Академический Документы
Профессиональный Документы
Культура Документы
IFAC’s standards are developed by the International Auditing and Assurance Standards Boards
(IAASB). All members are appointed by IFAC – one of the current members has been suggested to
IFAC by INTOSAI/PSC. The present document provides an overview of the key provisions in IFAC’s
standards which defines the concept of an assurance engagement. All numbered paragraphs (in
black) is ‘copy and paste’ from the original documents. The sources are:
3) ISA 200 International Standard on Auditing - Overall Objectives of the Independent Auditor
and the Conduct of an Audit in Accordance with International Standards on Auditing
(Newly revised - As effective from 15 December 2009)
11. Under this Framework, there are two types of assurance engagement a
practitioner is permitted to perform: a reasonable assurance engagement and a
limited assurance engagement. The objective of a reasonable assurance
engagement is a reduction in assurance engagement risk to an acceptably low
level in the circumstances of the engagement6 as the basis for a positive form
of expression of the practitioner’s conclusion. The objective of a limited
assurance engagement is a reduction in assurance engagement risk to a level
that is acceptable in the circumstances of the engagement, but where that risk
is greater than for a reasonable assurance engagement, as the basis for a
negative form of expression of the practitioner’s conclusion.
6 Engagement circumstances include the terms of the engagement, including whether it is a reasonable
assurance engagement or a limited assurance engagement, the characteristics of the subject matter, the
criteria to be used, the needs of the intended users, relevant characteristics of the responsible party and
its environment, and other matters, for example events, transactions, conditions and practices, that may
have a significant effect on the engagement.
(...)
Assurance Report
56. The practitioner provides a written report containing a conclusion that conveys
the assurance obtained about the subject matter information. ISAs, ISREs and
ISAEs establish basic elements for assurance reports. In addition, the practitioner
considers other reporting responsibilities, including communicating with those
charged with governance when it is appropriate to do so.
60. A practitioner does not express an unqualified conclusion for either type of
assurance engagement when the following circumstances exist and, in the
practitioner’s judgment, the effect of the matter is or may be material:
(a) There is a limitation on the scope of the practitioner’s work (see
paragraph 55). The practitioner expresses a qualified conclusion or a
disclaimer of conclusion depending on how material or pervasive the
limitation is. In some cases the practitioner considers withdrawing
from the engagement.
(b) In those cases where:
(i) The practitioner’s conclusion is worded in terms of the
responsible party’s assertion, and that assertion is not fairly
stated, in all material respects; or
(ii) The practitioner’s conclusion is worded directly in terms of the
subject matter and the criteria, and the subject matter
information is materially misstated,11
the practitioner expresses a qualified or adverse conclusion depending
on how material or pervasive the matter is.
(c) When it is discovered after the engagement has been accepted, that the
criteria are unsuitable or the subject matter is not appropriate for an
assurance engagement. The practitioner expresses:
(i) A qualified conclusion or adverse conclusion depending on how
material or pervasive the matter is, when the unsuitable criteria
or inappropriate subject matter is likely to mislead the intended
users; or
(ii) A qualified conclusion or a disclaimer of conclusion depending
on how material or pervasive the matter is, in other cases.
In some cases the practitioner considers withdrawing from the
engagement.
11 In those direct reporting engagements where the subject matter information is presented only in the
practitioner’s conclusion, and the practitioner concludes that the subject matter does not, in all material
respects, conform with the criteria, for example: “In our opinion, except for […], internal control is
effective, in all material respects, based on XYZ criteria,” such a conclusion would also be considered to
be qualified (or adverse as appropriate).
14. The following engagements, which may meet the definition in paragraph 7,
need not be performed in accordance with this Framework:
(a) Engagements to testify in legal proceedings regarding accounting,
auditing, taxation or other matters; and
(b) Engagements that include professional opinions, views or wording
from which a user may derive some assurance, if all of the following
apply:
(i) Those opinions, views or wording are merely incidental to the
overall engagement;
(ii) Any written report issued is expressly restricted for use by only
the intended users specified in the report;
(iii) Under a written understanding with the specified intended users,
the engagement is not intended to be an assurance engagement;
and
(iv) The engagement is not represented as an assurance engagement
in the professional accountant’s report.
