departures from generally accepted accounting principles, which include adequate disclosure, require

modification of the accountant's report.

the auditor's report includes an opinion as to whether the disclosed basis of accounting has been applied
consistently-comprehensive basis accounting - no comment need be made concerning the
appropriateness of the disclosed method.

When issuing a special report on a specific financial statement item, the measurement of materiality must
be related to that item.

If a specified element, account, or item is based on income or stockholders’ equity, the auditor should
have audited the complete financial statements to express an opinion on it

a forecast examination report presents an opinion concluding whether the forecast meets AICPA
guidelines, not on whether the forecast is fairly presented.

When a CPA is associated with the preparation of forecasts, all of the following should be disclosed except
the 1. Source of information 2. Character of the work performed by the CPA 3. Major assumptions in the
preparation of the forecasts

auditors do not indicate that the hypothetical assumptions used in the projection are reasonable.

a CPA should not vouch for the achievability of forecasts.

Government Auditing Standards, the "yellow book," includes a standard for a written report on the
auditor's understanding of the entity's internal control and an assessment of control risk.

the report on compliance with laws and regulations include all material instances of noncompliance, and all
instances or indications of illegal acts which could result in criminal prosecution.

an auditor’s responsibility with respect to entity’s disclosures of certain supplementary financial disclosure
of pension information that are requires by the GASB - is to apply certain limited procedures to such
information to obtain assurance that it is consistent with the audited financial statements

either a qualified opinion or a disclaimer of opinion due to a scope limitation is appropriate when the
auditor is unable to obtain the audited financial statements of a significant subsidiary an
unqualified opinion may be appropriate when there are significant deficiencies in internal control if the
auditor is able to perform adequate substantive procedures. other procedures may be appropriate when
analytical procedures indicate that the current year balances are not comparable to prior years.

An auditor reads the letter of transmittal accompanying a county’s comprehensive annual financial report
and identifies a material inconsistency with the financial statements. The auditor determines that the
financial statements do not require revision – Auditor should request that the client to revise the
letter of transmittal

The requirement is to identify a CPA’s reporting responsibilities when dealing with unaudited financial
statements that include material misstatements. Answer D is correct; since unaudited financial
statements are involved, the report should describe the departure – and no opinion is issued for non-
audited F/S

A review does not require an assessment of the risk of material misstatement due to fraud and
because significant deficiencies in I/C do not result in report modification. Review reports are modified
primarily for departures from generally accepted accounting principles.
When establishing an understanding with an audit client, that understanding should be documented – thru
written communication with the client

generally accepted auditing standards (GAAS) deal with measures of the quality of the performance of
audit procedures. Auditing standards relate not only to the auditor's professional qualities but also to the
judgment exercised by the auditor in the performance of the audit

the elements of materiality and audit risk underlie the application of all the standards, particularly the
standards of fieldwork and reporting.

the AICPA has not issued concepts statements. The concepts statements issued by the FASB are
considered "other accounting literatures" and are not sources of generally accepted accounting principles.

