Assurance vs Non-Assurance Services We will not dive directly into “Audit”. And that might confuse you. The term assurance will most likely appear first in books. And you might think that it might be another term for audit when “audit” is just one of the assurance services. So, let's establish the term “Assurance” first. I. Assurance and Non-Assurance Services In buying a book for Auditing1, you have to decide what’s the best one for you. But having no sufficient background about the authors that you have seen in Shopee or Lazada, you’re having a hard time choosing. You can decide on your own but it’s assuring to ask for help. To ask someone who is an expert on this. You can’t rely on the authors claiming that their books are the best because they are all claiming the same thing. So, you ask your seniors. And after doing so, you are more confident in placing your order. ➔ With that, we can come up with an equation as to why we need assurance: ◆Information + Action = Decision ➔ Will this formula apply in all scenarios? ◆The outcome will differ (good decision or bad decision) depending on the information because of information risk. ● Information risk - the possibility that the information upon which “business risk decision” was made was inaccurate. ➔ Ex: A bank deciding on approval of loan and its terms. ◆Company → FS → Bank ● Company applies for a bank loan ● The Financial Statements entail information risk ○ The provider of information (Company) might have conflict of interest - presenting financial information to have a good image ● The Bank will then make a decision based on the Financial Statements presented ○ To be assured, the bank will ask for the Audited Financial Statements ➔ Why is there a risk of information? 1. Biases and motives (of the provider of information) 2. Volume of transaction that is being processed 3. Complexity of transactions 4. Remoteness of information ➔ Can we eliminate information risk? ◆No, but we can manage it. A. Introduction to assurance engagements 1. Nature, objective and elements a) Nature ➔ Assurance Services: ◆Assurance - refers to practitioner’s (such as CPA) satisfaction as to the reliability of an assertion being made by one party for use by another party. ● Assurance = Satisfaction ◆Assurance Services - independent professional services that improve the quality of information, or its context, for decision makers. b) Objective ➔ To evaluate or measure a subject matter that is the responsibility of another party against identified suitable criteria and express a conclusion that provides the intended user with a level of assurance about a subject matter. ➔ To understand this better, you can divide it by parts: ◆To evaluate or measure a subject matter ● Subject matter: e.g. Financial Position, Cash Flows ● Who’s responsible for providing the subject matter? ○ Another party (other than the one evaluating/measuring the subject matter) ○ Take note of the definition of “Assurance Services”: It is done by an independent professional (practitioner), thus, the subject matter (e.g. financial position, cash flows) should not be provided by the independent professional himself/herself. ● How to evaluate or measure? ○ There should be a criteria (e.g. PFRS) which should be suitable for the subject matter ○ The practitioner will evaluate the subject matter if it follows the standards laid out in PFRS. (Do they present and measure their inventories in accordance with PAS 2?) ◆To express a conclusion ● In making their decision, why do they (intended users) rely on this conclusion? ○ Because of the level of assurance that a practitioner can provide about the subject matter. c) Elements ➔ 3SECC (3 sexy) 01. Three-party relationship 02. Appropriate underlying Subject matter 03. Sufficient and appropriate audit Evidence 04. Suitable Criteria 05. Conclusion or Written Assurance Report 01. Three-party relationship a. Responsible party ➔ Responsible for the: ◆Subject matter, ◆Subject matter information (we’ll discuss about this later), or ◆Both subject matter and subject matter information ➔ The responsible party may be one of the users, but should not be the only one. b. Practitioner ➔ Independent, competent person ◆Independent from both: ● Responsible party ● Intended users ➔ Determines the following for the engagement (assurance engagement) procedures: ◆Nature ◆Timing ◆Extent c. Intended users ➔ For whom the assurance report is prepared for. 02. Appropriate underlying Subject matter ➔ Subject Matter Vs Subject Matter Information ◆Subject matter (SM) - nature of the assertion the practitioner gathers sufficient evidence. ● E.g. financial position, cash flows ◆Subject matter information (SMI) - used to mean the outcome of the evaluation or measurement of the subject matter ● Result of applying the criteria to the underlying subject matter ● Subject Matter + Criteria = Subject Matter Information ★ It is from the SMI where the practitioner gathers sufficient appropriate evidence as the basis for the practitioner’s conclusion. ➔ What do you mean by appropriate subject matter? ◆It must be in verifiable form: ● Can be measured against the identified criteria ● Can be subjected to procedures 03. Sufficient and appropriate audit Evidence ➔ Evidence - all information gathered by the practitioner in evaluating the subject matter against the suitable criteria, on which the conclusion is based. ➔ How important is it to gather evidence? ◆NO evidence = NO conclusion = NO