Term
auditor's responsibility for communicating deficiencies |
|
Definition
the auditor has a responsibility to communicate IN WRITING significant deficiencies and material weaknesses to management and those charged with governance. |
|
|
Term
other issues (besides deficiencies) relating to the conduct of an audit |
|
Definition
also should be communicated to management and those charged with governance, whether relating to IC or the audit in general. |
|
|
Term
SOX requirement for issuers w/regards to internal control over financial reporting (ICFR) effectiveness |
|
Definition
Public companies (issuers) are required by SOX to provide a management assessment of the effectiveness of ICFR in annual reports (PCAOB Standard No. 5). |
|
|
Term
|
Definition
The auditor must express or disclaim an opinion on IC, not on management's assessment. |
|
|
Term
Are nonissuers required to report on effectiveness of ICFR. If so, what kind of report is used. |
|
Definition
For nonissuers, CPA may be engaged to provide a report on the effectiveness of an entity's ICFR; services and reports issued are governed by AICPA's AT 501. CPA may be either user or preparer of a report prepared in accordance with AU 324, and AT 801. Such a report may affect the user CPA's assessment of a client's RMM. |
|
|
Term
Is an F/S auditor is required to perform procedures specifically to identify deficiencies in IC or express opinion on IC? |
|
Definition
|
|
Term
|
Definition
exists when design or operation of a control does not allow management or employees, in the normal course of their assigned functions, to prevent misstatements or detect and correct them on a timely basis. |
|
|
Term
|
Definition
deficiency, or combination of deficiencies, in IC that is less severe than a material weakness, but merits attention by those charged w/governance |
|
|
Term
|
Definition
deficiency, or combination of deficiencies, in IC that results in a reasonable possibility (reasonable possible or probable) that a material misstatement of the F/S will not be prevented or timely detected and corrected |
|
|
Term
|
Definition
depends on the magnitude of the potential misstatement and whether a reasonable possibility exists that the controls will fail. Severity does not depend on actual occurrence of a misstatement. |
|
|
Term
|
Definition
depends on, among other things, the F/S transactions or amounts involved and the activity in the relevant balance or transaction class. |
|
|
Term
|
Definition
ordinarily is the recorded amount, but the understatement may be greater. The auditor need not quantify the probability of misstatement. A small misstatement is usu. more likely than a large misstatement. |
|
|
Term
risk factors that indicate whether a reasonable possibility exists that deficiencies will result in a misstatement |
|
Definition
Accounts, transaction classes, disclosures, and assertions involved Susceptibility of the related asset or liability to loss or fraud Degree of judgment required to determine the amount involved Relationship of the control with other controls Interaction among deficiencies Possible consequences of the deficiency |
|
|
Term
Can effective compensating controls eliminate a deficiency? |
|
Definition
No, but they can limit the severity of a deficiency and prevent it from being reportable. The auditor must also test these compensating controls that are in effect for operating effectiveness. |
|
|
Term
Is an F/S auditor is required to perform procedures specifically to identify deficiencies in IC or express opinion on IC? |
|
Definition
|
|
Term
|
Definition
exists when design or operation of a control does not allow management or employees, in the normal course of their assigned functions, to prevent misstatements or detect and correct them on a timely basis. |
|
|
Term
|
Definition
deficiency, or combination of deficiencies, in IC that is less severe than a material weakness, but merits attention by those charged w/governance |
|
|
Term
|
Definition
deficiency, or combination of deficiencies, in IC that results in a reasonable possibility (reasonable possible or probable) that a material misstatement of the F/S will not be prevented or timely detected and corrected |
|
|
Term
|
Definition
depends on the magnitude of the potential misstatement and whether a reasonable possibility exists that the controls will fail. Severity does not depend on actual occurrence of a misstatement. |
|
|
Term
|
Definition
depends on, among other things, the F/S transactions or amounts involved and the activity in the relevant balance or transaction class. |
|
|
Term
|
Definition
ordinarily is the recorded amount, but the understatement may be greater. The auditor need not quantify the probability of misstatement. A small misstatement is usu. more likely than a large misstatement. |
|
|
Term
risk factors that indicate whether a reasonable possibility exists that deficiencies will result in a misstatement |
|
Definition
Accounts, transaction classes, disclosures, and assertions involved Susceptibility of the related asset or liability to loss or fraud Degree of judgment required to determine the amount involved Relationship of the control with other controls Interaction among deficiencies Possible consequences of the deficiency |
|
|
Term
Can effective compensating controls eliminate a deficiency? |
|
Definition
