MASOMO MSINGI PUBLISHERS APP – Click to download and access all our materials PDF


This paper is intended to equip the candidate with knowledge, skills and attitudes that will enable him/her to undertake advanced audit and assurance engagements in compliance with regulatory frameworks and International Standards on Auditing.



A candidate who passes this paper should be able to:

  • Recognise the regulatory, professional, and ethical issues relevant to those carrying out an assurance engagement
  • Assess and recommend appropriate quality control policies and procedures in practice management
  • Evaluate findings and results of work performed and draft suitable audit reports on assignments
  • Draft different types of audit opinions based on audit evidence gathered during an audit.
  • Draft engagement letters for audit and non-audit services that fall under International Standards on Auditing and ensure compliance with the relevant legal regulations
  • Incorporate emerging developments in the conduct of an audit.



Assurance and non-assurance engagements

  • The concept of assurance and non-assurance engagements
  • Engagement letters for assurance and non-assurance engagements
  • Agreed upon procedures
  • Compilation engagements
  • Types of assurance reports
  • Key Audit Matters
  • Different types of audit opinions based on audit evidence gathered – Entities/Companies that are exempt from audit in Kenya.


Audit framework and regulations

  • Objective and general principles of auditing
  • Legal framework
  • International, regulatory framework for audit and assurance services
  • Auditors’ professional liability and legal responsibilities


Professional and ethical considerations

  • Code of ethics for professional accountants in line with International Ethics Standards Board for Accountants’ Code of Ethics for Professional Accountants (IESBA Code)
  • Fundamental principles, threats and safeguards
  • Advertising, publicity, obtaining professional work and fees and money laundering
  • Professional skepticism (in the context of errors and fraud) – Professional Liability.


Management of audit practice

  • Client acceptance and retention
  • Tendering for audit services for public listed entities and nonpublic entities
  • Professional appointments for public listed entities and nonpublic entities
  • Planning and performing audits. The concept of materiality and assessing risk of misstatement. Identify significant risks as outlined in International Standards on Auditing
  • Methods and techniques of auditing high risk areas.
  • Use and evaluation of internal control system by auditors to address audit risks identified.
  • Use of technological tools (data analytics) to analyze and evaluate audit evidence gathered during the audit and how it addresses risk of misstatement.
  • Preparation and retention of audit working papers as required by the Companies Act
  • Archiving of audit files.


Audit evaluation and reviews

  • Audit assertions and how to identify the relevant assertions during the audit process
  • Subsequent events. Audit work done between financial year end and date of signing the financial statements.
  • Going concern assumption as a financial statement risk
  • Related parties. Risks associated with related parties. Process of identifying related parties by management. Disclosure of related parties in the management representation letter and in the financial statements
  • Drafting management letter representation
  • Group audit/joint/component audit. Preparation of group reporting instructions to component auditors
  • Analytical review
  • Evidence and testing considerations
  • Using the work of others such as internal auditors, other experts (tax, actuaries, valuers, lawyers etc.) and another auditor
  • The company audit
  • Audit of consolidated financial statements
  • Audit of banks and non-banking financial institutions
  • Audit of general insurance companies
  • Audit of cooperatives societies(SACCOs)
  • Audit under taxation laws
  • Other special audit assignments
  • Role of Audit Committee in the audit process


Audit related assurance services

  • Prospective financial information, investigations and due diligence
  • Special audit assignments (social and environment audit)
  • Operations and internal audit management
  • Audit under computerised information systems. Identification and testing of relevant IT general controls (ITGC) during an audit – Audit of public sector undertakings – Integrated reporting
  • Audit of performance information (predetermined objectives) in the public sector
  • Special aspects of auditing in an automated environment.


Forensic accounting

  • Difference between a statutory audit and a forensic audit
  • Conduct of forensic investigations: accepting the investigation, planning, evidence gathering, reporting
  • Rules of evidence in court proceedings
  • Regulations and standards on forensic accounting
  • Applicable codes of ethics


Concluding and reporting

  • Quality control and peer review
  • Reports to those charged with governance/Board of directors – Management letter- issues identified during the audit process
  • Reporting on compliance and other information (Chairman’s statement and directors report) and for listed entities, reporting on remuneration report for the directors – Auditors report on financial statements – Reporting on other assignments.


Regulatory Environment

  • International regulatory frameworks for audit and assurance services.
  • Money Laundering
  • Laws and regulations
  • Other Regulators with interest in the audit space in Kenya such as Central Bank of Kenya, Insurance Regulatory Authority, Capital Market Authority and Retirement Benefit Authority and their requirements


Contemporary issues and emerging trends

  • Professional and ethical developments
  • Other current issues
  • Effects of pandemics on audit processes. The concept of remote auditing and additional procedures put in place to obtain sufficient audit evidence.






