Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

international framework for assurance engagement

advertisement 
ASSURANCE ENGAGEMENTS
AND
PROSPECTIVE FINANCIAL
INFORMATION
Part I
Compiled by Sako Mayrick
1
Sako Mayrick
COMPLEMENTARY READING
 Handbook of International Quality
Control, Auditing Review, Other
Assurance, and Related Services
Pronouncements, 2012 Edition Volume II
 IESBA Ethical Requirements
 International Financial Reporting Standards
 COSO/ CoCo Control Framework
2
Sako Mayrick
Introduction to Assurance Engagements
 AICPA defines assurance engagements as ‘Independent
Professional Services that improve information quality
or its context'. ‘Assurance services reduce the
information risk; risk that the information provided is
incorrect, on more than just financial data. The major
purpose of assurance services is to provide
independent and professional opinions that improve
the quality of information to management as well as
other decision makers within a given firm.’
3
Sako Mayrick
Audit and Assurance Engagements
 Audits actually can be considered a type of assurance service.
However, audits are only designed to test the validity of the
financial statements and that only.
 Under an assurance engagement CPA's can provide a variety of
services ranging from information systems security
reviews to customer satisfaction surveys.
 Unlike audit and attestation services that are often highly
structured, assurance services tend to be customized and
implemented when performed for a smaller group of decision
makers within the firm. Often managers must make decisions on
things they have incomplete or inaccurate data for, and decisions
made on such data may be incorrect and increase the overall
business risk
4
Sako Mayrick
Assurance Services and Consultancy
 Assurance services can test financial and non-financial information;
due to this assurance services can be classified as consulting services.
 However, assurance services are not considered consulting
because in consulting services generally, a practitioner (Certified
Public Accountant) uses his professional knowledge to make
recommendations for a future event or a procedure, such as the design
of an information system or accounting control system.
 In contrast, assurance services are designed to test the validity of past
data of the business cycles. Although there is no boundary to what a
practitioner can test in assurance services, a practitioner will not
likely accept an assurance engagement in which his firm or previous
experiences does not provide them with enough expertise to
make a professional opinion on the given data.
5
Sako Mayrick
Examples of Assurance Services
Assurance Services
Non Assurance Services
Business risk assessment
Bookkeeping and
Accounting
Tax Services
Information System
Security Review
Customer Satisfaction
Certain Management
survey
Consultancy
Internal Audit outsourcing Other Management
Consultancy
Accounts Receivable
Review
6
Sako Mayrick
Categories of Assurance
 Risk assessment – assurance that an entity’s profile of business risks is




7
comprehensive and evaluation of whether the entity has appropriate systems in
place to effectively manage those risks.
Business performance measurement – assurance that an entity performance
measurement system contain relevant and reliable measures for assessing the
degree to which the entity’s goals and objectives are achieved or how its
performance compares to competitors.
Information system reliability – assurance that an entity’s internal information
system provide information for operating and financial decisions.
Electronic commerce – assurance that systems an tools used in electronic
commerce provide appropriate data integrity, security, privacy and reliability.
Health care (any other discipline) performance measurement – assurance about
the effectiveness of the subject matter provided by particular practitioners.
Sako Mayrick
INTERNATIONAL FRAMEWORK FOR
ASSURANCE ENGAGEMENT (AE)
 Aim at defining, describing the elements and objectives of
an assurance engagement
 It identified engagements to which ISA, ISRE and ISAE
apply
 It provides frame of reference for
 CPA –PP
 Others involved with assurance engagements including
intended users of report and other parties
 It is used by IAASB in its development of ISA, ISAEs and
ISREs
8
Sako Mayrick
INTERNATIONAL FRAMEWORK FOR
ASSURANCE ENGAGEMENT
 Framework is not a standard neither it provides procedural
requirement
 Principles are contained in ISAs, ISREs and ISAEs
 Principles, essential procedures and related guidance
consistent with the framework
 It contains six major parts; introduction, definition and
objective of assurance engagement, scope of the
framework, engagement acceptance, elements of assurance
engagement and inappropriate use of the practitioner’s
name.