assurance ➔ Factors affecting the evidence-gathering: a. Sufficiency and appropriateness of evidence ➔ Sufficiency - Quantity of evidence ◆Sufficiency is affected by: ● Risk of material misstatement (RoMM) ○ Greater risk likely requires more evidence ● Quality of evidence ○ The higher the quality, the lesser may be required ➔ Appropriateness - Quality of evidence ◆Appropriateness is based on its: ● Relevance ● Reliability ➔ Sufficiency and appropriateness of evidence are interrelated. ➔ On the other hand, merely obtaining more evidence may not compensate for its poor quality. b. Materiality ➔ Why do we consider materiality in assurance engagements? ◆To emphasize the need of the users (decision-makers) ● The practitioners will focus the engagement on material financial information which will be relevant in decision-making. ◆For practicability (the practitioners cannot consider everything with limited resources) ● Do auditors have to go through every receipt of McDonalds PH for its annual sales? ○ It is impractical, thus, there’s a need to set a materiality level. ➔ What is the relationship of Materiality Level with the Audit Evidence? ◆Inverse →the higher the materiality level, the lesser evidence needed ● E.g. What matters for the practitioner are receipts amounting to P100,000 and above. Thus, the engagement will not have to go through those receipts with sales less than P100,000. (lesser evidence to go through) ● Compare this to a materiality level set at P50,000, there will be additional evidence ranging from P50,000 to P99,999. c. Assurance engagement risk (AER) ➔ The risk that the practitioner expresses an inappropriate conclusion when the subject matter information (SMI) is materially misstated. ➔ The objective must be to lower the AER. ◆This can be achieved through more intensive evidencegathering procedures ➔ With that, the practitioner can provide a higher level of assurance. ➔ AER’s components can be expressed in equation for easier understanding: ◆AER = IR x CR x DR ◆Inherent risk (IR) - this recognizes that some account balances or classes of transactions (in the financial statements), by nature, are more susceptible to misstatements than others. ◆Control risk (CR) - this is related to the effectiveness of the client’s (responsible party) internal control. ● It is a risk which internal controls cannot prevent, detect, or correct the material misstatements. ◆Detection risk (DR) - risk that an auditor’s substantive procedure will not detect a material misstatement. ➔ Out of these three, IR and CR are beyond the control of the practitioner. ➔ Remember the RoMM discussed under Sufficiency of Evidence, it is actually composed of IR and CR. ◆RoMM = IR x CR ➔ Since detection risk is the only one within the control of the practitioner, it is inversely related to IR and CR. ◆The higher the IR and CR, the lower the acceptable level of DR. d. Cost-benefit consideration ➔ Relationship between: ◆Cost of obtaining evidence ◆Usefulness (benefit) of information obtained ➔ However, for evidence which does not have an alternative, the difficulty or expense is not in itself a valid basis for omission. e. Professional skepticism ➔ Attitude that includes a questioning mind ◆Being alert to conditions which may indicate possible misstatement due to error or fraud ➔ Critical assessment of evidence ➔ But caution is advised because professional skepticism is still subject to the practitioner’s own judgment ◆Thus, still affected by biases. 04. Suitable Criteria ➔ Criteria: Benchmarks ◆Used to evaluate or measure the subject matter ◆SM + Criteria = SMI ➔ What are the characteristics of a suitable criteria? [RUN CR] ◆Relevance ◆Understandability ◆Neutrality ◆Completeness ◆Reliability ➔ What are the ways to communicate the criteria to the intended users? ◆Publicly ◆Through inclusion in the presentation of SMI ◆Through inclusion in assurance report 05. Conclusion or Written Assurance Report ➔ Conveys the assurance obtained about the subject matter information. ➔ Levels and Forms of Assurance: ★ Assurance engagements are classified as to structure (Attestation vs Direct Engagement) ○ The difference lies with the responsibility over SMI ■ Attestation Engagement - provided by responsible party ● E.g. Audit, Review ■ Direct Engagement - responsibility of the practitioner 2. Types of assurance engagements (audits, reviews, other assurance engagements) a. Audit - Reasonable assurance engagement b. Review - Limited assurance engagement ★ For other differences, refer to the table provided under “Conclusion or Written Assurance Report” c. Other Assurance Engagements ➔ The subject matter (SM) is other than Historical Financial Information ◆Business Performance Measurement - balanced scorecard is used as SM ◆Health Care Performance Measurement evaluation of quality of health care, medical services and outcome. ➔ Ethical Requirement: ◆I - Independence ◆COBID ● Confidentiality ● Objectivity ● Professional Behavior ● Integrity ● Professional Competence and Due Care B. Introduction to auditing “An audit is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between these assertions and established criteria and communicating the results to interested users.” - American Accounting Association 1. Auditing is a systematic process ➔ Auditing proceeds by means of an ordered and structured series of steps. 