Audit and Assurance PDF

Summary

This document provides an overview of the concepts of audit and assurance engagements. It discusses the development of external audit, internal audit, and assurance services. The document also explores the factors contributing to the increasing demand for these services, including rapid expansion of information and changing information needs of businesses and consumers.

Full Transcript

(AA) Audit and Assurance
Chapter 1: Audit and Other Assurance
Engagements
Overview
Objective: To introduce the concepts of audit and assurance engagements.

1.1 Development
1.1.1. External Audit
During the middle of the 19th century, the development of joint-stock corporations required
directors to report to the shareholders whose capital they managed.

As ownership and management became significantly separated, shareholders (and other
stakeholders in today's corporate environment) required independent verification that what
the directors (management) reported was true.

Key Point
The objective of an external audit is to express an opinion (in terms of truth and fairness)
on whether the financial statements are prepared, in all material respects, in accordance
with an identified reporting framework (e.g. International Financial Reporting Standards)
and the relevant law.
 Statutory audits (i.e. carried out according to statutory provisions) became mandatory
for companies in the UK in 1900. The auditor was required to be independent of the
company, hence an external auditor.
Initially, an audit aimed to detect fraud, technical errors and errors of principle.
However, as the size and complexity of companies grew, case law developed the
principle that it was unreasonable to expect auditors to detect all aspects of fraud, even
though they were expected to exercise reasonable skill and care.
As companies grew, with many becoming international organisations, it became
impracticable for auditors to verify the 100% accuracy of financial records. So, the audit
of financial statements became an attestation (substantiation, testimony) of
their credibility (i.e. believability).

Key Point
Company law requires statutory (external) audits in the jurisdiction in which a corporation
operates.

The general provisions for external audit typically contained in company law are discussed
in Chapter 2.

1.1.2. Internal Audit

Definition
Internal auditing - an independent, objective assurance and consulting activity designed
to add value and improve an organisation's operations. It helps an organisation
accomplish its objectives by bringing a systematic, disciplined approach to evaluating and
improving the effectiveness of risk management, control and governance processes.
- The Institute of Internal Auditors (IIA)

The modern form of internal audits was initially developed as the growth and increasing
complexity of entities in the early 1900s stretched the capabilities of managers to manage
effectively.

Senior management appointed specialist employees to review and report on various
financial and other processes and ensure appropriate controls were effectively applied.
The role of the early internal auditors ranged from checking routine financial and
operational functions with a heavy emphasis on compliance, security and detection of
fraud to (in some cases) the analysis and appraisal of financial and operational
activities. The Institute of Internal Auditors (IIA) was founded in 1941.
The expansion of the role of internal audit, whether required by legislation (e.g. in public
sectors), listing regulations, corporate governance codes (e.g. the UK Corporate
Governance Code) or as a voluntary activity, reflects organisations' economic and
 international growth.
The role of internal audit in governance is discussed in Chapter 14.

1.1.3. Assurance Services

Definition
Assurance services - independent professional services that improve the quality of
information, or its context, for decision - makers.

Over the years, the auditing profession has broadened its role (and income streams) by
developing a wide range of assurance services (of which the financial statement audit is
just one part).

Factors contributing to the increasing demand for assurance services include:

The rapid expansion of available information (e.g. systems capabilities of capturing,
processing and delivering relevant and reliable information)
The changing information needs of businesses and consumers (e.g. minimising
information overload).
The increase in demand for relevant information for decision-makers (e.g. budgets,
cash flow forecasts and due diligence)
Emerging technologies (e.g. automation, the internet and data analytics) and business
processes (e.g. supply chain management, outsourcing).
Changing expectations and demands of customers, suppliers and other stakeholders
(e.g. quality control, market trends).
Globalisation of businesses creating worldwide needs (e.g. ethical supply-chain codes).
Increasing corporate accountability demanding more relevant and reliable information
(e.g. corporate governance, compliance with laws and regulations, environmental
performance, corporate social reporting and integrated reporting).

Typical assurance services include:

Audits of financial statements and reviews of historical financial information.
Prospective financial information (e.g. cash flows) reviews.
Business ethics audits, social responsibility reporting, environmental reporting.
Risk assessments (including e-commerce).
Value for money audits.
Performance measurement.
Systems and control reliability.
 Exam advice
Only audits and reviews of historical financial information are examinable in detail.

1.2. External Audit
1.2.0. Introduction
An external audit provides confidence in the integrity of corporate reporting for the benefit of
stakeholders and society by providing an external and objective view of the statutory
financial statements. Specifically, the audit enhances the degree of confidence of the
shareholders in the financial statements.

