CHAPTER 1: AUDIT AND OTHER ASSURANCE ENGAGEMENT

Objective: To introduce the concepts of audit and assurance engagements.

1.1 External Audit

During the middle of the 19th century, the

development of joint-stock corporations required
directors to report to the shareholders whose capital
they managed.

As ownership and management became significantly

separated, shareholders (and in today's corporate
environment, other stakeholders) required
independent verification that what the directors
(management) reported was true.

Key Point

The objective of an external audit is to express an opinion (in terms of truth and
fairness) on whether the financial statements are prepared, in all material respects, in
accordance with an identified reporting framework (e.g., International Financial
Reporting Standards) and the relevant law.

• Statutory audits (i.e., carried out according to statutory provisions) became mandatory for
companies in the UK in 1900. The auditor was required to be independent of the company,
hence an external auditor.
• Initially, the purpose of an audit was to detect fraud, technical errors and errors of principle.
However, as the size and complexity of companies grew, case law developed the principle
that it was unreasonable to expect auditors to detect all aspects of fraud, even though they
were expected to exercise reasonable skill and care.
• As companies grew, with many becoming international organizations, it became
impracticable for auditors to verify the 100% accuracy of financial records. So, the audit of
financial statements became an attestation (substantiation, testimony) of their credibility (i.e.
believability).

Key Point

Company law requires statutory (external) audits in the jurisdiction in which a corporation operates.

The general provisions for external audit typically contained in company law are discussed
in Chapter 2.
1.2 Internal Audit

Definition

Internal auditing – an independent, objective assurance and consulting activity designed to add
value and improve an organisation’s operations.

It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to

evaluating and improving the effectiveness of risk management, control, and governance processes.

– The Institute of Internal Auditors (IIA)

The modern form of internal audit was initially developed as the growth and increasing
complexity of entities in the early 1900s stretched the capabilities of managers to manage
effectively.

• Senior management appointed specialist employees to review and report on various

financial and other processes and to ensure that appropriate controls were effectively applied.
• The role of the early internal auditors ranged from checking routine financial and
operational functions with a heavy emphasis on compliance, security and detection of fraud
to (in some cases) the analysis and appraisal of financial and operational activities. The
Institute of Internal Auditors (IIA) was founded in 1941.
• The expansion of the role of internal audit, whether required by legislation (e.g. in public
sectors), listing regulations, corporate governance codes (e.g. the UK Corporate Governance
Code) or as a voluntary activity, reflects organisations’ economic and international growth.

The role of internal audit in governance is discussed in Chapter 14.

1.3 Assurance Services

Definitions

Assurance services – independent professional services that improve the quality of information, or
its context, for decision-makers.

Over the years, the auditing profession has broadened its role (and income streams) by
developing a wide range of assurance services (of which the financial statement audit is just one
part).
Factors contributing to the increasing demand for assurance services include:

1. The rapid expansion of available information (e.g. systems capabilities of capturing,

processing and delivering relevant and reliable information).
2. The changing information needs of businesses and consumers (e.g. minimising information
overload).
3. The increase in demand for relevant information for decision-makers (e.g. budgets, cash
flow forecasts and due diligence).
4. Emerging technologies (e.g. automation, the internet and data analytics) and business
processes (e.g. supply chain management, outsourcing).
5. Changing expectations and demands of customers, suppliers and other stakeholders (e.g.
quality control, market trends).
6. Globalisation of businesses creating worldwide needs (e.g. ethical supply-chain codes).
7. Increasing corporate accountability demanding more relevant and reliable information (e.g.
corporate governance, compliance with laws and regulations, environmental performance,
corporate social reporting and integrated reporting).

Typical assurance services include:

1. Audits of financial statements and reviews of historical financial information.

2. Prospective financial information (e.g. cash flows) reviews.
3. Business ethics audits, social responsibility reporting, environmental reporting.
4. Risk assessments (including e-commerce).
5. Value for money audits.
6. Performance measurement.
7. Systems and control reliability.

Exam advice

Only audits and reviews of historical financial information are examinable in detail.
2.0 Introduction: EXTERNAL AUDIT

An external audit provides confidence in the integrity of corporate reporting for the benefit of
stakeholders and society by providing an external and objective view of the statutory financial
statements. Specifically, the audit enhances the degree of confidence of the shareholders in the
financial statements.