2. An audit involves obtaining and evaluating evidence regarding assertions about economic actions and events ➔ Assertions - representations made by the client about economic actions and events ➔ Evidence - information obtained by the auditor in arriving at the conclusions on which the audit opinion is based 3. An audit is conducted objectively ➔ The auditor should conduct the audit without basis. 4. Auditors ascertain the degree of correspondence between assertions and established criteria ➔ Established criteria - standards or benchmark used to verify the validity of the assertions given by the audit client. 5. Auditors communicate the audit results to various intended users ➔ Communication of audit findings is the ultimate objective of any audit. Types of Audit Financial Statement Audit ➔ Management (Responsible party) ◆Responsible for preparing and presenting FS in accordance with the financial reporting framework ➔ Auditor ◆Responsibility: to express an opinion ◆Does being audited mean that it is 100% free from material misstatements? ● No. Remember, only reasonable assurance is given (not absolute). ● Why can’t we have 100% assurance? ○ As mentioned above under Assurance Engagement Risk, there are risks that are beyond the control of the auditors (IR & CR). ○ An auditor can manage to increase the level of assurance by adjusting the detection risk through conducting more intensive substantive procedures. ➔ What are the limitations on an audit? [SEPIA] ◆Use of selective testing ● Philippine Standards on Auditing (PSA) do not require auditors to examine all available information. ◆Nature of evidence ● Most audit evidence is persuasive rather than conclusive in nature. ● The evidence gathered will not prove or disprove the validity of assertions ○ The evidence gathered will be combined to persuade the auditor ◆Professional judgment ● The work undertaken by the auditor to form an opinion is permitted by judgment. ● There might be errors in the application of judgment. ◆Inherent limitations of internal control ● Audit procedures may not be effective in detecting misstatements resulting from: ○ Collusions among employees ○ Management’s circumvention of internal control. ◆Nature of assertions ● Assertions: Management’s representations ● If the management lacks integrity, the management may provide the auditor with false representations causing the auditor to rely on unreliable evidence. ➔ General Principles of an FS Audit: ◆The auditor should comply with the “Code of Professional Ethics for CPA” promulgated by the BOD. ◆The auditor should conduct an audit in accordance with the PSAs. ◆The auditor should plan and perform the audit with an attitude of professional skepticism. ➔ Theoretical Framework of Auditing: 1. All financial data are verifiable. ➔ All balances reported in the FS must have supporting documents or evidence to prove their validity. 2. Independence is essential for ensuring the credibility of the auditor’s report. ➔ The auditor should always maintain independence with respect to the FS under audit. 3. There should be no long-term conflict between the auditor and the client management. ➔ Can short-term conflicts exist? ◆Yes, provided that: ● It may exist regarding the application of auditing procedures and accounting principles. ● In the end, both the auditor and the management must be interested in the fair presentation of the FS (conflict must be resolved) 4. Effective internal control system reduces the possibility of errors and fraud affecting the FS. ➔ The condition of the entity’s internal control system directly affects the reliability of the FS. 5. Consistent application of GAAP and IFRS results in fair presentation of FS. ➔ GAAP and IFRS are usually the criteria in an independent audit of FS. ➔ Consistent application = Fair presentation 6. What was held true in the past will continue to hold true in the future in the absence of known conditions to the contrary. ➔ Does this mean that we can use our past experience and knowledge from prior years' audit of a client? ◆Yes, it can be used as a basis in determining the procedures to be performed for the current year. 7. An audit benefits the public. ➔ Ordinarily, FS are prepared in order to meet the common information needs of a wide range of users (public). II. The Professional Practice of Public Accounting (Setting Up and Maintaining an Accounting Practice) ➔ An auditing firm may be set up as a: ◆Sole proprietorship ◆Partnership ● But it cannot be a corporation. ➔ Rules on Names: ◆Individual ● Registered name with BOA and PRC (as printed on CPA certificate) ◆Firms ● Registered name appearing in the documents issued by DTI, which includes the real name of the sole proprietor ◆Partnership ● Partnership names as indicated in the Articles of Partnership and certificates issued by SEC ● Must not include any fictitious name, nor specialization ● A partner surviving the death or withdrawal of all the other partners in a partnership may continue to practice under the partnership name for a period of not more than 2 years after becoming a sole proprietor. References: 1. Irineo, J., Irineo, S., & James, G. (2018). Auditing and assurance principle. Good Dreams Publishing. 2. Salosagcol, J., Tiu, M., & Hermosilla, R. (2018). Auditing Theory. GIC Enterprises & Co., Inc. 3. International Federation of Accountants (IFAC). (2008). International framework for assurance engagements. International Auditing and Assurance Standards Board. https://www.ifac.org/system/files/downloads/International_Framework_for_Assuranc e_Engagements.pdf
