TOPIC I

ASSURANCE AND NON- ASSURANCE

A. The Assurance Concept

Auditing is the independent examination of and expression of opinion on, the financial statements of an
enterprise by an appointed auditor in pursuance of that appointment and in compliance with any relevant
statutory obligation

Auditor—―Auditor‖ is used to refer to the person or persons conducting the audit, usually the engagement
partner or other members of the engagement team, or, as applicable, the firm. Where an ISA expressly
intends that a requirement or responsibility be fulfilled by the engagement partner, the term ―engagement
partner‖ rather than ―auditor‖ is used. ―Engagement partner‖ and ―firm‖ are to be read as referring to their
public sector equivalents where relevant.

The term assurance refers to the expression of a conclusion that is intended to increase the confidence
that users can place in a given subject matter or information. For example, an auditor’s report is a
conclusion that increases the confidence that users can place in a company’s financial statements.

Audit engagement refers to audit performed by an auditor. It is the very first stage of an audit procedure
where the client is notified by the auditor that the work pertaining to audit has been accepted by him/her
and also provides clarifications with regard to the scope and purpose of audit. To be more specific, audit
engagement can be referred to the written letter that the auditor uses to notify the client that he/she would
be engaging in auditing services

Audit engagement consists of several steps that basically revolve around planning, substantiation, control
testing and finalization

 Providing a letter to the client reminding him about the audit.

 Both the auditor and client meet with each other to determine how, why and when the auditing
would take place. In addition to this, the client also needs to provide the auditor with relevant
resources for conducting the procedure smoothly.
 The auditor carries out surveys to find out more about the organization and its controls.
 Testing of controls and garnering of as much detail and information as is possible.
 On the basis of the results and information, the auditor prepares a temporary draft and shares the
same with client.
 Once the client has gone through the draft report, he responds to the recommendations and
findings made in it.
 The auditor prepares a final audit report and may also request the client to fill a survey form to
better understand his/her performance.
 The audit is completed after a follow up meeting with client, which usually happens within 6
months

Elements of an Assurance Engagement

There are five elements that must all be present in order to qualify the engagement as an assurance
engagement.
1. A three-party relationship involving a practitioner, a responsible party, and intended users;

2. An appropriate subject matter; An appropriate subject matter is

 Identifiable and capable of consistent evaluation or measurement against the identified criteria
 Capable of being subjected to procedures for gathering sufficient appropriate evidence to support
a reasonable assurance or limited assurance conclusion, as appropriate

3. Sufficient appropriate evidence; Sufficiency is the measure of the quantity of evidence. The quantity
of evidence needed is affected by the risk of the subject matter being materially misstated.
Appropriateness is the measure of the quality of evidence, that is, its relevance and reliability. The
reliability of evidence is influenced by its source and by its nature, and is dependent on the individual
circumstances under which it is obtained.

4. Suitable Criteria; The following are the characteristics of a criteria to be considered suitable:

 Relevance – contribute to conclusions that assist decision-making by the intended users.

 Completeness – the relevant factors that could affect the conclusions are not omitted. Includes
benchmarks for presentation and disclosure
 Reliability – allows reasonably consistent evaluation or measurement of the subject matter
including where relevant, presentation and disclosure, when used in similar circumstances by
similarly qualified practitioners
 Neutrality – free from bias
 Understandability – contribute to conclusions that are clear, comprehensive, and not subject to
significantly different interpretations

5. A written assurance report in the form appropriate to a reasonable assurance engagement or a limited
assurance engagement.

Types of Assurance Engagements

1. As to Level of Assurance:

i. Reasonable Assurance – the objective is a reduction in assurance engagement risk to an acceptably low
level as the basis for a positive form of expression of a practitioner’s conclusion. (e.g., audit of historical
financial statements)

ii. Limited Assurance – the objective is a reduction in assurance engagement risk to a level that is
acceptable in the circumstances of the engagement, but where the risk is greater that for a reasonable
assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
(e.g., review of historical financial statements

N/B: For a limited assurance engagement the practitioner collects less evidence than for a reasonable
assurance engagement but sufficient for a negative form of expression of the practitioner's conclusion

2. As to Structure of Engagement:

i. Assertion-based – the evaluation or measurement of the subject matter is performed by the responsible
party, and the subject matter information is in the form of assertion to the intended users.
ii. Direct Reporting – the practitioner either directly performs the evaluation or measurement of the
subject matter, or obtains a representation from the responsible party that has performed the evaluation or
measurement that is not available to intended users. The subject matter information is provided to the
intended users in the assurance report.