GAAP HIERARCHY SUMMARY

Category Nongovernmental State and Local Federal Government
Entities Governments
A. Authoritative FASB Statements and GASB Statements FASAB Statements
Body Interpretations and Interpretations and Interpretations
Pronouncement APB Opinions FASB and AICPA AICPA, FASB, and
s pronouncements GASB
AICPA Accounting
Research Bulletins applicable by a pronouncements
GASB Statement or made applicable by a
Interpretation FASAB Statement or
Interpretation
B. FASB Technical GASB Technical FASAB Technical
Bulletins Bulletins Bulletins
Pronouncement AICPA Industry Audit AICPA Industry Audit AICPA Industry Audit
s of Bodies and Accounting and Accounting and Accounting
Composed of Guides and Guides and Guides and
Expert Statements of Statements of Statements of
Accountants, Position (cleared by Position (cleared by Position (cleared by
Exposed for FASB) GASB) FASAB)
Public Comment
C. Consensus Positions Consensus Positions Technical Releases of
of the FASB of the GASB the Accounting and
Pronouncement Emerging Issues Emerging Issues Auditing Policy
s of Bodies Task Force Task Force Committee of the
Composed of FASAB
Expert AICPA Practice AICPA Practice AICPA Practice
Accountants, Bulletins (cleared by Bulletins (cleared by Bulletins (cleared by
Not Exposed for FASB) GASB) the FASAB)
Public Comment
D. Widely FASB staff "Questions GASB staff FASAB staff
Recognized and Answers" "Questions and Implementation
Practices and AICPA Accounting Answers" Guides
Pronouncement Interpretations
s
Widely accepted
industry practices Widely accepted Widely accepted
industry practices federal government
practices
E. Other FASB Concepts GASB Concepts FASAB Concepts
Accounting Statements Statements Statements
Literature APB Statements Pronouncements in Pronouncements in
AICPA Issues Papers (A) through (D) of (A) through (D) of
 and Technical nongovernmental GASB and FASB not
Practice Aids hierarchy not specifically made
International specifically made applicable
Accounting applicable FASB and GASB
Standards APB Statements Concepts
Committee FASB Concepts Statements, AICPA
Statements Statements Issues Papers, and
GASB Statements, Technical Practice
AICPA Issues Papers Aids
Interpretations, and and Technical
Technical Bulletins Practice Aids International
Pronouncements of Accounting
International Standards
other professional Accounting
associations or Committee
Standards Statements
regulatory agencies Committee
Accounting Statements Pronouncements of
textbooks, other professional
Pronouncements of associations or
handbooks, and other professional
articles regulatory agencies
associations or
regulatory agencies Accounting textbooks,
handbooks, and
Accounting articles
textbooks,
handbooks, and
articles

An overall audit strategy involves (1) determining the scope of the audit, (2) determining the reporting
objectives, and (3) considering various other important factors.

Inherent risk and control risk exist independently of the audit of financial statements as functions of the
client and its environment, whereas detection risk relates to the auditor's procedures and can be changed
at his or her discretion.

Holding all other factors constant, decreasing the extent of substantive audit procedures for accounts
payable ordinarily has what effect on audit risk ---- Increse. DR increases and Audit risk increases

A decrease in acceptable levels of materiality requires the auditor to do one or more of the following:
(1) select a more effective auditing procedure, (2) perform auditing procedures closer to the balance sheet
date, or (3) increase the extent of a particular auditing procedure. By increasing the extent of a procedure
concerning an individual account and/or selecting a more effective procedure, the auditor will find the
smaller misstatements that in aggregate might exceed his preliminary judgments about materiality. The
auditor, therefore, must plan to find smaller misstatements as a lower acceptable level of materiality is
established.

the auditor considers materiality for planning purposes in terms of the smallest, not the largest, aggregate
amount of misstatement that could be material to any one of the financial statements.

The risk that mistakes, falsifications, and omissions may cause the financial statements to contain material
misstatement - most important concerning an auditor's responsibility to detect errors and fraud. The
auditor should assess the risk that errors and fraud (which include mistakes, falsifications and omissions)
may cause the financial statements to contain material misstatements.

When fraud risk factors exist, the auditor should consider whether already designed procedures
adequately consider the existence of fraud. When they do not, audit procedures must be extended.

fraudulent financial reporting involves intentional misstatements or omissions of amounts or disclosures in

financial statements to deceive financial statement users and improperly recording the revenue results in
such misstatements.
fraud risk factors do not necessarily indicate the existence of fraud, they often have been observed in
circumstances where frauds have occurred.

all fraud (material or immaterial) involving senior management and all other material fraud should be
reported directly to the audit committee.

overall responses to the risk of material misstatement due to fraud include (1) assigning personnel with
more experience and more supervision to the audit, (2) increasing the consideration of management’s
selection and application of accounting principles, and (3) making audit procedures less predictable.

fraud occurs are that individuals have an (1) incentive or pressure, (2) opportunity, and (3) ability to
rationalize.

the inability to generate cash flows from operations while reporting earnings and growth is explicitly
included as a risk factor in AU 316; such a situation causes one to question whether the earnings being
reported are proper.

When an auditor becomes aware of information concerning a possible illegal act, he or she should obtain
an understanding of the nature of the act, the circumstances in which it occurred, and sufficient other
information to evaluate its effect on the financial statements.

The successor’s inquiries of the predecessor should include

• Information bearing on integrity of management

• Disagreements with management as to accounting principles, auditing procedures or other
similarly significant matters
• Communications to audit committee regarding fraud, illegal acts, and internal control related
matters
• Predecessor’s understanding of the reasons for the change in auditors

the objective of an audit of financial statements is the expression of an opinion on the financial
statements; accordingly, when sufficient competent evidence is not available it is unlikely that an audit will
be performed.