9
Sako Mayrick
INTERNATIONAL FRAMEWORK FOR
ASSURANCE ENGAGEMENT
 Practitioners in assurance engagement are
governed by
 ISAs, ISAEs, ISRE’s
 Framework
 Code of Ethics for Professional Accountants
 International Standards on Quality control
10
Sako Mayrick
Meaning of assurance engagement
 Is an engagement in which a practitioner expresses
conclusion designed to enhance the degree of
confidence of intended users other than responsible
party about the outcome of evaluation or
measurement of subject matter against criteria.
 Express conclusion
 Enhance degree of confidence of users ( not party)
on outcome
 Evaluation of subject matter against criteria
11
Sako Mayrick
Examples of Evaluation
 Recognition, measurement, presentation and disclosure
represented in the financial statements (outcome) from
applying IFRS (Criteria) to the entity’s financial position,
financial performance and cash flows (subject matter)
 An assertion about effectiveness of IC (Outome) results
from applying framework for evaluating effectiveness on IC
such as (COSO) or (CoCo) (Criteria) to internal control
process (subject matter)
 Subject matter information is also used to mean the
outcome of the evaluation or measurement of a subject
matter.
12
Sako Mayrick
Assertion based or direct reporting
engagements
 In assertion based, evaluation of subject matter is performed by
responsible party, the subject matter information is in form of an
assertion by the responsible party that is made available to the intended
users
 In direct reporting engagement, the practitioner either directly
performs the evaluation or measurement of the subject matter, or obtains
a representation from the responsible party that has performed the
evaluation or measurement that is not available to the intended users. The
subject matter information is provided to the intended users in the
assurance report.
 In direct reporting engagement, the responsible party is responsible for
the subject matter BUT in assertion based engagement a responsible party
is responsible for subject matter information (the assertion), and may be
responsible for subject matter.
 A responsible party may or may not be a party who engages the
practitioner (the engaging party)
13
Sako Mayrick
Reasonable assurance and limited
assurance
 Reasonable assurance is the reduction in assurance
14
engagement risk to an acceptably low level in
circumstances of engagement as a basis of a
positive form of expression of practitioners conclusion
 Limited assurance is the reduction of assurance
engagement risks to a level that is acceptable in the
circumstances of the engagement, but where that
risk is greater than for a reasonable assurance
engagement, as a basis of a negative form of expression
of practitioner’s conclusion.
Sako Mayrick
Circumstances of engagement
 Terms of engagement e.g. reasonable or limited
 Characteristics of the subject matter
 The criteria to be used
 Needs of the intended users,
 Relevant characteristics of the responsible party
and its environment
 Other matters e.g events, transactions, conditions
and practices that may have effect on the
engagement
15
Sako Mayrick
Scope of the AE as per Framework
 Not all AE are covered unless it meets the definition,
examples not covered;
 Engagements covered by ISREs e.g. agreed upon
procedures engagement and compilation of financial
and other information
 Preparation of tax returns
 Consulting (or advisory)engagements e.g.
management and tax consulting
 An AE may be part of a larger engagement e.g. business
acquisition
with a portion of AE
Sako Mayrick
16
Other Non- AE though meets definition
 Legal testimony in accounting, auditing, taxation or other
matters
 Professional opinion, views or wording
 In non assurance engagement, practitioners should avoid to use
words such as Framework, ISAs, ISREs or ISAEs; inappropriately
use the words, assurance, audit or review; or including a
statement that could reasonably mistaken for conclusion
designed to enhance degree of confidence of intended users
about the outcome of evaluation or measurement or subject
matter against a criteria
17
Sako Mayrick
Pre- condition to accept AE
 Relevant ethical requirements e.g. independences,
professional competence are satisfied
 The following are exhibited
 Subject matter is appropriate
 Criteria is suitable
 Access to sufficient appropriate evidence
 Conclusion on reasonable or limited assurance is
contained in a written report
 Satisfaction on rational purpose for the
engagement
18
Sako Mayrick
Elements of AE
 A three party relationship
 Practitioner, responsible party and intended users
 An appropriate subject matter
 Suitable criteria
 Sufficient appropriate evidence
 A written assurance report in a form appropriate to a
reasonable assurance engagement or a limited
assurance engagement
19
Sako Mayrick
Characteristics of suitable criteria
 Relevance
 Completeness
 Reliability
 Neutrality; free from bias
 Understandability
Criteria can either be established or specifically developed. established
criteria are those embodied in laws or regulations, or issued by authorized or
recognized bodies of experts that follow a transparent due process.