1.2.1. As an Assurance Service
As an assurance service, an external audit must include the five elements of an assurance
engagement:

1. The subject matter is the financial statements prepared under the applicable financial
reporting framework (e.g. IFRS Accounting Standards).
2. The three-party relationship includes:
the directors, who are responsible for the financial statements;
the practitioner (i.e. the external auditor); and
the shareholders (and other intended users of the financial statements).
3. The criteria used to evaluate the financial statements include the financial reporting
framework.
4. The external auditor plans and performs the audit engagement to obtain sufficient
appropriate evidence to support the expression of an opinion on the financial
statements.
5. An opinion in an assurance report – the "independent auditor's report".

These elements are described in more detail in s.3.2.

Definition
Applicable financial reporting framework – the financial reporting framework adopted
by management in the preparation of the financial statements that is acceptable in view
of the nature of the entity and the objective of the financial statements or that is required
by law or regulation.
1.2.2. Stewardship, Agency and Accountability

Exam advice
These concepts were introduced in earlier examinations (Business and
Technology and Corporate and Business Law).

Generally, companies are:
 Owned by shareholders (“principals”); and
Managed by directors (“agents” of the principals) who are appointed by the
shareholders.

The shareholders appoint auditors to report to them (provide assurance) on the information
provided by the directors (the annual financial statements as required by law).

The essential attributes of the relationship between the directors, shareholders and auditors
are stewardship, agency and accountability.

1.2.2.1 Stewardship
Stewardship is the practice of managing another person's property. Directors and other
managers of an entity are responsible for stewardship of the property of that entity, which the
shareholders own.

Activity 1 Stewardship

Suggest FIVE responsibilities of company directors.

*Please use the notes feature in the toolbar to help formulate your answer.

Responsibilities (e.g. duties embodied in statute and corporate governance requirements)
may include:

1. Keeping proper accounting records.
2. Safeguarding the entity's assets.
3. Implementing appropriate business, financial and risk management controls.
4. Producing financial statements (statement of financial position, statement of
comprehensive income, statement of cash flows, statement of changes in equity,
disclosure notes) that give a true and fair view and the results of their stewardship.
5. Producing a directors' report and other information (e.g. as required by listing rules)
which is consistent with the financial statements and contains certain specified
information.

1.2.2.2 Agency
An agent is an individual (or another entity) employed or used to provide a particular service.
The individual using the agent is the principal.

Activity 2 Agency
Describe the possible agency relationships between shareholders, directors and auditors.

*Please use the notes feature in the toolbar to help formulate your answer.

A director can be described as an agent having a fiduciary relationship (one of trust)
with a principal (i.e. the company that employs her).
A director is similarly an agent of the shareholders.
Auditors, as the shareholders appoint them in most jurisdictions, are also agents of the
shareholders.

1.2.2.3 Accountability
Accountability is where one party is held responsible (answerable) to another party; it will be
required to justify its actions and decisions to that party.

Activity 3 Accountability

Explain the accountability of directors and the auditor to shareholders.

*Please use the notes feature in the toolbar to help formulate your answer.

Directors are accountable to the shareholders. Many jurisdictions place legal
requirements on directors regarding their accountability and communication with
stakeholders, for example, through directors' reports and financial statements prepared
under an appropriate framework (e.g. IFRS).
Directors of listed companies will also be subject to listing rules and corporate
governance codes (e.g. publication of interim financial statements, regular meetings
with financial institutions, profit and going concern warnings, analysis and management
of risk, audit committees and annual general meetings).
The auditor of a company's financial statements is accountable to the shareholders.
The auditor must act in the interests of the shareholders (the primary stakeholders)
while also having regard for the broader public interest in that other stakeholders will
read the auditor’s report. (However, the auditor is not an agent for any other
stakeholder(s), and the auditor’s report is not addressed to such stakeholders, only to
the shareholders.)

Exam advice
The role of the annual general meeting (AGM) in managing companies is assumed
knowledge from Corporate and Business Law.

1.2.3. Auditor's Report
 Key Point
The objective of an audit of financial statements is:

- to enable an independent auditor to obtain reasonable assurance about whether the
financial statements are free from material misstatement, whether due to fraud or error;
and (thereby)
- to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an identified financial reporting framework.

The auditor's report, the product of the auditor's work, is a written communication to the
shareholders. It is introduced here to provide the context of what an audit entails; it is
explained in detail in Chapter 30.

An example of an auditor’s report, which expresses the audit opinion, follows.

INDEPENDENT AUDITOR’S REPORT

To the Shareholders of ABC Company [or Other Appropriate Addressee]

Report on the Audit of the Financial Statements

Opinion

We have audited the financial statements of ABC Company (the Company), which comprise
the statement of financial position as at December 31, 20X1, and the statement of
comprehensive income, statement of changes in equity and statement of cash flows for the
year then ended, and notes to the financial statements, including a summary of significant
accounting policies.