Other Types of Engagements

i. External Audits. An Auditor states an opinion as to whether the financial statements Give a true and fair
view. An Auditor examines financial statements prepared by a board of directors to express an opinion as
to whether they comply with accounting standards.

ii. Review Engagements. The auditor reviews the financial statements using less evidence than required by
an audit. The report will be to the body that commissioned the review e.g. bank, directors

Types of Review Engagements:

 Risk assessment reports

 Review of internal controls
 System reliability reports
 Value for money reviews
 Social and environmental reports

Differences between Audit and Review Engagements

Basis for Audit Review

comparison
An audit refers to the A review refers to an evaluation
systematic and intelligent of the financial books, conducted
Meaning examination of the books of by the auditor, to determine if
accounts of an entity to there are any chances of
check whether they present modifications or not.
true and fair view or not.
Assurance Reasonable level of Moderate level of assurance
level assurance
Report Positive Assurance Negative Assurance Assertion
provided Assertion
Cost High Comparatively low
Limitations of Assurance Engagements

 Financial information includes subjective and judgemental matters.

 Inherent limitations of controls used as audit evidence.
 Representations from management may have to be relied upon as the only source of evidence in
some areas.
 Evidence is often persuasive not conclusive; and auditors.

B. Non-Assurance Engagements

If an engagement lacks the five elements of assurance engagements, it is considered non-assurance

(residual definition). Non-assurance engagements are those that do not result in the practitioner’s
expression of a conclusion that provides a level of assurance, whether negative assurance or other form of
assurance. The practitioner does not convey to the intended users any assurance as to the reliability of an
assertion. The practitioner’s primary purpose for performing non-assurance services is to provide advice
and technical assistance that will enable a client to conduct its business more effectively. Examples of
non-assurance engagements:

1. Related services, such as:

a. Agreed-upon procedures engagements, and

b. Compilations of financial or other information engagements

2. Tax services (such as the preparation of tax returns where no conclusion conveying assurance is
expressed)

3. Consulting (or advisory) engagements, such as management and tax consulting

An audit is an objective examination and evaluation of the financial statements of an organization to make
sure that the records are a fair and accurate representation of the transactions they claim to represent. It
can be done internally by employees of the organization, or externally by an outside firm.

International Standard on Assurance Engagement-ISAE 3000

The International Standard on Assurance Engagements (ISAE) 3000 covers assurance engagements other
than audits or reviews of historical financial information. The standard is used to guide assurance
practitioners in setting an effective methodology to assess a company’s internal processes and
performance information.

ISAE 3000 includes requirements for all stages of an assurance engagement, such as planning, assessment
of material and risk factors, liability of the practicing professional, and format and content of the report to
be delivered at the end of the engagement. It also requires that the assurance engagement contains quality
control procedures and be carried out by the practicing professional in accordance with the independence
and other ethical requirements of the Code of Ethics for Professional Accountants, issued by the
International Ethics Standards Board for Accountants (the IESBA Code).

ISAE 3000 defines two levels of assurance, limited or reasonable. The reasonable level is the most
stringent and requires obtaining sufficient evidence to reduce assurance engagement risks to an
acceptably low level. These levels of assurance are similar to the AA1000AS levels (moderate assurance
and high assurance)

Accepting Appointment to Perform Assurance Engagement

The international auditing standard that deals with agreeing on the terms of new audit assignments is 'ISA
210 - Agreeing the Terms of Audit Engagements'. This standard provides various guidelines on accepting
new engagements. However, before considering the standard for the various guidelines, an audit firm
must evaluate any ethical issues with accepting the new audit engagement.
Auditors must determine if accepting the engagement will pose any threats to the independence and
objectivity of the auditors. The types of threats that may exist are self-interest threat, self-review threat,
advocacy threat, intimidation threat, and familiarity threat.