It is unlikely that sufficient competent evidence is available to support an opinion on the financial
statements. – lead a CPA to conclude that a potential audit engagement should be rejected

include in the initial planning of a financial statement audit – involvement of client’s internal auditor,
predecessor auditor, NET… Consider accounting estimates - after planning. Obtain a written
representation letter – at the conclusion of the audit.

The SSARS requirements do not apply to either the 1. processing of financial data for clients of
other CPA firms or to 2. consulting on accounting matters.

SSARS – Review and Compilation doesn’t apply to public companies

Special Committee on Assurance Services, also referred to as the Elliott Committee, defined
assurance services as independent professional services—not "a consulting service"—that
improve the quality of information, or its context, for decision makers.

Elements of Quality Control

Element of Basic objective is to provide
quality control reasonable assurance that the Example procedures
Leadership Firm’s internal culture recognizes that quality Assign management
responsibilities for is essential in performing engagements and responsibilities so that
quality with the firm recognizes the need to perform work that commercial considerations
(“tone at the top”) complies with (a) professional standards and do not override the quality
regulatory and legal requirements and (b) of work performed.
 issue reports that are appropriate in the
circumstances.
Relevant ethical Firm and its personnel comply with relevant At least annually, the firm
requirements ethical requirements should obtain written
confirmation of compliance
with its independence
policies and procedures
from all firm personnel who
are required to be
independent.
Acceptance and Firm will undertake to continue relationships Background information is
continuance of client and engagements only where the firm: gathered on all prospective
relationships and 1. Has considered client integrity. audit clients, including the
specific engagements 2. Is competent to perform the engagement. attitude of principal owners,
3. Can comply with legal and ethical key management and those
requirements. charged with governance
on matters such as
aggressive accounting and
internal control over
financial reporting.
Human resources Firm has personnel with the capabilities, Design effective
competence and commitment to ethical recruitment processes and
principles to procedures to help the firm
1. Perform its engagements in accordance select individuals meeting
with professional standards and regulatory minimum academic
and legal requirements. requirements established
2. Enable the firm to issue reports that are by the firm, maturity,
appropriate in the circumstances. integrity, and leadership
traits.
Engagement Firm’s engagements are consistently Design policies and
performance performed in accordance with professional procedures that address the
standards and regulatory and legal tracking of progress of each
requirements, with policies and procedures engagement.
addressing:
1. Engagement performance
2. Supervision responsibilities
3. Review responsibilities
Monitoring Firm’s policies and procedures established for Working papers, reports,
each of the elements are suitably designed and client financial
and effectively applied. statements are reviewed to
assess compliance with the
firm’s quality control
policies and procedures

CPA firm's personnel advancement experience to ascertain whether individuals increased degrees of
responsibility. This is evidence of the CPA firm's adherence to prescribed standards of – Quality Control

one of the quality control considerations for a firm of independent auditors is that the policies and
procedures for professional development should be established to provide reasonable assurance that
personnel have the knowledge required to enable them to perform in accordance with professional
standards.

A CPA establishes quality control policies and procedures for deciding whether to accept a new client
or continue to perform services for a current client. The primary purpose for establishing such
policies and procedures is policies and procedures should be established for deciding whether to accept or
continue a client in order to minimize the likelihood of association with clients whose management lacks
integrity.
Objective of the engagement performance element of quality control – Engagements are adequately
supervised

The third general standard (Due Care) states that due care is to be exercised in the performance of
the examination – as a professional possessing the degree of skill commonly possessed by
others in the field

When a significant portion of management’s compensation is represented by stock options, risk may be
involved in that management is under great pressure to report earnings that meet projected profit goals;
this will ordinarily increase management compensation significantly and, under some circumstances,
create a pressure to report overstated earnings to meet those projections.

Performing in the planning stage of a financial statement audit (involve AP)– 1. Comparing
recorded financial information with anticipated results from budgets and forecast is an analytical
procedure often performed while planning the audit 2. Inquires from personnel about the schedules 3.
Planning the timing of inventory observation.