Engagement Acceptance
17. A practitioner accepts an assurance engagement only where the practitioner’s
preliminary knowledge of the engagement circumstances indicates that:
(a) Relevant ethical requirements, such as independence and professional
competence will be satisfied; and
(b) The engagement exhibits all of the following characteristics:
(i) The subject matter is appropriate;
(ii) The criteria to be used are suitable and are available to the
intended users;
(iii) The practitioner has access to sufficient appropriate evidence to
support the practitioner’s conclusion;
(iv) The practitioner’s conclusion, in the form appropriate to either a
reasonable assurance engagement or a limited assurance
engagement, is to be contained in a written report; and
(v) The practitioner is satisfied that there is a rational purpose for
the engagement. If there is a significant limitation on the scope
of the practitioner’s work (see paragraph 55), it may be unlikely
that the engagement has a rational purpose. Also, a practitioner
may believe the engaging party intends to associate the
practitioner’s name with the subject matter in an inappropriate
manner
11. Under this Framework, there are two types of assurance engagement a
practitioner is permitted to perform: a reasonable assurance engagement and a
limited assurance engagement. The objective of a reasonable assurance
engagement is a reduction in assurance engagement risk to an acceptably low
level in the circumstances of the engagement6 as the basis for a positive form
of expression of the practitioner’s conclusion.
6. Engagement circumstances include the terms of the engagement, including whether it is a reasonable
assurance engagement or a limited assurance engagement, the characteristics of the subject matter, the
criteria to be used, the needs of the intended users, relevant characteristics of the responsible party and
its environment, and other matters, for example events, transactions, conditions and practices, that may
have a significant effect on the engagement.
The term “engagement” is used consistently for tasks which the “practitioner” (auditor) performs on
basis of an agreement throughout the standards, e.g. in ISAE 3000:
“ 7. The practitioner should accept (or continue where applicable) an assurance engagement only if
the subject matter is the responsibility of a party other than the intended users or the practitioner.
[…].”
“ 10. The practitioner should agree on the terms of the engagement with the engaging party.
To avoid misunderstandings, the agreed terms are recorded in an engagement letter or other suitable form
of contract. If the engaging party is not the responsible party, the nature and content of an engagement
letter or contract may vary. The existence of a legislative mandate may satisfy the requirement to agree on
the terms of the engagement. Even in those situations an engagement letter may be useful for both the
practitioner and engaging party”.
Introduction
1. The purpose of this International Standard on Assurance Engagements (ISAE) is to establish basic principles
and essential procedures for, and to provide guidance to, professional accountants in public practice (for
purposes of this ISAE referred to as “practitioners”) for the performance of assurance engagements other than
audits or reviews of historical financial information covered by International Standards on Auditing (ISAs) or
International Standards on Review Engagements (ISREs).
2. This ISAE uses the terms “reasonable assurance engagement” and “limited assurance engagement” to
distinguish between the two types of assurance engagement a practitioner is permitted to perform. The objective
of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in
the circumstances of the engagement1 as the basis for a positive form of expression of the practitioner’s
conclusion. The objective of a limited assurance engagement is a reduction in assurance engagement risk to a
level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a
reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
3. The practitioner should comply with this ISAE and other relevant ISAEs when performing an
assurance engagement other than an audit or review of historical financial information covered by ISAs
or ISREs. This ISAE is to be read in the context of the “International Framework for Assurance Engagements”
(the Framework), which defines and describes the elements and objectives of an assurance engagement, and
identifies those engagements to which ISAEs apply. This ISAE has been written for general application to
assurance engagements other than audits or reviews of historical financial information covered by ISAs or
ISREs. Other ISAEs may relate to topics that apply to all subject matters or be subject matter specific. Although
ISAs and ISREs do not apply to engagements covered by ISAEs, they may nevertheless provide guidance to
practitioners.
Ethical Requirements
4. The practitioner should comply with the requirements of Parts A and B of the IFAC Code of Ethics for
Professional Accountants (the Code).
5. The Code provides a framework of principles that members of assurance teams, firms and network firms use
to identify threats to independence,2 evaluate the significance of those threats and, if the threats are other than
clearly insignificant, identify and apply safeguards to eliminate the threats or reduce them to an acceptable level,
such that independence of mind and independence in appearance are not compromised.
