Вы находитесь на странице: 1из 18


To introduce the concepts of audit and assurance engagements.


External audit
Internal audit
Assurance services
As an assurance service
Auditors report
Audit process
See Session 33 Definition
Levels of assurance
Evidence gathering
Review assignments
Other engagements

1.1 External audit
The development of joint-stock corporations during the middle of the 19
brought about a need for directors to report to the shareholders whose capital they
This, in turn, lead to shareholders (and in todays corporate environment, other users
stakeholders) requiring independent verification that what the directors reported was
in fact true.
Statutory audits (i.e. carried out in accordance with statutory provisions) became
mandatory for companies in the UK in 1900. At this time the purpose of an audit was to
detect fraud, technical errors and errors of principle. It also became a requirement that
the auditor was independent of the company hence the external audit.
However, as the size and complexity of companies grew, case law developed the
principle that it was unreasonable to expect auditors to detect all aspects of fraud, even
though they were expected to exercise reasonable skill and care. Thus, whilst the
detection of all fraud is not the primary purpose of an audit, the auditors must carry out
their risk assessments and other procedures to have a reasonable expectation of
detecting material fraud and error.
As companies grew in size, with many becoming international organisations, it became
impracticable for auditors to verify the 100% accuracy of financial records and so the
audit of financial statements became an attestation (substantiation, testimony) of their
credibility (i.e. believability).
Thus the objective of an audit devolved to enable an independent auditor to express an
opinion (in terms of truth and fairness) whether the financial statements were prepared,
in all material respects, in accordance with an identified reporting framework (e.g. IFRS)
and relevant law.
1.2 Internal audit
The concept of internal auditing has been in use for centuries, whereas the term itself is
relatively new. Ever since ancient Greece (if not before) checks have made by
individuals within enterprises that specific procedures had taken place, that assets were
accounted for, monies allocated had been spent as expected and monies due had been
The modern form of internal audit was initially developed as the growth and increasing
complexity of entities in the early 1900s stretched the capabilities of managers to
effectively manage.
Senior management appointed specialist employees to review and report on what was
happening, on a day-to-day basis, and to ensure that appropriate controls were being
effectively applied.
The role of the early internal auditors ranged from checking routine financial and
operational functions with a heavy emphasis on compliance, security and detection of
fraud, through to (in some cases) the analysis and appraisal of financial and operational
activities. The Institute of Internal Auditors (IIA) was founded in 1941.
Internal audit, whether required by legislation (e.g. in public sectors), listing regulations
and corporate governance codes (e.g. the Combined Code of the UK) or as voluntary
activity, has increased rapidly since the 1970s, reflecting the economic and international
growth of organisations.
With the introduction of corporate governance codes and the extended use of risk
management within corporate management, the objective of internal audit evolved over
the last ten years:
to provide to management an independent, objective assurance and consulting
activity designed to add value and improve an organisations operations.
to help an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
1.3 Assurance services
Over the last 20 years or so the auditing profession (both internal and external) has
sought to broaden its role with external audit developing a wide range of assurance
services (of which the financial statement audit is just one part) and internal audit
becoming an essential element of strong corporate governance (note the use of
assurance within the above objective of internal audit).
Assurance services are independent professional services that improve the quality of
information, or its context, for decision makers.
They are engagements in which the practitioner (eg the accountant/auditor) expresses a
conclusion designed to enhance the degree of confidence of the intended users (of the
information), other than the responsible party, about the outcome of the evaluation or
measurement of a subject matter against criteria.
Factors contributing to the increasing demand for assurance services include:
The rapid expansion of information available, the changing information needs of
businesses and consumers and the increase in demand for relevant information for
Developments in IT and the growth of computerisation in businesses has led to
more systems and risk-based approaches to auditing, creating opportunities to add
value to the traditional audit service.
Globalisation of businesses creating worldwide needs.
Increasing corporate accountability demanding more relevant and reliable
The accounting profession responding to the opportunity to position the
professional accountant as a primary provider of other non-audit services.
Typical assurance services include:
Audits of financial statements
Reviews of historical financial information
Business ethics audits
Business risk assessments (including e-commerce)
Performance measurement
Systems and control reliability
NOTE: Only audits and reviews are within the syllabus. The other assurance services are
Gives confidence in the integrity of corporate reporting for the benefit of stakeholders
and society as a whole, by providing an external and objective view on the statutory
financial statements and related reports produced by management. The auditors report
to the shareholders as the principal stakeholders.
2.1 As an assurance service
As noted above, the external audit is an assurance service. The responsible party
(directors) prepare the subject matter (financial statements) for the intended users
(shareholders). The auditor then provides assurance to the shareholders about those
financial statements and related disclosures based on appropriate criteria (the directors
assertions, IFRS and other statutory requirements).

