Term
| auditor's responsibility for communicating deficiencies |
|
Definition
| the auditor has a responsibility to communicate IN WRITING significant deficiencies and material weaknesses to management and those charged with governance. |
|
|
Term
| other issues (besides deficiencies) relating to the conduct of an audit |
|
Definition
| also should be communicated to management and those charged with governance, whether relating to IC or the audit in general. |
|
|
Term
| SOX requirement for issuers w/regards to internal control over financial reporting (ICFR) effectiveness |
|
Definition
| Public companies (issuers) are required by SOX to provide a management assessment of the effectiveness of ICFR in annual reports (PCAOB Standard No. 5). |
|
|
Term
|
Definition
| The auditor must express or disclaim an opinion on IC, not on management's assessment. |
|
|
Term
| Are nonissuers required to report on effectiveness of ICFR. If so, what kind of report is used. |
|
Definition
For nonissuers, CPA may be engaged to provide a report on the effectiveness of an entity's ICFR; services and reports issued are governed by AICPA's AT 501.
CPA may be either user or preparer of a report prepared in accordance with AU 324, and AT 801. Such a report may affect the user CPA's assessment of a client's RMM. |
|
|
Term
| Is an F/S auditor is required to perform procedures specifically to identify deficiencies in IC or express opinion on IC? |
|
Definition
|
|
Term
|
Definition
| exists when design or operation of a control does not allow management or employees, in the normal course of their assigned functions, to prevent misstatements or detect and correct them on a timely basis. |
|
|
Term
|
Definition
| deficiency, or combination of deficiencies, in IC that is less severe than a material weakness, but merits attention by those charged w/governance |
|
|
Term
|
Definition
| deficiency, or combination of deficiencies, in IC that results in a reasonable possibility (reasonable possible or probable) that a material misstatement of the F/S will not be prevented or timely detected and corrected |
|
|
Term
|
Definition
depends on the magnitude of the potential misstatement and whether a reasonable possibility exists that the controls will fail.
Severity does not depend on actual occurrence of a misstatement. |
|
|
Term
|
Definition
| depends on, among other things, the F/S transactions or amounts involved and the activity in the relevant balance or transaction class. |
|
|
Term
|
Definition
ordinarily is the recorded amount, but the understatement may be greater.
The auditor need not quantify the probability of misstatement.
A small misstatement is usu. more likely than a large misstatement. |
|
|
Term
| risk factors that indicate whether a reasonable possibility exists that deficiencies will result in a misstatement |
|
Definition
Accounts, transaction classes, disclosures, and assertions involved
Susceptibility of the related asset or liability to loss or fraud
Degree of judgment required to determine the amount involved
Relationship of the control with other controls
Interaction among deficiencies
Possible consequences of the deficiency |
|
|
Term
| Can effective compensating controls eliminate a deficiency? |
|
Definition
| No, but they can limit the severity of a deficiency and prevent it from being reportable. The auditor must also test these compensating controls that are in effect for operating effectiveness. |
|
|
Term
| Is an F/S auditor is required to perform procedures specifically to identify deficiencies in IC or express opinion on IC? |
|
Definition
|
|
Term
|
Definition
| exists when design or operation of a control does not allow management or employees, in the normal course of their assigned functions, to prevent misstatements or detect and correct them on a timely basis. |
|
|
Term
|
Definition
| deficiency, or combination of deficiencies, in IC that is less severe than a material weakness, but merits attention by those charged w/governance |
|
|
Term
|
Definition
| deficiency, or combination of deficiencies, in IC that results in a reasonable possibility (reasonable possible or probable) that a material misstatement of the F/S will not be prevented or timely detected and corrected |
|
|
Term
|
Definition
depends on the magnitude of the potential misstatement and whether a reasonable possibility exists that the controls will fail.
Severity does not depend on actual occurrence of a misstatement. |
|
|
Term
|
Definition
| depends on, among other things, the F/S transactions or amounts involved and the activity in the relevant balance or transaction class. |
|
|
Term
|
Definition
ordinarily is the recorded amount, but the understatement may be greater.
The auditor need not quantify the probability of misstatement.