When performing substantive tests on inventory will take less time than performing tests of controls,
which means test of control is omitted – Perform only substantive tests on inventory

Alternatively, the risk assessment may not include an expectation that controls operate effectively. This
will be the case when

(1) controls appear weak, or (2) the auditor believes that performing extensive substantive procedures
is likely to be more cost effective than performing a combination of tests of controls and a
decreased scope of substantive procedures.
(2) When controls operate ineffectively, further audit procedures will consist entirely of substantive
procedures. no tests of controls will be performed. If a separate assessment of control risk is made,
control risk is at the maximum level and the auditor will design substantive tests placing no
reliance upon the controls operating effectively.

an illegal (不構成 Adverse or qualified opinion unless departure from GAAP, disclosure is good enough for
important illegal acts. act will only result in a qualified opinion or an adverse opinion if the financial
statements are not presented in conformity with generally accepted accounting principles. Thus, if im-
portant enough, the illegal act should be disclosed in the financial statements; if it is not, a qualified
opinion or adverse opinion is appropriate.

If specific information concerning an illegal act comes to the auditor’s attention, the auditor should apply
audit procedures specifically directed to ascertaining whether an illegal act has occurred.

Control risk and inherent risk exist independently of the financial statement audit, but not
detection risk

Detection risk can be changed at the auditor’s discretion - auditors determine an appropriate level of
detection risk based on their assessment of the risk of material misstatement—composed of inherent risk
and control risk.

Material misstatement requires disclosure, not immaterial ones.

A lack of independent checks represents a risk factor that relates to misstatement arising from
misappropriation of assets

Sarbanes-Oxley Act does not require a certification by management that it has violated no major laws.

Sarbanes-Oxley Act requires that the CEO and the CFO must disclose internal control deficiencies to both
the auditors and the audit committee.
Objectives of internal control as included in the definition of internal control developed by the Committee
of Sponsoring Organizations (COSO) = 1. Operation 2. Compliance 3. Financial Reporting

Auditing Standards divide internal control into five interrelated components as follows: (1) control
environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5)
monitoring.

The seven control environment factors are as follow (ICHAMBO)s: (1) integrity and ethical values, (2)
commitment to competence, (3) human resource policies and practices, (4) assignment of authority and
responsibility, (5) management's philosophy and operating style, (6) board of directors or audit committee
participation, and (7) organizational structure.

Risk Assessment

1) Changes in the operating environment (e.g., increased competition)

(2) New personnel
(3) New information systems
(4) Rapid growth
(5) New technology
(6) New lines, products, or activities
(7) Corporate restructuring
(8) Foreign operations
(9) Accounting pronouncements

Control Activities

P - Performance reviews (reviews of actual performance against budgets, forecasts,

one another, etc.)
I - Information processing (controls that check accuracy, completeness, and
authorization of transactions)
P - Physical controls (activities that assure the physical security of assets and
records)
S - Segregation of duties (separate authorization, recordkeeping, and custody)

Collection of receipts on account and maintaining accounts receivable records – not compatible due to
conflict of R and A duties

while the individuals will have both custody of assets (the checks) and recordkeeping responsibility, they
relate to different areas.

data processing is a recordkeeping function which is incompatible with the treasurer's department's
custodial responsibility.

Treasurer department = handling cash, custody of securities, establishing credit policies

The controls relevant to an audit pertain to the entity's ability to record, process, summarize, and
report financial data consistent with the assertions embodied in the financial statements.

A primary objective of procedures performed to obtain an understanding of internal control is to provide an

auditor with Knowledge necessary to assess the risks as misstatement. the auditor must obtain a sufficient
understanding of an entity's control structure to assess the risk of material misstatement.

Assessing the risk of material misstatement below the maximum based on controls involves (1) identifying
specific controls relevant to specific assertions, and (2) performing tests of controls to evaluate their
effectiveness.

If the control appears effective, tests of controls will be performed

 • When the auditor’s risk assessment includes an expectation of operating effectiveness of controls
because the
likelihood of material misstatement is lower if the control operates effectively, or
• When substantive procedures alone do not provide sufficient audit evidence.

But test of control itself may not be effective, so it normally combines with a decreased in scope of
substantive procedures.