After considering all the threats faced by the audit firm by accepting a new engagement, if some threats
cannot be eliminated or reduced to a minimum level, either because the threat is too significant or
appropriate safeguards cannot be applied, then the auditor should not accept the new audit and
assurance engagement.

Preconditions for an Audit

According to the standard, the preconditions of an audit engagement require the auditor to:

 Determine whether an acceptable financial reporting framework has been used in the preparation
of the financial statements of the business.
 Obtain an agreement from the management of the business that they acknowledge and understand
their responsibilities towards:

 Preparation of the financial statements of the business in accordance with the applicable financial
reporting framework (often the IFRS)
 Establishing internal control necessary for the financial statements of the business to give a true
and fair view.
 Providing the auditors any information that is relevant to the preparation of the financial
statements or the purpose of audit, and provide them access to individuals within the business,
from whom auditors deem necessary to obtain audit evidence

Audit Engagement Terms Agreement

Once the preconditions of audit are met, the auditor should agree on the terms of the audit engagement
with the management of those charged with governance. The terms that should be agreed including:

 The objective and scope of the audit.

 The responsibilities of the auditor and the management.
 The identification of the applicable financial reporting framework for the preparation of the
financial statements.
 Reference to the expected form and content of any reports to be issued by the auditor.
 A statement that the expected form and content of the report may be different in some
circumstances

Engagement letter, procedure of sending letter, purposes and contents of the letter-ISA 210

The engagement letter will be sent before the audit. It specifies the nature of the contract between the
audit firm and the client and minimizes the risk of any misunderstanding of the auditor's role. It should be
reviewed every year to ensure that it is up to date but does not need to be reissued every year unless there
are changes to the terms of the engagement.

The auditor must issue a new engagement letter if the scope or context of the assignment changes after
initial appointment. ISA 210 requires the auditor to consider whether there is a need to remind the entity
of the existing terms of the audit engagement for recurring audits and many firms choose to send a new
letter every year, to emphasize its importance to clients.
Benefits/ Purposes of Engagement Letters

Both parties to the engagement letter benefit from a fully executed contract. Some of the main benefits
that the agreements provide are listed below:

 To formally confirm auditor’s acceptance to the engagement

 Its sets out the contractual relationship between the auditor and the client.
 It acts as a confirmation of verbal discussions.
 It acts to commit both parties to their responsibilities
 It sets out the basis of charging the audit fee
 To avoid misunderstandings between the auditor and the client.
 It defines clearly the responsibilities of the auditor and those of management thus minimizing any
misunderstanding between client and the auditor

The contents of the engagement letter

The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the Terms of
Audit Engagements. They should include the following:

 The objective and scope of the audit;

 The responsibilities of the auditor;
 The responsibilities of management;
 The identification of an applicable financial reporting framework; and
 Reference to the expected form and content of any reports to be issued
 Restrictions to the auditor's liability.
 Agreements concerning the involvement of auditors experts and internal auditors
 The basis on which fees are computed and billing arrangements
 The expectation that management will provide written representations;
 Arrangements regarding the planning and performance of the audit;

Circumstances for revision of engagement terms

 Change of scope of audit

 Change of management (new management)
 Change of terms such as compensation
 Regulatory changes

Review of Interim Financial Information - ISRE 2410

International Standard on Review Engagements (ISRE) 2410 requires auditors to conclude whether
anything has come to their attention that causes them to believe that the interim financial statements are
not prepared in all material respects in accordance with the applicable financial reporting framework.

This standard also requires us to comply with relevant ethical requirements. A review of interim financial
statements in accordance with ISRE 2410 is a limited assurance engagement.