A small misstatement is usu. more likely than a large misstatement. |
|
|
Term
| risk factors that indicate whether a reasonable possibility exists that deficiencies will result in a misstatement |
|
Definition
Accounts, transaction classes, disclosures, and assertions involved
Susceptibility of the related asset or liability to loss or fraud
Degree of judgment required to determine the amount involved
Relationship of the control with other controls
Interaction among deficiencies
Possible consequences of the deficiency |
|
|
Term
| Can effective compensating controls eliminate a deficiency? |
|
Definition
| No, but they can limit the severity of a deficiency and prevent it from being reportable. The auditor must also test these compensating controls that are in effect for operating effectiveness. |
|
|
Term
| indicators of a material weakness |
|
Definition
Identification of any fraud by senior management
Restatement of F/S to correct a material misstatement due to fraud or error
Identification by the auditor of a material misstatement that would not have been detected by IC
Ineffective oversight of financial reporting and IC by those charged w/governance |
|
|
Term
| auditors and prudent officials |
|
Definition
| The auditor considers whether prudent officials, having the same knowledge, would agree with the auditor that deficiencies are not a material weakness. |
|
|
Term
| examples of possible deficiencies, significant deficiencies, and material weaknesses related to design |
|
Definition
Inadequate design of ICFR
Inadequate design of controls over a significant account or process
Inadequate documentation of the IC components
Insufficient control consciousness
Absent or inadequate separation of duties
Absent or inadequate controls over the safeguarding of assets
Inadequate design of IT general (overall impression of controls) and application (application software) controls
Employees or management who lack the proper qualifications and training
Inadequate design of monitoring controls
The absence of an internal process to timely report deficiencies |
|
|
Term
| examples of possible deficiencies, significant deficiencies, and material weaknesses related to operations |
|
Definition
Failures in the operation of effectively designed controls over a significant account or process
Failure of the information and communication component of IC to provide timely, complete, and accurate information
Failure of controls designed to safeguard assets
Failure to perform reconciliations of significant accounts
Undue bias or lack of objectivity by those responsible for accounting decisions
Misrepresentation by client personnel to the auditor
Management override of controls
Failure of an application control caused by deficient design or operation of an IT general (overall) control
An excessive observed deviation rate in a test of controls |
|
|
Term
|
Definition
Auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged w/governance, even if they have been corrected.
Communication is best made at audit report release date, but no later than 60 days after.
Communication of significant and urgent matters need not be written.
Management or those charged w/governance may consciously decide to accept the risk of significant deficiencies or material weaknesses.
The auditor may communicate nonsignificant deficiencies and/or other matters to the entity either orally or in writing. |
|
|
Term
| Should the auditor ever issue written communication that no significant deficiencies or material weaknesses were found? |
|
Definition
| Usually no. Not unless the client requests that the auditor communicate to a govt. authority. |
|
|
Term
| responsibility of governance |
|
Definition
| Those charged with governance are responsible for oversight of the entity's strategic direction and accountability, including the financial reporting process. The BOD and audit committee are typical governance bodies. |
|
|
Term
|
Definition
is expected and should provide governance w/information about matters relevant to their responsibilities, including an overview of the audit process and of the auditor's responsibilities.
It also should allow the auditor to obtain information relevant to the audit. |
|
|
Term
| Should auditor communication be oral or in writing? |
|
Definition
It can be either, but it must be documented.