No, but they can limit the severity of a deficiency and prevent it from being reportable. The auditor must also test these compensating controls that are in effect for operating effectiveness. |
|
|
Term
indicators of a material weakness |
|
Definition
Identification of any fraud by senior management Restatement of F/S to correct a material misstatement due to fraud or error Identification by the auditor of a material misstatement that would not have been detected by IC Ineffective oversight of financial reporting and IC by those charged w/governance |
|
|
Term
auditors and prudent officials |
|
Definition
The auditor considers whether prudent officials, having the same knowledge, would agree with the auditor that deficiencies are not a material weakness. |
|
|
Term
examples of possible deficiencies, significant deficiencies, and material weaknesses related to design |
|
Definition
Inadequate design of ICFR Inadequate design of controls over a significant account or process Inadequate documentation of the IC components Insufficient control consciousness Absent or inadequate separation of duties Absent or inadequate controls over the safeguarding of assets Inadequate design of IT general (overall impression of controls) and application (application software) controls Employees or management who lack the proper qualifications and training Inadequate design of monitoring controls The absence of an internal process to timely report deficiencies |
|
|
Term
examples of possible deficiencies, significant deficiencies, and material weaknesses related to operations |
|
Definition
Failures in the operation of effectively designed controls over a significant account or process Failure of the information and communication component of IC to provide timely, complete, and accurate information Failure of controls designed to safeguard assets Failure to perform reconciliations of significant accounts Undue bias or lack of objectivity by those responsible for accounting decisions Misrepresentation by client personnel to the auditor Management override of controls Failure of an application control caused by deficient design or operation of an IT general (overall) control An excessive observed deviation rate in a test of controls |
|
|
Term
|
Definition
Auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged w/governance, even if they have been corrected. Communication is best made at audit report release date, but no later than 60 days after. Communication of significant and urgent matters need not be written. Management or those charged w/governance may consciously decide to accept the risk of significant deficiencies or material weaknesses. The auditor may communicate nonsignificant deficiencies and/or other matters to the entity either orally or in writing. |
|
|
Term
Should the auditor ever issue written communication that no significant deficiencies or material weaknesses were found? |
|
Definition
Usually no. Not unless the client requests that the auditor communicate to a govt. authority. |
|
|
Term
responsibility of governance |
|
Definition
Those charged with governance are responsible for oversight of the entity's strategic direction and accountability, including the financial reporting process. The BOD and audit committee are typical governance bodies. |
|
|
Term
|
Definition
is expected and should provide governance w/information about matters relevant to their responsibilities, including an overview of the audit process and of the auditor's responsibilities. It also should allow the auditor to obtain information relevant to the audit. |
|
|
Term
Should auditor communication be oral or in writing? |
|
Definition
It can be either, but it must be documented. A written communication should indicate that it is for the sole use of governance. |
|
|
Term
When should auditors communicate to governance (likely in writing)? |
|
Definition
Communication should take place on a timely basis to enable governance to meet their responsibilities for oversight of financial reporting. |
|
|
Term
Should management communicate some matters to governance? |
|
Definition
It may be appropriate for management to communicate certain matters to governance, and auditors should be satisfied these communications have occurred. Certain discussions may be inappropriate. |
|
|
Term
What matters should be communicated between auditors and governance? |
|
Definition
auditor's responsibilities under GAAS, an overview of the audit, and significant findings. |
|
|
Term
auditor's responsibilities under GAAS |
|
Definition
Auditor may provide copy of engagement letter to those charged w/governance, indicating that, among other things, Auditor responsible for opinion about fairness of F/S presentation Auditor does not relieve management or those charged w/governance of financial reporting responsibility |
|
|
Term
planned scope and timing of audit (issues addressed in communication) |
|
Definition
How the auditor proposes to address RMM due to error or fraud Issues related to IC and IA function; and The concept of materiality in planning and executing the audit. |
|
|
Term
Should the auditor discuss details of audit procedures to be used? |
|
Definition
|
|
Term
W/regards to significant accounting practices, the auditor should inform governance about... |
|
Definition
How the auditor proposes to address RMM due to error or fraud Issues related to IC and IA function; and The concept of materiality in planning and executing the audit. |
|
|
Term
|
Definition
