CPA · Question 24 · Area II: Risk Assessment
Scenario: An auditor is engaged to audit the financial statements of a nonissuer. The entity uses a service organization for payroll processing. The auditor obtains a SOC 1 Type 2 report. The report states that 'Control X' at the service organization was not operating effectively during the period. Control X relates to the reconciliation of payroll tax withholdings.<br/><br/>What is the auditor's MOST appropriate response?
Answer options:
Immediately increase the assessed level of control risk to maximum for payroll.
Assess whether the user entity (client) has a complementary user entity control (CUEC) that mitigates the risk.
Withdraw from the engagement due to inability to obtain sufficient appropriate evidence.
Contact the service auditor to request they re-test the control.
78 questions · hints · full answers · grading
Expert