Service Auditor's Report
BDO’S Approach and Framework
BDO approaches a Service Auditor’s Report engagement by providing a team with auditors who specialize in internal controls for various industries and technologies. We believe this provides your organization with the highest quality and cost effective Service Auditor’s Report.
The Audit Process
The general steps within a Service Auditor’s Report process follows the traditional audit approach but may differ based on a Service Organization’s current control environment. A typical engagement would include:
- Consultation with management and involved parties to gain an understanding of the Service Organization business processes, control environment and control components.
- Provide guidance to management on the adequacy of their control objectives and controls as it relates to their environments and their respective industries prior to testing.
- ]Perform on-site testing at various points in time during the reporting period to determine the effectiveness of the controls placed in operation and the operating effectiveness of the controls for Type II reports. Testing typically includes inquiry, inspection of documents and records, and observation of activities. The extent of testing will vary depending on the scope of the report (including type and the period covered).
- Preparation of a draft report to be reviewed by the Service Organization for accuracy and completeness of the details.
- Delivery of a management letter to management for any control deficiencies uncovered during the course of the review.
- Issuance of the Service Auditor’s Report in hardcopy and electronic PDF format.
The Solution
Our approach has always been to develop a unique solution for each client.
A Readiness Assessment – An evaluation of the readiness of the client’s procedures to be subject to a successful Type I or Type II Service Auditor’s Report. This assessment will also determine the needs of the client and the road map to achieving a successful project. This type of engagement will answer the following type of questions:
- Does the client need a Service Auditor’s Report?
- What are the major stumbling blocks to achieving a successful Service Auditor’s Report?
- What are the costs of such an engagement and how can these costs be minimized?
- What other alternatives does the client have?
- What is the earliest that a Service Auditor’s Report could be successfully executed?
- Who will draft the control objectives, control descriptions and other aspects of the report?
Specified Audit Procedures – Circumstances are never the same and periodically the execution of a specified procedures report will be a less costly alternative. This is a report that provides third party verification or comfort that procedures or processes at the organization are working as intended. The scope of these engagements can be much more limited and therefore less expensive. To achieve a more limited scope the engagement will focus on key risks or processes and might not cover all concerns of existing or potential clients as would a Service Auditor’s Report.
Type I or Type II Service Auditor’s Report – As outlined earlier this provides an independent verification at a point in time or over a period of time that internal controls are in place to achieve specific objectives.
An Independent Review of Internal Controls - This review is conducted in accordance with standards set by the Institute of Internal Auditors (IIA). This provides management with an assessment of the design and operational effectiveness of controls in meeting operating, reporting and compliance objectives set by the organization.