In our opinion, the accompanying financial statements present fairly, in all material respects,
(or give a true and fair view of) the financial position of the Company as at December 31,
20X1, and (of) its financial performance and its cash flows for the year then ended in
accordance with International Financial Reporting Standards (IFRSs).

Basis for Opinion

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our
responsibilities under those standards are further described in the Auditor’s Responsibilities
for the Audit of the Financial Statements section of our report. We are independent of the
Company in accordance with the International Ethics Standards Board for Accountants’
Code of Ethics for Professional Accountants (IESBA Code) together with the ethical
requirements that are relevant to our audit of the financial statements in [jurisdiction], and we
have fulfilled our other ethical responsibilities in accordance with these requirements and the
IESBA Code.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide
a basis for our opinion.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most
significance in our audit of the financial statements of the current period. These matters were
addressed in the context of our audit of the financial statements as a whole, and in forming
our opinion thereon, and we do not provide a separate opinion on these matters.

[Description of each key audit matter in accordance with ISA 701.]

Other Information

[Add detail in accordance with ISA 720]

Responsibilities of Management and Those Charged with Governance for the
Financial Statements

Responsibilities of Management and Those Charged With Governance for the Financial
Statements Management is responsible for the preparation and fair presentation of the
financial statements in accordance with IFRSs, and for such internal control as management
determines is necessary to enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error.

In preparing the financial statements, management is responsible for assessing the
Company’s ability to continue as a going concern, disclosing, as applicable, matters related
to going concern and using the going concern basis of accounting unless management
either intends to liquidate the Company or to cease operations, or has no realistic alternative
but to do so.

Those charged with governance are responsible for overseeing the Company’s financial
reporting process.

Auditor’s Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements
as a whole are free from material misstatement, whether due to fraud or error, and to issue
an auditor’s report that includes our opinion. Reasonable assurance is a high level of
assurance, but is not a guarantee that an audit conducted in accordance with ISAs will
always detect a material misstatement when it exists. Misstatements can arise from fraud or
error and are considered material if, individually or in the aggregate, they could reasonably
be expected to influence the economic decisions of users taken on the basis of these
financial statements.

*As part of an audit in accordance with ISAs, we exercise professional judgment and
maintain professional skepticism throughout the audit. We also:
 Identify and assess the risks of material misstatement of the financial statements,
whether due to fraud or error, design and perform audit procedures responsive to those
risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for
our opinion. The risk of not detecting a material misstatement resulting from fraud is
higher than for one resulting from error, as fraud may involve collusion, forgery,
intentional omissions, misrepresentations, or the override of internal control.
Obtain an understanding of internal control relevant to the audit in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of
expressing an opinion on the effectiveness of the Company’s internal control.
Evaluate the appropriateness of accounting policies used and the reasonableness of
accounting estimates and related disclosures made by management.
Conclude on the appropriateness of management’s use of the going concern basis of
accounting and, based on the audit evidence obtained, whether a material uncertainty
exists related to events or conditions that may cast significant doubt on the Company’s
ability to continue as a going concern. If we conclude that a material uncertainty exists,
we are required to draw attention in our auditor’s report to the related disclosures in the
financial statements or, if such disclosures are inadequate, to modify our opinion. Our
conclusions are based on the audit evidence obtained up to the date of our auditor’s
report. However, future events or conditions may cause the Company to cease to
continue as a going concern.
Evaluate the overall presentation, structure and content of the financial statements,
including the disclosures, and whether the financial statements represent the
underlying transactions and events in a manner that achieves fair presentation.

We communicate with those charged with governance regarding, among other matters, the
planned scope and timing of the audit and significant audit findings, including any significant
deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied
with relevant ethical requirements regarding independence, and to communicate with them
all relationships and other matters that may reasonably be thought to bear on our
independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those
matters that were of most significance in the audit of the financial statements of the current
period and are therefore the key audit matters. We describe these matters in our auditor’s
report unless law or regulation precludes public disclosure about the matter or when, in
extremely rare circumstances, we determine that a matter should not be communicated in
our report because the adverse consequences of doing so would reasonably be expected to
outweigh the public interest benefits of such communication.

The engagement partner on the audit resulting in this independent auditor’s report is [name].
[Signature in the name of the audit firm, the personal name of the auditor, or both, as
appropriate for the particular jurisdiction]

[Auditor Address]

[Date]

*This description of the auditor’s responsibilities (as shaded above) may be included in a
referenced appendix to the auditor’s report or by a specific reference to a website of an
appropriate authority, where the auditor is permitted to do so.