Financial statements
prepared under IFRS
External (independent)

Generally (in a simplistic form) companies are owned by their shareholders, but
managed by the directors. The directors are appointed by the shareholders. The
shareholders then appoint the auditors to report to them (provide assurance) on the
information provided to them by the directors (the annual financial statements as
required by law). In most jurisdictions, the relationships between the directors,
shareholders and auditors are describe in terms of stewardship, agency and
2.1.1 Stewardship
Stewardship is the practice of managing another persons property. Directors and other
managers of an enterprise have the responsibility of stewardship for the property of that
enterprise, which is owned by the shareholders.
Responsibilities, eg duties embodied in statute and corporate governance requirements,
may include:
keeping books of accounts and proper accounting records;
safeguarding the assets of the enterprise;
implementing appropriate business, financial and risk management controls;
producing financial statements (statement of financial position, statement of
comprehensive income, cash flow, statement of changes in equity, disclosure notes)
that show a true and fair view and the results of their stewardship;
producing a directors report and other information (eg as required by listing rules)
which is consistent with the financial statements and contains certain specified
2.1.2 Agency
An agent is an individual (or another enterprise) employed or used to provide a
particular service. The individual utilising the agent is referred to as the principal.
A director can be described as an agent having a fiduciary relationship (one of trust)
with a principal (i.e. the company that employs them). A director is similarly an agent
of the shareholders.
Auditors, as they are appointed by the shareholders in most jurisdictions, are also
agents of the shareholders.
2.1.3 Accountability
Accountability is where one party is held responsible (answerable) to another party for
their actions. They will be required to justify their actions and decisions to that party.
Directors of an enterprise are accountable to the shareholders. Many jurisdictions place
legal requirements on directors as to how they are accountable and the way they
communicate with stakeholders, e.g. directors reports, financial statements prepared
under an appropriate framework (e.g. IFRS). Directors of listed companies will also be
subject to listing rules and corporate governance codes, e.g. interim financial statements,
regular meetings with financial institutions, profit and going concern warnings, analysis
and management of risk, audit committees, annual general meetings.
The auditors of a companys financial statements are accountable to shareholders. They
act in the interest of the shareholders (the primary stakeholders) whilst also having
regard to the wider public interest in that other stakeholders will read their report (but
note that they are not the agents of any other stakeholder and their report is not
addressed to such stakeholders, only to the shareholders).
2.2 The auditors report
The objective of an audit of financial statements is to enable the auditor to express an
opinion whether the financial statements are prepared, in all material respects, in
accordance with an identified financial reporting framework.

