Professional Documents
Culture Documents
Assurance and Assurance Related Services-Review, Compilation, Profit Forecast, Agreed Upon Procedures and Others
Assurance and Assurance Related Services-Review, Compilation, Profit Forecast, Agreed Upon Procedures and Others
1
Learning Outcomes
• Describe and identify other types of
professional services offered by accountants,
e.g.
• Engagement to review financial statement
• Engagement to perform agree upon procedure
• Engagement to compile financial information
3
Public accounting firm services
• Public accounting firms services
somewhat differently between these two
broad categories, the services provided by
Chartered Accountants generally can be
classified as follows:
• 1) Assurance services
• 2) Non assurances services
4
Assurance vs non assurance
services
1. Assurance services
• Over historical financial statements:
— Audits ( Year financial statements audit and special
purpose audit)
— Reviews
• Over other financial and nonfinancial information:
— Attestation engagements
— Other assurance services
2. Non-assurance services • Consulting services • Tax
services • Valuation services • Personal financial planning
Compilations/Agreed upon procedures)
5
Attestation services
• When the practitioner is asked to deliver services related to
providing some level of assurance over subject matter information
other than historical financial statements, then the service is known
Attestation Engagements.
• However Audits, reviews, and compilations of historical financial
statements are governed by specific standards related to those type
services and are not considered attestation engagements.
• Attestation engagements are best suited for engagements where
assurance is needed over subject matter information that involves
elements of financial statements less than complete statements
(such as accounts payable or inventory balances) or nonfinancial
information (such as performance statistics, compliance
requirements, or internal control systems or processes).
6
Examples of attestation
engagements
• Agreed-upon procedures engagements
• Reporting on financial forecasts and projections
• Reporting on pro forma financial information
• Reporting on an entity’s internal control over
financial reporting
• Reporting on controls placed in operation for
third-party service organizations
• Compliance with laws and regulations
7
Attestation engagement
• Attestation engagements can be classified
based on how the subject matter
information is initially evaluated or
measured against suitable criteria in of two
ways:
• Assertion-based engagements.
• Direct reporting engagements
8
Assertion-based engagements.
9
• Examples of assertions include
management’s assertion that the entity
maintains an effective internal control
over financial reporting and
management assertions contained in
the financial statements.
• The practitioner’s conclusion provides
assurance or adds credibility (to the
assertion) when it supports the
management’s assertion.
10
Direct reporting engagements
11
• In such engagements, the practitioner may
also obtain a representation from the
responsible party that has performed the
evaluation but such representation is not
available to the intended users.
• The practitioner expresses a conclusion
on the subject matter information which is
provided to the intended users in the
assurance report.
12
What is the difference between an audit and an
attestation?
In an audit, an accountant expresses an opinion as to
whether or not a set of financial statements is presented fairly
with respect to the generally accepted accounting principles
(or IFRS, etc).
15
IAASB: Assurance
Engagements
16
The Elements of an Assurance
Engagement
• An assurance engagement has the
following elements or characteristics:
1. A three party relationship involving a
practitioner, a responsible party, and
intended users.
2. An appropriate subject matter.
3. Suitable criteria.
4. Sufficient appropriate evidence, and
5. A written assurance report 17
Assurance Standards and
Assurance Level
• Reasonable assurance means that the engagement
assurance risk is reduced to an acceptably low
level in the circumstances of the engagement.
• In a limited assurance engagement the risk is
greater than for a reasonable assurance
engagement, but still acceptable in the
circumstances of the engagement.
19
(B) In a limited assurance engagement such as a review
of financial statements, the practitioner will also reduce
the engagement risk to an acceptably low level, but in
such engagements, the engagement risk is higher than
in a reasonable assurance engagement because of the
reduced and limited nature of evidence gathering
procedures.
• In a limited assurance engagement, the evidence
gathering procedures are deliberately limited relative to a
reasonable assurance engagement, and the practitioner
does not apply all the procedures used in a reasonable
assurance engagement. Consequently, the conclusion
in the assurance report is expressed in a negative form.
20
• (c) No assurance—The practitioner provides no
conclusion or form of assurance on the subject
matter information or the responsible party’s
assertion as to the subject matter information.
Most commonly applicable to agreed-upon procedure
engagements, the report is limited to describing the
procedures performed, their purpose, and the
factual findings identified as a result of the
procedures performed. The intended users are to
assess for themselves the procedures and findings
and draw their own conclusions.