A written communication should indicate that it is for the sole use of governance. |
|
|
Term
| When should auditors communicate to governance (likely in writing)? |
|
Definition
| Communication should take place on a timely basis to enable governance to meet their responsibilities for oversight of financial reporting. |
|
|
Term
| Should management communicate some matters to governance? |
|
Definition
| It may be appropriate for management to communicate certain matters to governance, and auditors should be satisfied these communications have occurred. Certain discussions may be inappropriate. |
|
|
Term
| What matters should be communicated between auditors and governance? |
|
Definition
| auditor's responsibilities under GAAS, an overview of the audit, and significant findings. |
|
|
Term
| auditor's responsibilities under GAAS |
|
Definition
Auditor may provide copy of engagement letter to those charged w/governance, indicating that, among other things,
Auditor responsible for opinion about fairness of F/S presentation
Auditor does not relieve management or those charged w/governance of financial reporting responsibility |
|
|
Term
| planned scope and timing of audit (issues addressed in communication) |
|
Definition
How the auditor proposes to address RMM due to error or fraud
Issues related to IC and IA function; and
The concept of materiality in planning and executing the audit. |
|
|
Term
| Should the auditor discuss details of audit procedures to be used? |
|
Definition
|
|
Term
| W/regards to significant accounting practices, the auditor should inform governance about... |
|
Definition
How the auditor proposes to address RMM due to error or fraud
Issues related to IC and IA function; and
The concept of materiality in planning and executing the audit. |
|
|
Term
|
Definition
| significant and unusual transaction |
|
|
Term
| communication of misstatements |
|
Definition
| All known and likely misstatements, other than those judged trivial, must be communicated to management. All uncorrected misstatements should be communicated to those charged w/governance, along with their potential effect if uncorrected. |
|
|
Term
| communication of disagreements |
|
Definition
| The auditor and those charged w/governance should discuss any disagreements about matters significant to the statements or the audit report. |
|
|
Term
| communication of matters concerning the entity |
|
Definition
| The auditor and those charged w/governance should discuss business conditions affecting the entity, plans and strategies affecting the RMMs, the initial or recurring retention of the auditors, and the application of accounting principles. |
|
|
Term
| communication of independence issues |
|
Definition
Discussions may be appropriate about circumstances or relationships that, in the auditor's professional judgment,
May reasonably bear on independence and
Were given significant consideration by the auditor in reaching the conclusion that independence has not been impaired. |
|
|
Term
| communication of going concern issues |
|
Definition
Events or conditions may, when examined in the aggregate, indicate substantial doubt about the entity's ability to continue as a going concern for a reasonable period of time.
If, after considering management's plans in response to the events or conditions identified, the auditor concludes that the substantial doubt remains, the auditor should communicate the following to those charged with governance:
The possible effect on the F/S and the adequacy of related disclosures contained in them.
The effects on the auditor's report. |
|
|
Term
| Under SOX, auditors are required to report all of the following to governance... |
|
Definition
All critical accounting policies and practices to be used
All material alternative treatments of financial information w/in GAAP discussed w/management
Ramifications of the use of alternative treatments and disclosures
Treatment preferred by auditor |
|
|
Term
| What standard provides guidance on the required process for issuers? For nonissuers? |
|
Definition
Issuers: PCAOB's AS No. 5
Nonissuers: AT 501; consistent with AS 5. |
|
|
Term
| differences between issuers and nonissuers |
|
Definition
| Basic differences are that nonissuers are not required to have an integrated audit and required reports refer to AICPA, not PCAOB standards. |
|
|
Term
| accelerated filers and requirements |
|
Definition
| Issuers w/market equity of $75+ million (accelerated filers) must include in their annual report management's assessment of the design and effectiveness of ICFR. |
|
|
Term
| auditor responsibility w/respect to IC |
|
Definition
Auditor to express opinion on ICFR (not management's assessment of it, except this is allowed under AT 501) based on control criteria. But IC is ineffective if a material weakness exists (adverse opinion).
Auditor must provide reasonable assurance that material weakness does not exist.
If material weakness is not present in management's assessment, then the report is modified to reflect that. |
|
|
Term
| general standards (10 GAAS) |
|
Definition
| require technical training and proficiency as an auditor, independence, and the exercise of due professional care, including professional skepticism. |
|
|
Term
|
Definition
| establishes field work and reporting standards for IC audit. |
|
|
Term
|
Definition
ICFR + F/S. Audit should accomplish objectives of both.
Auditor should design tests of controls to obtain sufficient appropriate audit evidence to support his/her opinion on ICFR at a moment in time and taken as a whole.
Audit of IC tests controls not tested in F/S audit. |
|
|
Term
|
Definition
Evaluate how the following affect audit procedures:
IC knowledge obtained from other engagements
Client industry issues
Matters related to the business
Recent changes in operations or IC
Preliminary judgments about materiality, risk, and other factors relating to the determination of material weaknesses
Control deficiencies previously communicated to audit committee or management
Legal matters
Type and extent of available evidence related to IC effectiveness
Preliminary IC judgments
Public information relevant to the likelihood of material misstatements and the effectiveness of IC
Relative complexity of operations
Knowledge about risks obtained from the client acceptance and retention evaluation |
|
|
Term
| relationship between the degree of risk of material weakness and amount of audit attention devoted to an area |
|
Definition
|
|
Term
| What affects the way in which the company achieves its control objectives? |
|
Definition
| The size and complexity of the company, its business processes, and business units. |
|
|
Term
|
Definition
| extension of the risk-based approach |
|
|
Term
| addressing the risk of fraud |
|
Definition
| The auditor should consider the results of the fraud risk assessment and evaluate whether controls sufficiently address the identified risks of material fraud and controls over the risk of management override. |
|
|
Term
| controls that address the risk of fraud |
|
Definition
Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries.
