Download Fundamentals of Assurance Management and more Lecture notes Auditing in PDF only on Docsity!
AUDITING THEORY
A-433 and F
FUNDAMENTALS OF ASSURANCE ENGAGEMENTS
Assurance Services/Engagements:
Assurance services – independent professional services in which a practitioner issues
a written communication that expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria
Assurance engagement – an engagement in which a practitioner expresses a
conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria
Assurance services improve the quality of information for decision-making.
Assurance refers to the practitioner’s satisfaction as to the reliability of an
assertion being made by one party for use by another party; it is the degree of certainty the practitioner has attained and wishes to convey to intended users Independence is required whenever a professional accountant performs assurance services.
Objective of an Assurance Engagement, In General: Assurance engagements performed by professional accountants are intended to enhance the credibility of information about the outcome of the evaluation or measurement of a subject matter against criteria, thereby improving the likelihood that the information will meet the needs of an intended user. Assurance engagements enhance the degree of confidence of the intended user because the quality of information for decision making is improved.
Objective of Assurance Engagements: According to the Philippine Framework for Assurance Engagements, an assurance engagement is conducted: a. To provide a high level of assurance that the subject matter conforms in all material respects with identified suitable criteria; or b. To provide a moderate level of assurance that the subject matter is plausible in the circumstances.
Types of Assurance Engagements and their Objectives:
- Reasonable assurance engagements – engagements that provide high, but not absolute, level of assurance Also called high-level engagements The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level as the basis for a positive form of expression of the practitioner’s conclusion.
Reasonable assurance is achieved if assurance engagement risk is reduced to an acceptably low level (close to zero). For assurance engagements regarding historical financial information in particular, reasonable assurance engagements are called audit engagements. An audit engagement is an assurance engagement to provide a high level of assurance that the financial statements are free of material misstatement. This high level of assurance is expressed positively in the audit report as “reasonable assurance”. Absolute assurance is not attainable: In assurance engagements, absolute assurance is generally not attainable because of such factors as: Use of judgment Use of testing Inherent limitations of internal control Most evidence available to the practitioner is persuasive rather than conclusive In some cases, the characteristics of the subject matter
- Limited assurance engagements – engagements that provide only a “moderate” or “limited” level of assurance The objective of a limited assurance engagement is a reduction in assurance engagement risk to an acceptable level as the basis for a negative form of expression of the practitioner’s conclusion. Thus, the risk in limited assurance engagement is greater than for a reasonable assurance engagement.
Moderate assurance is achieved if assurance engagement risk is reduced to an acceptable level. For assurance engagements regarding historical financial information in particular, limited assurance engagements are called review engagements.
Assurance Engagement Risk: Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated. Components of assurance engagement risk:
- Risk of material misstatement – the risk that the subject matter is materially misstated a. Inherent risk – the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls b. Control risk – the risk that a material misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls
- Detection risk – the risk that the practitioner will not detect a material misstatement that exists
Assertion-based and Direct Reporting Engagements:
- Assertion based engagements – evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter information is in the form of an assertion by the responsible party that is made available to the interested users Assertion-based engagements are also known as attestation engagements Examples of assertion-based engagements: a. Audit engagements b. Review engagements
In an assertion-based engagement, the practitioner’s conclusion can be worded in terms of the responsible party’s assertion. For example: “In our opinion the responsible party’s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated”
- Direct reporting engagements – the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users
In a direct reporting engagement, the practitioner’s conclusion is worded directly in terms of the subject matter and the criteria. For example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria”
Range of Assurance Engagements: a. Engagements to report on a broad range of subject matters covering financial and non- financial information b. Attest and direct reporting engagements c. Engagements to report internally and externally, and d. Engagements in the private and public sector
Examples of Assurance Engagements:
1. Audits of financial statements
2. Examination of prospective financial statements
- Reporting on compliance with laws, rules and regulations
- Other assurance services: a. CPA risk advisory b. Business performance measurement services c. Health care performance measurement services d. Elder Care Plus
Subject matter refers to the information to be evaluated or measured against the criteria. Subject matter information means the outcome of the evaluation or measurement of a subject matter.