Reference can
be by page

reference to
internal controls,
estimates and

but not


We have audited the accompanying financial statements of ABC Company,
which comprise the statement of financial position as at December 31, 20X1,
and the statement of comprehensive income, statement of changes in equity
and statement of cash flows for the year then ended, and a summary of
significant accounting policies and other explanatory notes.
Managements Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these
financial statements in accordance with International Financial Reporting
Standards. This responsibility includes: designing, implementing and
maintaining internal control relevant to the preparation and fair presentation of
financial statements that are free from material misstatement, whether due to
fraud or error; selecting and applying appropriate accounting policies; and
making accounting estimates that are reasonable in the circumstances.
Auditors Responsibility
Our responsibility is to express an opinion on these financial
statements based on our audit. We conducted our audit in accordance with
International Standards on Auditing. Those standards require that we comply
with ethical requirements and plan and perform the audit to obtain reasonable
assurance whether the financial statements are free from material
An audit involves performing procedures to obtain audit evidence about the
amounts and disclosures in the financial statements. The procedures selected
depend on the auditors judgement, including the assessment of the risks of
material misstatement of the financial statements, whether due to fraud or
error. In making those risk assessments, the auditor considers internal control
relevant to the entitys preparation and fair presentation of the financial
statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entitys internal control. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of
accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
On whose
audit is

complied with

due to
fraud or

Nature of audit

implies that, for
example, changes
in accounting
principles etc
have been
determined and
We believe that the audit evidence we have obtained is sufficient and
appropriate to provide a basis for our audit opinion.
In our opinion, the financial statements give a true and fair view of
the financial position of ABC Company as of December 31, 20X1, of its
financial performance and its cash flows for the year then ended in accordance
with International Financial Reporting Standards (and comply with ).

