- This topic has 1 reply, 2 voices, and was last updated 3 years ago by
.
- Posts
Dear Professor,
I was wondering how does detection risk arise when the client outsources a service, say payroll, from an external organisation?
And what should be the auditor’s response?
For a company to be using a service provider to process its payroll, it will most likely have a large number of staff so payroll processing will be computerised. All we are imaging then is that the processing is being done by a 3rd party – the service organisation (SO) – rather than the company. So the input still has to be recorded by employees, checked by their supervisors, etc before input is passed to the SO – and payslips will still be sent to individual employees, with a copy of the payroll out to the company, and payments to employees will still come out of the company’s bank.
In many cases the company’s auditor can obtain sufficient audit evidence that there is no material misstatement in the payroll by testing the company’s controls over input and output and substantive procedures that would most likely include analytical procedures on the monthly payrolls. The auditor will be able to confirm the y/e payroll-related liabilities (e.g. tax, social insurance) to after-date payments and “tax returns”, etc.
Only where that is not sufficient does the auditor need to plan to obtain additional evidence directly from the SO – presumably you have a text referring to Type 1/2 reports in this case? If not you’ll find details of the difference between these on page 89 of the AAA notes (as it is more an AAA topic).
- You must be logged in to reply to this topic.