The incorporation of business entity usually creates two implications namely;

  1. The requirement for a distinction between the entity itself and the owners leading to a requirement that the entity be managed by separate persons.
  2. Granting a limited liability status to the entity so that if the entity fails, the owners may only stand to lose a specific amount of money.

A legal framework is therefore needed for running the company in order to;

  1. Protect the owners of the company from bad managers
  2. Protect the business entity from the public at large because the owners may also take advantage of the company’s limited liability status.

It is for the above reasons that a discussion is required in dealing with the following concepts;

  1. Stewardship concept
  2. Accountability concept
  3. Agency concept


Stewardship concept

  • In most countries, Financial Statements of companies are required to be produced by the directors and management on a regular basis to be able to account to the shareholders and other interested parties regarding their stewardship responsibilities.
  • Such Financial statements are then required to be subjected to detailed examination by independent auditors in order to provide credibility.
  • Stewardship concept relates to a situation where a group of persons owning resources and trusts the management of such resources to other experts to manage them for the benefit of all.
  • In the situation of a company, the owners (shareholders) are required to entrust the directors with the responsibility of managing their resources.


Accountability concept

This concept indicates that any persons who are in position of power should be held accountable for their actions e.g. by being compelled to explain their decision or being criticized where necessary e.g. the directors of a company have a responsibility of taking right decisions.

The following features also apply;

  • The shareholders (owners) of the entity have a responsibility of taking the right decisions regarding the management of the company.
  • The directors (agents) are required to be accountable to the shareholders.
  • Accountability is therefore central to the concept of good corporate governance which is the process of ensuring that a company is well managed.


  • Agency concept

In an agency relationship, one party acts as the principal (shareholder) while the other part acts as the agent (directors). Such directors are required to act in the best interest of the principals.

Examples of situations of agency relationship;

  • Employees are agents of directors
  • Directors are agents of shareholders
  • Shareholders are agents of the government
  • Auditors are considered to be the agents of creditors and other stakeholders.

In an agency relationship, e.g. in a company, the directors are required to act in the best interest of the shareholders. However, there may exist some conflict of interests e.g. while the shareholder’s interest is to maximize profits, the interest of the directors is to maximize their salaries and benefits which tend to reduce the profit. Such a situation requires various solutions e.g. having an independent auditor to be able to check the activities of the directors and management.


Complete copy of CPA Advanced Auditing and Assurance Notes is available in SOFT copy (Reading using our MASOMO MSINGI PUBLISHERS APP) and in HARD copy 

Phone: 0728 776 317


Solutions to the agency problems

  • Ensuring that directors are remunerated competitively for their performance.
  • Terminating the director’s contract if they do not perform their functions effectively.
  • Ensuring compliance with corporate governance principles e.g. having an audit committee at board level.
  • Engaging an independent and competent external audit firm.
  • Ensuring appropriate representations of interested stakeholders within BOD.
  • Ensuring compliance to laws and regulations affecting the entity e.g. the Company’s Act Stock Exchange Rules.


 Assurance engagements

Assurance refers to professional services performed by practitioners (practicing accountants) to their clients in order to achieve specific objectives. The main objectives of assurance services include;

Providing confidence (credibility) to information and reducing information risk. Information produced by various parties e.g. the directors of a company may not comply with legal provisions e.g. may contain errors or may not comply with legal provisions or may not comply with regulatory requirement and hence the term ‘high information risk’.

There are various types of assurance services which may be performed by practitioners e.g.

  • Book keeping and accountancy
  • Auditing services –  Review functions
  • Tax consultancy services –  Compilation services
  • Risk assessment functions –  Agreed upon procedure functions
  • Financial management services –  Human resource consultancy
  • Due diligence investigations –  Forensic audit
  • Customer survey satisfaction –  Performance audit (value for money)


The above assurance services can be classified into 3 groups;

  • Audit engagement
  • Assurance engagement
  • Attestation engagement


Audit engagement

An audit is a detailed examination of historical FSs by the auditor to be able to express his opinion which is usually given as the highest level of assurance (in true and fair terms). That level of assurance is aka reasonable assurance.