Signature, And/or applicable GAAP
Address Must include
or present
fairly, in

The auditors report is the key means of communicating to the shareholders (and
indirectly to other stakeholders) of the business.
Understanding the end result of the auditors work provides an overview of the whole
process. The basic concepts underlying the report need to be understood.
2.2.1 Management and auditors responsibility
Management is responsible for preparing and fairly presenting the financial statements
(e.g. in accordance with the applicable financial reporting framework). What this
includes is stated within the auditors report (see Session 30), the engagement letter
between the auditors and directors (see Session 5) and the letter of representation from
the directors to the auditors (see Session 20).
Oversight of managements responsibilities (including those for the financial
statements) is provided by those charged with governance. The structures of
governance will vary depending on the jurisdiction that management operates within
and the applicable corporate governance code (see Session 3).
An audit of financial statements does not relieve management or those charged with
governance of their responsibilities.
The auditor is responsible for expressing an opinion on the financial statements based
on their audit. The scope of their work is described within the report. They are not
responsible for the financial statements form and content.
Although the auditors opinion enhances the credibility of the financial statements,
users cannot assume that the opinion is an assurance as to the future viability of the
entity nor the efficiency or effectiveness with which management has conducted the
affairs of the entity.
2.2.2 International Standards on Auditing (ISA)
ISAs provide:
standards (i.e. basic principles and essential procedures); and
related guidance (i.e. explanatory and other material).
An audit conducted in accordance with ISAs must have regard to the requirements of:
ISAs (i.e. to plan, evaluate controls, obtain evidence, form conclusions and report);
relevant professional bodies (e.g. ACCA);
legislation and regulations (e.g. Companies Acts);
the terms of the audit engagement and reporting requirements
(Refer to Session 2 for the scope and authority of ISAs.)
2.2.3 Ethical requirements
The auditor should comply with the International Federation of Accountants (IFAC)
Code of Ethics for Professional Accountants (See Session 4). This code covers:
Professional competence and due care
Professional behaviour
Technical standards
2.2.4 Reasonable assurance
In an audit engagement, the auditor provides a high, but not absolute, level of
assurance (expressed positively in the audit report as reasonable assurance) that the
information subject to audit (i.e. the financial statements) is free of material
To provide reasonable assurance, the auditor carries out specific detailed routines,
conducts relevant testing and assesses the accumulated evidence collected in respect of
the financial statements as a whole (as detailed within the reports scope paragraph).
This enables the auditor to express a positive conclusion on the assertions being made
by the directors (that the financial statements show a true and fair view and have been
prepared in accordance with specific laws and regulations). Basically, the auditor
believes that the evidence obtained is sufficient and appropriate to provide a basis for
their opinion.
An auditor cannot obtain absolute (eg 100%) assurance because of the inherent
limitations within an audit. Such limitations may impact upon the auditors ability to
be able to detect all material misstatements, for example:
Testing is on a sample basis (see Session 19).
Any accounting and internal control system has inherent limitations (see Session 8).
Most audit evidence is persuasive rather than conclusive (e.g. an asset purchased
by an entity, though physically possessed, may no longer be owned if title has been
transferred to another). See Session 15.
Specific limitations may affect the persuasiveness of available audit evidence, e.g.
transactions between related parties (i.e. where one has the ability to control or
exercise significant influence over the other) may not be identified as such.
Thus an audit can never be a guarantee that the financial statements are free of material
misstatement, but it does give reasonable assurance that they are.
2.2.5 Materiality
Materiality is an expression of relative significance or importance of a matter in the
context of the financial statements as a whole.
Omissions or misstatements of items are material if they could, individually or collectively,
influence the decisions of users taken on the basis of the financial statements.
In planning their audit, the auditors must consider those areas that are material and the
possibility that material errors could be contained within the (unaudited) financial
statements. Their procedures must minimise the risk that such errors remain
undetected by the audit. They are not responsible for the detection of misstatements
that are not material to the financial statements taken as a whole.
2.2.6 Professional judgement and scepticism
There are two primary areas in which professional judgement is particularly important.
In gathering audit evidence (e.g. in deciding the nature, timing and extent of audit
nature e.g. whether to test controls over transactions or substantiate them in
depth or using analytical procedures;
extent e.g. sample sizes;
timing e.g. at an interim visit during the year, the year end or after the year
end at the final audit visit.
In drawing conclusions based on that evidence (e.g. in assessing the persuasiveness
of conflicting evidence from different source).
The auditor should plan and perform (conduct) the audit with an attitude of
professional scepticism recognising that circumstances may exist that will cause a
material misstatement in the financial statements
Professional scepticism is an attitude that includes a questioning mind and a critical
assessment of evidence. It is required throughout the audit process e.g.:
for the auditor to reduce the possibility of marginalising a critical element of risk to
the business during their risk assessment;
for the auditor to be alert for audit evidence that contradicts or brings into question
the reliability of documents or management representations.
In planning, conducting and reviewing the audit, an auditor should assume neither
dishonesty nor unquestioned honesty of management.
2.2.7 True and fair
The term is not defined in International Standards on Auditing (ISAs) and definitions
should therefore be regarded with caution.
Truth relates to factual accuracy (bearing in mind materiality). The information
provided conforms with required standards, regulations and law.
Fairness relates to the presentation of information and the view conveyed to the reader.
Such information is free from bias. The financial statements reflect the commercial
substance of the underlying balances and transactions.
View indicates that a professional judgement has been reached.
A true and fair view does mean that the appropriate financial framework (e.g., IFRS
and IFRIC) has been complied with. Remember that IFRS does allow different
accounting policies to be applied, eg the cost or revaluation method under IAS 16. Both
show a true and fair view if they have been applied in accordance with the IFRS.
Note that a degree of imprecision is inevitable because of inherent limitations e.g. the
auditor does not inspect 100% of all of the entities transactions.
That the phrase is preceded in the statutes by the indefinite article (a)
suggests that more than one form of presentation may satisfy the requirement.
2.3 The audit process
2.3.1 Overview
Agree terms
Form opinion
Understand the
entity and its
Assess risk
and internal
Reliance on
assets, liabilities,
transactions &

