Statements on Auditing Standards (SASs) in specific circumstances, including engagements for entities in specialized industries. An interpretive publication is issued under the authority of the ASB after all ASB members have been provided an opportunity to consider and comment on whether the proposed interpretive publication is consistent with the SASs. The members of the ASB have found this guide to be consistent with existing SASs.

The auditor should be aware of and consider interpretive publications applicable to his or her audit. If an auditor does not apply the auditing guidance included in an applicable interpretive publication, the auditor should be prepared to explain how he or she complied with the SAS provisions addressed by such auditing guidance.

This AICPA Audit Guide, which also contains attestation guidance, is an interpretive publication pursuant to AT section 50, SSAE Hierarchy (AICPA, Professional Standards, vol. 1). Interpretive publications include recommendations on the application of Statements on Standards for Attestation Engagements (SSAEs) in specific circumstances, including engagements for entities in specialized industries. Interpretive publications are issued under the authority of the ASB. The members of the ASB have found this guide to be consistent with the existing SSAEs.

A practitioner should be aware of and consider interpretive publications applicable to his or her attestation engagement. If the practitioner does not apply the guidance included in an applicable AICPA Audit and Accounting Guide, the practitioner should be prepared to explain how he or she complied with the SSAE provisions addressed by such guidance.

012778

Subscription Info

Paperback 2008
Product# 012778
Availability:In Stock
*Discounted price reflected in Shopping Cart
(What is the Standing Order Option?)
Regular:$86.25
AICPA Member:$69.00
Your Price:$86.25
To receive your AICPA member discount, Sign In now, or Register using your AICPA membership number.
Choose the Standing Order Option and get these discounts on your initial purchase:

Publications--10% discount
CPE Self-Study--20% discount

Each new future annual edition will then be automatically shipped to you at a 10% discount.