Professional Documents
Culture Documents
ARM106-ASSURANCE ENGAGEMENT & PRE-ENGAGEMENT ACTIVITIES
ARM106-ASSURANCE ENGAGEMENT & PRE-ENGAGEMENT ACTIVITIES
ARM106-ASSURANCE ENGAGEMENT & PRE-ENGAGEMENT ACTIVITIES
External audit is the independent examination and expression of opinion on the financial
statements of an entity. Its purpose is to promote confidence and trust in financial information.
The primary role of an external audit is to report on the truth and fairness of the financial
statements of an entity on behalf of its owners, the shareholders. The auditor gives an opinion on
whether the financial statements have been prepared in accordance with an acceptable financial
reporting framework, e.g. IFRSs and complies with any specific statutory requirements.
The directors are required to account for the stewardship of the assets placed under their control.
They achieve this by preparing financial statements which are presented to the shareholders.
The auditor’s opinion enhances the credibility of the financial statements by providing
reasonable assurance from an independent source that the financial statements taken as a whole
are free from material misstatement.
The need for an external audit arises from the agency theory, which portrays directors as the
agents for the shareholders, the principals. The directors are accountable, to shareholders, for
their stewardship of the company. The shareholders have limited access to information about
the operations of the company. They may lack trust in the directors and may believe that the
information in the financial statements is biased. The external auditor, therefore, performs a
statutory audit to address a simple agency conflict between shareholders and directors
In addition, the auditor can be seen as an agent of the shareholders. Under law, they report to
and are appointed by the shareholders.
ASSURANCE ENGAGEMENT
A subject matter
The subject matter of an assurance engagement may vary considerably. However, it is likely to
fall into one of three categories:
Page | 1
Data (for example, financial statements or business projections)
Systems or processes (for example, internal control systems or computer systems)
Behaviour (for example, social and environmental performance or corporate governance)
Suitable criteria
The person providing the assurance must have something by which to judge whether the
information is reliable and can be trusted. So for example, in an assurance engagement relating
to financial statements, the criteria might be accounting standards. The practitioner will be able
to test whether the financial statements have been prepared and presented in accordance with
accounting standards, and if they have, then the practitioner can conclude that there is a degree of
assurance that they are reliable. In the context of company behaviour, suitable criteria to judge
whether something is reliable and can be trusted might be an acceptable Corporate Governance
Code, or, if the company has one, its published Code of Practice.
The practitioner must obtain sufficient appropriate evidence to support the opinion that he draws
in order that the user can have confidence that it is reliable. The practitioner must obtain
evidence as to whether the criteria have been met.
Lastly, it is required that assurance reports are provided to the intended users in a written form
and contain certain specified information.
*All assurance engagements, whether subjected to legal regulation such as statutory audit or a
contractual arrangement should be performed in a similar manner:
Plan the work. The level of work should be based on the risk and level of assurance
desired
Page | 2
LEVELS OF ASSURANCE: REASONABLE, LIMITED & ABSOLUTE
In terms of the International Framework for Assurance Engagements, there are two types of
assurance engagement a practitioner is permitted to perform i.e. a reasonable assurance
engagement and a limited assurance engagement. The distinction between the two is the degree
of confidence which is provided by the practitioner. It is equally obvious no doubt, that the level
of assurance which the practitioner can give depends on the amount of evidence which has been
gathered.
Reasonable assurance
ISA 200-Overall Objectives of the Independent Auditor, defines reasonable assurance as “high
but not absolute” level of assurance. Reasonable assurance can only be given when the
practitioner has gathered sufficient appropriate evidence to satisfy him that the risk that he
expresses an inappropriate opinion on the subject matter is acceptably low. In the context of an
audit of financial statements this means that the auditor carries out comprehensive procedures to
gather evidence so that he can express an opinion that the financial statements are fairly
presented (not materially misstated) in a positive form. The nature and extent of the audit
procedures he conducts, must satisfy the auditor that the risk that he will express an opinion that
the financial statements are fairly presented when in fact they are not, is low.
A reasonable level of assurance is conveyed by the use of the phrase “In our opinion the
financial statements present fairly …….”