An audit therefore has the following features;

  1. It is normally planned and involves understanding of the client’s accounting and internal control system.
  2. It is performed in a systematic manner by following relevant auditing standards (ISAs).
  3. There is a high level of certainty because the auditors are normally in a position to evaluate assertions made by the client’s management.
  4. Such a function is less risky compared to other assurance functions.
  5. The auditor issues his report much later after the client’s financial year end and is therefore able to perform procedures required beyond the client’s financial year end e.g. review of contingencies, post balance sheet event and the going concern status of the entity.


An auditor is therefore in a position to provide a responsible but not an absolute opinion.

Absolute assurance – it is not possible for the auditor to provide absolute assurance i.e. (being 100% perfect) due to inherent limitations in an audit e.g.

  • The fact that the auditors may be faced with time constraints and pressure to meet deadlines during their function.
  • An audit involves judgment by individual auditors some of which may be subjective in nature.
  • Auditing also involves evaluation of accounting and other estimates made by the management some of which may lack fairness.
  • Auditors may also be faced with situations of lack of cooperation from the client’s officials or hostilities or irregularities which are not disclosed leading to the limitation of their scope.
  • Auditing tends to rely on persuasive rather than conclusive evidence and therefore auditors may use techniques such as sampling or test checking of items in order to draw conclusions.
  • Auditors may also face situations of weak systems where some irregularities may not be disclosed to them during the audit.


Attestation engagement

An attestation engagement refers to a professional service provided by a practitioner (practicing and also known as the subject matter to be able to provide a written confirmation that the information reviewed is consistent with relevant criteria or benchmark.

Such an engagement requires the auditor to use or to be guided by the relevant standards on review engagement (international standard on review engagement (ISRE).

The following are other features for attestation;

  1. Such functions are considered to be risky compared to auditing due to the extended usage of information by third parties.
  2. The financial information reviewed by the practitioner may contain future assumptions some of which may be hypothetical i.e. may not occur.
  3. The auditor may also encounter challenges such as lack of understanding the client’s systems, time constraints, non-availability of sufficient information leading to limitation of scope.
  4. The auditor’s work may also be restricted to functions such as enquiries and analytical procedures.
  5. The report of the auditor may be used by third parties to make important decisions leading to the possibility of being faced with litigations.


Due to the above characteristics therefore, the auditor may produce a moderate/middle level assurance a.k.a. limited assurance and is given in negative terms.

 Assurance engagement

These are professional services which may involve examination, review or compilation of any type of information (financial or non-financial) with a view to providing no assurance mainly because this information may be compiled on behalf of the client.

Such a function may include; using the accountant expertise to collect, classify and summarize the information in order to table his findings to the client who takes responsibility for such information.

The auditor may include a disclaimer in his report in order to cater for possible misunderstandings that may arise.

 Engagement letters for assurance and non-assurance engagements

When an assurance engagement has been scoped out and both parties are ready to go ahead, an engagement letter is drawn up. This guidance sets out what should be expected from an engagement letter, which forms the contractual basis for an assurance engagement.

An engagement letter refers to a legal document that defines the relationship between a business providing professional services (accounting, consulting, legal, etc.) and their clients. It sets the terms of the agreement between two parties and includes details such as the scope, fees, and responsibilities, among others.

Many sectors and services providers are formalizing. It is good for the service providers as well as clients. Why?

  1. It helps bring standard/quality of service in a time-bound manner
  2. It helps protect interests of both parties in fair and reasonable manner
  3. It helps reduce risks and liabilities arising due to the business engagement

Sending and signing engagement letters by accounting professionals, law firms or consulting agencies is a step in that direction. It is a sign of mature process. Don’t make the mistake of thinking it as an unnecessary or tiring thing. Without engagement letter, you are more likely make your firm vulnerable to the risks and liabilities arising from the business engagement.

Engagement letters is an important artifact used by smart professional firms to protect a growing business while mitigating risks.


Types of engagement letters for accounting firm

It varies from industry to industry. If we look at accounting industry, we will see following kinds of engagement letters (which is based on the accounting practice)

  • CPA accounting engagement letter
  • Bookkeeping engagement letter
  • Payroll engagement letter
  • Tax preparation engagement letter
  • Audit engagement letter
  • Virtual CFO engagement letter
  • Forensic audit engagement letter


What should the engagement letter include?

There can not be one-fit-for-all engagement letter. It will be different from one firm to another or one client to another however the basic structure/principle will remain the same.

A typical engagement letter should include

  1. Schedule of services or scope of work
  2. Your firm’s Responsibility
  3. Responsibilities of your client
  4. Limitation of liability
  5. Cost of services/ engagement, payment instructions
  6. Confidentiality of data
  7. Terms of services
  8. Alternate dispute resolution
  9. Signatures


You can do business with your clients just relying on the verbal communication. Verbal communication is hard to enforce in reality especially when things go in a different direction. If parties agree on certain things does not assure successful delivery or enforcement if either party decide to take a legal course.

