Obtaining Assurance for Financial Statement Audits and Control Audits when Aspects of the Financial Reporting Process are Outsourced
71 Pages Posted: 1 Apr 2012 Last revised: 12 Jul 2014
Date Written: December 1, 2012
Businesses increasingly outsource organizational functions that have financial reporting implications which requires auditors to adjust their risk assessment and audit procedures for this practice. However, PCAOB inspection reports cite deficiencies indicating that external auditors frequently do not perform proper procedures before relying on controls maintained by service organizations. In this paper, we examine the audit implications of client use of service organizations. Using the audit risk and control risk models and drawing on the extant research on using the work of others and internal audit outsourcing, we develop a framework that describes how clients’ use of service organizations affects financial statement and internal control audits. We propose that characteristics of outsourcing, the client, the service organization and the auditor of the service organization affect the inherent, control and control detection risk for clients who outsource these functions. Based on this model, we develop specific research questions to guide future auditing research. We also use this model to provide insights for future research on external auditors’ reliance on outsourced internal audit functions.
Keywords: Outsourcing, SAS 70/SSAE 16/ SOC report, service organizations, audit quality
JEL Classification: M41, M42, L24
Suggested Citation: Suggested Citation