Subject matter in an audit of financial statements: Subject matter includes the financial position, financial performance and cash flows of the entity Subject matter information is the set of financial statements Responsible party is the client/entity management
Requirements for subject matter to be considered appropriate: a. Identifiable b. Capable of consistent evaluation and measurement against suitable criteria c. In the form that can be subjected to procedures for gathering evidence to support that evaluation or measurement
Forms of subject matter of an assurance engagement:
- Financial performance or conditions (for example, historical or prospective financial position, financial performance and cash flows) for which the subject matter information may be the recognition, measurement, presentation and disclosure represented in the financial statements
- Non-financial performance or conditions (for example, performance indicators of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness
- Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document
- Systems and processes (for example, entity’s internal control or IT system) for which the subject matter information may be an assertion about effectiveness
- Behavior (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness
Suitable Criteria: Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding.
Five characteristics of suitable criteria: a. Relevance – relevant criteria contribute to conclusions that assist decision-making by the intended users b. Completeness – criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure. c. Reliability – reliable criteria allow reasonably consistent evaluation or measurement of the subject matter when used in similar circumstances by similarly qualified practitioners d. Neutrality – neutral criteria contribute to conclusions that are free from bias e. Understandability – understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations
Two types of criteria:
1. Established criteria – are those criteria that are embodied in laws or regulations or
issued by authorized or recognized bodies of experts that follow a transparent due process Examples:
2. Specifically developed criteria – those criteria specifically designed for the purpose
of the engagement
Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement.
Examples of suitable criteria: Applicable financial reporting framework which is the Philippine Financial Reporting Standards (PFRS) – in case of audit of financial statements Applicable law or regulation or contract – in case of compliance audit
Established internal control framework or stated internal control criteria – in case of report on internal control
Availability of criteria to intended users: Criteria need to be made available to the intended users in one or more of the following ways: a. Publicly b. Through inclusion in a clear manner in the presentation of the subject matter information c. Through inclusion in a clear manner in the assurance report d. By general understanding, for example, the criterion for measuring time in hours and minutes
Sufficient Appropriate Evidence: The practitioner shall plan and perform the engagement with an attitude of professional skepticism to obtain sufficient appropriate evidence that the assertions are free of material misstatements.
Professional skepticism – an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of evidence Evidence – refers to the information obtained by the practitioner in arriving at the conclusions on which the conclusion is based Sufficiency – refers to the measure of the quantity of evidence Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and its reliability
Written Assurance Report: A written assurance report should be in the form appropriate to a reasonable assurance engagement or a limited assurance engagement.
The practitioner should provide a written report containing a conclusion that conveys the assurance obtained about the subject matter information. In addition, the practitioner considers other reporting responsibilities, including communicating with those charged with governance when it is appropriate to do so.
Levels of assurance provided in the written report:
Type or level of assurance
Form of conclusions Example
Reasonable assurance
Positive form of expression of the practitioner’s conclusion
“In our opinion internal control is effective, in all material respects, based on XYZ criteria.”
Limited assurance
Negative form of expression of the practitioner’s conclusion
“Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria.”
Attestation Services: An attestation service is a type of assurance service in which a practitioner is engaged to issue a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party. Attestation generally refers to an expert's written communication of a conclusion about the reliability of someone else's assertions.
The subject matter of attestation services include: Financial and non-financial in nature Future-oriented financial information (such as the examination of prospective financial information) Management's discussion and analysis Effectiveness of internal control Compliance with statutory, regulatory, and contractual obligations
Relationships among Auditing, Attestation, and Assurance Services:
- Tax planning – includes the determination of the tax consequences of planned or potential transactions (legally minimizing client’s tax liability) followed by making suggestions on the most desirable course of action
Management Consulting: Management advisory (consulting) services – refers to the function of providing professional advisory (consulting) services, the primary purpose of which is to improve client’s use of its capabilities and resources to achieve the objectives of the organization. Advisory (consulting) services are professional services that provide advice and assistance to clients by improving their condition directly. Advice or assistance to clients may cover the entity’s organization, operations, risk management, systems design and implementation, process personnel, corporate finances, or other activities.
A pervasive characteristic of a CPA’s role in a consulting services engagement is that of being an objective advisor on the use of information.