While engagement is not just about avoiding such disputes or matters to the court; it covers larger aspects of doing business. Let’s look at those aspects and why engagement letter is important.


Complete copy of CPA Advanced Auditing and Assurance Notes is available in SOFT copy (Reading using our MASOMO MSINGI PUBLISHERS APP) and in HARD copy 

Phone: 0728 776 317


Importance of an engagement letter

Engagement letters serve greater purpose, looking at the larger context than merely a legal contract. Let’s look at why engagement letter is important and the purpose it serves.

  • Set clear expectations
  • Identify responsibilities
  • Prevent scope creep
  • Reduce resource & financial risks & protect from liabilities
  • Communicate standard quality of service
  • Present you firm as a reliable service provider with mature process

Let’s look at these important aspects and how these are helpful.

 1. Set Clear Expectations

A good engagement letter clearly states

  1. What will be done
  2. when it will be done and
  3. Who will to do it

Such specific details reduces misunderstandings, avoid confusion and clearly present the details of a professional relationship. This is not only beneficial for the client but also your own firm.


  1. Identify responsibilities

While misunderstanding scope of services is one thing but there are instances wherein accountants/bookkeepers are unable to proceed because clients do not submit/share accounting / bookkeeping data on time. The rush to the last minute is painful and creates bad impression for both clients and the partners of the firm.

When you clearly specify responsibility of each party e.g.

  • Who is expected to submit data, in what format
  • When it is supposed to be submitted, how, where
  • Who will keep keep accounting statements ready,
  • Who will submit tax returns, etc and when;
  • Who will sign the tax related document, etc

everyone knows all of these well ahead of the time, try to comply and won’t complain if s/he miss the deadline.


  1. Get your data and process well organized

With the specific details mentioned in the engagement letter, as a service provider, you can well organize

  • How to receive client data? Where it will be stored?
  • How the communication with clients will work?
  • How to process client data? How privacy and confidentiality of the data will be protected

In a sense, each party has a clarity in terms of the timeline, data to be furnished, the format expected, how it is to be submitted, etc.


  1. Make the best first impression

You may have set the right process to receive data, but when you convey it through the engagement letter, it makes the positive impression on your client. Client can feel the confidence of working with your firm which is well oganized, has a mature process to deliver services and communicate on time.

You might have hold calls or exchanged messages with your prospects but engagement letter could be your first formal document of the services you offer and how you offer.

The best first impression has many advantages. And with the engagement letter you just set the tone of engagement on a right footing.

Accounting/ bookkeeping engagement letter can present you firm as a reliable service provider with a mature process.


  1. Prevent scope creep

Scope creep is a most commonly used term in project management terminology. Scope creep is smaller/ subtle changes expected / made to the project after it is kicked-off. Scope creep impacts project timeline, resources, quality as well as the cost of the project.

Scope creep is a reality for most businesses. Most firms have to face the consequences of scope creep. Smart businesses professionals prevent scope of the engagement falling through cracks.

An engagement letter should set boundaries to the list of activities you will be performing, right before the engagement can begin, you can prevent scope creep and minimize risks associated with it.


  1. Reduce resource & financial risks & protect from liabilities

A well crafted engagement letter avoids misunderstanding or assumptions. A good engagement letter provide details of the services, responsibilities, risks arising due to the delay in providing specific information. Such detailing can prevent financial risks, protect you & your client from liabilities, avoid unnecessary burning of resource.


  1. Focus on quality of service & communication to present your firm as a reliable service provider with mature process

Engagement letter not only bring clarity it also helps you focus on the quality of the service.

Let me put it this way

  1. Everyone knows who will do what and when
  2. No confusion or misunderstanding
  3. You don’t waste your time dealing with misunderstanding or assumptions, use this time to focus on your work
  4. You are better off to work on the actual work, deliver quality outcome

As mentioned above, engagement letter can position you and your firm as a reliable service provider that has a mature process to deliver work and deal with clients. It earns you more credibility and in turn help you grow your business.

Audit and audit related services (ISA 100)

The above standards classify the above assurance services into the following;

  • Audit services
  • Review services
  • Agreed-upon procedure services
  • Compilation

MASOMO MSINGI PUBLISHERS APP – Click to download and access all our materials in PDF

(Visited 1,461 times, 1 visits today)
Share this:

Written by