Chapter 12 highlighted that many clients outsource some or all of their IT needs to an independent computer service organization rather maintain an internal IT function or data center. In those situations, the auditor faces difficulty when obtaining an understanding of the client’s internal control over financial reporting because many of the controls reside at the service organization, and the auditor cannot assume that the controls are adequate because they are provided by an independent IT provider. It has become increasingly common for the service center to engage a CPA firm to obtain an understanding and test internal controls of the service organization and issue a report for use by all customers and their independent auditors.