Limited assurance
Limited assurance is a level of assurance which is lower than reasonable assurance but which is
still “meaningful” to users (ISRE 2400). Limited assurance is given when the practitioner has
gathered enough evidence to satisfy him that the risk that he expresses an inappropriate
conclusion on the subject matter is greater than for a reasonable assurance engagement, but still
at an acceptably low level for the particular engagement. In the context of a review of financial
statements this means that the reviewer carries out sufficient procedures to gather evidence so
that he can express a conclusion in a negative form as to whether anything has come to his
attention which causes him to believe that the financial statements are not fairly presented. As
limited assurance is required for a review engagement the nature and extent of procedures
conducted by the reviewer will be far less comprehensive than for an audit, but the reviewer
must still be satisfied that he has gathered sufficient, appropriate evidenced to support his
conclusion.
A limited level of assurance is conveyed by using the phrase, “Nothing came to our attention
which causes us to believe that these financial statements do not present fairly…..”
Page | 3
Absolute assurance
This is 100% level of assurance or degree of confidence. Auditors are restricted to provide only
reasonable assurance, not absolute assurance. The reason that the auditor cannot provide absolute
assurance is that an audit has inherent limitations which prevent the auditor from certifying or
confirming the 100% correctness of a set of financial statements. ISA 200 provides the basis for
the following explanation of the inherent limitations of an audit.
In the preparation of financial statements, management must apply judgement in applying the
relevant reporting framework, and financial statements contain many account balances which are
subjective, e.g. non-current and current assets are directly affected by estimates (subjective) of
depreciation, impairment, inventory obsolescence and bad debts respectively. It is impossible to
know exactly which debtors will not pay, or which inventory will become obsolete.
There are practical and legal limitations on the auditor’s ability to obtain audit evidence. There is
always the possibility that management may not provide complete information that is relevant to
the preparation of the financial statements, and accordingly the auditor cannot be certain that all
relevant information has been received. Audit procedures are not designed specifically to detect
fraud, and by collusion or falsification of documentation and other means of circumventing
controls carried out by management, fraudulent transactions may go undetected and the auditor
may believe that evidence is valid when it is not.
For example, an auditor is “persuaded” that an event or transaction took place by the presence of
documents or information provided by management, rather than by actually witnessing the event.
The documentation could be false, and the information provided by management untrue. It is
obviously impossible for the auditor to “witness” every transaction.
The auditor cannot examine every single transaction which has taken place in the business due to
financial and time constraints, therefore it is necessary to “test” check i.e. perform procedures on
only a sample of transactions and balances. Once the auditor “test checks”, he cannot state that
everything is 100% correct, only a reasoned opinion based on the sample on which procedures
were undertaken, can be given.
Page | 4
The inherent limitations of accounting and internal control systems
The auditor is obliged to place reliance on the systems which the client has put in place to
provide financial information. These systems have inherent limitations which may result in the
failure to detect errors or fraud hence the information on which the auditor forms an opinion,
may be flawed.
Timeliness of financial reporting and the balance between benefit and cost
To be of any value the audit opinion must be reported within a reasonable time after the financial
year-end, and the benefit derived from the audit must exceed the cost. To meet these practical
requirements will generally lead to some compromise in the audit, but it is compromise which
users understand and accept.
There are certain aspects of the audit or assertions in the financial statements which are
inherently difficult for the auditor to gather sufficient appropriate evidence and which compound
the limitations of the audit. Examples of situations that can present challenges to the auditor
include the following;
determine the presence or effect of fraud conducted by senior management
satisfy himself that all related parties and related party transactions have been
identified and correctly treated in the financial statements
determine the level of non-compliance with laws and regulations which may have
an impact on the financial statements
identify and evaluate future events which may have a bearing on the going concern
ability of the company
These “uncertainties” and many similar others, contribute to the limitations of the audit process
and in turn make it impossible for the auditor to provide absolute assurance.
It is the difference between what the public expects from the auditing profession and what the
auditing profession actually provides. It can also be defined as the difference between what the
general public thinks auditors do and what the general public would like auditors to do.
Expectation gap can be more broadly explained by discerning its three components, i.e.
knowledge gap, performance gap and evolution gap.
Page | 5
NARROWING THE EXPECTATIONS GAP
The auditor’s report as outlined in ISA700, forming an opinion and reporting on financial
statements, includes an explanation of the auditor’s responsibilities and also extensive
discussions of the key matters arising from the audit.
