Question

With the rapid growth of cloud computing, many organizations are contracting with third party service

providers to process and store all kinds of data off site. In doing so, entities are now dependent on the

effectiveness of controls provided by external software providers and data centers that are used to

generate and store a huge volume of data of important information for making critical decisions.

1 What challenges do you see the auditor faced with when auditing a client who is using external

services?

2 How might the use of an external service provider to process financial statement transactions affect

the audit of the entity’s financial statements?

3 Provide five audit procedures you as an auditor would design to address the issues you named in

question 1

Answer 1

1. Challenges faced by auditor when auditing a client who is using external services are :=

The auditor is unable to obtain sufficient evidences corresponding to the fact that external service providers have implemented proper internal control mechanisms or not.

Also, the auditor is worried about the confidentiality of the information transmitted to these external service providers.

Whether the external service providers have proper backup systems in case there systems crashes due to unavoidable circumstances.

It becomes difficult for auditor to conduct audit procedures, ask for information and verification.

2. The financial statement transactions are one of the crucial aspect where the auditor gives his/her opinion. So, when financial statement transactions are outsourced to an external service provider the audit of the entity’s financial statements becomes a difficult task. As auditor is not able to conduct his audit procedures efficiently and effectively. However, auditor can obtain the audit report of such external service provider. But the auditor can not fully rely on the opinion of external service provider's auditor. He/She has to conduct special audit procedures.

3. Auditor can ask for the audit reports of such external service providers to ensure that internal controls are properly implemented.

Auditor can review the agreement between the client and the external service provider and if necessary can ask to add the confidentiality clause.

Auditor can ask information from external service providers regarding his contengency plans.

Auditor can ask to monthly or quarterly reports from external service provider.