2.1 External Audit as an Assurance Service

As an assurance service, an external audit must include the five elements of an assurance
engagement:

1. The subject matter is the financial statements prepared under the applicable financial
reporting framework (e.g. IFRS Standards).
2. The three-party relationship includes:
• the directors, who are responsible for the financial statements.
• the practitioner (i.e. the external auditor); and
• the shareholders (and other intended users of the financial statements).
3. The criteria used to evaluate the financial statements include the financial reporting
framework.
4. The external auditor plans and performs the audit engagement to obtain sufficient
appropriate evidence to support the expression of an opinion on the financial statements.
5. An opinion in an assurance report – the "independent auditor's report".
Use CREST to remember the five elements of an assurance engagement!
• Criteria – suitable criteria
• Report – an assurance report
• Evidence
• Subject matter
• Three party relationship (intended user, responsible party, practitioner)

These elements are described in more detail in s.3.2.

2.2 Stewardship, Agency and Accountability

Exam advice

These concepts were introduced in earlier examinations (Business and Technology and Corporate and
Business Law).

Generally, companies are:

• Owned by shareholders; and
• Managed by directors who the shareholders appoint.
The shareholders appoint auditors to report to them (provide assurance) on the information
provided by the directors (the annual financial statements as required by law).
The essential attributes of the relationship between the directors, shareholders and auditors are
stewardship, agency and accountability.

2.2.1 Stewardship
Stewardship is the practice of managing another person's property. Directors and other managers
of an entity have the responsibility of stewardship for the property of that entity, which the
shareholders own.
Activity 1 Stewardship
Suggest FIVE responsibilities of company directors.
Responsibilities (e.g. duties embodied in statute and corporate governance requirements) may
include:
1. Keeping books of accounts and proper accounting records.
2. Safeguarding the entity's assets.
3. Implementing appropriate business, financial and risk management controls.
4. Producing financial statements (statement of financial position, statement of
comprehensive income, statement of cash flows, statement of changes in equity,
disclosure notes) that give a true and fair view and the results of their stewardship.
5. Producing a directors' report and other information (e.g. as required by listing rules)
which is consistent with the financial statements and contains certain specified
information.
2.2.2 Agency
An agent is an individual (or another entity) employed or used to provide a particular service.
The individual using the agent is the principal.
Activity 2 Agency
Describe the possible agency relationships between shareholders, directors and auditors.
• A director can be described as an agent having a fiduciary relationship (one of trust)
with a principal (i.e. the company that employs her).
• A director is similarly an agent of the shareholders.
• Auditors, as the shareholders appoint them in most jurisdictions, are also agents of
the shareholders.
2.2.3 Accountability

Accountability is where one party is held responsible (answerable) to another party; it will be
required to justify its actions and decisions to that party.

Activity 3 Accountability
Explain the accountability of directors to shareholders.
• Directors are accountable to the shareholders. Many jurisdictions place legal requirements
on directors regarding how they are accountable and communicate with stakeholders, for
example through directors' reports and financial statements prepared under an appropriate
framework (e.g. IFRS).
• Directors of listed companies will also be subject to listing rules and corporate governance
codes (e.g. publication of interim financial statements, regular meetings with financial
institutions, profit and going concern warnings, analysis and management of risk, audit
committees and annual general meetings).
• The auditors of a company's financial statements are accountable to shareholders. They act
in the interest of the shareholders (the primary stakeholders) while also having regard for the
broader public interest in that other stakeholders will read their report (but note that they are
not the agents of any other stakeholder, and their report is not addressed to such stakeholders,
only to the shareholders).

Exam advice

The role of the annual general meeting (AGM) in managing companies is assumed knowledge
from Corporate and Business Law.

2.3 Auditor’s Report

Key Point

The objective of an audit of financial statements is:

• to enable an independent auditor to obtain reasonable assurance about whether the financial
statements are free from material misstatement, whether due to fraud or error; and (thereby)
• to express an opinion on whether the financial statements are prepared, in all material respects, in
accordance with an identified financial reporting framework.

The auditor's report, the product of the auditor's work, is a written communication to the
shareholders. It is introduced here to provide the context of what an audit entails; it is explained
in detail in Chapter 30.
An example of an auditor’s report, which expresses the audit opinion, follows.

INDEPENDENT AUDITOR’S REPORT

To the Shareholders of ABC Company [or Other Appropriate Addressee]

Report on the Audit of the Financial Statements

Opinion
We have audited the financial statements of ABC Company (the Company), which comprise the
statement of financial position as at December 31, 20X1, and the statement of comprehensive
income, statement of changes in equity and statement of cash flows for the year then ended, and
notes to the financial statements, including a summary of significant accounting policies.

