2011-03-29 Transitioning from Section 5970 to CSAE 3416
This Newsletter is about the impact of the new Canadian Standard on Assurance Engagements 3416 (CSAE3416)
Organizations that provide services that impact their customers' financial reporting processes are often subject to audits of these processes executed on behalf of their customers. The auditor's Report on Controls at a Service Organization, Section 5970 has long been the governing standard in Canada for performing these audits.
What is new?
The Report on Controls at a Service Organization, Section 597 requirements and guidance for Canadian auditors will be superseded by the new Canadian Standard on Assurance Engagements (CSAE 3416). Globally, many countries do not have their own standard for performing such audits, which led to the creation of the International Standard on Assurance Engagements 3402 (ISAE 3402). Similarly, the current standard in the US, Statement on Auditing Standards No. 70 (SAS 70) is being replaced with Statement on Standards for Attestation Engagements (SSAE 16). While CASE 3416, ISAE 3402 and SSAE 16 have some differences, they are substantially the same.
When are these standards is it effective?
CSAE 3416 is effective for reports with periods ending on or after December 15, 2011, while both the ISAE 3402 and SSAE 16 are effective for periods ending on or after June 15, 2011.
What are the key differences under the new CSAE 3416?
- Management is required to provide a written assertion. When the inclusive method is used, the subservice organization must also provide a written assertion
- In a type 2 report, the service auditor opines on the description of controls and suitability of the design of controls related to the control objectives throughout the entire period (versus an "as at date")
- The service auditor is required to disclose any reliance on the work of internal audit (or other independent management testing functions) within the report
- The format of the service auditor's opinion will change
- The standard explicitly requires follow-up action by the service auditor in the event of deviations caused by intentional acts - meaning, the service auditor should assess the potential risk that the description is not fairly presented, the controls are not suitably designed, and in a type 2 engagement, controls are not operating effectively.
To find out more of the expected impact of these differences, please read the document available for download.
What is the next step?
If your clients are users of the Section 5970 report, you may want to make them aware of the changes that are coming so that they are not caught by surprise by the new report. If your client is a service organization, they may already be aware of the change. If they are not, you should make them aware of these changes and their impact on the report and audit process.
- Michael Walke
-
Michael Walke, CA
Partner
Mississauga, Ontario
Experience
- Accounting Consulting
- Manufacturing
- Real Estate
- Partner
- Tel: +1 416 815 5011
- Michael A. Tambosso
- Tel: +1 416 941 8388
- Fax: +1 416 814 3220
- For an indepth analysis of the most notable financial reporting developments, read our bi-annual review, Financial Reporting Release.
You are in: Services > Audit and Assurance