significant and unusual transaction |
|
|
Term
communication of misstatements |
|
Definition
All known and likely misstatements, other than those judged trivial, must be communicated to management. All uncorrected misstatements should be communicated to those charged w/governance, along with their potential effect if uncorrected. |
|
|
Term
communication of disagreements |
|
Definition
The auditor and those charged w/governance should discuss any disagreements about matters significant to the statements or the audit report. |
|
|
Term
communication of matters concerning the entity |
|
Definition
The auditor and those charged w/governance should discuss business conditions affecting the entity, plans and strategies affecting the RMMs, the initial or recurring retention of the auditors, and the application of accounting principles. |
|
|
Term
communication of independence issues |
|
Definition
Discussions may be appropriate about circumstances or relationships that, in the auditor's professional judgment, May reasonably bear on independence and Were given significant consideration by the auditor in reaching the conclusion that independence has not been impaired. |
|
|
Term
communication of going concern issues |
|
Definition
Events or conditions may, when examined in the aggregate, indicate substantial doubt about the entity's ability to continue as a going concern for a reasonable period of time. If, after considering management's plans in response to the events or conditions identified, the auditor concludes that the substantial doubt remains, the auditor should communicate the following to those charged with governance: The possible effect on the F/S and the adequacy of related disclosures contained in them. The effects on the auditor's report. |
|
|
Term
Under SOX, auditors are required to report all of the following to governance... |
|
Definition
All critical accounting policies and practices to be used All material alternative treatments of financial information w/in GAAP discussed w/management Ramifications of the use of alternative treatments and disclosures Treatment preferred by auditor |
|
|
Term
What standard provides guidance on the required process for issuers? For nonissuers? |
|
Definition
Issuers: PCAOB's AS No. 5 Nonissuers: AT 501; consistent with AS 5. |
|
|
Term
differences between issuers and nonissuers |
|
Definition
Basic differences are that nonissuers are not required to have an integrated audit and required reports refer to AICPA, not PCAOB standards. |
|
|
Term
accelerated filers and requirements |
|
Definition
Issuers w/market equity of $75+ million (accelerated filers) must include in their annual report management's assessment of the design and effectiveness of ICFR. |
|
|
Term
auditor responsibility w/respect to IC |
|
Definition
Auditor to express opinion on ICFR (not management's assessment of it, except this is allowed under AT 501) based on control criteria. But IC is ineffective if a material weakness exists (adverse opinion). Auditor must provide reasonable assurance that material weakness does not exist. If material weakness is not present in management's assessment, then the report is modified to reflect that. |
|
|
Term
general standards (10 GAAS) |
|
Definition
require technical training and proficiency as an auditor, independence, and the exercise of due professional care, including professional skepticism. |
|
|
Term
|
Definition
establishes field work and reporting standards for IC audit. |
|
|
Term
|
Definition
ICFR + F/S. Audit should accomplish objectives of both. Auditor should design tests of controls to obtain sufficient appropriate audit evidence to support his/her opinion on ICFR at a moment in time and taken as a whole. Audit of IC tests controls not tested in F/S audit. |
|
|
Term
|
Definition
Evaluate how the following affect audit procedures: IC knowledge obtained from other engagements Client industry issues Matters related to the business Recent changes in operations or IC Preliminary judgments about materiality, risk, and other factors relating to the determination of material weaknesses Control deficiencies previously communicated to audit committee or management Legal matters Type and extent of available evidence related to IC effectiveness Preliminary IC judgments Public information relevant to the likelihood of material misstatements and the effectiveness of IC Relative complexity of operations Knowledge about risks obtained from the client acceptance and retention evaluation |
|
|
Term
relationship between the degree of risk of material weakness and amount of audit attention devoted to an area |
|
Definition
|
|
Term
What affects the way in which the company achieves its control objectives? |
|
Definition
The size and complexity of the company, its business processes, and business units. |
|
|
Term
|
Definition
extension of the risk-based approach |
|
|
Term
addressing the risk of fraud |
|
Definition
The auditor should consider the results of the fraud risk assessment and evaluate whether controls sufficiently address the identified risks of material fraud and controls over the risk of management override. |
|
|
Term
controls that address the risk of fraud |
|
Definition
Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries. Controls over journal entries and adjustments made in the period-end financial reporting process. Controls over RPTs Controls related to significant management estimates Controls that mitigate incentives for, and pressure on, management to falsify or inappropriate manage financial results. |