Engagement letter Auditor should send all clients an engagement letter setting out the
auditors duties and responsibilities, as well as those of management. See Session 5.
Planning Planning and controlling audit work is essential to performing work to the
required high standard of skill and care. Planning includes understanding the entity, its
environment & business risk, internal control and the risk of material misstatements in
the financial statements (see Session 7).
Assess risk As part of the process to determine their audit strategy and the nature,
timing and extent of audit procedures (the audit plan) auditors must understand the
business risks faced by an entity and relate such risks to the possibility of material
misstatements arising in the financial statements. The auditor must also understand the
entitys risk assessment procedures and how the entitys management deal with
identified business risks (see Sessions 8 & 9).
Understand internal control Regardless of the audit approach used, auditors must
obtain an understanding of the design of internal controls and if such controls have
been implemented, as part of their overall risk assessment. See Sessions 8.
Reliance on control effectiveness Where the auditor decides to gain audit assurance from
controls within an entity, the effectiveness of such controls must be tested. See Session
Substantiate (verify) assets, liabilities, transactions and disclosures Balances and
transactions within the financial statements, together with disclosures must be verified
based on key substantive assertions (e.g. completeness, existence, occurrence). See
Session 15
Review and finalisation procedures To ensure that the audit has been carried out in
accordance with ISA and that the audit working papers fully support the audit opinion.
Finalisation procedures would normally also include analytical review of the financial
statements, subsequent events and going concern reviews See Sessions 8 and 9.
Obtain management representations The auditor asks management to formally confirm in
writing that they are responsible for the fair presentation of the financial statements, the
design and implementation of internal control to prevent and detect fraud; that they
have recognised and carried out their legal and governance responsibilities and that
they approve the financial statements. Representations may also be required from
management to support audit evidence (e.g. that all obligations and liabilities have been
fully disclosed; that the entity has good title to all assets). See Session 20.
Sign auditors report After the directors have approved the financial statements, the
auditors will sign their audit report. This may be unmodified (most common) but may
also under certain circumstances be qualified. See Sessions 30.
2.3.2 Application to internal audit
Many of the methods and procedures used in external audit are also applicable to
internal audit.
Internal auditors will need terms of engagement that is they must know the scope,
requirements and objectives of the work they are being asked to perform.
They must thoroughly understand the entity, its environment and in particular the
business risks faced (in much greater depth than the external auditor as they will be
dealing with the entity on a day-to-day basis). As a significant part of their work may
well be testing that business and risk systems operate, a thorough understanding of
systems and controls in operation and their effectiveness is essential (that is all business
systems and controls, not just those that will have an impact on the financial
They will need to plan their work to be efficient and effective and to obtain realistic
Control effectiveness, assets, liabilities, transactions may be part of their work, although
they will also cover all aspects of management effectiveness and efficiency within an
Whilst external auditors concentrate on the financial statements, internal auditors will
consider, for example, the attributes of the information received, processed and
reported by the enterprise to management and other third parties (e.g. that monthly
management reports are sent to the entitys bank or regulator).
Their reports will not therefore be in the form of a true and fair view, but will be
specifically related to the stated requirement of their task. This will often mean that the
report is factually based.
The International Framework for Assurance Engagements (IFAE) defines and describes
the elements and objectives of an assurance engagement. The framework covers audits,
reviews of historical financial information and other assurance engagements (as are
within the IFAE definitions).

International Framework for Assurance Engagements
Audit and Reviews of
Historical Financial
Assurance Engagements
other than Audits or
Reviews of Historical
Financial Information
ISAs 100+
Standards on
ISREs 2000+
Standards on
ISAEs 3000+
Standard on

