Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Revised CICA 5900 standards and CICA 5310 (services organizations) set for approval on January 1st, 2006

From: InfoSec News <isn () c4i org>
Date: Tue, 30 Aug 2005 01:33:48 -0500 (CDT)
Forwarded from: Mark Bernard <Mark.Bernard () TechSecure ca>

Dear Associates,

The tentative date for approval of amendments to the Canadian
Institute of Chartered Accountants (CICA) audit standards CICA 5900
now is January 1st, 2006.  Amendments to standards CICA 5900 and CICA
5310 will bring Canadian auditing standards up to par with the
Sarbanes Oxley Act (SOX) and the revised Canadian Securities Act -
bill 198. Summary of proposed changes include:


  a.. Section 5970, Audit Reports on Controls at a Service
      Organization, which replaces Section 5900; and

  b.. Section 5310, Audit Evidence Considerations when an Entity uses
      a Service Organization, which revises the requirements of 
      Section 5310.

Will organizations be ready?  Many Canadian business have already made
changes to comply with SAS No. 70 and SOX due to our interwoven
economies. However some business always wait until the last minute, so
it is likely that there will be many projects initiated from new
budgets in January 2006.


======beginning of excerpt =========
http://www.cica.ca/index.cfm/ci_id/19365/la_id/1.htm

Status: Final Handbook Sections approved. Assurance and Related
Services Guideline approved subject to written ballot. Effective date
for the standards and guideline is January 1, 2006.

Objectives of this Project

This project will update and expand auditing and assurance standards
and guidance for engagements to provide assurance on controls at a
service organization, and for the use of assurance reports as
evidence, in a financial statement audit as well as in assurance
engagements to report on internal control over financial reporting.

This project will respond to the need for updated standards in light
of the increased use of outsourcing and the increased scrutiny of
internal control by securities regulators and other stakeholders. At
the same time, it will ensure that Canadian standards for
auditor-to-auditor communications for service organizations
engagements are harmonized with equivalent US standards.

Scope

It is not currently possible to satisfy the needs of all stakeholders
with either a SAS 70 or a Section 5900 report alone. Nor is it
desirable to simply combine elements of SAS 70 with Section 5900.

The project will therefore result in the issuance of a new standard
harmonized with US Statement on Auditing Standards No. 70, Service
Organizations (SAS 70), and with updated Handbook Sections 5900,
Opinions on Control Procedures at a Service Organization and 5310,
Audit Evidence Considerations when an Enterprise uses a Service
Organization.

Specifically, the project will do the following:

        a.. Harmonize with SAS 70 for the immediate specific
regulatory issues related to the Sarbanes-Oxley Act of 2002 (Sarbanes)
and the proposed Ontario Securities Commission (OSC) Investor
Confidence Rules, and for auditor-to-auditor communications in
financial statement audits. This standard will also consider the need
for additional guidance to reflect environmental changes (e.g.,
privacy legislation, and the issuance of the US Public Company
Accounting Oversight Board's (PCAOB) Exposure Draft, Reporting on
Internal Control Over Financial Reporting in Conjunction with an Audit
of Financial Statements) since the issuance of SAS 70. The project
will also undertake revisions to Section 5310, Audit Evidence
Considerations When an Entity Uses a Service Organization, to
harmonize with SAS 70 material.

        b.. Consider the need for additional guidance to reflect
environmental changes (e.g., privacy legislation, and the issuance of
the PCAOB's Exposure Draft, Reporting on Internal Control over
Financial Reporting in Conjunction with an Audit of Financial
Statements) since the issuance of SAS 70.

        c.. Undertake revisions to Section 5310 to harmonize with SAS
70 material for financial statement audits.

        d.. Update Section 5900 for other uses of service auditor
reports to reflect Section 5025, Standards for Assurance Engagements,
and conform terminology with Section 5025, SAS 70 and the proposed
audit risk framework.
     


====== end of excerpt ============

Best regards,
Mark.

Mark E. S. Bernard, CISM, CISSP, PM,
Principal, Risk Management Services,

e-mail: Mark.Bernard () TechSecure ca
Web: http://www.TechSecure.ca
Phone: (506) 325-0444


Leadership Quotes by Warren Bennis: 
"The manager asks how and when; the leader asks what and why?"




_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
Previous By Date Next
Previous By Thread Next

Current thread: