- What is assurance?
An assurance engagement is: ‘An engagement in which a practitioner obtains sufficient appropriate evidence in order to express a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.’
[International Framework for Assurance Engagements, 10]
Giving assurance means offering an opinion about specific information so the users of that information are able to make confident decisions knowing that the risk of the information being ‘incorrect’ is reduced.
There are five elements of an assurance engagement:
|Element||Explanation||In relation to an audit|
|(i)||Three party||Practitioner (the reviewer||Auditor|
|involvement||of the subject matter who|
|provides the assurance)|
|Intended users (of the||Shareholders|
|Responsible party (those||Directors|
|responsible for preparing|
|the subject matter)|
|(ii)||Appropriate||The information subject to||Financial statements|
|subject||examination by the|
|(iii)||Suitable||The subject matter is||Financial reporting|
|criteria||evaluated against the||framework|
|(iv)||Sufficient||Sufficient appropriate||Sufficient appropriate|
|appropriate||evidence is needed to||evidence is obtained by|
|evidence||provide a basis for the||performing audit|
|(v)||Written||The output of the||Independent auditor’s|
|assurance||assurance engagement||report providing an opinion|
|report in an||expressing a||as to whether the financial|
|appropriate||conclusion/opinion about||statements give a true and|
|form||the subject matter||fair view|
[International Framework for Assurance Engagements, 26]
Illustration 1 – Buying a house
Consider someone who is buying a house. There is a risk that someone pays a large sum of money to purchase a structurally unsafe property which needs further expenditure to make it habitable. To reduce this risk, it is normal for house buyers (the users) to pay a property surveyor (the practitioner) to perform a structural assessment of the house (the subject matter). The surveyor would then report back (written report) to the house buyer identifying any structural deficiencies (measured against building regulations/best practice and other criteria). With this information the potential buyer can then make their decision whether or not to buy the house with the confidence that they know its structural condition. In this example, the responsible party is the current house owner, and the evidence would largely be obtained through visual inspection of the property.
Examples of assurance engagements include:
- Audit of financial statements
- Review of financial statements
- Systems reliability reports
- Verification of social and environmental information
- Review of internal controls
- Value for money audit in public sector organisations.
General principles the assurance provider must follow when performing such engagements include:
- Comply with ethical requirements.
- Apply professional scepticism and judgment.
- Perform acceptance and continuance procedures to ensure only work of acceptable risk is accepted.
- Agree the terms of engagement.
- Comply with quality control requirements (ISQC 1).
- Plan and perform the engagement effectively.
- Obtain sufficient appropriate evidence.
- Consider the effect of subsequent events on the subject matter.
- Form a conclusion expressing either reasonable or limited assurance as appropriate.
- The evidence should be documented to provide a record of the basis for the assurance report.
Types of assurance engagement
Two types of assurance engagement are permitted:
Gathers sufficient appropriate evidence to be able to draw reasonable conclusions
Concludes that the subject matter
conforms in all material respects with identified suitable criteria
Gives a positively worded
Gives a high level of assurance (confidence)
Performs very thorough procedures to obtain sufficient appropriate evidence – tests of controls and substantive procedures
Gathers sufficient appropriate evidence to be able to draw limited conclusions
Concludes that the subject matter, with respect to identified suitable criteria, is plausible in the
Gives a negatively worded assurance conclusion
Gives a moderate or lower level of assurance than that of an audit
Performs significantly fewer procedures – mainly enquiries and analytical procedures
In our opinion, the financial statements give a true and fair view of (or present fairly, in all material respects) the financial position of Murray Company as at December 31, 20X4, and of its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
Nothing has come to our attention that causes us to believe that the financial statements of Murray Company as of 31 December, 20X4 are not prepared, in all material respects, in accordance with an applicable financial reporting framework.
The confidence inspired by a reasonable assurance report is designed to be greater than that inspired by a limited assurance report.
- There are more regulations/standards governing a reasonable assurance assignment.
- The procedures carried out in a reasonable assurance assignment will be more thorough.
- The evidence gathered will need to be of a higher quality.
2 External audit engagements
An external audit is an example of a reasonable assurance engagement.
Purpose of an external audit engagement
ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing states the purpose of an external audit engagement is to ‘enhance the degree of confidence of
intended users in financial statements.’
This is achieved by the auditor expressing an opinion on whether the financial statements:
- Give a true and fair view (or present fairly in all material respects).
- Are prepared, in all material respects, in accordance with an applicable financial reporting framework.
[ISA 200, 3]
The financial reporting framework to be applied will vary from country to country. In Audit & Assurance, it is assumed that International Financial Reporting Standards are the basis for preparing the financial statements.
True and fair
- True: factually correct information which conforms with accounting standards and relevant legislation, and agrees with the underlying records.
- Fair: clear, impartial and unbiased information which reflects the commercial substance of the transactions of the entity.
Objectives of the auditor
The objectives of an auditor are to:
- Obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error.
- Express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.
- Report on the financial statements, and communicate as required by ISAs, in accordance with the auditor’s findings.