3.1 Basic definition
As defined by the IFAE (and discussed earlier in the context of an audit) an assurance
engagement is an engagement in which a practitioner expresses a conclusion designed
to enhance the degree of confidence of the intended users, other than the responsible
party, about the outcome of the evaluation or measurement of a subject matter against
3.2 Forms of assurance engagement
3.2.1 Assertion-based engagements
The evaluation or measurement of the subject matter is performed by the responsible
An assertion is then made about the subject matter, by the responsible party, that is
made available to the intended users.
That assertion is then tested by the practitioner who reports to the intended user.
An audit under ISAs is an example of an assertion-based engagement in that the
directors of an entity make certain assertions about the financial statements to the
shareholders and the auditors report to the shareholders on those assertions. In this
case, the directors are also responsible for the financial statements.
3.2.2 Direct reporting engagements
Assurance engagements where the practitioner either:
directly performs the evaluation or measurement of the subject matter themselves;
or obtains a representation (that is not available to the intended users) from the
responsible party that has performed the evaluation or measurement.
The practitioner reports on issues that have come directly to their attention during the
course of their work. In effect, the subject matter information is provided directly to the
intended users in the assurance report given by the practitioner (rather than by the
responsible party).
An example of a direct reporting engagement would be where the practitioner is
requested to report on the issues arising from, for example, the recent implementation
of a new computerised system.
3.3 Levels of assurance given
Within the International Framework for Assurance Engagements, the levels of
assurance specifically dealt with are reasonable assurance and limited assurance.
If an engagement meets the basic definition of an assurance engagement, then the
Framework and the appropriate assurance standards (eg ISAs) must be applied. That is,
only reasonable or limited assurance may be given.
3.3.1 Reasonable assurance
The objective of a reasonable assurance engagement is a reduction in assurance
engagement risk (that is, the risk that an inappropriate opinion will be given) to an
acceptably low level in the circumstances of the engagement as the basis for a positive
form of expression of the practitioners conclusion.
Depending on the circumstances, the easier it is to objectively measure the subject
matter (eg qualitative, quantitative, historical), the more formal the measurement
criteria, the more independent, reliable and persuasive the evidence that can be
obtained, the greater the assurance that can be given on the subject matter.
In audit engagements the auditor provides reasonable assurance through obtaining
sufficient appropriate audit evidence to be able to draw conclusions on which to base
their opinion (see Session 15). The financial statements are prepared in accordance with
IFRS and relevant law, which can be objectively measured through the application of
The opinion is expressed positively, eg In our opinion, the financial statements give a
true and fair view .. The directors have asserted to the shareholders that the
financial statements show a true and fair view and the auditors, through their work,
have obtained sufficient and appropriate evidence (under ISAs) to draw a conclusion
that they do show a true and fair view.
3.3.2 Limited assurance
For a limited assurance engagement, whilst the assurance engagement risk is acceptable
in the circumstances of the engagement, it is greater than that for a reasonable assurance
engagement (eg if the same level of work was carried out within a reasonable assurance
assignment, there would be a high risk that an inappropriate opinion would be
The level of work forms the basis for a negative form of expression of the practitioners
conclusion, eg Based on our work . nothing has come to our attention that causes us
to believe that . .
Basically, the subject mater, criteria and evidence obtained would not be appropriate to
be able to express a positive opinion. So, where the subject matter, criteria and
measurement are subjective and informal, and the evidence obtained may not be
independent, sufficiently reliable and persuasive, the auditor may conclude that
reasonable assurance cannot be given and that only limited assurance is applicable.
The practitioner must consider the detail of the engagement and the requirements of
those requesting the engagement, to decide which assurance level they are able to
provide before accepting the engagement. Having accepted, for example, a reasonable
assurance engagement, the practitioner cannot then decide to issue a report based on
limited assurance because, for example, expected evidence could not be obtained. They
must qualify their opinion on the reasonable assurance report.
An example of a limited assurance engagement would be providing assurance on
business ethics, This would be because of the subjectivity of applying any specific
ethical criteria and the subjectivity of measuring the application of such criteria (eg what
is not ethical to one business may be considered ethical by another).
In addition, specific limited assurance services have been developed to meet the needs
of users, eg reviews of historic financial information. For example, in Canada audit
exemption applies for appropriate companies. In place of the audit report, a limited
assurance review report is given instead.
3.4 Evidence gathering procedures and reports
Reasonable assurance engagement
Evidence gathering
Obtaining an understanding of the
engagement circumstances;
Assessing risks and responding to those
Performing further procedures using a
combination of inspection, observation,
confirmation, recalculation,
reperformance, analytical procedures
and inquiry.
Such further procedures involve
substantive procedures, including ,
where applicable, obtaining
corroborating information, and
depending on the nature of the subject
matter, tests of the operating
effectiveness of controls; and
Evaluating the evidence obtained.
The practitioner expresses the
conclusion in the positive form, e.g.
In our opinion, internal control is
effective, in all material respects, based
on XYZ criteria.