Research indicates the extra work by auditors with the inevitable extra costs is likely to
make little difference to the detection of fraud because:
More than half of frauds involve misstated financial reporting but do not include
diversion of funds from the company.
Far more is spent on investigating and prosecuting fraud in a company than on its audit.
PRACTICE QUESTIONS
1. Excluding shareholders, explain other users of financial statements who may benefit from
the increased confidence provided by the auditor’s report (10 marks)
Page | 6
2. Explain the 5 elements of an assurance engagement (10 marks)
3. Outline the limitations of a financial statement audit as a form of assurance engagement (15
marks)
5. Explain what is meant by “audit expectations gap” and outline interventions audit firms can
adopt to narrow down this gap (15 marks)
PRE-ENGAGEMENT ACTIVITIES
Audit firms try to reduce their own business risks by carefully managing their audit
engagements. To do so, the firms undertake several activities before beginning any audit
engagement. In general, these activities can be called risk management activities or pre-
engagement activities. Risk in any audit engagement refers to the probability of an audit firm
issuing a clean, unmodified audit opinion when in fact a material misstatement does exist in the
financial statements of the audit client.
(i) Auditors should perform procedures requiring the acceptance or continuance of the audit
client relationship
(ii) Auditors should ensure compliance with independence and ethical requirements
(iii) Auditors should reach a contractual understanding with the client for the terms and
conditions of the audit engagement
An important element of an audit firm’s quality control policies and procedures is a system for
deciding whether to accept a new audit client and a continuous basis, deciding whether to
continue providing services to existing audit clients. Audit firms are not obligated to continue to
serve audit clients when working relationships have deteriorated or when the management’s
integrity becomes questionable. In their quest to reduce audit risk, auditing firms devote
substantial time to make sure that they do screen audit clients and only serve those that do
business in an ethical and professional manner. Auditing a client that has integrity generally
results in a problem-free engagement.
To reduce the risk of accepting a problem audit client, auditing standards require a prospective
audit firm to get in touch with the predecessor audit firm. This is the audit firm that has been
Page | 7
terminated or has voluntarily withdrawn from the audit engagement. The audit client must grant
its approval before communication can occur between the prospective and predecessor audit
firms. Confidentiality remains even when the auditor-client relationship ends hence auditing
standards require the prospective audit firm to ask that the consent be given to permit the
predecessor audit firm to speak. If this consent is refused, the refusal should be regarded as a red
flag and the prospective audit firm should be cautious about accepting the audit engagement.
In addition, client acceptance and continuance policies and procedures include the following;
Obtaining and reviewing financial information about the prospective audit client. This
include annual reports, interim statements, registration statements, reports to
regulatory agencies etc
Acquiring detailed criminal background checks of senior management
Inquiring of the prospective audit client’s banks, legal counsel, underwriters, analysts
or other persons who do business with the entity for information about it and its
management
Considering whether the engagement would require special attention or involve
unusual risks to the audit firm
Evaluating the audit firm’s independence with regard to the prospective audit client
Considering the need for individuals possessing special skills or knowledge to
complete the audit
In addition, audit firms search for news articles, lawsuits and bankruptcy court outcomes for
prospective audit clients, including those relating to the chairpersons of their boards, the CEOs,
the CFO and other high ranking officers.
Private investigators can be engaged to conduct additional searches for information when
prospective audit firms are financial institutions, companies accused of fraud, companies under
regulatory investigations, companies that have changed auditors frequently and companies with
persistent trading losses. These characteristics are red flags of potential problems and as such
audit firms want to know as much as they can about the companies and their officers before
entering into business relationship with them. Without doubt, management integrity (or lack
thereof) is the primary reason for accepting (or not accepting) an audit engagement.
Client continuance decisions are similar to acceptance decisions except that the audit firm will
have more firsthand experience with the entity. These types of client retention reviews are
typically done annually and also on the occurrence of major events such as changes in
management, directors, ownership, legal counsel, financial condition, litigation status, nature of
client’s business or scope of the audit engagement. In general, conditions that would have caused
an audit firm to reject a prospective audit firm can develop and lead to a decision to discontinue
the audit engagement. For example, an audit client company could expand and diversify on an
international scale so that a small audit firm might not have the competence to continue the audit.
Page | 8
Audit firms are required to attempt to communicate with the predecessor audit firm, if any, for
information on management’s integrity, on disagreements with management about accounting
principles, audit procedures or similar matters and the reasons for a change of auditors.