|
|
Term
|
Definition
IAs, company personnel, and 3rd parties working under the direction of management or the audit committee that provides evidence about IC effectiveness The auditor should assess the competence and objectivity of the persons whose work they plan to use. Higher degree of competence and objectivity is better. |
|
|
Term
materiality considerations of IC and F/S audit (are they the same between the two) |
|
Definition
|
|
Term
|
Definition
Auditor begins at F/S level by understanding overall risks, then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions |
|
|
Term
entity-level controls (considered in top-down approach) |
|
Definition
Related to control environment Over management override Monitor results of operations Over period-end financial reporting process To monitor other controls Constituting entity's risk assessment process |
|
|
Term
|
Definition
Assess whether Management's philosophy and operating style promote effective IC. Sound integrity and ethical values, particularly of management, are developed and understood. The BOD or audit committee understands and exercises oversight responsibility over F/R and IC. |
|
|
Term
evaluating period-end F/R process |
|
Definition
Evaluate procedures: Used to enter transaction totals into the G/L Related to selection and application of accounting policies Used to initiate, authorize, record, and process journal entries Used to record recurring and nonrecurring adjustments to the annual and quarterly F/S For preparing annual and quarterly F/S and related disclosures |
|
|
Term
Auditors may use non-AS-5 assertions if they have tested controls over pertinent risks, including... |
|
Definition
Size and composition of the account Susceptibility to misstatement due to errors or fraud Volume of activity, complexity, and homogeneity of the transactions Nature of the account or disclosure Accounting and reporting complexities Exposure to losses in the account Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure Existence of RPTs Changes from the prior period or disclosure characteristics |
|
|
Term
|
Definition
following transactions through the process |
|
|
Term
objectives most effectively achieved via walkthroughs |
|
Definition
Understanding the flow of transactions related to relevant assertions Identifying the points within the company's processes at which a material misstatement could arise Identifying the controls that management has implemented to address these potential misstatements Identifying the controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of assets. |
|
|
Term
testing design effectiveness |
|
Definition
The auditor should determine whether controls, if they are operated as prescribed by persons w/the necessary authority and competence to perform them effectively, satisfy the control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in F/S. |
|
|
Term
procedures for testing design effectiveness |
|
Definition
inquiry of appropriate personnel, observation of operations, and inspection of relevant documentation. |
|
|
Term
testing operating effectiveness |
|
Definition
Determine if control is operating as designed and the person performing the control processes the necessary authority and competence to perform the control effectively. |
|
|
Term
procedures for testing operating effectiveness |
|
Definition
inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and reperformance of the control. |
|
|
Term
relationship of risk to the evidence to be obtained |
|
Definition
More risk = more testing and more competent evidence required. A conclusion that a control is not operating effectively can be supported by less evidence. |
|
|
Term
|
Definition
tests from best to worst: reperformance, inspection, observation, and inquiry. |
|
|
Term
|
Definition
greater period of time tested and testing closer to the date of management's assessment both provide more evidence. |
|
|
Term
|
Definition
more extensive testing provides more evidence |
|
|
Term
|
Definition
to roll forward the results of interim work, the auditor should: 1. consider the specific controls, their associated risks, and the test results; 2. the sufficiency of evidence obtained at the interim date; 3. the length of the remaining period; and 4. the possibility of changes. |
|
|
Term
evaluating identified deficiencies |
|
Definition
Auditor should evaluate the severity of each deficiency in IC to determine whether the deficiencies, individually or in combination, are material weaknesses as of the date of management's assessment. |
|
|
Term
What deficiencies are auditors required to search for? |
|
Definition
Deficiencies that can constitute a material weakness. Auditors are not required to search for deficiencies that are less severe than a material weakness. |
|
|
Term
Severity of deficiency depends on... |
|
Definition
whether there is a reasonable possibility that controls will fail to prevent or detect a misstatement. |
|
|
Term
indicators of material weaknesses |
|
Definition
Identification of material and immaterial fraud Restatement of F/S to correct material misstatement Circumstances indicating that the misstatement would not have been detected by IC Ineffective oversight over F/R and IC by audit committee |
|
|
Term
auditor opinion on IC effectiveness |