Specifically developed criteria are those designed for the purpose of the
engagement. Whether criteria are established or specifically developed affects
the work that the practitioner carries out to assess their suitability for a
particular engagement.
20
Sako Mayrick
Professional Skepticism
 The practitioner plans and performs an assurance engagement with an
attitude of professional skepticism recognizing that circumstances may
exist that cause the subject matter information to be materially misstated.
 An attitude of professional skepticism means the practitioner makes a
critical assessment, with a questioning mind, of the validity of evidence
obtained and is alert to evidence that contradicts or brings into question
the reliability of documents or representations by the responsible party.
 For example, an attitude of professional skepticism is necessary
throughout the engagement process for the practitioner to reduce the
risk of overlooking suspicious circumstances, of over generalizing when
drawing conclusions from observations, and of using faulty assumptions
in determining the nature, timing and extent of evidence gathering
procedures and evaluating the results thereof.
21
Sako Mayrick
Sufficiency and appropriateness of
evidence
 Sufficiency is a measure of quantity of
evidence. Appropriateness is a measure of
the quality of evidence; that is its relevance
and reliability.
 The quantity of evidence is affected by the
risk of the subject matter information being
materially misstated and the quality of such
evidence.
22
Sako Mayrick
Reliability of evidence
 Evidence is more reliable when it is obtained from independent sources outside the




entity.
Evidence that is generated internally is more reliable when the related controls are
effective.
Evidence obtained directly by the practitioner (for example, observation of the
application of a control) is more reliable than evidence obtained indirectly or by
inference (for example, inquiry about the application of a control).
Evidence is more reliable when it exists in documentary form, whether paper,
electronic, or other media (for example, a contemporaneously written record of a
meeting is more reliable than a subsequent oral representation of what was
discussed).
Evidence provided by original documents is more reliable than evidence provided
by photocopies or facsimiles.
23
Sako Mayrick
Assurance Engagement Risks
 Assurance engagement risk is the risk that the
practitioner expresses an inappropriate
conclusion when the subject matter
information is materially misstated
 Inherent (subject matter) risks
 Control Risks
 Detection Risks
24
Sako Mayrick
Assurance Engagement Report
 Reasonable assurance
the practitioner expresses the conclusion in
the
positive form, for example: “In our opinion
internal control
is effective, in all
material
respects, based on XYZ
criteria.”
 Limited assurance
the practitioner expresses the conclusion in the negative
form, for example, “Based on our work described in this report,
nothing has come to our attention that causes us to believe that
internal control is not effective, in all
material
respects, based on XYZ criteria.”
25
Sako Mayrick
INTERNATIONAL STANDARDS
 ISREs (2000 -2699)
 ISREs 2400 - Engagement to Review Financial Statements
 Prev. ISA 910
 ISAREs 2410 - Review of Interim Financial Information
 Performed by independent Auditor of the Entity
 ISAEs ( 3000 – 3699)
 ISAE 3000
 Assurance Engagement other than Audits or Reviews of HFI
 ISAE 3400
 Examination of Prospective Financial Information
 Prev. ISA 810
 ISAE 3402
 Assurance Reports on Controls at a Service Organization
 ISRSs
26
 ISRE 4400 – Engagement to perform agreed upon procedures
 Engagements
to Compile FS (ISA 920 and 930 respectively)
Sako Mayrick
ENGAGEMENT TO REVIEW FS
 ISRE 2400
 Done by a Practitioner who is not an auditor
of an entity
 For a practitioner who is the auditor of the
entity performs similar review according to
ISRE 2410 “Review of Interim Financial
Information Performed by an independent
Auditor of the Entity”
27
Sako Mayrick
Objective of Rev. Engagement
 Practitioner using appropriate procedures which do not
provide evidence that would be required in an audit
 Anything has come to the practitioner to believe that the FS
are not prepared in all material respects, in accordance with
applicable FRF (Negative Assurance)
 Practitioner should comply with the IESBA Code of
Professional Ethics such as independence, Integrity,
Objectivity, due care, confidentiality, competence, professional
behavior and technical standards.
