SA 402 Audit Considerations Relating to an Entity Using a Service Organisation

According to SA 402 - Audit Considerations Relating to an Entity Using a Service Organisation, a service organisation is defined as an entity that provides services to another entity that are part of that entity's information system. The services provided by the service organisation can be relevant to the audit of the user entity's financial statements, and the audit considerations will depend on the nature and significance of the services provided by the service organisation.

Based on this definition, if a company's subscripttion service involves the use of a service organisation to provide services that are part of the company's information system, then the subscripttion service would be classified as a service provided by a service organisation.

For example, if a company uses a third-party cloud service provider to host its customer data and applications, then the cloud service provider would be considered a service organisation, and the subscripttion service would be classified as a service provided by a service organisation. In this case, the audit considerations would include evaluating the controls at the service organisation, and assessing the impact of the service organisation's controls on the company's internal controls.

It's important to note that the determination of whether a subscripttion service involves the use of a service organisation will depend on the specific facts and circumstances of each case. The auditor should obtain sufficient understanding of the company's information system and the services provided by any service organisations to properly evaluate the audit considerations related to the use of a service organisation.