Controls over journal entries and adjustments made in the period-end financial reporting process.
Controls over RPTs
Controls related to significant management estimates
Controls that mitigate incentives for, and pressure on, management to falsify or inappropriate manage financial results. |
|
|
Term
|
Definition
IAs, company personnel, and 3rd parties working under the direction of management or the audit committee that provides evidence about IC effectiveness
The auditor should assess the competence and objectivity of the persons whose work they plan to use. Higher degree of competence and objectivity is better. |
|
|
Term
| materiality considerations of IC and F/S audit (are they the same between the two) |
|
Definition
|
|
Term
|
Definition
| Auditor begins at F/S level by understanding overall risks, then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions |
|
|
Term
| entity-level controls (considered in top-down approach) |
|
Definition
Related to control environment
Over management override
Monitor results of operations
Over period-end financial reporting process
To monitor other controls
Constituting entity's risk assessment process |
|
|
Term
|
Definition
Assess whether
Management's philosophy and operating style promote effective IC.
Sound integrity and ethical values, particularly of management, are developed and understood.
The BOD or audit committee understands and exercises oversight responsibility over F/R and IC. |
|
|
Term
| evaluating period-end F/R process |
|
Definition
Evaluate procedures:
Used to enter transaction totals into the G/L
Related to selection and application of accounting policies
Used to initiate, authorize, record, and process journal entries
Used to record recurring and nonrecurring adjustments to the annual and quarterly F/S
For preparing annual and quarterly F/S and related disclosures |
|
|
Term
| Auditors may use non-AS-5 assertions if they have tested controls over pertinent risks, including... |
|
Definition
Size and composition of the account
Susceptibility to misstatement due to errors or fraud
Volume of activity, complexity, and homogeneity of the transactions
Nature of the account or disclosure
Accounting and reporting complexities
Exposure to losses in the account
Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure
Existence of RPTs
Changes from the prior period or disclosure characteristics |
|
|
Term
|
Definition
| following transactions through the process |
|
|
Term
| objectives most effectively achieved via walkthroughs |
|
Definition
Understanding the flow of transactions related to relevant assertions
Identifying the points within the company's processes at which a material misstatement could arise
Identifying the controls that management has implemented to address these potential misstatements
Identifying the controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of assets. |
|
|
Term
| testing design effectiveness |
|
Definition
| The auditor should determine whether controls, if they are operated as prescribed by persons w/the necessary authority and competence to perform them effectively, satisfy the control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in F/S. |
|
|
Term
| procedures for testing design effectiveness |
|
Definition
| inquiry of appropriate personnel, observation of operations, and inspection of relevant documentation. |
|
|
Term
| testing operating effectiveness |
|
Definition
| Determine if control is operating as designed and the person performing the control processes the necessary authority and competence to perform the control effectively. |
|
|
Term
| procedures for testing operating effectiveness |
|
Definition
| inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and reperformance of the control. |
|
|
Term
| relationship of risk to the evidence to be obtained |
|
Definition
More risk = more testing and more competent evidence required.
A conclusion that a control is not operating effectively can be supported by less evidence. |
|
|
Term
|
Definition
| tests from best to worst: reperformance, inspection, observation, and inquiry. |
|
|
Term
|
Definition
| greater period of time tested and testing closer to the date of management's assessment both provide more evidence. |
|
|
Term
|
Definition
| more extensive testing provides more evidence |
|
|
Term
|
Definition
to roll forward the results of interim work, the auditor should:
1. consider the specific controls, their associated risks, and the test results;
2. the sufficiency of evidence obtained at the interim date;
3. the length of the remaining period; and 4. the possibility of changes. |
|
|
Term
| evaluating identified deficiencies |
|
Definition
| Auditor should evaluate the severity of each deficiency in IC to determine whether the deficiencies, individually or in combination, are material weaknesses as of the date of management's assessment. |
|
|
Term
| What deficiencies are auditors required to search for? |
|
Definition
| Deficiencies that can constitute a material weakness. Auditors are not required to search for deficiencies that are less severe than a material weakness. |
|
|
Term
| Severity of deficiency depends on... |
|
Definition
| whether there is a reasonable possibility that controls will fail to prevent or detect a misstatement. |
|
|
Term
| indicators of material weaknesses |
|
Definition
Identification of material and immaterial fraud
Restatement of F/S to correct material misstatement
Circumstances indicating that the misstatement would not have been detected by IC
Ineffective oversight over F/R and IC by audit committee |
|
|
Term
| auditor opinion on IC effectiveness |
|
Definition
| Auditor should opine on IC effectiveness on evidence gained from testing controls, misstatements detected, and identified control deficiencies. |
|
|
Term
| Auditor should obtain written representations from management for the following... |
|
Definition
Acknowledging management's responsibilities for establishing and maintaining effective IC
Stating that management has performed an evaluation and made an assessment of IC effectiveness and control criteria (COSO)
Stating that management's and auditor's assessments are independent of each other.
