BDO Canada: Service Auditor’s Report Contents

CANADA

EN|FR

Service Auditor's Report

Service Auditor’s Report Contents

A Service Auditor’s Report typically includes several sections:

1. Independent Service Auditor’s Report

2. The Service Organization’s Description of Controls

Overview
Control Environment Elements
Description of Computerized Systems
Control Objectives, Controls and User Controls
Considerations for each of the Controls
Tests of the Controls and Results of the Tests Performed (For Type II Reports)

3. Other information

Type I versus Type II

A Type I report is a report on the controls placed in operation as at a specific date. A Type II report is a report on the controls placed in operation and tests of the operating effectiveness of controls during a specified period of time. The period of time for a Type II report is generally 6 months or 1 year. Since the Type II report is an extension of the Type I report, if you chose to do a Type I report and opted to switch to Type II, the difference is the application of tests of the operating effectiveness of specific controls for the audit period.

Some clients have opted for a Type I report for the first year and a Type II report in subsequent years. This has the advantage of allowing you to review and improve your controls before undergoing the testing in the Type II. (Sarbanes Oxley 404 and MI 52-109 have created time pressures which make this approach less of an option)

Responsibilities During The Audit

The Service Organization is responsible for documenting:

The Service Organization’s description of controls
Features of the control environment that may affect the service provided to User Organizations
Applications and control objectives to be covered by the tests
Other information the Service Organization may provide

The Service Auditor is responsible for:

An opinion as to whether Service Organization’s description of its controls presents fairly those controls that have been placed in operation as of the end of the reporting period
An opinion as to whether the described controls were suitably designed to achieve the specified control objectives
Other information the Service Auditor may provide

For a Type II Report

An opinion that the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved for the period under review
Determining which controls are, in his or her judgment necessary to achieve the control objectives and the nature, timing, and extent of the tests of the selected controls
A description of the tests of operating effectiveness of controls and the results of those tests

Latest News

February 9, 2012 - Alberta Budget Report

February 1, 2012 - Automobile Expenses and Recordkeeping

February 1, 2012 - BDO and DECIMAL agree on sale of DECIMAL’s governance, risk and compliance division

January 16, 2012 - Appointment of new member firm in Greece for BDO

January 12, 2012 - BDO encouraged by government warning about debt settlement companies

January 10, 2012 - BDO announces new tax firm in Japan

January 16, 2012 - Failure to Pay Instalments Can be Costly

December 5, 2011 - Changes to deductions for Canada Pension Plan contributions

	Follow us on:
	FR \| Disclaimer \| Site Map \| Privacy Statement \| Accessibility Policy \| Intellectual Property Ownership
	BDO Canada LLP, a Canadian limited liability partnership, is a member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.