Companies are free to and do change auditors periodically sometimes as a result of corporate
policy to rotate auditors or for such reasons such as fee considerations, arguments about the
scope of the audit or acceptability of accounting principles.
Auditors are required to comply with appropriate ethical requirements for each audit
engagement. Two important requirements relate to independence and due care. Auditors must
maintain independence in mental attitude, ie they are expected to be unbiased and impartial with
respect to the financial statements and other information they audit. An threat to the fundamental
principles of professional ethics, is a threat to auditor independence.
This independence allows auditors to form an opinion on the entity’s financial statements
without being affected by influences that might compromise that opinion. Independence has two
aspects;
This implies the auditors’ ability to maintain an unbiased attitude throughout the audit ie taking
unbiased viewpoint in the performance of audit tests, analysis of results and attestation in the
audit report. It is a state of mind that permits the auditor to perform without being affected by
influences that might compromise professional judgement, thus allowing the auditor to act with
integrity, exercise objectivity and professional scepticism.
This means the avoidance of circumstances that might cause a reasonable and informed third
party, aware of all relevant information, including safeguards applied, to reasonably conclude
that integrity, objectivity or professional scepticism of an audit firm or member of the audit
engagement team has been compromised. It is the interpretation of others in respect of the
auditors’ independence. It relates to others’ (especially financial statements users) perception of
auditors’ independence.
If auditors are not independent, the financial statements are considered unaudited for all practical
purposes. A lack of independence can result in disciplinary action by regulators and/or
professional organisations and litigation by those who relied on the financial statements, for
example clients and investors. The auditor’s opinion on the financial statements loses value if the
auditor is not considered to be independent from the management of the firm.
Page | 9
As a result of the importance placed on independence, audit firms must have a process in place to
ensure that they are independent of the company being audited. In addition, audit firms actively
monitor the key relationships and the investment portfolios of their individual partners. These
processes are in place to help ensure that the firm is independent of any relationship that might
impact the firm’s professional judgements on each audit. In fact, even after an audit client has
passed the client acceptance process, independence rules must continue to be rigorously
maintained.
Professional standards require auditors to reach a mutual understanding with clients concerning
engagement requirements and expectations and to document this understanding usually in the
form of a written letter. When a new client is accepted or when an audit engagement continues
from year to year, an engagement letter should be prepared.
Engagement Letter
Is a letter that documents and conforms that the auditor has officially accepted the appointment.
It is important that before commencing any professional work an auditor should agree, in
writing, the precise scope, terms and nature of the work to be undertaken. This letter sets forth
the understanding with the client, including in particular;
3. To minimise misunderstandings between audit firm and audit client in the future43. To
confirm, in writing, any verbal arrangements
7. To avoid a situation where terms of engagement are implied as arising out of the previous
conduct of the auditor
8. It serves as a means of avoiding legal liability for claims that the auditors did not perform the
work promised
Page | 10
When should an engagement letter be sent?
To all new client before any professional work has been started
To all existing clients who have not received such a letter previously
Whenever the auditor has reasons to believe that the client does not understand the
purpose of the audit
Recurring Audits
On recurring audits, the auditor should consider whether circumstances require the terms of
the engagement to be revised and whether there is need to remind the client of existing terms
of the engagement
(i) An indication that the client misunderstands the objective and scope of the audit
(vi) A change in the financial reporting framework adopted by management in preparing the
financial statements
Page | 11
Some audit firms also have policies about sending a termination letter to former audit clients.
Termination letters serve the following purposes. One of their purposes is to act as access to
audit documentation by successor auditors, assisting them to have an understanding of the
circumstances of termination.
The use by management of an acceptable financial reporting framework in the preparation of the
financial statements and the agreement of management and, where appropriate, those charged
with governance to the premise on which an audit is conducted
A condition for acceptance of an assurance engagement is that the criteria referred to in the
definition of an assurance engagement are suitable and available to intended users11. Criteria are
the benchmarks used to evaluate or measure the subject matter including, where relevant,
benchmarks for presentation and disclosure. Suitable criteria enable reasonably consistent
evaluation or measurement of a subject matter within the context of professional judgment. For
purposes of the SAs, the applicable financial reporting framework provides the criteria the
auditor uses to audit the financial statements, including where relevant their fair presentation.
