This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

CSAE 3416, Reporting on Controls at a Service Organization

Ef­fec­tive date:

Ef­fec­tive for service auditors' reports for periods ending on or after December 15, 2011 with earlier implementation permitted, except for subsequent amendments.

Overview

This Canadian Standard on Assurance Engagements (CSAE) addresses audit engagements undertaken by a service auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities' internal control over financial reporting. It complements CAS 402, Audit Considerations relating to an Entity using a Service Organization, in that reports prepared in accordance with this CSAE may provide appropriate evidence under CAS 402.

The objectives of the service auditor are to: (a) obtain reasonable assurance about whether, in all material respects, based on suitable criteria: (i) management's description of the service organization's system fairly presents the system that was designed and implemented throughout the specified period (or in the case of a type 1 report, as of a specified date); (ii) the controls related to the control objectives stated in management's description of the service organization's system were suitably designed throughout the specified period (or in the case of a type 1 report, as of a specified date); and (iii) when included in the scope of the engagement, the controls operated effectively to provide reasonable assurance that the control objectives stated in management's description of the service organization's system were achieved throughout the specified period; and (b) report on the matters in (a) above, in accordance with the service auditor's findings.

Effective for attestation engagements where the assurance report is dated on or after June 30, 2017, the practitioner is required to comply with both CSAE 3000, Attestation Engagements Other than Audits or Reviews of Historical Financial Information, and this CSAE when performing an assurance engagement to report on controls at a service organization. This CSAE supplements, but does not replace, CSAE 3000 and expands on how CSAE 3000 is to be applied in an assurance engagement to report on controls at a service organization.

His­tory of CSAE 3416

Date

De­vel­op­ment

Com­ments

July 2015

Amend­ments to paragraphs 7A, 44, 52 and 53 as a result of the issue of CSAE 3000

Effective for attestation engagements where the assurance report is dated on or after June 30, 2017.

Note: The above sum­mary does not in­clude de­tails of con­se­quen­tial amend­ments made as the re­sult of other pro­jects.

Amend­ments un­der con­sid­er­a­tion

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.