Class Notes (1,034,981)
CA (593,235)
UTSG (49,932)
Lecture 10

RSM427H1 Lecture Notes - Lecture 10: American Institute Of Certified Public Accountants, Financial Statement, OutsourcingPremium

2 pages63 viewsWinter 2018

Department
Rotman Commerce
Course Code
RSM427H1
Professor
Michael Khan
Lecture
10

This preview shows half of the first page. to view the full 2 pages of the document.
Lecture 10 Audit Considerations of Outsourcing
SysTrust/WebTrust
The SysTrust/WebTrust review encompasses a combination of the following principles:
o Security: the system is protected against unauthorized access (both physical and logical)
o Availability: the system is available for operation and use as committed or agreed
o Processing integrity: system processing is complete, accurate, timely, and authorized
o Confidentiality: information designated as confidential is protected as committed or
agreed
SysTrust/WebTrust Users
o Management
o Customers
o Trading partners
o Financial statement auditors
SysTrust/WebTrust Report
o A opiio o aageet’s asserted otrols
Does not formally include the system description
o Opinion covers the reporting period of no more than 1 year
Drivers for SysTrust/WebTrust Review: the potential conflict of interest between the service
organization and the user organization
o The complexity of systems
o Remoteness of users and user organizations
o Consequences of unreliability
o Frequent system failure
Process of a SysTrust/WebTrust Reivew
o Decision by System hosting organization to pursue a SysTrust Review
System hosting organization hires a qualified firm
o System hosting organization selects
Optional principles
Criteria for the mandatory and optional principles
o Management develops control activities for each criterion
Process of a SysTrust Review
o Accounting firm assesses the adequacy of control criteria and procedures
o Accounting firm conducts testing
o Accounting firm provides report to system hosting organization
o System hosting organization shares report with user organizations
Trust Criteria
o Required: security
o Optional: confidentiality, privacy, availability, processing integrity
SysTrust/WebTrust Review
o Licensing
o Report
Difference Between SysTrust/WebTrust and CSAE 3416
Each stated criteria in the report must be met by controls in order to get an unqualified SysTrust
report
CSAE 3416 report has restricted distribution
Reliability vs. Financial Statement Assertions
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version

Subscribers Only

Loved by over 2.2 million students

Over 90% improved by at least one letter grade.