Without an acceptable financial reporting framework, management does not have an appropriate
basis for the preparation of the financial statements and the auditor does not have suitable criteria
for auditing the financial statements. In many cases the auditor may presume that the applicable
financial reporting framework is acceptable.
Factors that are relevant to the auditor’s determination of the acceptability of the financial
reporting framework to be applied in the preparation of the financial statements include:
The nature of the entity (for example, whether it is a business enterprise, or a not for
profit organization);
The purpose of the financial statements (for example, whether they are prepared to meet
the common financial information needs of a wide range of users or the financial
information needs of specific users);
The nature of the financial statements (for example, whether the financial statements are
a complete set of financial statements or a single financial statement); and
Page | 12
(b) Agreement of the Responsibility of Management
An audit in accordance with SAs is conducted on the premise that management has
acknowledged and understands that it has the responsibilities set out in paragraph 6(b)13. In case
of certain entities, such responsibilities may be specified in the applicable law or regulation. In
others, there may be little or no legal or regulatory definition of such responsibilities. SAs do not
override law or regulation in such matters. However, the concept of an independent audit
requires that the auditor’s role does not involve taking responsibility for the preparation of the
financial statements or for the entity’s related internal control, and that the auditor has a
reasonable expectation of obtaining the information necessary for the audit in so far as
management is able to provide or procure it. Accordingly, this premise is fundamental to the
conduct of an independent audit. To avoid misunderstanding, agreement is reached with
management that it acknowledges and understands that it has such responsibilities as part of
agreeing and recording the terms of the audit engagement.
Assessment of the entity’s ability to continue as a going concern and whether the use of the
going concern basis is appropriate
Provision of all the necessary information and records to auditors to enable them to carry out the
audit in the most efficient and effective manner
ISA 580 requires the auditor to request management to provide written representations that it has
fulfilled certain of its responsibilities. It may therefore be appropriate to make management
aware that receipt of such written representations will be expected, together with written
representations required by other SAs and, where necessary, written representations to support
other audit evidence relevant to the financial statements or one or more specific assertions in the
financial statements.
Where management will not acknowledge its responsibilities, or agree to provide the written
representations, the auditor will be unable to obtain sufficient appropriate audit evidence. In such
circumstances, it would not be appropriate for the auditor to accept the audit engagement, unless
law or regulation requires the auditor to do so. In cases where the auditor is required to accept
the audit engagement, the auditor may need to explain to management the importance of these
matters, and the implications for the auditor’s report
Page | 13
It is in the interests of both the entity and the auditor that the auditor sends an audit engagement
letter before the commencement of the audit to help avoid misunderstandings with respect to the
audit.
The form and content of the audit engagement letter may vary for each entity.
You have requested that we audit the financial statements of ABC Company, which comprise the
balance sheet as at December 31, 20X1, and the income statement, statement of changes in
equity and statement of cash flows for the year then ended, and a summary of significant
accounting policies and other explanatory information. We are pleased to confirm our acceptance
and our understanding of this audit engagement by means of this letter. Our audit will be
conducted with the objective of our expressing an opinion on the financial statements.
Page | 14
For such internal control as (management) determines is necessary to enable the
preparation of financial statements that are free from material misstatement, whether due
to fraud or error; and
To provide us with:
Access to all information of which (management) is aware that is relevant to the
preparation of the financial statements such as records, documentation and other
matters
Additional information that we may request from (management) for the purpose
of the audit
Unrestricted access to persons within the entity from whom we determine it
necessary to obtain audit evidence.
As part of our audit process, we will request from (management and, where appropriate, those
charged with governance), written confirmation concerning representations made to us in
connection with the audit.
We look forward to full cooperation from your staff during our audit.
[Insert other information, such as fee arrangements, billings and other specific terms, as
appropriate.]
Reporting
[Insert appropriate reference to the expected form and content of the auditor’s report.]
The form and content of our report may need to be amended in the light of our audit findings.
Please sign and return the attached copy of this letter to indicate your acknowledgement of, and
agreement with, the arrangements for our audit of the financial statements including our
respective responsibilities.
PRACTICE QUESTIONS
1. Explain the pre-engagement activities audit firms need to undertake before taking onboard a
new audit client. (10 marks)
Page | 15
2. Outline the contents of an audit engagement letter (10 marks)
Page | 16