The ISRE requires the auditor to:

 Comply with ethical requirements relevant to an audit of annual financial statements;

  Implement quality control procedures that are applicable to the individual engagement;
 Plan and perform the review with an attitude of professional skepticism recognizing that
circumstances may exist that cause the interim financial information to require a material
adjustment for it to be in accordance with the applicable financial reporting framework;
 Agree on the terms of the engagement with the client;
 Have an understanding of the entity and its environment, including its internal control, as it
relates to the preparation of both annual and interim financial information, sufficient to plan and
conduct the audit
 Make inquiries, primarily of persons responsible for financial and accounting matters, and
perform analytical and other review procedures to enable the auditor to conclude whether, on the
basis of the procedures performed, anything has come to the auditor's attention that causes the
auditor to believe that the interim financial information is not prepared, in all material respects, in
accordance with the applicable financial reporting framework;
 Obtain evidence that the interim financial information agrees or reconciles with the underlying
accounting records;
 Inquire whether management has identified all events up to the date of the review report that may
require adjustment to or disclosure in the interim financial information;
 Inquire whether management has changed its assessment of the entity's ability to continue as a
going concern;
 Evaluate, individually and in the aggregate, whether uncorrected misstatements that have come to
the auditor's attention are material to the interim financial information;
 Obtain written representation from management;
 Read the other information that accompanies the interim financial information to consider
whether any such information is materially inconsistent with the interim financial information;
 Issue a written report in accordance with the ISRE; and
 Prepare review documentation that is sufficient and appropriate to provide a basis for the auditor's
conclusion and to provide evidence that the review was performed in accordance with this ISRE
and applicable legal and regulatory requirement

Levels of Assurance and Reports Issued on Assurance Engagements

There are broad ranges of assurance engagement and each has distinct differences depending on the
assurance requirements as follows:

Review engagement: The auditor provides a moderate level of assurance that the information subject to
review is free from material misstatement. This is expressed in the form of negative assurance. Agreed-
upon procedures: The auditor simply provides report of the actual findings, so no assurance is expressed.
Users of the report must instead judge for themselves the auditors' procedures and findings and draw their
own conclusions from the auditors work. Compilation engagement: Users of compiled information gain
some benefit from the accountant's (as opposed to the auditor's) involvement, but no assurance is
expressed in the report.

Task: Read on the types of reports issued on assurance engagements by an auditor.

Non-assurance engagements (Agreed upon procedures engagement -ISRS 4400 and compilation
assignments-ISRS 4410

If an engagement lacks the five elements of assurance engagements, it is considered non-assurance

(residual definition). Examples of non-assurance engagement are the following:
  Agreed-upon procedures
 Compilations engagements
 Preparation of Income tax returns where no conclusion conveying assurance is expressed
 Management advisory services and Consulting
 Engagement that includes rendering of professional opinions not intended to be an
assurance report

Procedures for Accepting Non-Audit Engagements

Sometimes, auditors may also be approached to provide non-audit services by a client business. These
services may include tax planning, bookkeeping, advisory, forensic investigations, etc. Before accepting
non-audit engagements, auditors must also consider any ethical issues that will be raised if they accept the
assignments.

Auditors must also determine the effect, if any, that accepting the assignment will have on their audit
engagement with the client business. If non-audit engagements pose threats to the objectivity and
independence of the auditor, then the auditor must eliminate the threats or reduce them to an acceptable
level. For example, the firm may choose to provide non-audit services through a different team than the
one providing the auditing services.

It is the responsibility of the audit engagement partner to assess the level of threat, the effectiveness of
safeguards, and is ultimately responsible for the documentation of the decision regarding acceptance.

The audit committee of the client, under an entity’s corporate governance, is required to be involved in
the decision regarding obtaining non-audit services from the auditors. This means when accepting non-
audit assignments, auditors should discuss the matter with those charged with governance of the client
business and its audit committee before deciding on whether the engagement should be accepted.

Attestation and Direct Reporting Engagements

An attestation engagement is an arrangement with a client where an independent third party investigates
and reports on subject matter created by a client. Examples of attestation engagements are:

 Reporting on financial projections made by a client

 Reporting on pro forma financial information formulated by a client
 Reporting on how well the internal controls in a client process function

The resulting report gives users a higher level of confidence regarding the subject of the engagement.

In an attestation engagement, a party other than the practitioner (usually management) measures or
evaluates the underlying subject matter against the criteria.

In a direct engagement, the practitioner evaluates the underlying subject matter. In a direct (direct
reporting) engagement, the responsible party does not present the subject matter information in a report in
a direct engagement. Instead the practitioner reports directly on the subject matter and provides the
intended users with an assurance report containing the subject matter information.