1.2.3.1 Management and Auditor’s Responsibility
Management is responsible for preparing and presenting fairly the financial statements (e.g.
in accordance with the applicable financial reporting framework). This includes:

designing, implementing and maintaining the necessary internal control;
selecting and applying appropriate accounting policies; and
making accounting estimates that are reasonable in the circumstances.

Management’s responsibility is stated in:

the auditor’s report;
the engagement letter between the auditor and directors (see Chapter 5); and
the written representations from the directors to the auditor (see Chapter 20).

Oversight of management’s responsibilities (including those for the financial statements) is
provided by those charged with governance (TCWG). The governance structure will vary
depending on the jurisdiction that management operates within and the applicable corporate
governance code (see Chapter 3).

An audit of financial statements does not relieve management or TCWG of their
responsibilities.

The auditor is responsible for expressing an opinion on the financial statements based on
the audit. The scope of audit work is described in the report, in an appendix to the auditor’s
report, or by a specific reference to a website of an appropriate authority. The auditor
is not responsible for the financial statement’s form and content.

Although the audit opinion enhances the credibility of the financial statements, users cannot
assume that the opinion assures the future viability of the entity or the efficiency or
effectiveness of management’s stewardship.

1.2.3.2 International Standards on Auditing (ISA)
Each ISA provides:
 an introduction, objectives and definitions;
requirements; and
application and other explanatory material.

An audit conducted in accordance with ISAs must consider the requirements of:

ISAs (i.e. to plan, evaluate controls, obtain evidence, form conclusions and report);
relevant professional bodies (e.g. ACCA);
legislation and regulations (e.g. Companies Acts);
the terms of the audit engagement and reporting requirements.

The scope and authority of ISAs are discussed in Chapter 2.

1.2.3.3 Ethical Requirements
The auditor should comply with the International Ethics Board for Accountants (IESBA) Code
of Ethics for Professional Accountants (see Chapter 4).

1.2.3.4 Reasonable Assurance

Definition
Reasonable assurance – a high, but not absolute, level of assurance.

In an audit engagement, reasonable assurance is expressed “positively” in the auditor's
report that the information subject to audit (i.e. the financial statements) is free of material
misstatement.

To provide reasonable assurance, the auditor carries out specific detailed routines,
conducts relevant testing and assesses the accumulated evidence obtained regarding
the financial statements. The auditor must believe that the evidence obtained is
sufficient and appropriate to provide a basis for his opinion. However, most evidence is
persuasive rather than conclusive, and what is “sufficient appropriate” audit evidence
(see Chapter 15) is a matter of professional judgment.
An auditor cannot obtain absolute (i.e.100%) assurance because of the inherent
limitations in an audit (see Chapter 2). Therefore, a audit cannot guarantee that the
financial statements are free of material misstatement.
There are practical limitations on the auditor’s ability to obtain audit evidence. For
example:
management or others may not provide, intentionally or unintentionally, the
complete information that is relevant to the preparation of the financial statements
or that has been requested by the auditor. Therefore, the auditor cannot be certain
of the completeness of information;
 fraud (as opposed to error)_is deliberate and likely to be concealed. Therefore,
audit procedures used to gather audit evidence may be ineffective for detecting an
intentional misstatement that involves collusion (i.e. management or employees
conspiring together) to conceal it.

1.2.3.5 Materiality

Definition
Material – Information is material if its omission or misstatement could influence
decisions that the primary users of general purpose financial reports make based on
those reports.

Materiality is an expression of the relative significance or importance of a matter, whether
quantitative or qualitative (e.g. values and discursive disclosures), in the financial statements
(see Chapter 10).

In planning the audit, the auditor must consider those areas that are material to the
financial statements and the possibility that material errors could be contained in the
(unaudited) financial statements ("material misstatement").
Audit procedures must minimise the risk that material misstatements remain
undetected by the audit.

Key Point
The auditor is not responsible for detecting misstatements that are not material to the
financial statements.

1.2.3.6 Professional Judgment

Professional judgment and professional scepticism are defined in ISA 200 Overall Objectives
of the Independent Auditor and the Conduct of an Audit in Accordance with International
Standards on Auditing.

Definition
Professional judgment – the application of relevant training, knowledge and experience,
within the context provided by auditing, accounting and ethical standards, in making
informed decisions about the courses of action that are appropriate in the circumstances
of the audit engagement.

Key Point
Professional judgment is essential to the proper conduct of an audit.
Professional judgment is necessary in particular:

In interpreting relevant ethical requirements (see Chapter 4) and applying ISAs.
In identifying and assessing risks of material misstatement (see Chapter 8).
In determining ( the nature, timing and extent of audit procedures) to meet the
requirements of ISAs and gather audit evidence.(see the audit plan in Chapter 7)
In evaluating whether sufficient appropriate audit evidence has been obtained
(see Chapter 15).
In drawing conclusions based on evidence obtained (e.g. assessing the
persuasiveness of conflicting evidence from different sources and the reasonableness
of estimates made by management).