Management's conclusion of IC effectiveness based on control criteria at specified date
Management has disclosed to the auditor all deficiencies in IC identified in its evaluation.
Describing any material fraud and any other fraud involving senior management or management or other employees who have a significant role in IC.
Control deficiencies identified and communicated to the audit committee during previous engagements have been resolved.
Stating whether there were, subsequent to the date being reported on, any changes in IC or factors that may significantly affect it. |
|
|
Term
| communication of deficiencies & when it should be made |
|
Definition
Auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged w/governance, even if they have been corrected.
Communication should be made prior to the issuance of the auditor's report. |
|
|
Term
|
Definition
| May be a separate report or combined with opinion on IC. |
|
|
Term
| When should the audit report be dated? |
|
Definition
| Audit report should be dated no earlier than when sufficient appropriate audit evidence is obtained. Dates on F/S and IC reports are the same. |
|
|
Term
| components of IC/Audit report |
|
Definition
| Introductory, Scope, Definition, Inherent limitations, and Opinion paragraphs. |
|
|
Term
| modifications to standard IC report |
|
Definition
Material weakness requires adverse opinion (on IC report, not F/S report).
Elements of management's annual report on IC are incomplete or improperly presented.
Scope of engagement is restricted.
Auditor refers to to the report of other auditors in their work.
Other information is contained in management's annual report on IC.
Management's annual certification under Section 302 of SOX is misstated. |
|
|
Term
|
Definition
| addresses management requests to the auditor to provide a new opinion on whether a material weakness causing adverse opinion has been remediated. |
|
|
Term
| Under PCAOB AS 4, is the auditor allowed to reaudit a deficient control? Do similar standards supply? |
|
Definition
Auditor is allowed to reaudit control based on management's assertion that the deficiency has been corrected and to provide opinion relative to the control.
Similar standards apply to the new engagement as for the initial reporting engagement on IC. |
|
|
Term
| authoritative guidance for service organizations |
|
Definition
| AU 324 and AT 801; These standards apply to a F/S audit of an entity that uses another organization's services as part of its own information system. |
|
|
Term
|
Definition
| provides guidance for the user auditor's use of the reports. |
|
|
Term
|
Definition
| addresses the service auditor's preparation of the reports. |
|
|
Term
| a service organization's services are part of the client's information system if they have an effect on... |
|
Definition
initiation of transactions
accounting records, supporting information, and specific accounts
Processing from initiation to inclusion of transactions in the statements
The process used to prepare statements, including estimates and disclosures |
|
|
Term
| The service organization standards concern... |
|
Definition
Factors to be considered by an auditor whose client uses a service organization to process certain transactions.
Guidance to auditors who issue reports on the processing of transactions by a service organization for use by other auditors. |
|
|
Term
|
Definition
| entity that is a user of a service organization (entity that uses another organization's services as part of its own information system) and whose F/S are being audited. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| entity that provides services to user organizations |
|
|
Term
|
Definition
| auditor who reports on the processing of transactions by a service organization |
|
|
Term
| report on controls implemented |
|
Definition
service auditor's report on whether controls were properly designed and implemented
service auditor's report on a service organization's description of IC, whether they were suitably designed to achieve specified control objectives, and whether they had been implemented. |
|
|
Term
| report on controls implemented and tests of operating effectiveness |
|
Definition
service auditor's report on whether controls were properly designed, implemented and operating effectively
report on controls implemented + whether the controls tested were operating w/sufficient effectiveness to provide reasonable assurance that the related objectives were achieved. |
|
|
Term
| significance of the service organization's controls depends on... |
|
Definition
| primarily the transactions it processes for the user and the degree of interaction between its activities and those of the user. |
|
|
Term
| high and low degree of interaction |
|
Definition
When user initiates and service organization executes, degree of interaction is high and user can implement effective controls.
