Download free SysTrust Audit Report Templates
WITH A SYSTRUST EXAMINATION, THERE IS AN AUDITOR’S OPINION. In addition, the service provider provides a management assertion and a system description that are attached to the auditor’s opinion to form the SysTrust reporting package. Optionally, the reporting package can also include a schedule of controls that the service provider has implemented to address the Trust Services criteria.
SysTrust Auditor’s Opinion
To the Management of XYZ Service Provider, Inc.:
We have examined management’s assertion that XYZ Service Provider during the period
Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of XYZ Service Provider’s relevant system availability, security, and processing integrity controls; (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. In our opinion, management’s assertion that XYZ Service Provider maintained effective controls over the reliability of its ABC System to provide reasonable assurance that, during the period
Reliability, the System:
- Was protected against unauthorized access (both physical and logical)
- Was available for operation and use, as committed or agreed
- Processing was complete, accurate, timely, and authorized was fairly stated in all material respects.
- Because of inherent limitations in controls, error or fraud may occur and not be detected.
Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the system or controls, the failure to make needed changes to the system or controls, or a deterioration in the degree of effectiveness of the controls.
XYZ Service Provider’s use of the SysTrust Seal constitutes a symbolic representation of the contents of this report and it is not intended, nor should it be construed, to update this report or provide any additional assurance.
Signed – Audit Firm Name
SysTrust Management Assertion
Service Provider XYZ maintained effective controls over the security, availability, and processing integrity of its ABC System to provide reasonable assurance that: The System was protected against unauthorized access (both physical and logical)
The System was available for operation and use, as committed or agreed
System processing was complete, accurate, timely, and authorized during the period
Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
The attached System Description of Service Provider XYZ’s ABC System identifies the aspects of the System covered by our assertion.
SysTrust System Description
The service provider’s System Description typically includes narrative descriptions of the following components to provide clarity regarding the examination scope:
SysTrust Schedule of Controls
If desired, the service provider may include a detailed schedule of controls that describes the controls it has implemented to achieve the Trust Services Criteria. An extract of such a schedule is shown here for illustrative purposes.
|Free Download Attachment||Size|