21
IAASB: Assurance
Engagements
• Ethical requirements.
• Appropriate subject matter.
• Suitable criteria.
• Sufficient appropriate evidence.
• Practitioner’s conclusion in a written report.
• Reasonable or limited assurance.
• Conclusion in positive or negative form.
• Rational purpose.
24
Assurance Services
• Financial Statements Audit (ISA 200 -700)
(based on fair value, accrual , matching )
• Special purpose audit (ISA 800)
Professional accountant may be engaged to
report on financial statements on other basis
of accounting or engaged to report on
specific component of the financial
statements or on entity’s compliance with
financial matter in a contract or agreement
25
Special purpose audit- Other
basis of accounting
Basis used to comply with the
Requirements of a regulatory agency
Cash or modified cash basis
Income tax basis
26
Reviews
27
Review of Historical Financial
Information
• Review as an alternative to an audit.
• Review performed by the auditor of the entity, for
example review of interim financial information.
• Historical financial information.
• Inquiries and analytical procedures.
• Limited assurance.
• Negative form of expression of the conclusion.
29
– Obtain an understanding of the accounting
systems and the nature of the entity’s assets,
liabilities, revenues, and expenses. – This
would include inquiries about the entity’s
procedures for recording, classifying, and
summarising accounting transactions; and the
entity’s accounting policies and practices
– Inquires of the entity’s personnel
responsible for financial reporting about all
the material assertions in the financial
statements, changes in accounting policies,
and subsequent events.
30
– Inquire about the actions taken at meetings of
the board of directors, shareholders, and
other relevant board committees.
– Perform analytical procedures to identify
relationships and individual items that appear
to be unusual.
– Read the financial statements to determine if
they conform to the identified financial
reporting framework.
– When considered appropriate, obtain written
representations from management
responsible for the financial statements.
31
Procedure for Review
ISRE 2400
•Make inquiries of management
– Company’s procedures for recording, classifying and summarising
transactions and disclosing information in accounts
– Actions taken in shareholders and board of directors meetings
– Accounts have been prepared in accordance to approved
accounting standards and consistently applied
– All transactions are recorded
– Whether there are any changes to the company’s business
activities and accounting principles and practices
•A review engagement does not include:-
– Understanding and test of controls
– Specific test of balances
– Procedures to identify subsequent events. Only inquiries about
subsequent events are required
32
Differences between a review and audit of
financial statements
• The objective of audit is to express an opinion
whether the financial statements give a true
and fair view.
• Provides positive assurance on assertions.
• Provides reasonable but not absolute
assurance.
• Auditors apply approved standards on
auditing as performance criteria.
33
• Perform auditing procedures such as
confirmation, inquiry, physical
examination, inspection, computation
and observation
• Require and understanding of internal
control.
• Auditor provides an audit report.
34
• The Objective of review is to state whether anything has
come to the auditor’s attention that causes him to believe
that the financial statements do not present a true and
fair view.
• Provides negative assurance on assertions.
• Provides limited assurance (lower than assurance
provide by audit).
• Auditors to comply with auditing standards applicable to
review engagements.
• Perform primarily procedures such as inquiry and
analytical procedures.
• Does not ordinarily involve assessment of accounting
and internal control.
• Auditor issues a review report.
35
Review Report – Unqualified
report Appendix 3
• We have reviewed the accompanying balance sheet of ABC as at 31st
December 2003 and the related statements of income and cash flow for
the year then ended. These financial statements are the
responsibilities of the company’s management. Our responsibility is to
issue a report on these financial statements based on our review
• We conducted our review in accordance with the approved standards of
auditing in Malaysia applicable to review engagements. This standard
requires that we plan and perform review to obtain moderate assurance
as to whether the financial statements are free from material
misstatement. A review is limited primarily to inquiries of company
personnel and analytical procedures applied to financial data and thus
provides less assurance than an audit. We have not performed an
audit, and accordingly, we do not express an audit opinion
• Based on our review, nothing has come to our attention that causes us
to believe that the accompanying financial statements are not
presented fairly, in all material aspects, in accordance to the approved
accounting standards
36
Review report
Qualified - Departure from approved
accounting standards Appendix 4
• We have reviewed … (per the standard introductory paragraph)
• We conducted our review in accordance with the approved
standards of auditing … (per the standard scope paragraph)
• Management informed us that inventory has been stated at its cost
which is in excess of its net realisable value. Management’s
computation, which we have reviewed, shows that inventory, if
valued at the lower of cost and net realisable value as required by
Approved Accounting Standards, would have been decreased by
RM3M, and net income and shareholders’ equity wiould have been
decreased by Rm2.2M.