Quality Control
6. The practitioner should implement quality control procedures that are applicable to the individual
engagement. Under International Standard on Quality Control (ISQC) 1, “Quality Control for Firms that
Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services
Engagements,”3 a firm of professional accountants has an obligation to establish a system of quality control
designed to provide it with reasonable assurance that the firm and its personnel comply with professional
standards and regulatory and legal requirements, and that the assurance reports issued by the firm or
engagement partners are appropriate in the circumstances. In addition, elements of quality control that are
relevant to an individual engagement include leadership responsibilities for quality on the engagement, ethical
requirements, acceptance and continuance of client relationships and specific engagements, assignment of
engagement teams, engagement performance, and monitoring.
1 Engagement circumstances include the terms of the engagement, including whether it is a reasonable assurance engagement or a
limited assurance engagement, the characteristics of the subject matter, the criteria to be used, the needs of the intended users, relevant
characteristics of the responsible party and its environment, and other matters, for example events, transactions, conditions and practices,
that may have a significant effect on the engagement.
2 If a professional accountant not in public practice, for example an internal auditor, applies ISAEs, and (a) the Framework or ISAEs are
referred to in the professional accountant’s report; and (b) the professional accountant or other members of the assurance team and, when
applicable, the professional accountant’s employer, are not independent of the entity in respect of which the assurance engagement is being
performed, the lack of independence and the nature of the relationship(s) with the assurance client are prominently disclosed in the
professional accountant’s report. Also, that report does not include the word “independent” in its title, and the purpose and users of the
report are restricted.
3 ISQC 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related
Services Engagements” was issued in February 2004. Systems of quality control in compliance with ISQC 1 are required to be established
by June 15, 2005.
49. The assurance report should include the following basic elements:
[…]
j) The practitioner’s conclusion: where the subject matter information is made up of a number of aspects,
separate conclusions may be provided on each aspect. While not all such conclusions need to relate to the
same level of evidence-gathering procedures, each conclusion is expressed in the form that is appropriate to
either a reasonable-assurance or a limited assurance engagement.
Where appropriate, the conclusion should inform the intended users of the context in which the
practitioner’s conclusion is to be read: the practitioner’s conclusion may, for example, include wording
such as: “This conclusion has been formed on the basis of, and is subject to the inherent limitations
outlined elsewhere in this independent assurance report.” This would be appropriate, for example, when the
report includes an explanation of particular characteristics of the subject matter of which the intended users
should be aware.
In a reasonable assurance engagement, the conclusion should be expressed in the positive form: for
example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria” or “In
our opinion the responsible party’s assertion that internal control is effective, in all material respects, based
on XYZ criteria, is fairly stated.”
In a limited assurance engagement, the conclusion should be expressed in the negative form: for
example: “Based on our work described in this report, nothing has come to our attention that causes us to
believe that internal control is not effective, in all material respects, based on XYZ criteria” or “Based on
our work described in this report, nothing has come to our attention that causes us to believe that the
responsible party’s assertion that internal control is effective, in all material respects, based on XYZ
criteria, is not fairly stated.”
Where the practitioner expresses a conclusion that is other than
unqualified, the assurance report should contain a clear description of all
the reasons: (also see paragraphs 51-53).
4. The financial statements subject to audit are those of the entity, prepared by
management of the entity with oversight from those charged with governance.
ISAs do not impose responsibilities on management or those charged with
governance and do not override laws and regulations that govern their
responsibilities. However, an audit in accordance with ISAs is conducted on
the premise that management and, where appropriate, those charged with
governance have acknowledged certain responsibilities that are fundamental to
the conduct of the audit. The audit of the financial statements does not relieve
management or those charged with governance of their responsibilities. (Ref:
Para. A2-A11)
The broader scope of audit in the public sector may be dealt with by INTOSAI:
[…]
Considerations Specific to Audits in the Public Sector
A57. The ISAs are relevant to engagements in the public sector. The public sector
auditor’s responsibilities, however, may be affected by the audit mandate, or by
obligations on public sector entities arising from law, regulation or other
authority (such as ministerial directives, government policy requirements, or
resolutions of the legislature), which may encompass a broader scope than an
audit of financial statements in accordance with the ISAs. These additional
responsibilities are not dealt with in the ISAs. They may be dealt with in the
pronouncements of the International Organization of Supreme Audit
Institutions or national standard setters, or in guidance developed by
government audit agencies.
(…)
Moderate Assurance
9. A review engagement provides a moderate level of assurance that the
information subject to review is free of material misstatement, this is expressed
in the form of negative assurance.