 Scope of the review is ISRE and it provides moderate level of
assurance and expressed in negative assurance
28
Sako Mayrick
Terms of Engagement
 It includes
 Objective
 Management Responsibility for FS
 Scope of the review including reference to ISRE
 Unrestricted access to records, documentation and
information
 Sample report
 Fact that engagement cannot be relied to disclose errors
and other irregularities fraud etc
 Statement that this is not an audit
29
Sako Mayrick
Procedures in RE





Understanding of the entity and industry
Inquiries on accounting principles and practices
Inquiries on procedures for recording, classifying and summarizing transactions
Inquiries on material assertions in the FS
Analytical procedures
 Comparison of FS of current and previous period
 Comparison of FS with anticipated results
 Study relationship of elements of FS with patterns and Industry norms




Inquiries of the meetings actions for BoD, committees and shareholders
Reading the FS on conformity to the basis of accounting
Reports from other practitioners
Inquiries to a person with responsibility on accounting matters





Whether all transactions have been recorded
Whether FS are prepared in accordance with the basis indicated
Changes of business activities or accounting principles
Management representation
Subsequent events
 Read appendix 2 of ISRE for detailed procedures
30
Sako Mayrick
Reporting
 Negative form of assurance
“nothing has come to the practitioner’s
attention based on the review that causes the
practitioner to believe the financial statements do not
give a true and fair view (or are not presented fairly, in
all material respects) in accordance with the applicable
financial reporting framework (negative assurance)’’
31
Sako Mayrick
ISRE 2410
Review of Interim Fin. Information
 Is performed by an independent auditor of the entity
 Objective of an engagement to review interim financial
information is to enable the auditor to express a conclusion
whether, on the basis of the review, anything has come to the
auditor’s attention that causes the auditor to believe that the
interim financial information is not prepared, in all material
respects, in accordance with an applicable financial reporting
framework. The auditor makes inquiries, and performs analytical
and other review procedures in order to reduce to a moderate
level the risk of expressing an inappropriate conclusion when the
interim financial information is materially misstated.
32
Sako Mayrick
ISAE 3000
Assurance Engagements other than audits or
reviews of HFI
 The ISAE uses the terms reasonable assurance engagement and limited
assurance engagement
 The objective of a reasonable assurance engagement is a reduction in
assurance engagement risk to an acceptably low level in the
circumstances of the engagement as the basis for a positive form of
expression of the practitioner’s conclusion. The objective of a limited
assurance engagement is a reduction in assurance engagement risk to
a level that is acceptable in the circumstances of the engagement, but
where that risk is greater than for a reasonable assurance engagement,
as the basis for a negative form of expression of the practitioner’s
conclusion
33
Sako Mayrick
ISAE 3000
Acceptance
 The practitioner should accept (or continue where applicable)
an assurance engagement only if the subject matter is the
responsibility of a party other than the intended users or the
practitioner.
 The practitioner should accept (or continue where applicable)
an assurance engagement only if, on the basis of a preliminary
knowledge of the engagement circumstances, nothing comes to
the attention of the practitioner to indicate that the
requirements of the IESBA Code or of the ISAEs will not be
satisfied.
