- Many entities outsource aspects of their business to organizations that provide services ranging from performing a specific task under the direction of an entity to replacing an entity’s entire business units or functions, such as the tax compliance function. Many of the services provided by such organizations are integral to the entity’s business operations; however, not all those services are relevant to the audit.
- Services provided by a service organization are relevant to the audit of a user entity’s financial statements when those services, and the controls over them, are part of the user entity’s information system, including related business processes, relevant to financial reporting. Although most controls at the service organization are likely to relate to financial reporting, there may be other controls that may also be relevant to the audit, such as controls over the safeguarding of assets. A service organization’s services are part of a user entity’s information system, including related business processes, relevant to financial reporting if these services affect any of the following:
a. The classes of transactions in the user entity’s operations that are significant to the user entity’s financial statements;
b. The procedures, within both information technology (IT) and manual systems, by which the user entity’s transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements;
c. The related accounting records, either in electronic or manual form, supporting information and specific accounts in the user entity’s financial statements that are used to initiate, record, process and report the user entity’s transactions; this includes the correction of incorrect information and how information is transferred to the general ledger
d. How the user entity’s information system captures events and conditions, other than transactions, that are significant to the financial statements
e. The financial reporting process used to prepare the user entity’s financial statements, including significant accounting estimates and disclosures; and Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments.
- The nature and extent of work to be performed by the user auditor regarding the services provided by a service organization depend on the nature and significance of those services to the user entity and the relevance of those services to the audit.
- This ISA does not apply to services provided by financial institutions that are limited to processing, for an entity’s account held at the financial institution, transactions that are specifically authorized by the entity, such as the processing of checking account transactions by a bank or the processing of securities transactions by a broker. In addition, this ISA does not apply to the audit of transactions arising from proprietary financial interests in other entities, such as partnerships, corporations and joint ventures, when proprietary interests are accounted for and reported to interest holders.