- This topic has 1 reply, 2 voices, and was last updated 4 years ago by
.
- Posts
If the auditor of the user entity is also the auditor of the service organization and they use this to test that controls at the service organization are operating effectively. will this create any confidentiality/conflict of interest issues?
You should be able to tell me … seeking to rely on a Type 2 report as audit evidence means that sufficient evidence couldn’t be obtained from the client. So ask yourself what possible threat could that create – the auditor relying on a report prepared by the audit firm – self-review should come to mind. And as you say conflict of interest – the audit firm providing a report on the service organisation in the knowledge that other audits will rely on it would be a reason for bias, even it trying to be objective.
Yes confidentiality too but there is no conflict between the clients here (they’re not competitors, for example) so I suggest this it not a significant threat.
- You must be logged in to reply to this topic.