• Based on our review, except for the effects of the overstatement of
inventory described in the previous paragraph, nothing has come to
our attention that causes us to believe that the accompanying
financial statements are not presented fairly, in all material aspects,
in accordance to the approved accounting standards
37
Review report
Qualified- Adverse report Appendix 4
• Standard intro and scope paragraph
• As noted in footnote xx, these financial statements do not reflect the
consolidation of the financial statements of subsidiary companies,
the investment in which is accounted for on a cost basis. Under the
approved accounting standards, the financial statements of the
subsidiaries are required to be consolidated.
• Based on our review, because of the pervasiveness effect on the
financial statements of the matter discussed in the preceding
paragraph, the accompanying financial statements are not
presented fairly, in all material aspects, in accordance to the
approved accounting standards
38
Review of Historical Financial
Information
39
Review of Historical Financial Information
40
Compilation
41
Compilation service
A compilation is often the result of an accounting service known as
write-up work. With compilations, or compiled financial statements,
the outside accountant converts the data provided by the client into
financial statements without providing any assurances or
auditing services.
An example of a compilation report would be taking your internally
generated financial information and organizing it in financial statement
form. When doing so, no procedures or testing is performed and no
assurances are provided on the financial statements.
In a compilation service related to financial statements, the practitioner
presents in the form of financial statements information that is the
representation of management, without undertaking to express any
assurance on the financial statements.
Compilation does not absolve accountants responsibility as they are
always responsible for exercising due care in performing all duties
42
A compilation engagement may be required for various
purposes
• To comply with mandatory periodic financial reporting requirements
established in law or regulation; or
• For purposes unrelated to mandatory financial reporting under
relevant law or regulation, including for example:
• For management or those charged with governance, prepared on a
basis appropriate for their particular purposes (such as preparation of
financial information for internal use).
• For periodic financial reporting undertaken for external parties under a
contract or other form of agreement (such as financial information
provided to a funding body to support provision or continuation of a
grant).
• For transactional purposes, for example to support a transaction
involving changes to the entity’s ownership or financing structure
(such as for a merger or acquisition).
43
Compilation engagement
• In conducting a compilation engagement, a professional
accountant applies his accounting expertise and does not
test the assertions underlying the preparation of the
financial statements
• The accountant should read the compiled financial
statements to determine whether they are in appropriate
form and free from obvious errors such as mathematical
or clerical mistakes or mistakes in the application of
accounting standards.
• The accountant is not required to perform procedures to
verify information supplied by the client.
44
• If he is aware that information supplied by the client is not
correct, he should consider perform additional procedures
and request management for more information.
• If there are material misstatements in the financial
information and management refuse to make the
amendments, the accountant should not associate himself
with the statements.
• In addition if there is a departure from the identified
reporting framework, the accountant should ensure that
the fact is disclosed in the financial statements and he
should highlight the departure in his report.
45
Compilation
46
Procedures for compilation
ISRS 4410
• Establish an understanding with the client
about the nature and limitations of the
services to be performed and a description of
the report
• Obtain a general knowledge about the
business and operations
• Obtain a general understanding about the
client’s business transaction, accounting
records, employees and the basis, form and
content of the accounts.
• Make inquiries to determine whether the
client’s information is satisfactory
47
Procedures for compilation
• Read the compiled set of accounts and be alert
to any obvious omissions or errors from the
approved accounting standards
• Document matters which are important in
providing evidence.
• Obtain an acknowledgement from management
of its responsibility for the appropriate
presentation of the financial information and of
its approval of the financial information.
48
Report on an engagement to compile
financial statements
• On the basis of information provided by management,
we have compiled, in accordance with the approved
auditing standard on auditing in Malaysia applicable to
compilation engagements, the balance sheet of ABC as
at 31st December 2003 and statement of income and
cash flow for the year then ended. Management is
responsible for these financial statements. We have not
audited or reviewed these financial statements and
accordingly express no assurance thereon.
