4.

4 General Considerations in an Assurance Engagement

The assurance engagement calls for planning, gathering evidence and reporting. The extent of
planning, the sufficiency of evidence, acceptable engagement risk, and the level of assurance of the
opinion will depend on the type of assurance engagement. An assurance engagement based on
historical financial information requires more intensive planning and evidence gathering than a
related services engagement. The auditor should reduce assurance engagement risk to an acceptably
low level in the case of a historical financial information engagement. It is also possible to conduct an
assurance engagement that provides a reasonable level of assurance on a subject matter other than
historical financial information (e.g. the subject matter of a sustainability report or internal control
report).

■ Assurance Report Basic Elements International Standards on Assurance Engagements 3000 (ISAE
3000) ‘Assurance Engagements Other Than Audits or Reviews of Historical Financial Information’
discusses preparing an assurance report for audits other than financial statement audits (covered in
Chapter 12) and reviews (covered in Chapter 14). In preparing the audit report the practitioner
should conclude whether sufficient appropriate evidence has been obtained to support the
conclusion expressed in the assurance report. The assurance report should be in writing and should
contain a clear expression of the practitioner’s conclusion about the subject matter information. The
ISAE does not require a standardised format for reporting on all assurance engagements, but rather
identifies the basic elements required to be included in the assurance report.16 The standard
elements of the report include the title, addressee, the identification of the subject matter
information, identification of the criteria, identification of the responsible party and their
responsibilities, the practitioner’s responsibilities, a statement that the engagement was performed
in accordance with ISAEs, summary of the work performed, practitioner’s conclusion, assurance
report date, practitioner’s name and specific location, and, if appropriate, a description of any
significant inherent limitations, or a statement restricting the use to certain intended users.
Illustration 4.5 gives the basic elements of the assurance report.

A title that clearly indicates the report is an independent assurance report.17 An appropriate
title helps to identify the nature of the assurance report, and to distinguish it from reports issued by
others.

An addressee identifies the party or parties to whom the assurance report is directed.
Whenever practical, the assurance report is addressed to all the intended users, but in some cases
there may be other intended users
ILLUSTRATION 4.5
 A statement to identify the responsible party and to describe the responsible party’s and the
practitioner’s responsibilities: this informs the intended users that the responsible party is
responsible for the subject matter in the case of a direct reporting engagement, or the subject
matter information in the case of an assertion-based engagement, and that the practitioner’s role is
to independently express a conclusion about the subject matter information.

Where there is a subject matter specific ISAE, that ISAE may require that the assurance
report refers specifically to being performed in accordance with that specific ISAE.

The name of the firm or the practitioner, and a specific location, which ordinarily is the city
where the practitioner maintains the office that has responsibility for the engagement: this informs
the intended users of the individual or firm assuming responsibility for the engagement.
SUBJECT MATTERS

In the body of the report is a description of the subject matter, for example, identification of the
subject matter and explanation of the subject matter characteristics. The subject matter description
gives the name of the entity to which the subject matter relates and the period of time covered. Are
characteristics of the subject matter qualitative, quantitative, objective, subjective, historical or
prospective? Are there inherent limitations such as the imprecision of the measurement techniques
being applied?

An identification and description of the subject matter information and the subject matter
includes, for example :

■ The point in time or period of time to which the evaluation or measurement of the subject matter
relates.

■ The name of the entity or component of the entity (such as a subsidiary company or transactions
in the sales cycle) to which the subject matter relates.

■ An explanation of those characteristics of the subject matter or the subject matter information of
which the intended users should be aware, and how such characteristics may influence the precision
of the evaluation of the subject matter against the identified criteria. For example:

❑ The degree to which the subject matter information is qualitative versus quantitative,
objective versus subjective, or historical versus prospective.

❑ Changes in the subject matter or other engagement circumstances that affect the
comparability of the subject matter information from one period to the next. When the practitioner’s
conclusion is worded in terms of the responsible party’s assertion, that assertion is appended to the
assurance report, reproduced in the assurance report or referenced therein to a source that is
available to the intended users.

Identification of the Criteria Criteria

by which the evidence is measured or evaluated can be either established or specifically developed.
To illustrate, International Financial Reporting Standards are established criteria for the preparation
and presentation of financial statements in the private sector, but specific users may decide to
specify some other comprehensive basis of accounting (OCBOA) such as cash accounting, rules of a
regulatory authority, or income tax basis that meets their specific information. When users of the
report have agreed to criteria other than established criteria, then
 the assurance report states that it is only for the use of identified users and for the purposes
they have specified. The assurance report identifies the criteria so the intended users can understand
the basis for the auditor’s conclusion. Disclosure of the source of the criteria, measurement methods
used and significant interpretations made are important for that understanding. The auditor may
consider disclosing the source of the criteria (e.g. laws, regulations, recognised bodies of experts,
measurement methods used, and any significant interpretations made in applying the criteria).

