CSAE is a financial control audit developed in conjunction with the Canadian Institute of Chartered Accountants. Previously the. The CSAE type 2 Audit was developed by the Canadian Institute of Chartered Accountants. Certification is accreditation at the highest level in Canada. Also known as CSAE or SSAE 18 SOC reports, they provide independent assurance on controls for financial processes that have been outsourced to a.
|Published (Last):||18 August 2014|
|PDF File Size:||6.33 Mb|
|ePub File Size:||14.7 Mb|
|Price:||Free* [*Free Regsitration Required]|
Cover-All – CSAE
Third party assurance reports have become an integral part of outsourcing transactions: Before doing so however, I want to consider third party assurance reporting in more detail.
Third party assurance reports relate to the control objectives and controls established by a service provider, i.
In the third party assurance report, an auditor retained by the service provider audits the controls and expresses an opinion about the controls based on the results of its audit. For example, a service provider may establish control objectives in respect of its business that relate to its procedures to ensure the confidentiality of information, the effectiveness of its change control procedures or its facilities being protected against unauthorized access.
The service provider will csxe establish, for each of these control objectives, a series of controls that are designed to achieve the objective.
CSAE The New Standard – Slaw
In vsae the third party assurance report, the auditor retained by the service provider will audit the controls in place at the service provider to obtain reasonable assurance about whether: But that is now changing. The new Canadian standard was a response to developments internationally and in the United States. For many years, in the absence of an international standard for assurance engagements, service providers were forced to offer international customers reports done according to the U.
The standard was published cxae Decemberto be effective for periods ending after June 15, earlier implementation was permitted.
Instead, it wanted to provide service providers with an alternative to issuing multiple reports under varying local standards.
In the intervening years, it had arguably become the gold standard for audits of internal controls at a service provider. As the IAASB was developing the new international standard however, the United States was reviewing its standards with a view to bringing them in line with the international ones.
As with the international standard, SSAE 16 was effective for periods ending on or after June 15, with earlier implementation being permitted. Although the Basis for Conclusions document identified three areas where amendments were made to SSAE 16 in finalizing the Canadian standard, e.
Third Party Assurance
CSAE does not represent a radical overhaul of the standards for third party attestation engagements. However, as 34166 15, approaches, there has been an outpouring of information about CSAE It is important for outsourcing counsel to spend the time reviewing the material and getting an understanding of the new standard, if only to be able to appreciate the benefits and the limitations of third party assurance reports prepared in accordance with the new standard.
Recently Published Columns All Columns. Information Management Legal Information: Publishing Miscellaneous Practice of Law.
Future of Practice Practice of Law: Marketing Practice of Law: Practice Management Reading Reading: Recommended Substantive Law International issues International law.
Foreign Caae Substantive Law: Judicial Decisions Substantive Law: Office Technology Vendor Quiz. Subscribe to Slaw All Slaw posts: Third Party Assurance Reporting Third party assurance reports relate to the control objectives and controls established by a service provider, i.
The CSAE report is not intended to be used by service providers in marketing their services to potential customers. There are differences however that will impact service providers. This requires management to state, in the case of a Type 1 report, that the controls are fairly presented and suitably designed and in the case of a Type 2 report, that the controls are fairly presented, suitably designed and operating effectively to achieve the identified control objectives.