NOTE: The basic guideline for a reasonable
assurance engagement would be that of the
nature of an audit.
Limited assurance engagement
Evidence gathering
Evidence gathering procedures are
deliberately limited relative to a
reasonable assurance engagement.

Confirmations, recalculations,
reperformance and test of controls, for
example, are not considered as part of
the work programme necessary to
achieve the users requirements.

The practitioner expresses the
conclusion in the negative form, e.g.
Based on our work described in this
report, nothing has come to our
attention that causes us to believe that
internal control is not effective, in all
material respects, based on XYZ
NOTE: The basic example for a limited
assurance engagement would be that of a
review of historic financial information.
3.5 Review assignments
The objective of a review of historic financial information is to enable an auditor to state
whether, on the basis of procedures which do not provide all the evidence that would
be required in an audit, anything has come to the auditors attention that causes the
auditor to believe that the financial statements are not prepared, in all material respects,
in accordance with an identified financial reporting framework (negative form of report,
limited assurance).
A financial statement review under International Standard for Review Engagements
(ISRE) 2400 is a limited assurance engagement because of the limited nature of the work
required to be carried out (by the standard) and the assurance obtained (primarily
through enquiry and analytical review). Any review of financial or non-financial
information that meets the criteria of ISRE 2400 must follow the requirements of the
standard. Note that ISRE 2410 deals with the review of interim financial statements.
A review of prospective financial information, eg a projected cash flow or budgeted
financial statements would primarily not be an assurance assignment as the detail
relates to future information, for which no assurance could be given. The only element
that could possibly be given an assurance report would be the basis of preparation (eg
of the assumptions relating to past events).
3.6 Other assurance assignments
Assurance engagements other than audits (following ISAs) and reviews of historical
financial information (following ISREs) are covered by the International Standard on
Assurance Engagements, ISAE 3000.
The general principles and approach of ISAE 3000 are basically the same as those for an
audit (which is, of course, a specific form of assurance service) eg:
Comply with the ISAE and any other relevant ISAEs.
Use ISAs and ISRE as necessary to provide guidance.
Comply with Code of Ethics (see Session 4).
Implement quality control procedures applicable to each engagement.
Agree, or update, terms of engagement with the client.
Ensure assurance team has appropriate professional competence.
Plan the engagement to ensure effective performance.
Exercise professional scepticism.
Assess the appropriateness of the subject matter.
Assess the suitability of the criteria to measure or evaluate the subject matter.
Consider engagement risk (to reduce it to an acceptable level) and materiality.
If the work of an expert is to be used, apply the same ethical and assignment
approach to the expert as if they were a member of assignment team (see Session 18)
Obtain sufficient appropriate evidence on which to base a conclusion.
Obtain representations from the responsible party as appropriate.
Consider subsequent events (events after the reporting date).
Prepare an assurance report taking into consideration the objectives of the
engagement (reasonable or limited assurance) and whether sufficient appropriate
evidence has been obtained.
Consider the need to report to other parties including reporting governance matters
to those charged with governance.

You should now be able to:

explain the nature and development of audit and other assurance engagements;
identify and describe the objective and general principles of external audit
discuss the concepts of accountability, stewardship and agency;
discuss the concepts of materiality, true and fair presentation and reasonable assurance;
explain reporting as a means of communication to different stakeholders; and
explain the level of assurance provided by audit and other review assignments.