When the opposite occurs, low interaction and ineffective controls. |
|
|
Term
| user auditor responsibility |
|
Definition
| User auditor assesses control risk, among other assertions, those affected by service organization activities. |
|
|
Term
| importance of user auditor's assessment of control risk |
|
Definition
| User auditor assesses control risk, among other assertions, those affected by service organization activities. |
|
|
Term
| How does the user auditor obtain evidence of the operating effectiveness of controls? |
|
Definition
By doing at least one of the following:
Performing tests of controls at the service organization or implemented by the user.
Obtaining a service auditor's report on controls implemented and tests of controls implemented and tests of operating effectiveness or a report on agreed-upon procedures describing tests of controls. |
|
|
Term
|
Definition
A service auditor's report on the effectiveness of controls may be intended for 2+ user auditors.
User auditor should determine whether the tests and results described are relevant to significant assertions in the user's statements and provide appropriate evidence to support assessment of control risk. |
|
|
Term
| Can results of substantive procedures of service auditors be used by user auditors? |
|
Definition
| Yes, results of substantive procedures performed by service auditors may be used by the user auditor as part of the evidence to support opinion on F/S. |
|
|
Term
| User auditors and service auditors |
|
Definition
User auditor should make inquiries concerning service auditor's professional reputation.
User may request agreed-upon procedures.
User should not use service auditor report as a basis for his/her own opinion. |
|
|
Term
| service auditor responsibility |
|
Definition
Engagement differs from F/S audit, but service auditor should follow applicable GAAS.
Service auditor should be independent of service organization but not of each user.
If service auditor becomes aware of errors, fraud, or illegal acts that may affect the user, s/he should inform governance of service organization if they do not know already. If not satisfied with response, the service auditor may consider resigning. |
|
|
Term
| reports on controls implemented (from service auditors) include the following... |
|
Definition
Reference to aspects of service organization covered
Description of service auditor's procedures
Identification of the party stating the control objectives
Statement of purposes of the engagement
Disclaimer of opinion on operating effectiveness
Are relevant aspects of controls fairly presented? Were they suitably designed to provide reasonable assurance that the control objectives would be achieved if complied w/satisfactorily?
Statement of inherent limitations
Identification of the parties for whom the report is intended
References to a description of tests, controls tested, tests applied, and test results. Indicate the nature, timing, and extent tests, as well as test's affects on control risk.
Time period covered by audit.
Service auditor opinion on effectiveness of controls.
Statement that no opinion on control objectives is listed.
Statement that effectiveness and significance of the service organization's controls are dependent on their interaction w/factors present at individual user organizations.
Statement that service auditor has performed no procedures to evaluate the effectiveness of controls at individual user organizations. |
|
|
Term
| Service auditors should written representations from the service org.'s management about... |
|
Definition
Acknowledging management's responsibilities for establishing and maintaining effective IC
Stating that management has performed an evaluation and made an assessment of IC effectiveness and control criteria (COSO)
Stating that management's and auditor's assessments are independent of each other.
Management's conclusion of IC effectiveness based on control criteria at specified date
Management has disclosed to the auditor all deficiencies in IC identified in its evaluation.
Describing any material fraud and any other fraud involving senior management or management or other employees who have a significant role in IC.
Control deficiencies identified and communicated to the audit committee during previous engagements have been resolved.
Stating whether there were, subsequent to the date being reported on, any changes in IC or factors that may significantly affect it. |
|
|
Term
| service org. must prepare a description of its system, including... |
|
Definition
The nature of service to users.
How the service is provided.
Controls over the service.
Control objectives. |
|
|
Term
|
Definition
| opines on the fair presentation of the description and whether the controls are suitably designed |
|
|
Term
|
Definition
| controls can attain the control objectives if they operate effectively |
|
|
Term
|
Definition
| expresses type 1 opinions plus an opinion on whether or not controls were operating effectively |
|
|
Term
|
Definition
| meeting the control objectives |
|
|
Term
|
Definition
| Management must give the service auditor a written assertion about the fair presentation of the system description and the suitability of the design of controls and their operating effectiveness. |
|
|
Term
|
Definition
| The system description and the opinion on it address the period covered by the tests of operating effectiveness. |
|
|