In our opinion, the accompanying financial statements present fairly, in all material respects, (or
give a true and fair view of) the financial position of the Company as at December 31, 20X1, and
(of) its financial performance and its cash flows for the year then ended in accordance with
International Financial Reporting Standards (IFRSs).

Basis for Opinion

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our
responsibilities under those standards are further described in the Auditor’s Responsibilities for
the Audit of the Financial Statements section of our report. We are independent of the Company
in accordance with the International Ethics Standards Board for Accountants’ Code of Ethics for
Professional Accountants (IESBA Code) together with the ethical requirements that are relevant
to our audit of the financial statements in [jurisdiction], and we have fulfilled our other ethical
responsibilities in accordance with these requirements and the IESBA Code.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a
basis for our opinion.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance
in our audit of the financial statements of the current period. These matters were addressed in the
context of our audit of the financial statements as a whole, and in forming our opinion thereon,
and we do not provide a separate opinion on these matters.

[Description of each key audit matter in accordance with ISA 701.]

Other Information
[Add detail in accordance with ISA 720]

Responsibilities of Management and Those Charged With Governance for the Financial
Statements
Responsibilities of Management and Those Charged With Governance for the Financial
Statements Management is responsible for the preparation and fair presentation of the financial
statements in accordance with IFRSs, and for such internal control as management determines is
necessary to enable the preparation of financial statements that are free from material
misstatement, whether due to fraud or error.

In preparing the financial statements, management is responsible for assessing the Company’s
ability to continue as a going concern, disclosing, as applicable, matters related to going concern
and using the going concern basis of accounting unless management either intends to liquidate
the Company or to cease operations, or has no realistic alternative but to do so.

Those charged with governance are responsible for overseeing the Company’s financial reporting
process.

Auditor’s Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a
whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s
report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a
guarantee that an audit conducted in accordance with ISAs will always detect a material
misstatement when it exists. Misstatements can arise from fraud or error and are considered
material if, individually or in the aggregate, they could reasonably be expected to influence the
economic decisions of users taken on the basis of these financial statements.

*As part of an audit in accordance with ISAs, we exercise professional judgment and maintain
professional skepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement of the financial statements, whether
due to fraud or error, design and perform audit procedures responsive to those risks, and
obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The
risk of not detecting a material misstatement resulting from fraud is higher than for one
resulting from error, as fraud may involve collusion, forgery, intentional omissions,
misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of the Company’s internal control.
• Evaluate the appropriateness of accounting policies used and the reasonableness of
accounting estimates and related disclosures made by management.
• Conclude on the appropriateness of management’s use of the going concern basis of
accounting and, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the Company’s ability to
continue as a going concern. If we conclude that a material uncertainty exists, we are required
to draw attention in our auditor’s report to the related disclosures in the financial statements
or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on
 the audit evidence obtained up to the date of our auditor’s report. However, future events or
conditions may cause the Company to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the financial statements,
including the disclosures, and whether the financial statements represent the underlying
transactions and events in a manner that achieves fair presentation.
We communicate with those charged with governance regarding, among other matters, the
planned scope and timing of the audit and significant audit findings, including any significant
deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with
relevant ethical requirements regarding independence, and to communicate with them all
relationships and other matters that may reasonably be thought to bear on our independence, and
where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters
that were of most significance in the audit of the financial statements of the current period and
are therefore the key audit matters. We describe these matters in our auditor’s report unless law
or regulation precludes public disclosure about the matter or when, in extremely rare
circumstances, we determine that a matter should not be communicated in our report because the
adverse consequences of doing so would reasonably be expected to outweigh the public interest
benefits of such communication.

The engagement partner on the audit resulting in this independent auditor’s report is [name].

[Signature in the name of the audit firm, the personal name of the auditor, or both, as appropriate
for the particular jurisdiction]
[Auditor Address]
[Date]

*This description of the auditor’s responsibilities (as shaded above) may be included in a
referenced appendix to the auditor’s report or by a specific reference to a website of an
appropriate authority, where the auditor is permitted to do so.

2.3.1 Management and Auditor’s Responsibility

Management is responsible for preparing and presenting fairly the financial statements (e.g. in
accordance with the applicable financial reporting framework). This includes:

• designing, implementing and maintaining the necessary internal control;

• selecting and applying appropriate accounting policies; and
• making accounting estimates that are reasonable in the circumstances.
Management’s responsibility is stated in:

• the auditor’s report;

• the engagement letter between the auditors and directors (see Chapter 5); and
• the written representations from the directors to the auditors (see Chapter 20).