Information and communication. The auditor needs to obtain a level of knowledge of the information
system and communication to understand (1) the major transaction classes, (2) how those transactions are
initiated, (3) the available accounting records and support, (4) the manner of processing of transactions,
(5) the financial reporting process used to prepare financial statements, and (6) the means the entity uses
to communicate financial reporting roles and responsibilities. – land, buildings, common stock, minutes of
BOD’s meeting, shareholder meeting is not relates to internal control

During the course of an audit engagement, prepares internal control flowcharts is to Assemble the internal
control findings into a comprehensible format suitable for analysis.

Flowchart prepared during the consideration of internal control is a symbolic representation of a system of
sequential processes.

Auditor uses the risk of material misstatement to determine the acceptable level of detection risk for
financial statement assertions. The auditor then uses the acceptable level of detection risk to determine
the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in
the financial statement assertions

Assess risks of material misstatement and design further audit procedures. On an overall
basis the auditors should perform the risk assessment to identify and assess the risks of material
misstatement at the financial statement level and at the relevant assertion level for classes of
transactions, account balances, and disclosures; the approach is one of

• Identifying risks
• Relating the risks to what can go wrong at the relevant assertion level
• Considering whether the risks are of a magnitude that could result in a material misstatement
• Considering the likelihood that risks could result in material misstatements

Audit evidence on operating effectiveness from a prior period. If the auditor plans to use audit
evidence about the operating effectiveness of controls obtained in prior audits, the auditor should obtain
audit evidence about whether changes in those specific controls have occurred subsequent to the prior
audit. When controls have changed since they were last tested, the auditor should test the operating
effectiveness of such controls in the current audit. In circumstances in which controls have not changed
since they were last tested, the auditor should test the operating effectiveness of such controls at least
once in every three years. That is, the auditor should test a control at least once in every third year in an
annual audit.

Differences are expected to be disclosed on a computer exception report; disclosing these differences is
the primary purpose of the report. Thus, this would not indicate that there are problems in the client's
internal control.

There have been two new controllers this year may indicate a management’s override

the best protection for a company that wishes to prevent the "lapping" of trade accounts Have
customers send payments directly to the company's depository bank.

Lapping involves incorrect entries in the accounts receivable subsidiary ledger, not the general ledger.
purchase requisitions are internal documents which are prepared by user departments and sent to the
purchasing department for action. If purchasing agent arrange hardware to be delivered by the company
to his relative, the company has a poor internal control over PO

The requirements concern internal control in the accounts payable area. The accounts payable
function normally includes invoice verification. The important separation should be between
authorization of payment and actual cash disbursements. Thus the accounts payable area (including
invoice verification) should be separated from cash custodianship and disbursement. --- AP
seperates from CASH

best detect the theft of valuable items from an inventory that consists of hundreds of different items
selling for $1 to $10 and a few items selling for hundreds of dollars - Maintain a perpetual inventory of only
the more valuable items with frequent periodic verification of the validity of the perpetual inventory
record.

Examining material requisitions and reperforming client controls related to issuances will provide
evidence on operating effectiveness related to issuance of raw materials to production.

a typical problem in the payroll area is the apparent existence of fictitious employees which may arise due
to inadequate segregation in the payroll area. The observation of a payroll distribution should detect any
such irregularity. - The various phases of payroll work are not sufficiently segregated to afford effective
internal control so auditor performs observation of distribution of payroll checks

best control to guard against misappropriation of marketable securities is to assign the custodial
responsibilities to a bank. If securities are lost or missing, the bank will be responsible (i.e., the client will
not have to be concerned with misappropriation of the securities).

improper disposition of equipment - Separation of individuals with custody over equipment to be disposed,
from individuals authorized to approve removal work orders segregates the custodial and authorization
responsibilities for the equipment.

The most important internal control activity over acquisitions of PPNE - using budgets to control
acquisitions implies a follow-up analysis of budget variances. The use of budgets also permits the level of
authorized expenditures to be controlled.

PPNE acquisition is misclassified as maintenance expense would be detected by “Investigation of

various within a formal budgeting system’ improper expensing of the equipment is likely to result in
a large variance that will be disclosed within a formal budgeting system.

Depreciation policies need only be reviewed annually

Acquisition are to be made by the user department and approved by BOD.

the continuous utilization of serially numbered retirement work orders will allow management to account
for each retirement. This will help prevent unrecorded or unauthorized retirements.