A Summary of the Work Performed

The summary will help the intended users understand the nature of the assurance conveyed by the
assurance report. ISA 700 ‘Forming an Opinion and Reporting on Financial Statements’18 and ISRE
2400 ‘Engagements to Review Financial Statements’ provide a guide to the appropriate type of
summary. Where no specific ISAE provides guidance on evidence-gathering procedures for a
particular subject matter, the summary might include a more detailed description of the work
performed.

Because in a limited assurance engagement an appreciation of the nature, timing and extent
of evidence-gathering procedures performed is essential to understanding the assurance conveyed
by a conclusion expressed in the negative form. The limited assurance summary is more detailed
than for a reasonable assurance engagement and identifies the limitations on the nature, timing and
extent of evidence-gathering procedures. The summary for a limited assurance engagements states
that the evidence-gathering procedures are more limited than for a reasonable assurance
engagement, and therefore less assurance is obtained than in a reasonable assurance engagement.

Special Statements in an Assurance Report

Special statements should be in the assurance report concerning inherent limitations, a statement
restricting use because subject matter criteria has limited availability.

A description of any significant, inherent limitation associated with the evaluation or

measurement of the subject matter against the criteria is necessary in the assurance report. For
example, in an assurance report related to the effectiveness of internal control, it may be appropriate
to note that the historic evaluation of effectiveness is not relevant to future periods due to the risk
that internal control may become inadequate because of changes in conditions, or that the degree of
compliance with policies or procedures may deteriorate.

When the criteria used to evaluate or measure the subject matter are available only to
specific intended users, or are relevant only to a specific purpose, a statement restricting the use of
the assurance report to those intended users or that purpose. Furthermore, when the assurance
report is intended only for specific intended users or a specific purpose this would be stated in the
assurance report.

Practitioner’s Conclusion

The practitioner’s conclusion is expressed in positive form, negative form or as a reservation or denial
of conclusion.

In the case of an audit of financial statements or Sarbanes–Oxley internal control

engagement, the conclusion should be expressed in the positive form. The practitioner’s conclusion
may, for example, be worded as follows: ‘In our opinion internal control is effective, in all material
respects, based on XYZ criteria’ or ‘In our opinion the responsible party’s assertion that internal
control is effective, in all material respects, based on XYZ criteria, is fairly stated.’
 In the case of a review of financial statements, the conclusion should be expressed in the
negative form. For example, ‘Based on our work described in this report, nothing has come to our
attention that causes us to believe that internal control is not effective, in all material respects, based
on XYZ criteria’ or ‘Based on our work described in this report, nothing has come to our attention
that causes us to believe that the responsible party’s assertion that internal control is effective, in all
material respects, based on XYZ criteria, is not fairly stated.’

The conclusion should clearly express a reservation in circumstances where some or all
aspects of the subject matter do not conform, in all material respects, to the identified criteria; or
the auditor is unable to obtain sufficient appropriate evidence.

When the subject matter information is made up of a number of different aspects, separate
conclusions may be provided on each aspect. The conclusion should inform the intended user of the
context to which the conclusion applies.

Qualified Conclusions, Adverse Conclusions and Disclaimers of Conclusion

The practitioner should not express unqualified conclusion when the following circumstances exist
and, the effect of the matter is or may be material:

■ There is a limitation on the scope of the practitioner’s work, that is, either circumstances or the
responsible party imposes restrictions that prevent him from obtaining sufficient appropriate audit
evidence.

■ In those cases where the practitioner’s conclusion is worded in terms of the responsible party’s
assertion which is not fairly stated; and the subject matter information is materially misstated, the
practitioner should express a qualified or adverse conclusion; or when it is discovered, after the
engagement has been accepted, that the criteria are unsuitable or the subject matter is not
appropriate for an assurance engagement. The practitioner should express a qualified conclusion
when the effect of a matter is not as material or pervasive as to require an adverse conclusion or a
disclaimer of conclusion. A qualified conclusion is expressed as being ‘except for’ the effects of the
matter to which the qualification relates.

Communications with the Audit Committee

The auditor communicates relevant matters arising from the assurance engagement with those
charged with governance (such as the audit committee). Relevant matters of governance interest
include only information that has come to the attention of the auditor as a result of performing the
assurance engagement. He is not required to design procedures for the specific purpose of
identifying matters of governance interest.

An auditor who, before the completion of an assurance engagement, is requested to change

the engagement to a non-assurance engagement or from an audit-level engagement to a review-
level engagement should consider if that is appropriate. He should not agree to a change where
there is no reasonable justification for the change. Examples of a reasonable basis for requesting a
change in the engagement are a change in circumstances that affects the intended users’
requirements or a misunderstanding concerning the nature of the engagement.