Oversight of management’s responsibilities (including those for the financial statements) is

provided by those charged with governance (TCWG). The governance structure will vary
depending on the jurisdiction that management operates within and the applicable corporate
governance code (see Chapter 3).
An audit of financial statements does not relieve management or TCWG of their responsibilities.
The auditor is responsible for expressing an opinion on the financial statements based on the
audit. The scope of audit work is described in the report, in an appendix to the auditor’s report,
or by a specific reference to a website of an appropriate authority. The auditor is not responsible
for the financial statement’s form and content.
Although the audit opinion enhances the credibility of the financial statements, users cannot
assume that the opinion assures the future viability of the entity or the efficiency or effectiveness
of management’s stewardship.

2.3.2 International Standards on Auditing (ISA)

Each ISA provides:

• an introduction, objectives and definitions;
• requirements; and
• application and other explanatory material.

An audit conducted in accordance with ISAs must consider the requirements of:

• ISAs (i.e. to plan, evaluate controls, obtain evidence, form conclusions and report);
• relevant professional bodies (e.g. ACCA);
• legislation and regulations (e.g. Companies Acts);
• the terms of the audit engagement and reporting requirements.
The scope and authority of ISAs are discussed in Chapter 2.

2.3.3 Ethical Requirements

The auditor should comply with the International Ethics Board for Accountants (IESBA) Code
of Ethics for Professional Accountants (see Chapter 4).
2.3.4 Reasonable Assurance

In an audit engagement, the auditor provides a high, but not absolute, level of assurance
(expressed “positively” in the auditor’s report as reasonable assurance) that the information
subject to audit (i.e. the financial statements) is free of material misstatement.

• To provide reasonable assurance, the auditor carries out specific detailed routines, conducts
relevant testing and assesses the accumulated evidence collected regarding the financial
statements. The auditor must believe that the evidence obtained is sufficient and appropriate
to provide a basis for his opinion.
• An auditor cannot obtain absolute (e.g. 100%) assurance because of the inherent limitations
in an audit (see Chapter 2). Therefore, a audit cannot guarantee that the financial statements
are free of material misstatement.

2.3.5 Materiality

Definitions

Material – Information is material if its omission or misstatement could influence decisions that the
primary users of general purpose financial reports make based on those reports.

Materiality is an expression of relative significance or importance of a matter, whether

quantitative or qualitative (e.g. values and discursive disclosures), in the financial statements
(see Chapter 10).
• In planning their audit, the auditors must consider those areas that are material to the
financial statements and the possibility that material errors could be contained in the
(unaudited) financial statements ("material misstatement").
• Audit procedures must minimise the risk that material misstatements remain undetected by
the audit.

Key Point

The auditor is not responsible for detecting misstatements that are not material to the financial
statements.
2.3.6 Professional Judgment

Key Point

Professional judgment must be applied in all stages of the audit process.

There are four primary areas in which professional judgment is critical:

1. In interpreting relevant ethical requirements and the application of ISAs.

2. In identifying and assessing risks of material misstatement (see Chapter 8).
3. In determining the audit scope and plan (e.g. deciding the nature, timing and extent of audit
procedures) to meet the requirements of ISAs and gather audit evidence.
4. In drawing conclusions based on evidence obtained (e.g. assessing the persuasiveness of
conflicting evidence from different sources and the reasonableness of estimates made by
management).

2.3.7 Professional Scepticism

Definitions

Professional scepticism – an attitude that includes a questioning mind and a critical assessment of
evidence.

Key Point

The auditor should plan and perform (i.e. conduct) the audit with an attitude of professional scepticism,
recognising that circumstances may exist that will cause a material misstatement in the financial
statements.

It is required throughout the audit process, for example:

• to identify conditions that may indicate possible fraud;

• to avoid inappropriate assumptions when determining the nature, timing and extent of the
audit procedures and evaluating results;
• to be alert for audit evidence that contradicts or brings into question the reliability of
documents or management representations; and
• to assess management’s judgments that involve estimation or subjective matters.
In planning, conducting and reviewing the audit, an auditor should assume neither dishonesty
nor unquestioned honesty of management.
2.3.8 "True and Fair View"

The term "true and fair view" is not defined in ISAs; definitions should be regarded with caution.