The auditor may choose to communicate significant deficiencies during the course of the audit or after the
audit is concluded. This decision is influenced by the relative significance of the reportable conditions and
the urgency of corrective follow-up action.

Both significant audit adjustments and management's consultation with other accountants about
significant accounting matters should be communicated to an audit committee.

A CPA's report performing an examination of an entity's internal control identified several material
weaknesses and will be published in the entity's annual report to shareholders. Management intends to
include a statement asserting that the cost of correcting the weaknesses would exceed the benefits of
reducing the risk of errors and fraud. The CPA should Not express any opinion as to management's
statement. (NO requirement for CPA to investigate whether cost > benefit )
The requirement is to determine what an unqualified opinion on an entity's system of internal control
implies. The broad objectives of internal control are to render reasonable assurance that assets are
safeguarded from unauthorized use or disposition and that financial records are sufficiently reliable to
permit the preparation of financial statements.

Unqualified opinion on I/C = Financial records are sufficiently reliable to permit the
preparation of F/S

independent auditor responsibility cannot be shared with the internal auditors for any
judgments; the responsibility to report on the financial statements rests solely with the
independent auditor.

The client suggests that internal audit staff will be utilized to minimize audit costs, the independent auditor
will delegate work to internal auditor that doesn’t require decision making.

Reviewing the recommendations made in the reports of internal auditors is an important method of
judging the objectivity of internal audit.

service auditor's report includes: 1. Description of scope and nature of the auditor's procedures. 2.
Identification of parties for whom the report is intended. 3. Reference to the covered applications
(statement of IR limitation is not presented)

Material Weakness = Adverse report NOT qualified

Elimination of a material weakness several months prior to year-end is most likely to result in what form of
audit opinionUnqualified

walk-throughs of all major types of transactions are required the first year but in subsequent years they
may be carried forward.

The auditor cannot rely on client personnel to perform any of the walkthrough

The requirement is to identify the correct statement relating to issuance of a report on whether a
previously reported material weakness disclosed in an integrated audit continues to exist.  Management
must support its written assertion that the material weakness has been eliminated with sufficient
evidence.

The requirement is to identify proper auditor actions when a scope limitation arises in an engagement to
report on whether a previously reported material weakness continues to exist. while disclaimers are
allowed, qualified opinions are not allowed; in addition (not included in this question) the auditor may
choose to withdraw from the engagement due to a scope limitation.

Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both
Record and conceal fraudulent transactions in the normal course of assigned tasks

The requirement is to identify the least likely audit procedure for determining whether slow-moving, de-
fective, and obsolete items included in inventory are properly identified. ====the testing of standard
overhead rates may provide only very limited assistance since they may be used to arrive at the cost of
the item, but provide no real support relating to obsolescence.

comparing inventory balances with anticipated sales will identify such items through revealing items with
low expected turnover rates.

Significant deficiencies are not required to disclose in the footnotes or in the F/S
When a company use online transactions and such documentation of deails will be retained for only a short
period of time = in such a circumstance auditors will perform tests throughout the year so as to be able to
test transactions when such documentation is still available

Significant deficiencies suggest the possibility of misstatement, and accordingly suggest the need for an
increase in the assessment of control risk, with a corresponding increase in the scope of substantive
procedures

Collusion is an IR of I/C

collusion between employees may neutralize the effects of a segregation of duties.

Even the best internal control may break down due to

(1) Human judgment in decision making can be faulty
(2) Breakdowns can occur because of human failures such as simple errors or mistakes
(3) Controls, whether manual or automated, can be circumvented by collusion
(4) Management has the ability to override internal control
(5) Cost constraints (the cost of internal control should not exceed the expected benefits expected to be
derived)
(6) Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute
deterrents

sales orders should be sent to the credit department for approval (authorization).

Internal auditor - Objectivity is assessed by considering organizational status within the company, and
policies for assuring that internal auditors are objective with respect to the areas being audited.

The requirement is to identify the action an auditor should take to efficiently obtain information about a
transfer agent’s internal control relating to handling accounting for a client’s shareholders. => the
transfer agent is operating as a service organization, and when a service organization is involved and is to
be relied upon, the most efficient approach is for an auditor to obtain that organization’s service auditor
report on its internal control. In this situation a “type 2” report will provide information on both whether
controls are placed in operation and on their operating effectiveness. A “type 1” report only addresses
whether controls are placed in operation.