1.2.3.7 Professional Scepticism

Definition
Professional scepticism – an attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement, and a critical assessment of
evidence.

Key Point
The auditor should plan and perform (i.e. conduct) the audit with an attitude of
professional scepticism, recognising that circumstances may exist that will cause a
material misstatement in the financial statements.

Professional scepticism includes being alert to, for example:

conditions that may indicate risks of misstatement due to fraud or error;
audit evidence that contradicts other audit evidence obtained;
information that brings into question the reliability of documents or management
representations (see Chapter 18) used as audit evidence; and
circumstances that suggest the need for audit procedures in addition to those required
by ISAs.

However, records and documents may be accepted as genuine unless the auditor has
reason to believe the contrary. Also, in planning and performing the audit, an auditor should
assume neither dishonesty nor unquestioned honesty of management.

Maintaining professional scepticism throughout the audit is necessary to reduce such risks
as:

Overlooking unusual circumstances.
Overgeneralising when drawing conclusions from audit observations.
 Using inappropriate assumptions in determining the nature, timing and extent of the
audit procedures and evaluating the results of procedures.

1.2.3.8 "True and Fair View"

The term "true and fair view" is not defined in ISAs.

True or truth relates to factual accuracy (bearing in mind materiality). The information
provided conforms to required standards, regulations and laws.
Fairness relates to the presentation of information and the view conveyed to the reader.
Such information is free from bias. The financial statements reflect the commercial
substance and reality of the underlying balances and transactions.
View indicates that a professional judgment has been reached. A degree of imprecision
is inevitable because of inherent limitations in an audit (e.g. the auditor does not inspect
100% of all transactions).

A true and fair presentation (i.e. presented fairly in all material respects) means compliance
with the applicable financial reporting framework. Where there is a choice of accounting
policy (e.g. the cost or revaluation model under IAS 16 Property, Plant and Equipment),
either choice will give a true and fair view if applied correctly. For example, the revaluation
model must be applied to an entire class of property, plant and equipment; to apply
selectively would be biased.

Key Point
The phrases “present fairly, in all material respects” and “give a true and fair view” are
equivalent.

1.2.4. The Audit Process
1.2.4.1 Audit Cycle
The audit process is often depicted as a continuous annual cycle of broad stages:
Stage Description
Engagement letter The auditor must send all clients an engagement letter setting
out the auditor's duties and responsibilities and management’s.
Chapter 5
Planning Planning audit work is essential to performing it to the required
high standard of skill and care. It includes establishing the overall
Chapter 7 audit strategy and developing the audit plan.
Assess risk To determine audit strategy and the nature, timing and extent of
audit procedures (the audit plan), auditors must identify and
Chapter 8 assess the risks of material misstatement.
Internal controls Regardless of the audit approach, the auditor must evaluate the
design of the system of internal control.
Chapter 9
Control If the auditor decides to rely on the system of internal control, the
effectiveness operating effectiveness of internal controls must be tested.

Chapter 12
Substantive All material assertions relating to balances, transactions and
procedures related disclosures must be verified. For example, that
transactions occurred, assets exist and disclosures are complete.
Chapter 15
 Stage Description
Review and Audit working papers must be reviewed to ensure that audit
finalisation evidence supports the audit opinion. Procedures typically include
procedures an analytical review of the financial statements, subsequent
events and going concern reviews.
Chapter 29
Obtain The auditor asks management to formally acknowledge its
management responsibilities (e.g. for the financial statements and internal
representations controls). Representations may also be required to support audit
evidence (e.g. all liabilities have been recognised).
Chapter 20
Sign auditor's After the directors have approved the financial statements, the
report auditor signs the auditor's report. The audit opinion will usually
be unmodified but may need to be modified.
Chapter 30

1.2.4.2 Relational Diagram
This depiction of the process shows the two alternative audit approaches:
The auditor’s understanding of the entity must include the internal controls over financial
reporting. Depending on that understanding and the risk of material misstatement, the
auditor decides whether to perform tests of controls (i.e. take a compliance approach) or
adopt a wholly substantive approach. This general overview of the audit process is
developed in later Chapters.

1.3. Assurance Engagements
1.3.1. International Framework for Assurance Engagements

Definition
Assurance engagement – an engagement in which a practitioner expresses a
conclusion designed to enhance the degree of confidence of the intended users, other
than the responsible party, about the outcome of the evaluation or measurement of a
subject matter against criteria.
The framework defines and describes the elements and objectives of assurance
engagements, including audits and reviews of historical financial information and other
assurance engagements.