[ISA 200, 11]
Need for external audit
- Shareholders provide the finance for a company and may or may not be involved in the day to day running of the company.
- Directors manage the company on behalf of the shareholders in order to achieve the objectives of that company (normally the maximisation of shareholder wealth).
- The directors must prepare financial statements to provide information on performance and financial position to the shareholders.
- The directors have various incentives to manipulate the financial statements and show a different level of performance.
- Hence the need for an independent review of the financial statements to ensure they give a true and fair view – the external audit.
In most developed countries, publicly quoted companies and large companies are required by law to produce annual financial statements and have them audited by an external auditor.
Companies that are not required to have a statutory audit may choose to have an external audit because the company’s shareholders or other influential stakeholders want one and because of the benefits of an audit.
Benefits of an audit
- Higher quality information which is more reliable improving the reputation of the market.
- Independent scrutiny and verification may be valuable to management.
- Reduces the risk of management bias, fraud and error by acting as a An audit may also detect bias, fraud and error.
- Enhances the credibility of the financial statements, e.g. for tax authorities or lenders.
- Deficiencies in the internal control system may be highlighted by the
Some users incorrectly believe that an audit provides absolute assurance – that the audit opinion is a guarantee the financial statements are ‘correct’. This and other misconceptions about the role of an auditor are referred to as the ‘expectation gap’.
Examples of the expectation gap
- A belief that auditors test all transactions and balances – they test on a sample basis.
- A belief that auditors are required to detect all fraud – auditors are required to provide reasonable assurance that the financial statements are free from material misstatement, which may be caused by fraud.
- A belief that auditors are responsible for preparing the financial statements – this is the responsibility of management.
Limitations of an audit
- Financial statements include subjective estimates and other judgmental
- Internal controls may be relied on which have their own inherent
- Representations from management may have to be relied upon as the only source of evidence in some areas.
- Evidence is often persuasive not conclusive.
- Do not test all transactions and balances. Auditors test on a sample basis.
Auditors provide reasonable assurance which is not absolute assurance. The limitations of an audit mean that it is not possible to provide a 100% guarantee.
3 Review engagements
A review engagement is an example of a limited assurance engagement.
Purpose and objective of a review engagement
A company which is not legally required to have an audit may choose to have a review of their financial statements instead. The review will still provide some assurance to users but is likely to cost less and be less disruptive than an audit.
The procedures will mainly focus on analytical procedures and enquiries of management. In particular, no tests of controls will be performed.
As only limited assurance is being expressed, the work does not need to be as in depth as for an audit.
The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which do not provide all the evidence required in an audit, anything has come to the auditor’s attention that causes the auditor to believe that the financial statements are not prepared in accordance with the applicable financial reporting framework.
Incorporation and the separation of ownership and control
Businesses can operate through a number of different vehicles. It is common for investors in those businesses to seek the protection of limited company status. This means that whilst they could lose the funds they invest in a business they cannot be held personally responsible for satisfying the remaining corporate debts. The creation of a limited company is referred to as incorporation.
Incorporation has the following implications:
- The creation of a legal distinction between the owners of the business and the business itself.
- The opportunity for the owners/investors to detach themselves from the operation of the business.
- The need for managers to operate the business on a daily basis.
Whilst this has provided financial protection for shareholders it does lead to a significant conflict:
- Shareholders seek to maximise their wealth through the increasing value of their shareholding. This is driven by the profitability of the company.
- Directors/management seek to maximise their wealth through salary, bonuses and other employment benefits. This reduces company profitability.
This conflict led to the legal requirement for financial statements to be produced by directors to allow the shareholders to assess the performance of management.
Accountability, agency and stewardship
Accountability means that people in a position of power can be held to account for their actions, i.e. they can be compelled to explain their decisions and can be criticised or punished if they have abused their position.
Accountability is central to the concept of good corporate governance – the process of ensuring that companies are well run – which we will look at in more detail in the chapter ‘Corporate governance’.
Agency occurs when one party, the principal, employs another party, the agent, to perform a task on their behalf.
Stewardship is the responsibility to take good care of resources.
A steward is a person entrusted with management of another person’s property, for example, when one person is paid to look after another person’s house while the owner goes abroad on holiday. The steward is accountable for the way he carries out his role.
This relationship, where one person has a duty of care towards someone else is known as a ‘fiduciary relationship’.
A fiduciary relationship is a relationship of ‘good faith’ such as that between the directors of a company and the shareholders of the company. There is a ‘separation of ownership and control’ in the sense that the shareholders own the company, while the directors make the decisions. The directors must make their decisions in the interests of the shareholders rather than in their own selfish personal interests.
- The directors are the stewards of the company.
- The shareholder is the principal, employing the directors (the agents) to run the company on their behalf.
- The directors are accountable to the shareholders for the way in which they run the company.
Examples of stakeholders groups
- Shareholders can decide whether to alter their shareholdings.
- Employees may be able to judge whether they think their levels of pay are adequate compared to the directors. They may also be interested in the results of the company as this may impact their employment decisions.