|
Definition
Auditor should opine on IC effectiveness on evidence gained from testing controls, misstatements detected, and identified control deficiencies. |
|
|
Term
Auditor should obtain written representations from management for the following... |
|
Definition
Acknowledging management's responsibilities for establishing and maintaining effective IC Stating that management has performed an evaluation and made an assessment of IC effectiveness and control criteria (COSO) Stating that management's and auditor's assessments are independent of each other. Management's conclusion of IC effectiveness based on control criteria at specified date Management has disclosed to the auditor all deficiencies in IC identified in its evaluation. Describing any material fraud and any other fraud involving senior management or management or other employees who have a significant role in IC. Control deficiencies identified and communicated to the audit committee during previous engagements have been resolved. Stating whether there were, subsequent to the date being reported on, any changes in IC or factors that may significantly affect it. |
|
|
Term
communication of deficiencies & when it should be made |
|
Definition
Auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged w/governance, even if they have been corrected. Communication should be made prior to the issuance of the auditor's report. |
|
|
Term
|
Definition
May be a separate report or combined with opinion on IC. |
|
|
Term
When should the audit report be dated? |
|
Definition
Audit report should be dated no earlier than when sufficient appropriate audit evidence is obtained. Dates on F/S and IC reports are the same. |
|
|
Term
components of IC/Audit report |
|
Definition
Introductory, Scope, Definition, Inherent limitations, and Opinion paragraphs. |
|
|
Term
modifications to standard IC report |
|
Definition
Material weakness requires adverse opinion (on IC report, not F/S report). Elements of management's annual report on IC are incomplete or improperly presented. Scope of engagement is restricted. Auditor refers to to the report of other auditors in their work. Other information is contained in management's annual report on IC. Management's annual certification under Section 302 of SOX is misstated. |
|
|
Term
|
Definition
addresses management requests to the auditor to provide a new opinion on whether a material weakness causing adverse opinion has been remediated. |
|
|
Term
Under PCAOB AS 4, is the auditor allowed to reaudit a deficient control? Do similar standards supply? |
|
Definition
Auditor is allowed to reaudit control based on management's assertion that the deficiency has been corrected and to provide opinion relative to the control. Similar standards apply to the new engagement as for the initial reporting engagement on IC. |
|
|
Term
authoritative guidance for service organizations |
|
Definition
AU 324 and AT 801; These standards apply to a F/S audit of an entity that uses another organization's services as part of its own information system. |
|
|
Term
|
Definition
provides guidance for the user auditor's use of the reports. |
|
|
Term
|
Definition
addresses the service auditor's preparation of the reports. |
|
|
Term
a service organization's services are part of the client's information system if they have an effect on... |
|
Definition
initiation of transactions accounting records, supporting information, and specific accounts Processing from initiation to inclusion of transactions in the statements The process used to prepare statements, including estimates and disclosures |
|
|
Term
The service organization standards concern... |
|
Definition
Factors to be considered by an auditor whose client uses a service organization to process certain transactions. Guidance to auditors who issue reports on the processing of transactions by a service organization for use by other auditors. |
|
|
Term
|
Definition
entity that is a user of a service organization (entity that uses another organization's services as part of its own information system) and whose F/S are being audited. |
|
|
Term
|
Definition
|
|
Term
|
Definition
entity that provides services to user organizations |
|
|
Term
|
Definition
auditor who reports on the processing of transactions by a service organization |
|
|
Term
report on controls implemented |
|
Definition
service auditor's report on whether controls were properly designed and implemented
service auditor's report on a service organization's description of IC, whether they were suitably designed to achieve specified control objectives, and whether they had been implemented. |
|
|
Term
report on controls implemented and tests of operating effectiveness |
|
Definition
service auditor's report on whether controls were properly designed, implemented and operating effectively
report on controls implemented + whether the controls tested were operating w/sufficient effectiveness to provide reasonable assurance that the related objectives were achieved. |
|
|
Term
significance of the service organization's controls depends on... |
|
Definition
primarily the transactions it processes for the user and the degree of interaction between its activities and those of the user. |
|
|
Term
high and low degree of interaction |
|
Definition
When user initiates and service organization executes, degree of interaction is high and user can implement effective controls.
