- This topic has 1 reply, 2 voices, and was last updated 4 years ago by
.
- Posts
Hello Sir,
In the answers they mention both ISA402 and type1 and 2 , from my understanding these two are different standards (please correct me if I am wrong )
1) ISA402 typically include visiting the outsource service organization , obtain information from the service org directly and perform TOC at the service org also determine the extent of substantive procedure required
While the type 1 and 2 is included in ISAE 3402 which is typically means if the service org have an auditor the entity auditor could request from him type1 or type2 based on the entity auditor judgment.
And the auditor should use one of the standrads either ISA402 or ISAE 3402
Why in the answer they mention both of them !Audit procedures would NOT typically involve visiting the service provider (imagine you were the service provider – would you want the auditors of all your client traipsing in every day?). ISA 402 is the auditing standard for the auditor of the client that USES the services of the service organisation which includes obtaining Type 1 and Type 2 reports as audit evidence.
ISAE 3402 is the standard for the assurance provider of the Type 1 and 2 reports of the service organisation.
- You must be logged in to reply to this topic.