Assurance Services vs. Consulting Services: Although assurance services and consulting services have basic similarities in terms of knowledge employed and exercise of skills, they can be distinguished as follows:
Points of distinction Assurance services Consulting services Primary purpose To improve quality or context of information by enhancing its credibility
To recommend uses for information for better outcomes Number of parties 3 parties 2 parties: the CPA and the client Focus Decision makers and information they used for optimum decisions
Outcomes
Output’s objective Intended to improve decision maker’s condition only indirectly through the use of high-quality information
Designed to improve client’s condition directly through findings, conclusions and recommendations Competing interests May exist between management and users of financial statements
No competing interests
Form of communication with the client
Written report Either written or oral communication
Comparative Examples of Assurance and Non-Assurance Services:
Categories of Services / Engagements Assurance Services Non-Assurance Services Audit Review Other assurance
- Audit of FS
- Audit of internal control over financial reporting 1. Review of FS 2. Review of interim financial information 1. Examination of prospective FS 2. CPA risk advisory 1. Agreed-upon procedures 2. Compilation of financial or other information 3. Preparation of tax returns when no conclusion is expressed 4. Consulting or advisory services: Tax consulting Management consulting Other advisory services
Levels of Assurance for Audit, Review, Agreed-upon Procedures and Compilation The basic distinction between audit, review and related services is the level of assurance provided by the auditor in the engagement.
Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party for use by another party. The level of assurance is the degree of the practitioner’s satisfaction or degree of certainty the practitioner has attained and wishes to convey to intended users. Such level or degree of assurance depends on the procedures performed and the evidence collected by the practitioner.
Engagements and level of assurance:
- Audit: The auditor provides a reasonable (high, but not absolute) level of assurance that the information subject to audit is free of material misstatement. This is expressed positively in the audit report as reasonable assurance.
- Reviews: The auditor provides a moderate/limited level of assurance that the information subject to review is free of material misstatement. This is expressed in the form of negative assurance.
- Agreed-upon procedures: No assurance is expressed. The auditor simply provides a report of the factual findings. Users of the report assess for themselves the procedures and findings reported by the auditor and draw their own conclusions from the auditor's work.
- Compilation: Although the users of the compiled information derive some benefit from the accountant's involvement, no assurance is expressed in the report.
Distinctions between Typical Assurance and Non-Assurance Services:
Point of distinction
Assurance Services
Non-Assurance Services (Related Services) Audit Review Agreed-upon procedures
Compilation
Objective To express opinion on fairness of financial statement
To report whether anything has come to the auditor’s attention that causes him to believe that the financial statements are not fair
To perform audit procedures agreed on with the client and any appropriate third parties identified in the report
To assist the client in financial statements preparation by using accounting expertise as opposed to auditing expertise
Characteristi cs
Audit opinion enhances the credibility of financial statements
Substantially less in scope of procedures than audit
Recipients of the report must form their own conclusions from the report Report is restricted to contracting parties
Accounting expertise, rather than auditing, is used Users derive some benefit because the service has been performed with due professional skill and care
Evidence gathering procedures
Risk assessment, Tests of controls and Substantive tests
Limited to: Inquiry; and Analytical procedures (The auditor obtains an understanding of the entity and its environment, including internal control, but no evaluation of internal control is conducted.)
As agreed
Reading of the FS for obvious misstatements
Level of assurance provided by the CPA
Reasonable assurance (High, but not absolute, assurance)
Moderate (limited) assurance
No assurance No assurance
Report provided
Audit Report containing positive assurance on
Review Report containing negative assurance on
Factual findings of procedures
Compilation Report which identify information compiled
a. Should not use the words “assurance”, “audit” or “review” b. Should not imply compliance with assurance engagement standards (PSAs, PSREs or PSAEs) c. Should not include a statement that may be misinterpreted as assurance engagements
Practitioner’s association with the subject matter: A practitioner is associated with financial information when: a. The practitioner reports on information about that subject matter, that is, the practitioner attaches a report to that financial information; or b. The practitioner consents to the use of the his name in a professional connection with that subject matter
If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner.
Remedies in case of inappropriate use of the practitioner’s name by other party: If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter, the practitioner should: Require the other party (i.e., management) to cease associating the practitioner with the subject matter Consider what other steps may be needed, such as informing any known third party users of the inappropriate use of the practitioner’s name Seek legal advice