When the opposite occurs, low interaction and ineffective controls. |
|
|
Term
user auditor responsibility |
|
Definition
User auditor assesses control risk, among other assertions, those affected by service organization activities. |
|
|
Term
importance of user auditor's assessment of control risk |
|
Definition
User auditor assesses control risk, among other assertions, those affected by service organization activities. |
|
|
Term
How does the user auditor obtain evidence of the operating effectiveness of controls? |
|
Definition
By doing at least one of the following: Performing tests of controls at the service organization or implemented by the user. Obtaining a service auditor's report on controls implemented and tests of controls implemented and tests of operating effectiveness or a report on agreed-upon procedures describing tests of controls. |
|
|
Term
|
Definition
A service auditor's report on the effectiveness of controls may be intended for 2+ user auditors.
User auditor should determine whether the tests and results described are relevant to significant assertions in the user's statements and provide appropriate evidence to support assessment of control risk. |
|
|
Term
Can results of substantive procedures of service auditors be used by user auditors? |
|
Definition
Yes, results of substantive procedures performed by service auditors may be used by the user auditor as part of the evidence to support opinion on F/S. |
|
|
Term
User auditors and service auditors |
|
Definition
User auditor should make inquiries concerning service auditor's professional reputation. User may request agreed-upon procedures. User should not use service auditor report as a basis for his/her own opinion. |
|
|
Term
service auditor responsibility |
|
Definition
Engagement differs from F/S audit, but service auditor should follow applicable GAAS. Service auditor should be independent of service organization but not of each user. If service auditor becomes aware of errors, fraud, or illegal acts that may affect the user, s/he should inform governance of service organization if they do not know already. If not satisfied with response, the service auditor may consider resigning. |
|
|
Term
reports on controls implemented (from service auditors) include the following... |
|
Definition
Reference to aspects of service organization covered Description of service auditor's procedures Identification of the party stating the control objectives Statement of purposes of the engagement Disclaimer of opinion on operating effectiveness Are relevant aspects of controls fairly presented? Were they suitably designed to provide reasonable assurance that the control objectives would be achieved if complied w/satisfactorily? Statement of inherent limitations Identification of the parties for whom the report is intended References to a description of tests, controls tested, tests applied, and test results. Indicate the nature, timing, and extent tests, as well as test's affects on control risk. Time period covered by audit. Service auditor opinion on effectiveness of controls. Statement that no opinion on control objectives is listed. Statement that effectiveness and significance of the service organization's controls are dependent on their interaction w/factors present at individual user organizations. Statement that service auditor has performed no procedures to evaluate the effectiveness of controls at individual user organizations. |
|
|
Term
Service auditors should written representations from the service org.'s management about... |
|
Definition
Acknowledging management's responsibilities for establishing and maintaining effective IC Stating that management has performed an evaluation and made an assessment of IC effectiveness and control criteria (COSO) Stating that management's and auditor's assessments are independent of each other. Management's conclusion of IC effectiveness based on control criteria at specified date Management has disclosed to the auditor all deficiencies in IC identified in its evaluation. Describing any material fraud and any other fraud involving senior management or management or other employees who have a significant role in IC. Control deficiencies identified and communicated to the audit committee during previous engagements have been resolved. Stating whether there were, subsequent to the date being reported on, any changes in IC or factors that may significantly affect it. |
|
|
Term
service org. must prepare a description of its system, including... |
|
Definition
The nature of service to users. How the service is provided. Controls over the service. Control objectives. |
|
|
Term
|
Definition
opines on the fair presentation of the description and whether the controls are suitably designed |
|
|
Term
|
Definition
controls can attain the control objectives if they operate effectively |
|
|
Term
|
Definition
expresses type 1 opinions plus an opinion on whether or not controls were operating effectively |
|
|
Term
|
Definition
meeting the control objectives |
|
|
Term
|
Definition
Management must give the service auditor a written assertion about the fair presentation of the system description and the suitability of the design of controls and their operating effectiveness. |
|
|
Term
|
Definition
The system description and the opinion on it address the period covered by the tests of operating effectiveness. |
|
|