34
Sako Mayrick
Engagement and Planning
 Written form of engagement is recommended
 Planning
 Developing of overall scope and strategy, timing and conduct of
engagement
 Characteristics of the subject matter
 Understanding of the entity
 Engagement process and possible sources of evidence
 Identification of intended users, materiality and risks
 Personnel and expertise requirement including nature and extend of
expert’s involvement
 Professional skepticism
 Professional judgment
35
Sako Mayrick
Understanding of the subject matter
 Subject matter should be understood to clearly
identify and assess the risks of subject matter
information
 Materiality and engagement risks
 Appropriateness of the subject matter
 Adequate skills and knowledge on subject
matter
 Obtain sufficient evidence of expert work
36
Sako Mayrick
Obtaining evidence
 Sufficiency and appropriate
 Professional skepticism
 Practitioner should consider the reliability of information to be used
as evidence e.g. photocopies, facsimiles, filmed, digitized and
other electronic documents including consideration of controls
 Evidence is part of iterative process
 Understanding subject matter
 Assessment of risk and response for NTE of audit procedures
 Perform procedures linked to identified risks using combination
of Inspection, Observation, confirmation, recalculation, reperformance, Analytical procedures and inquiry including
corroborating information.
 Evaluation the sufficiency and appropriateness of evidence
37
Sako Mayrick
Quality Control and Quality Review
 Quality Control
 Policies and procedures to provide reasonable assurance
on compliance to professional standards and regulatory
and legal requirements and reports are appropriate
 Quality Control review
 Process to provide an objective evaluation before the
report is issued, of the significant judgments the
engagement team made and conclusions they reached in
reporting
38
Sako Mayrick
Elements of quality control
 Leadership
 Ethical requirements
 Acceptance and continuance of client
relationship and specific engagements
 Human resources
 Engagement performance
 Monitoring
39
Sako Mayrick
Subsequent events and other
procedures
 See detailed procedures on Appendix 2 of ISREs as
applicable in this ISAE
40
Sako Mayrick
Reporting
 Reasonable assurance
In our opinion internal control is effective, in all material
respects, based on XYZ criteria” or “In our
opinion the responsible
party’s assertion that internal control is effective, in all
material respects,
based on XYZ criteria, is fairly stated
 Limited assurance
Based on our work described in this report, nothing has come
to our attention that causes us to believe
that internal
control
is not effective, in all material respects, based on XYZ
criteria” or “Based on our work
described in this report, nothing
has
come to our attention that causes us to believe that the responsible
party’s assertion that internal control is effective,
in all material
respects, based on XYZ criteria, is not fairly stated
41
Sako Mayrick
ISAE 3400 (ISA 810)
PROSPECTIVE FINANCIAL INFORMATION
 The purpose of this International Standard on Assurance
Engagements (ISAE) is to establish standards and provide
guidance on engagements to examine and report on prospective
financial information including examination procedures for
best-estimate and hypothetical assumptions.
 This ISAE does not apply to the examination of prospective
financial information expressed in general or narrative terms,
such as that found in management’s discussion and analysis in an
entity’s annual report, though many of the procedures outlined
herein may be suitable for such an examination.
42
Sako Mayrick
Objectives
In an engagement to examine prospective financial information, the
auditor should obtain sufficient appropriate evidence as to whether:
(a) Management’s best-estimate assumptions on which the prospective
financial information is based are not unreasonable and, in the case of
hypothetical assumptions, such assumptions are consistent with the purpose
of the information;
(b) The prospective financial information is properly prepared on the basis of
the assumptions;
(c) The prospective financial information is properly presented and all
material assumptions are adequately disclosed, including a clear indication
as to whether they are best-estimate assumptions or hypothetical
assumptions; and
(d) The prospective financial information is prepared on a consistent
basis with
historical financial statements, using appropriate accounting principles.
Sako Mayrick
43
Prospective Financial Information
 Means financial information based on
assumptions about events that may occur in the
future and possible actions by an entity. It is
highly subjective in nature and its preparation
requires the exercise of considerable
judgment. Prospective financial information
can be in the form of a forecast, a projection or
a combination of both, for example, a one year
forecast plus a five year projection.
44
Sako Mayrick
Forecasts and Projections
 A “forecast” means prospective financial information prepared on the basis of
assumptions as to future events which management expects to take place and
the actions management expects to take as of the date the information is
prepared (best-estimate assumptions).
 A “projection” means prospective financial information prepared on the basis
of: (a) Hypothetical assumptions about future events and management actions
which are not necessarily expected to take place, such as when some entities
are in a start-up phase or are considering a major change in the nature of
operations; or
(b) A mixture of best-estimate and hypothetical assumptions.