49
Report on an engagement to compile financial
statements – with an additional paragraph that
draws the attention to the compilation without
disclosure
50
Report on an engagement to compile financial
statements – with an additional paragraph that
draws the attention to a departure from the
approved accounting standards
51
Examination of prospective
financial information
Forecast
or
Projection
52
Examination of prospective
financial information
• ISAE 3400
• FINANCIAL FORECAST-BEST ESTIMATE
ASSUMPTION
• FINANCIAL PROJECTION-HYPOTHETICAL
ASSUMPTION
• CONSLUSIONS
-MGT ASSUMPTIONS-NEGATIVE ASSURANCE
-
53
Forecast vs Projection
Forecast
•Prospective financial information based on assumptions as
to future events which management expects to take place
and the actions management expects to take (best-
estimate assumptions).
Projection
•Prospective financial information based on hypothetical
assumptions about future events and management actions,
or a mixture of best-estimate and hypothetical
assumptions.
54
Types of Prospective Financial Information
56
Assurance on Prospective
Financial Information
Financial forecasts are Financial projections are
prospective financial prospective financial
information based on information based on
expectations of future hypothetical assumptions
events and actions. about future events and
actions.
58
Accepting Engagement
• The auditor should not accept/withdraw from an engagement where:
─ The assumptions are clearly unrealistic; or
─ Then the auditor believes the PFI will be inappropriate for its intended use.
• The auditor and the client should agree on the terms of the engagement.
Before accepting such an engagement, the audit firm should consider the following
factors.
• The intended use of the information. For example, is it intended for internal or
external use?
• Whether the information will be for general or limited distribution.
• The nature of the assumptions on which the information is based.
• The information to be included.
• The period covered by the information
.
59
Level of assurance
• Due to the nature of PFI, the audit firm will
be unable to conclude on whether the
results will be achieved. Also there may be
insufficient evidence available to conclude
that the assumptions are free from
material misstatement. Therefore, the
audit firm can generally only provide a
limited level of assurance
60
Negative assurance
In accordance with ISAE 3400 the auditor will give negative assurance.
Negative assurance is assurance of something in the absence of any evidence
to the contrary.
ISAE 3400 recommends negative assurance that assumptions are reasonable
basis for PFI.
61
Procedures to examine cash
flow forecast
• Recalculate and cast the cash flow forecast to verify arithmetical accuracy.
• Review past forecasts with actual outcomes to establish the accuracy of the company
forecasts in the past.
• If forecasts have been reasonable in the past, this would make it more likely that the
current forecast is reliable.
• • Confirm the assumptions that have been made in the preparation of the cash flow
forecast. For example, you are aware that costs are rising so you would expect cost
increases to be reflected in the cash forecasts.
• • Review the sales department detailed budgets for the two years ahead and discuss
with them the outlets that they will be targeting. This would help the auditor to
determine whether the cash derived from sales is soundly based.
62
Procedures to examine cash
flow forecast (Continued)
• Review the production department’s assessment of the non-current assets
required to increase the production of wedding cakes to the level required
by the sales projections. Obtain an assessment of estimated cost of non-
current assets, reviewing bids from suppliers, if available. This would
provide evidence on material cash outflows.
• Agree the opening balance of the cash forecast to the closing balance of the
cash book, to ensure the opening balance of the forecast is accurate.
• Consider the adequacy of the increased working capital that will be required
as a result of the expansion. Increased working capital would result in cash
outflows and it would be important to establish its adequacy.
• If relevant review the post year-end period to compare the actual
performance against the forecast figures.
• Review board minutes for any other relevant issues which should be
included within the forecast.
63
Reporting on entity’s Risk
management & internal control
64
Reporting on an entity’s internal
control
• In line with s 404 of SOX act 2002-US
• Listed companies in Malaysia are
required to issue a statement of internal
control in line with the requirement of
MCCG
65
Director statement of Risk
management & internals control
• As a principle of good CG ,companies should maintain a
sound internal control to safeguard shareholders investment
and the company assets. This is recognized in the MCCG
which places the responsibility for the proper internal controls
on the directors of the company and considers it the director’s
duty to review the adequacy and integrity of a company’s
internal control.
