CPA · Question 19 · Area II: Risk Assessment
An auditor is auditing the financial statements of a nonissuer that uses a service organization for its investment transaction processing. The auditor is unable to obtain a SOC 1 Type 2 report and the user entity's controls over the investment activities are not sufficient to provide evidence. Which of the following is the auditor's MOST appropriate course of action?
Answer options:
Issue a disclaimer of opinion due to a scope limitation.
Perform procedures at the service organization to obtain sufficient appropriate audit evidence.
Rely on the service organization's management representation letter.
Assess control risk at maximum and perform only substantive analytical procedures.
78 questions · hints · full answers · grading
Expert