1.3.2. Five Elements of an Assurance Engagement
Three-party relationship: an assurance engagement includes three separate parties:

a practitioner;
a party responsible for the subject matter or an assertion about the subject matter; and
the intended users of the assurance report.

Subject matter: data prepared or assertions made by the responsible party.

Criteria: benchmarks (relevant, complete, reliable, neutral, understandable) against which
the subject matter can be assessed and an opinion provided.

Evidence: the practitioner plans and performs an assurance engagement with an attitude of
professional scepticism to obtain sufficient appropriate evidence about whether the subject
matter is free of material misstatement.
Assurance Report: a written report given by the practitioner to the intended users that
provides either reasonable assurance or limited assurance about the subject matter.

1.3.3. Types of Assurance Engagement
There are two types of assurance engagements:

1. reasonable assurance engagements; and
2. limited assurance engagements.

For assurance engagements involving historical financial statements:

reasonable assurance engagements are called "audits"; and
limited assurance engagements are called "reviews".

1.3.3.1 Reasonable Assurance Engagement
A reasonable assurance engagement provides a high level of assurance by expressing
a conclusion in a positive form. For example:

"In our opinion, the financial statements present fairly, in all material respects (give a true
and fair view of) …"

The practitioner should obtain sufficient appropriate evidence to express a conclusion
in this positive form.
The assurance engagement risk (i.e. the risk that an inappropriate opinion will be given)
should be reduced to an acceptably low level.
Reasonable assurance may be sought where:
The subject matter and criteria are objective and formal; and
Independent, reliable and persuasive evidence that can be obtained.
In audit engagements, the auditor provides reasonable assurance by obtaining
sufficient appropriate audit evidence to draw conclusions on which to base an opinion
(see Chapter 15).

1.3.3.2 Limited Assurance Engagement
A limited assurance engagement provides a limited or a lower level of assurance through
expressing a conclusion in the negative form. For example:

"Nothing has come to our attention that causes us to believe that the financial statements do
not present fairly, in all material respects (give a true and fair view of …"

The level of work carried out is limited and can only allow the practitioner to provide a
negative form of expression.
The assurance engagement risk is more significant (but still acceptable) than that for a
reasonable assurance engagement.
 Limited assurance is generally appropriate where:
Subject matter and criteria are more subjective and informal; and
Evidence may not be sufficiently independent or reliable.

Key Point
Reasonable assurance cannot be given in these circumstances.

In a review engagement, the evidence obtained is through enquiry and analytical
review. This is sufficient to enable only limited assurance to be given.

There is a wide range of limited assurance engagements:

Reviews of historical financial information (e.g. providing assurance on the reported
receivables figure of an acquisition target);
Providing assurance on non-financial matters (e.g. environmental performance
indicators in a company’s annual report).

Activity 4 Assurance

State and explain the form of assurance that could be given on a company's code of
business ethics.

*Please use the notes feature in the toolbar to help formulate your answer.

This would be a limited assurance engagement. Although there is a Code of Business
Ethics, the subjectivity of applying and measuring the application of any specific ethical
criteria (e.g. what is not ethical to one business may be considered ethical by another) would
not enable the practitioner to reduce assurance risk to a sufficiently low level to allow
reasonable assurance to be given.

1.3.4. Evidence Gathering Procedures and Reports
The procedures used to gather evidence and the reports issued will vary depending on the
level of assurance required.

1.3.4.1 Reasonable Assurance Engagement

Evidence gathering for this type of engagement requires the practitioner to:

Obtain an understanding of the engagement circumstances (Chapter 7).
Assess risks and respond to them (Chapters 8 and 9).
Perform further procedures using a combination of inspection, observation,
confirmation, recalculation, performance recalculation, analytical procedures and
 inquiry. This may involve "tests of controls" and "substantive procedures" (Chapters
12 and 15).
Evaluate the evidence obtained (Chapter 29).

When reporting, the practitioner expresses the conclusion in a positive form, such as:
"In our opinion, internal control is effective, in all material respects, based on XYZ criteria."

1.3.4.2 Limited Assurance Engagement
As for reasonable assurance engagements, the practitioner understands, assesses risks
and responds to them (but in the context of limited assurance).

The evidence-gathering procedures are deliberately set to be more limited (e.g. analytical
review and inquiry).

When reporting, the practitioner expresses the conclusion in the negative form, such as:

"Based on our work described in this report, nothing has come to our attention that causes
us to believe that internal control is not effective, in all material respects, based on XYZ
criteria."

Key point
Confirmations, recalculations and tests of controls, for example, will not be undertaken.