- Those charged with governance can see whether they think management have struck the right balance between their own need for reward (remuneration, share options, etc) and the needs of other stakeholders.
- Customers can make judgments about whether the company has sufficient financial strength (i.e. liquidity) to justify future trading.
- Suppliers and lenders can assess financial stability before giving credit.
- The government can decide whether the right amounts of tax have been paid and whether the company appears to be compliant with the relevant laws and regulations.
Test your understanding 1
List and explain the elements of an assurance engagement.
Test your understanding 2
Explain the term ‘limited assurance’ in the context of an examination of a company’s cash flow forecast and explain how this differs from the assurance provided by an external audit.
Test your understanding 3
Your firm has been approached to perform the external audit of Perth Co. Perth Co has grown over the last two years and has now reached the audit threshold. As this is the first year the company has required an audit, the directors are unsure about the purpose of the audit. They have been informed that an audit need not be as inconvenient or intrusive as they expect it to be as there are additional benefits that may arise from having an audit. The directors have indicated that they expect your firm to detect every fraud and error in their accounting records so that when they need to apply for finance to help them grow further, they can use the audited financial statements to support the loan application and this should make it easier to get the loan.
- What level of assurance will be provided by the independent auditor’s report?
B Reasonable C Moderate D Limited
- Which of the following is NOT one of the five elements of an assurance engagement?
A Subject matter B Suitable criteria C Assurance file D Written report
- Which of the following is NOT a benefit of an audit? A Increased credibility of the financial statements
B Deficiencies in controls may be identified during testing C Fraud may be detected during the audit
D Sampling is used
- Which of the following statements is false?
A The auditor will express an opinion as to whether the financial statements give a true and fair view
B The auditor must obtain sufficient appropriate evidence to be able to form an audit opinion
C If the financial statements are found to contain material misstatements a negative audit opinion will be given
D An audit may not detect all fraud and error in the financial statements
- Which of the following are examples of the expectation gap?
- The independent auditor’s report confirms the financial statements are accurate.
- An unmodified opinion means the company is a going concern.
- The auditor tests all transactions.
- The auditor can be sued for negligence if they issue an inappropriate opinion.
- (i), (ii) and (iii)
- (i), (ii) and (iv)
- (i) and (ii) only
- (ii) and (iii) only
Test your understanding 1
- An assurance engagement will involve three separate parties:
- Intended user who is the person who requires the assurance report.
- Responsible party, which is the person or organisation responsible for preparing the subject matter to be reviewed.
- Practitioner (i.e. an accountant) who is the professional, who will review the subject matter and provide the assurance.
- A suitable subject matter. The subject matter is the data that the responsible party has prepared and which requires verification.
- Suitable criteria. The subject matter is compared to the criteria in order for it to be assessed and an opinion provided.
- Sufficient appropriate evidence has to be obtained by the practitioner in order to give the required level of assurance.
- An assurance report contains the opinion that is given by the practitioner to the intended user.
Test your understanding 2
|Limited Assurance||Assurance provided by an|
|Limited assurance is a moderate||An audit provides reasonable|
|level of assurance.||assurance, which is a high level.|
|The objective of a limited||The objective of an audit is to|
|assurance engagement is to obtain||obtain sufficient appropriate|
|sufficient appropriate evidence that||evidence that the financial|
|the cash flow forecast is plausible||statements conform in all material|
|in the circumstances i.e. prepared||respects with the relevant financial|
|on the basis of reasonable||reporting framework.|
|A limited assurance report||More evidence will need to be|
|provides a negative conclusion.||obtained to provide reasonable|
|The practitioner will state that||assurance, and a wider range of|
|nothing has come to their attention||procedures performed, including|
|which indicates that the||tests of controls.|
|assumptions used to prepare the|
|cash flow forecast are not|
|The assurance is therefore given|
|on the absence of any indication|
|to the contrary.|
|With limited assurance, limited||More evidence will need to be|
|procedures are performed. In the||obtained to provide reasonable|
|context of a forecast, procedures||assurance, and a wider range of|
|will be limited as the transactions||procedures performed, including|
|and events haven’t occurred yet.||tests of controls.|
|A forecast relates to the future,||Financial statements relate to the|
|which is inherently uncertain, and||past, and so the auditor should be|
|therefore it would not be possible||able to obtain sufficient appropriate|
|to obtain assurance that it is free||evidence.|
|from material misstatement.|
|Less reliance can therefore be|
|placed on the forecast than the|
|Test your understanding 3|
|(1)||B||Reasonable assurance is given in an independent|
|(3)||D||Sampling provides a limitation of the audit process, not a|
|(4)||C||A negative conclusion is used for limited assurance|
|(5)||A||The auditor cannot confirm the accuracy of the financial|
|statements as they contain estimates and judgments of|
|management. The company may not be a going concern|
|and the financial statements may correctly reflect this|
|resulting in an unmodified audit opinion. The auditor does|
|not test all transactions.|