|
The following appendix includes examples of examination and audit reports under AICPA or Canadian Institute of Chartered Accountants (CICA) professional reporting standards, respectively: | Under AICPA Attestation Standards | Under CICA Assurance Standards | | Illustration 1—Reporting on Management’s Assertion and Sample Management Assertion | Illustration 3—Reporting on Management’s Assertion and Sample Management Assertion | | Illustration 2—Reporting Directly on the Subject Matter | Illustration 4—Reporting Directly on the Subject Matter |
Illustration 3—Reporting on Management’s Assertion
Under CICA Assurance Standards Auditor’s Privacy Report To the Management of ABC Company, Inc.: We have audited ABC Company, Inc.’s (ABC Company) management assertion that, during the period Xxxx xx, 2009 through Yyyy yy, 2009, it: - Maintained effective controls over the privacy of personal information collected in its ______________ [description of the entities and activities covered, for example “the mail-order catalog-sales operations”] business (the Business) to provide reasonable assurance that the personal information was collected, used, retained, disclosed, and disposed of in conformity with its commitments in its privacy notice related to the Business and with criteria set forth in Generally Accepted Privacy Principles, issued by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants (CICA), and
- Complied with its commitments in its privacy notice, which is dated xxxx xx, 2009 and [is available at www.ABC-Company/privacy or accompanies this report].
This assertion is the responsibility of management. Our responsibility is to express an opinion based on our audit. Our audit was conducted in accordance with standards for assurance engagements established by the CICA. Those standards require that we plan and perform our audit to obtain reasonable assurance as a basis for our opinion. Our audit included (1) obtaining an understanding of ABC Company’s controls over the privacy of personal information, (2) testing and evaluating the operating effectiveness of the controls, (3) testing compliance with ABC Company’s commitments in its privacy notice and (4) performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. In our opinion, ABC Company’s management assertion that, during the period Xxxx xx, 2009 through Yyyy yy, 2009, ABC Company: - Maintained effective controls over the privacy of personal information collected in the Business to provide reasonable assurance that the personal information was collected, used, retained, disclosed, and disposed of in conformity with its commitments in its privacy notice and with criteria set forth in Generally Accepted Privacy Principles; and
- Complied with its commitments in its privacy notice referred to above,
is, in all material respects, fairly stated.OR In our opinion, ABC Company management’s assertion referred to above is fairly stated, in all material respects, in conformity with ABC Company’s privacy notice referred to above and with criteria set forth in Generally Accepted Privacy Principles. Because of the nature and inherent limitations of controls, ABC Company’s ability to meet the aforementioned criteria and the commitments in its privacy notice may be affected. For example, fraud, unauthorized access to systems and information, failure to comply with internal and external policies and requirements may not be prevented or detected. Also, the projection of any conclusions, based on our findings, to future periods is subject to the risk that any changes or future events may alter the validity of such conclusions. [Name of CA firm] [City, Province] Chartered Accountants [Date] Sample Management Assertion for Illustration 3 During the period Xxxx xx, 2009 through Yyyy yy, 2009, ABC Company, in all material respects: - Maintained effective controls over the privacy of personal information collected in our _________business [description of the entities and activities covered, for example “the mail-order catalog-sales operations”] (the Business) to provide reasonable assurance that the personal information was collected, used, retained, disclosed, and disposed of in accordance with our commitments in the privacy notice related to the Business and with the criteria set forth in Generally Accepted Privacy Principles, issued by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants , and
- Complied with our commitments in our privacy notice which is dated xxxx xx, 2009 and [is available at www.ABC-Company/privacy or accompanies this report].
Illustration 4—Reporting Directly on the Subject Matter Under CICA Assurance Standards Auditor’s Privacy Report To the Management of ABC Company, Inc.: We have audited (1) the effectiveness of ABC Company, Inc.’s (ABC Company) controls over the personal information collected in its _______ [description of the entities and activities covered, for example “the mail-order catalog-sales operations”] business (the Business) to provide reasonable assurance that the personal information was collected, used, retained, disclosed, and disposed of in conformity with its commitments in its privacy notice and with criteria set forth in Generally Accepted Privacy Principles, issued by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants (CICA), and (2) ABC Company’s compliance with its commitments in its privacy notice, which is dated xxxx xx, 2009 and [is available at www.ABC-Company/privacy or accompanies this report], related to the Business during the period Xxxx xx, 2009 through Yyyy yy, 2009. ABC Company’s management is responsible for maintaining the effectiveness of these controls and for compliance with its commitments in its privacy notice. Our responsibility is to express an opinion based on our audit. Our audit was conducted in accordance with standards for assurance engagements established by the CICA. Those standards require that we plan and perform our audit to obtain reasonable assurance as a basis for our opinion. Our audit included (1) obtaining an understanding of ABC Company’s controls over the privacy of personal information, (2) testing and evaluating the operating effectiveness of the controls, (3) testing compliance with ABC Company’s commitments in its privacy notice, and (4) performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. In our opinion, during the period Xxxx xx, 2009 through Yyyy yy, 2009, ABC Company, in all material respects (1) maintained effective controls over privacy of personal information collected in the Business to provide reasonable assurance that the personal information was collected, used, retained, disclosed, and disposed of in conformity with its commitments in its privacy notice and with criteria set forth in the Generally Accepted Privacy Principles; and (2) complied with its commitments in its privacy notice referred to above. Because of the nature and inherent limitations of controls, ABC Company’s ability to meet the aforementioned criteria and the commitments in its privacy notice may be affected. For example, fraud, unauthorized access to systems and information, and failure to comply with internal or external policies or requirements may not be prevented or detected. Also, the projection of any conclusions, based on our findings, to future periods is subject to the risk that any changes or future events may alter the validity of such conclusion s. [Name of CA firm] [City, Province] Chartered Accountants [Date] |