Such information illustrates the possible consequences as of the date the
information is prepared if the events and actions were to occur (a “what-if”
scenario).
Sako Mayrick
45
PFI Uses and responsibility
 Prospective financial information can include financial statements or one or more
elements of financial statements and may be prepared:
(a) As an internal management tool, for example, to assist in evaluating a possible
capital investment; or
(b) For distribution to third parties in, for example:
• A prospectus to provide potential investors with information about future
expectations.
• An annual report to provide information to shareholders, regulatory bodies
and other interested parties.
• A document for the information of lenders which may include, for
example, cash flow forecasts.
 It is management responsibility for preparation and presentation of prospective
financial information
 The auditor is, therefore, not in a position to express an opinion as to whether the
results shown in the prospective financial information will be achieved. And
therefore it is a moderate level of assurance
46
Sako Mayrick
Acceptance of Engagement
 Prerequisite
 Intended uses of the information
 Distribution, general or limited
 Nature of assumptions
 Elements to be included in the information
 Period covered by information
 There should be clear terms of engagement
 Obtain sufficient level of knowledge about the business and
significant assumptions e.g. controls, documentation on assumptions,
statistical , mathematical and CAATs; accuracy of information
 Consider the extent of reliance on historical financial information
47
Sako Mayrick
Period covered and examination
procedures
 Period covered
 Operating cycle e.g. project
 Degree of reliability of assumptions
 Needs of users
 Examination procedures
 Data reliability
 Knowledge obtaining during any previous engagements
 Management competence on preparation of prospective
financial information
 Adequacy and reliability of underlying data
48
Sako Mayrick
Presentation and Disclosure
PFI is information and not misleading
Accounting policies
Assumptions should be clearly
disclosed and whether they represent
managements best estimate or
hypothetical
Date of PFI preparation
49
Sako Mayrick
Reporting
 Title, address and identification of PFI
 Reference to ISAE
 Statement of management responsibility
 Reference to purpose of PFI
 Statement of negative assurance whether the
assumptions provides a reasonable basis for PFI
 Caveat on achievability of results
50
Sako Mayrick
ISAE 3402
ASSURANCE REPORTS ON CONTROLS AT SERVICE LEVEL
ORGANIZATION
 Service organization – A third-party
Organization (or segment of a third-party
organization) that provides services to user
entities that are likely to be relevant to user
entities’ internal control as it relates to financial
reporting.
 The service auditor should also comply with
ISAE and ISAE 3000
51
Sako Mayrick
ISAE 3402




52
ASSURANCE REPORTS ON CONTROLS AT SERVICE LEVEL
ORGANIZATION
This International Standard on Assurance Engagements (ISAE) deals with
assurance engagements undertaken by a professional accountant in public
practice1 to provide a report for use by user entities and their auditors on
the controls at a service organization that provides a service to user entities
that is likely to be relevant to user entities’ internal control as it relates to
financial reporting.
In addition to issuing an assurance report on controls, a service auditor may
also be engaged to provide reports such as the following, which are not
dealt with in this ISAE:
(a) A report on a user entity’s transactions or balances maintained by a
service organization; or
(b) An agreed-upon procedures report on controls at a service
organization.
Sako Mayrick
Related documents
Quality Review and Assurance Committee Terms of Reference
Quality Review and Assurance Committee Terms of Reference
UM Case Study - MOR Associates
UM Case Study - MOR Associates
975 Senior Director Quality – Global, MA
975 Senior Director Quality – Global, MA
Kursguide - Course Syllabus
Kursguide - Course Syllabus
quality management plan
quality management plan
Auditor, Trust Assurance (15-month term)
Auditor, Trust Assurance (15-month term)
Chapter 16 – Multiple Choice Type Questions
Chapter 16 – Multiple Choice Type Questions
November-Section 2012
November-Section 2012
QUALITY ASSURANCE FINAL PROJECT – CASE STUDY
QUALITY ASSURANCE FINAL PROJECT – CASE STUDY
Download
advertisement