13AU-C 402 Audit Considerations Relating to an Entity Using a Service Organization


More and more entities are outsourcing activities to service organizations. There is often a belief by the user organization that the service organization can be totally relied upon and that the user organization needs only to have limited, if any, controls.

AU-C 402 is intended to help auditors determine what additional information they might need when auditing an entity that uses a service organization. It expands on the application of AU-C 3151 and 330 in obtaining an understanding of the user entity, including the entity's system of internal control relevant to the preparation of the financial statements. (AU-C 402.01) AU-C 402 also makes it clear that the guidance applies if an entity gets services from another organization that is part of the entity's information system. Also, it clarifies the factors that an auditor should use in determining the significance of a service organization's controls to the user organization's controls. In other words, the audit procedures that are appropriate when a service organization's procedures are significant to the audited entity are not optional. The auditor must evaluate the interaction between the audited ...

Get Wiley Practitioner's Guide to GAAS 2023, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.