{"id":33358,"date":"2025-06-23T08:10:42","date_gmt":"2025-06-23T08:10:42","guid":{"rendered":"https:\/\/gaviki.com\/blog\/?p=33358"},"modified":"2025-06-23T08:10:44","modified_gmt":"2025-06-23T08:10:44","slug":"when-a-service-organization-is-part-of-an-entitys-internal-control","status":"publish","type":"post","link":"https:\/\/gaviki.com\/blog\/when-a-service-organization-is-part-of-an-entitys-internal-control\/","title":{"rendered":"When a service organization is part of an entity&#8217;s internal control"},"content":{"rendered":"\n<p>When a service organization is part of an entity&#8217;s internal control, an auditor performing an integrated audit should: <\/p>\n\n\n\n<p>A. Obtain an understanding of all controls related to the service organization. <\/p>\n\n\n\n<p>B. Test the entity&#8217;s relevant controls over the activities of the service organization. <\/p>\n\n\n\n<p>C. Perform substantive procedures at the service organization. <\/p>\n\n\n\n<p>D. Reference the service auditor&#8217;s report in the auditor&#8217;s report on internal control.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">The correct answer and explanation is:<\/mark><\/strong><\/p>\n\n\n\n<p>The correct answer is: <strong>B. Test the entity&#8217;s relevant controls over the activities of the service organization.<\/strong><\/p>\n\n\n\n<p>Explanation:<\/p>\n\n\n\n<p>When a service organization is part of an entity&#8217;s internal control system, the auditor performing an integrated audit of the entity\u2019s financial statements and internal control over financial reporting must consider the service organization&#8217;s impact. The service organization often performs processes or controls that are relevant to the entity&#8217;s financial reporting.<\/p>\n\n\n\n<p>The auditor&#8217;s responsibility is to gain an understanding of the controls the entity uses to monitor and oversee the service organization. This includes the controls implemented by the entity to manage the risks associated with the services provided. Therefore, the auditor tests the entity\u2019s controls that relate to the service organization&#8217;s activities, not directly all controls at the service organization.<\/p>\n\n\n\n<p>Option A, obtaining an understanding of all controls related to the service organization, is incorrect because the auditor does not need to test every control at the service organization. Instead, the focus is on controls relevant to the entity\u2019s financial reporting.<\/p>\n\n\n\n<p>Option C, performing substantive procedures at the service organization, is not typically required. The auditor primarily tests the controls of the entity that manage and monitor the service organization. Performing substantive procedures directly at the service organization is generally outside the auditor\u2019s scope unless deemed necessary.<\/p>\n\n\n\n<p>Option D, referencing the service auditor&#8217;s report in the auditor&#8217;s report on internal control, is also incorrect. The auditor cannot simply refer to or rely on the service auditor\u2019s report as part of their own internal control audit opinion. Instead, the auditor incorporates their own testing of the entity\u2019s controls related to the service organization.<\/p>\n\n\n\n<p>In summary, the auditor tests the entity\u2019s controls over the service organization\u2019s activities to evaluate how effectively the entity manages the risks related to those outsourced services. This approach aligns with audit standards for integrated audits, ensuring the auditor obtains sufficient evidence about the internal control environment as it relates to service organizations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When a service organization is part of an entity&#8217;s internal control, an auditor performing an integrated audit should: A. Obtain an understanding of all controls related to the service organization. B. Test the entity&#8217;s relevant controls over the activities of the service organization. C. Perform substantive procedures at the service organization. D. Reference the service [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-33358","post","type-post","status-publish","format-standard","hentry","category-quiz-questions"],"_links":{"self":[{"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/posts\/33358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/comments?post=33358"}],"version-history":[{"count":1,"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/posts\/33358\/revisions"}],"predecessor-version":[{"id":33360,"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/posts\/33358\/revisions\/33360"}],"wp:attachment":[{"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/media?parent=33358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/categories?post=33358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gaviki.com\/blog\/wp-json\/wp\/v2\/tags?post=33358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}