Class Notes (1,034,981)
CA (593,235)
UTSG (49,932)
Lecture 10

RSM427H1 Lecture Notes - Lecture 10: American Institute Of Certified Public Accountants, Financial Statement, OutsourcingPremium

2 pages63 viewsWinter 2018

Rotman Commerce
Course Code
Michael Khan

This preview shows half of the first page. to view the full 2 pages of the document.
Lecture 10 Audit Considerations of Outsourcing
The SysTrust/WebTrust review encompasses a combination of the following principles:
o Security: the system is protected against unauthorized access (both physical and logical)
o Availability: the system is available for operation and use as committed or agreed
o Processing integrity: system processing is complete, accurate, timely, and authorized
o Confidentiality: information designated as confidential is protected as committed or
SysTrust/WebTrust Users
o Management
o Customers
o Trading partners
o Financial statement auditors
SysTrust/WebTrust Report
o A opiio o aageet’s asserted otrols
Does not formally include the system description
o Opinion covers the reporting period of no more than 1 year
Drivers for SysTrust/WebTrust Review: the potential conflict of interest between the service
organization and the user organization
o The complexity of systems
o Remoteness of users and user organizations
o Consequences of unreliability
o Frequent system failure
Process of a SysTrust/WebTrust Reivew
o Decision by System hosting organization to pursue a SysTrust Review
System hosting organization hires a qualified firm
o System hosting organization selects
Optional principles
Criteria for the mandatory and optional principles
o Management develops control activities for each criterion
Process of a SysTrust Review
o Accounting firm assesses the adequacy of control criteria and procedures
o Accounting firm conducts testing
o Accounting firm provides report to system hosting organization
o System hosting organization shares report with user organizations
Trust Criteria
o Required: security
o Optional: confidentiality, privacy, availability, processing integrity
SysTrust/WebTrust Review
o Licensing
o Report
Difference Between SysTrust/WebTrust and CSAE 3416
Each stated criteria in the report must be met by controls in order to get an unqualified SysTrust
CSAE 3416 report has restricted distribution
Reliability vs. Financial Statement Assertions
find more resources at
find more resources at
You're Reading a Preview

Unlock to view full version

Subscribers Only

Loved by over 2.2 million students

Over 90% improved by at least one letter grade.