• In Malaysia the BOD of listed companies are required to
make disclosures on the state of internal control and Risk
Management referred to as the director statement on risk
management & internal control are normally presented in a
separate statement which is the annual report of the company
66
Recommended Practice Guide
AAPG 3(old RPG 5)
• Based on the guidance provided in AAPG
3,the review is conduced to assess whether
the statement on internal control properly
reflects the process the entity has adopted
in reviewing the adequacy and integrity of
its internal control systems.
• The review report on the statement on
internal control contains an expression of
negative assurance.(Limited Assurance)
67
US SOX 404
• In the US ,the SOX 2002 has made it mandatory for
the management of public listed companies to issue
an internal control report. In Addition to
acknowledging its responsibility for maintaining
adequate internal control the management of public
entities also issue an assertion regarding the
effectiveness of the internal control over financial
reporting. Under US SOX, the independent auditors
of the company are required to express an opinion
on the management’s assertion regarding the
internal control over financial reporting
68
Agreed on Procedures ISRS
4400
69
Agreed Upon Procedures Engagements
70
The important matters that must be agreed-upon between
the practitioner and the client in such an engagement
include:
–Nature of the engagement – to state that the procedures
do not constitute an audit or a review and that no
assurance will be expressed.
–Purpose of the engagement.
–Identification of the financial information to which the
procedures will be applied.
–Nature, timing and extent of the specific procedures to
be applied in the engagement.
–The expected form of the report of factual findings.
–Limitations or restrictions on the distribution of the report
71
Procedures for performing agreed
procedures engagement
ISAE 4400
• The auditor should carry out the procedures agreed upon
and use the evidence obtained as the basis for the report
of factual findings. The procedures may include:
- Inquiry
- Observation
- Inspection
- Obtaining confirmation
72
Agreed-Upon Procedures
73
74
Trust services
75
Trust Services Engagement
• Electronic commerce involves individual and
organisations conducting business transaction using
computers for examples-EDI-where formal contract exist
between business parties over internet.This growth in
technology has increased concerns by businesses and
individuals
• AICPA & CIA developed SysTrust and WebTrust-2
unique sets of principles by which professional
accountants could evaluate business system and
control.
• The combined underlying principles of these two
services into one common principle called Trust Services
76
Trust Services(apply to both web
trust and sys trust)
Principles are:
• Security― The system is protected against unauthorised
access (both physical and logical).
• Availability― The system is available for operation and use
as committed or agreed.
• Processing Integrity― System processing is complete,
accurate, timely, and authorised.
• Online Privacy― Personal information obtained as a result of
e-commerce is collected, used, disclosed, and retained as
committed or agreed.
• Confidentiality― Information designated as confidential is
protected as committed or agreed.
• REFER TO THE GUIDES ISSUED BY ACIPA
77
Web trust engagement
During a WebTrust engagement, the practitioner
“audits” a company’s online business practices to
verify compliance matters such as privacy,
security, availability, confidentiality, consumer
redress for complaints, and business practices.
WebTrust provides suitable criteria for practitioners
as well as a licensing process that enables CPAs
to provide reasonable assurance on Web sites.
78
WebTrust Assurance Process
A practitioner may provide assurance service on a website by
following the WebTrust assurance process. The entity would have
to meet all of the WebTrust Principles as measured by the
WebTrust Criteria. The professional accountant would conduct an
examination to verify and attest to the management's assertions.
The process would include the following:
• Obtain an understanding of the entity’s electronic commerce
business practices and its controls over the processing of
electronic commerce transactions and the protection of related
private customer information.
• Selectively test transactions executed in accordance with the
disclosed practices.
• Test and evaluate the operating effectiveness of the controls.
• Perform other procedures that are considered necessary.
79
Sys trust
• As more organizations become dependent on information
technology to run their businesses, produce products and
services, and communicate with customers and business
partners, it is critical that their systems be secure,
available when needed, and consistently able to produce
accurate information.
• An unreliable system can trigger a chain of business
events that negatively affect a company and its
customers, suppliers, and business partners. SysTrust
responds to this business need by providing suitable
criteria and a process that enables a CPA to provide
assurance that a
80
Sys Trust
• The system components include its
infrastructure, software, personnel, procedures
and data
• SysTrust follows the principles of Trust Services
• The professional accountant evaluates a system
against the Trust Services principles and criteria
to determines whether controls over the system
exist.
• The practitioner then perform tests to determine
whether those controls were operating
effectively during the specified period.
81
End of Lecture
82