1.3.5. Review Engagements
A review of historical financial information is a limited assurance engagement. The objective
of a review engagement is to enable a practitioner to state whether, based on procedures
(which do not provide all the evidence that would be required in an audit), anything has
come to light that causes the practitioner to believe that the financial statements are not
prepared, in all material respects, in accordance with an identified financial reporting
framework.

Key point
This is a negative form of a report that provides limited assurance.

Exam advice
Although the standards for review engagements are not examinable documents, you
should understand the concept of reviews within the general assurance framework.

In a review engagement, the practitioner obtains sufficient appropriate evidence primarily
through inquiry and analytical procedures.
An example of a review report follows.

Exhibit 1 Standard Review Report
Review Report To...

We have reviewed the accompanying statement of financial position of ABC Company at
31 December 20X1, and the related statements of comprehensive income and cash flows
for the year then ended.

These financial statements are the responsibility of the Company's management. Our
responsibility is to issue a report on these financial statements based on our review.

We conducted our review in accordance with the International Standard on Review
Engagements 2400 Engagements to Review Financial Statements. This standard
requires that we plan and perform the review to obtain moderate assurance as to whether
the financial statements are free of material misstatement. A review is limited primarily to
inquiries of company personnel and analytical procedures applied to financial data and
thus provides less assurance than an audit.

We have not performed an audit and, accordingly, we do not express an audit opinion.

Based on our review, nothing has come to our attention that causes us to believe that the
accompanying financial statements do not present fairly, in all material respects (give a
true and fair view of) in accordance with International Financial Reporting Standards.

Signature Date Address

Conclusion
Syllabus Coverage
This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation

1. The concept of audit and other assurance engagements
a. Identify and describe the objective and general principles of external audit
engagements.
b. Explain the nature and development of audit and other assurance engagements.
c. Discuss the concepts of accountability, stewardship and agency.
d. Define and provide the objectives of an assurance engagement.
e. Explain the five elements of an assurance engagement.
f. Describe the types of assurance engagement.
g. Explain the level of assurance provided by an external audit and other review
engagements and the concept of true and fair presentation.
Summary and Quiz
Assurance services are independent professional services that improve the quality of
information for decision-makers. Audits and reviews are assurance services.
The objective of an audit is to obtain reasonable assurance that the financial
statements are free from material misstatement and to express an opinion on whether
the financial statements are properly prepared in accordance with a financial reporting
framework.
Management is responsible for:
preparing and fairly presenting the financial statements;
designing, implementing and maintaining internal control;
selecting and applying appropriate accounting policies; and
making reasonable accounting estimates.
The auditor is responsible for expressing an opinion on the financial statements.
An auditor should conduct an audit in accordance with ISAs and comply with
IESBA's Code of Ethics for Professional Accountants.
Key concepts in auditing are reasonable assurance, materiality, professional judgment,
professional scepticism and "true and fair".
The audit process includes:
agreeing to the terms of the engagement;
planning and risk assessment;
understanding and testing the effectiveness of internal controls (when
appropriate);
substantive procedures; and
final review procedures before signing the auditor's report.
The five elements of an assurance engagement are a three-party relationship, an
appropriate subject matter, suitable criteria, sufficient appropriate evidence, and a
written assurance report.
Assurance engagements provide reasonable (positive/high) or limited (negative/lower)
assurance. Audit engagements provide reasonable assurance, and review
engagements provide limited assurance.

