A Service Auditor’s Report is used by a service organization to convey to its clients the extent of internal control systems which are in operation.
The Canadian Standard on Assurance Engagements (CSAE 3416) allows auditors to issue a service Auditor’s Report regarding whether described controls:
- are presented fairly,
- are suitably designed to achieve the control objectives, and
- whether they are operating effectively (Type 2 report).
The following is a sample list of organizations which may be required to produce this type of audit report:
- Payroll service providers,
- Claims processors,
- Benefits administrators,
- Third party administrators,
- Data centres,
- Application service providers (ASPs), and
- Outsourced IT departments
(This is not an exhaustive list)