Technical Articles

Chapter 2: External Audit
Overview

2.1. Regulation

2.2. International Federation of Accountants (IFAC)
2.3. Standards Issued by IAASB

2.4. External Audit

Conclusion

Chapter 3: Corporate Governance
Overview

3.1. Corporate Governance

3.2. OECD and UK Codes

3.3. Audit Committees

Conclusion

Chapter 4: Professional Codes of Ethics and
Conduct
Overview

4.1. ACCA's Code of Ethics and Conduct

4.2. Independence Standards

4.3. Second Opinions

4.4. Confidentiality

4.5. Conflicts of Interest

Conclusion

Chapter 5: Auditor Appointment
Overview

5.1. Auditor Engagement

5.2. Existing Auditors

5.3. Terms of Audit Engagements (ISA 210)

5.4. Quality Control Procedures
Conclusion

Chapter 6: Audit Documentation
Overview

6.1. ISA 230 Audit Documentation

6.2. Sufficient and Appropriate Record

6.3. Content

6.4. Confidentiality, Safe Custody, Retention and Ownership

Conclusion

Chapter 7: Audit Planning
Overview

7.1. Overall Objectives (ISA 200)

7.2. Planning

7.3. Preliminary Engagement Activities

7.4. The Audit Strategy

7.5. Audit Plan

7.6. Direction, Supervision and Review

7.7. Documentation

Conclusion

Chapter 8: Identifying and Assessing Risk
Overview

8.1. Identifying and Assessing Risk

8.2. New and Continuing Audits

8.3. Audit Risk

Conclusion
Chapter 9: System of Internal Control
Overview

9.1. Internal Control

9.2. Use and Evaluation

Conclusion

Chapter 10: Audit Materiality
Overview

10.1. Materiality

10.2. Considerations

10.3. Audit Procedures

Conclusion

Chapter 11: Fraud, Law and Regulations
Overview

11.1. Fraud

11.2. Laws and Regulations

Conclusion

Chapter 12: Tests of Control
Overview

12.1. IT Environment

12.2. Tests of Controls

12.3. Exam Skills for Tests of Control

12.4. Revenue Cycle

12.5. Purchases Cycle

12.6. Payroll Cycle
12.7. Inventory Cycle

12.8. Bank and Cash Cycle

12.9. Non-current Assets

Conclusion

Chapter 13: Communication on Internal Control
Overview

13.1. Communication with Those Charged with Governance

13.2. Deficiencies internal Control

13.3. Communicating Deficiencies

Conclusion

Chapter 14 : Internal Audit
Overview

14.1. Corporate Governance

14.2. Internal Audit Function

14.3. Outsourcing

14.4 Other Assignments

14.5. Internal Audit Reports

Conclusion

Chapter 15: Audit Evidence
Overview

15.1. Audit Evidence (ISA 500)

15.2. Sufficient

15.3. Appropriate

15.4. Obtaining Audit Evidence
15.5. Substantive Procedures

Conclusion

Chapter 16: Analytical Procedures
Overview

16.1. Meaning and Nature

16.2. In Planning

16.3. Substantive Analytical

16.4. Overall Conclusion

16.5. Investigating Results

Conclusion

Chapter 17: Accounting Estimates
Overview

17.1. Auditing Accounting Estimates

17.2. Audit Procedures

Conclusion

Chapter 18: The Work of Others
Overview

18.1. Experts

18.2. Internal Audit

18.3. Service Organisations

Conclusion

Chapter 19: Audit Sampling
Overview

19.1. Obtaining Audit Evidence
19.2. Audit Sampling

19.3. Statistical v Non-Statistical Sampling

Conclusion

Chapter 20: Written Representations
Overview

20.1. Purpose and procedure

20.2. Audit Evidence

20.3. Other Considerations

20.4. Representation Letter

Conclusion

Chapter 21: Automated Tools and Techniques
Overview

21.1. Audit Approaches

21.2. Automated Tools and Techniques

21.3. Test Data

21.4. Audit Software

21.5. Big Data and Data Analytics

21.6. Emerging Technologies

Conclusion

Chapter 22: Non-current Assets
Overview

22.1. Tangible Non-current Assets

22.2. Intangible Non-current Assets

Conclusion
Chapter 23: Inventory
Overview

23.1. Inventory

23.2. Risks and Assertions

23.3. Attendance at Physical Inventory Count (ISA 501)

23.4. Cut-off

23.5. Valuation

Conclusion

Chapter 24: External Confirmations, Receivables
and Sales
Overview

24.1. External Confirmations (ISA 505)

24.2. Risks and Procedures

24.3. Direct Confirmation of Accounts Receivable

24.4. Other Evidence

Conclusion

Chapter 25: Share Capital, Reserves and
Directors' Remuneration
Overview

25.1. Audit Risks

25.2. Share Capital

25.3. Reserves

25.4. Directors' Emoluments

25.5. Statutory Books and Records
Conclusion

Chapter 26: Bank and Cash
Overview

26.1. Risks

26.2. Audit Procedures

26.3. Bank Confirmation Report

Conclusion

Chapter 27: Liabilities, Provisions and
Contingencies
Overview

27.1. Accounting for Liabilities, Provisions and Contingencies

27.2. Risks

27.3. Audit Procedures

Conclusion

Chapter 28: Small Business and Not-for-Profit
Organisations
Overview

28.1. Characteristics

28.2. Engagement

28.3. Audit Approach

28.4. Not-for-Profit Organisations

Conclusion

Chapter 29: Audit Finalisation
Overview
29.1. Audit Completion Review

29.2. Uncorrected Misstatements

29.3. Other information

29.4. Subsequent Events (ISA 560)

Conclusion

Chapter 30: The Independent Auditor's Report
Overview

30.1. Basic Principles

30.2. Key Audit Matters

30.3. Unmodified Opinions

Conclusion

Chapter 31: Going Concern
Overview

31.1. Responsibilities

31.2. Planning

31.3. Audit Evidence

31.4. Conclusions and Reporting

Conclusion

Resources
Glossary