• True or truth relates to factual accuracy (bearing in mind materiality). The

information provided conforms to required standards, regulations and laws.
• Fairness relates to the presentation of information and the view conveyed to the
reader. Such information is free from bias. The financial statements reflect the
commercial substance and reality of the underlying balances and transactions.
• View indicates that a professional judgment has been reached. A degree of
imprecision is inevitable because of inherent limitations in an audit (e.g. the auditor
does not inspect 100% of all transactions).
A true and fair view means compliance with the applicable financial reporting framework. Where
there is a choice of accounting policy (e.g. the cost or revaluation model under IAS 16 Property,
Plant and Equipment), either alternative will give a true and fair view if applied correctly. For
example, the revaluation model must be applied to an entire class of property, plant and
equipment; to apply selectively would be biased.

Key Point

The phrases “present fairly, in all material respects” and “give a true and fair view” are equivalent.

2.4 The Audit Process

2.4.1 Audit Cycle

The audit process is often depicted as a continuous annual cycle of broad stages:
Stage Description

Engagement letter The auditor must send all clients an engagement letter setting
out the auditor's duties and responsibilities and management’s.
Chapter 5

Planning audit work is essential to performing it to the required high standard of

skill and care. It includes establishing the overall audit strategy and developing the
Planning Chapter 7 audit plan.

Assess risk To determine audit strategy and the nature, timing and extent of audit procedures
(the audit plan), auditors must design and perform risk assessment procedures.
Chapters 8

Internal controls Regardless of the audit approach, the auditor must evaluate the design of the
system of internal control.
Chapter 9

Control effectiveness If the auditor decides to rely on the system of internal control, the operating
effectiveness of internal controls must be tested.
Chapter 12

Substantive All material assertions relating to balances transactions and related disclosures
procedures must be verified. For example, that transactions occurred, that assets exist and that
disclosures are complete.
Chapter 15

Review and Audit working papers must be reviewed to ensure that audit evidence supports the
finalisation procedures audit opinion. Procedures typically include an analytical review of the financial
statements, subsequent events and going concern reviews.
Chapter 29

Obtain management The auditor asks management to formally acknowledge its responsibilities (e.g. for
representations the financial statements and internal controls). Representations may also be
required to support audit evidence (e.g. all liabilities have been recognised).
Chapter 20

After the directors have approved the financial statements, the auditor signs the
Sign auditor's report auditor's report. The audit opinion will usually be unmodified but may need to be
modified.
Chapter 30
2.4.2 Relational Diagram

This depiction of the process shows the two alternative audit approaches:

The auditor’s understanding of the

entity must include the internal
controls over financial reporting.
Depending on that understanding
and the risk of material
misstatement, the auditor decides
whether to perform tests of
controls (i.e. take a compliance
approach) or adopt a wholly
substantive approach. This general
overview of the audit process is
developed in later Chapters.

3.1 International Framework for Assurance Engagements

Definition

Assurance engagement – an engagement in which a practitioner expresses a conclusion designed to

enhance the degree of confidence of the intended users, other than the responsible party, about the
outcome of the evaluation or measurement of a subject matter against criteria.

The framework defines and describes the elements and objectives of assurance engagements,
including audits and reviews of historical financial information and other assurance
engagements.
3.2 Five Elements of an Assurance Engagement

Three-party relationship: an assurance engagement includes three separate parties:

• a practitioner;
• a party responsible for the subject matter or an assertion about the subject matter; and
• the intended users of the assurance report.
Subject matter: data prepared or assertions made by the responsible party.
Criteria: benchmarks (relevant, complete, reliable, neutral, understandable) against which the
subject matter can be assessed and an opinion provided.
Evidence: the practitioner plans and performs an assurance engagement with an attitude of
professional scepticism to obtain sufficient appropriate evidence about whether the subject matter
is free of material misstatement.
Assurance Report: a written report given by the practitioner to the intended users that provides
either reasonable assurance or limited assurance about the subject matter.

3.3 Types of Assurance Engagement

There are two types of assurance engagements:

1. reasonable assurance engagements; and

2. limited assurance engagements.
For assurance engagements involving historical financial statements:

• reasonable assurance engagements are called "audits"; and

• limited assurance engagements are called "reviews".

3.3.1 Reasonable Assurance Engagement

A reasonable assurance engagement provides a high level of assurance by expressing

a conclusion in a positive form. For example:
"In our opinion, the financial statements present fairly, in all material respects (give a true and
fair view of) …"

• The practitioner should obtain sufficient appropriate evidence to express a conclusion in

this positive form.
• The assurance engagement risk (i.e. the risk that an inappropriate opinion will be given)
should be reduced to an acceptably low level.
• Reasonable assurance may be sought where:
▪ The subject matter and criteria are objective and formal; and
▪ Independent, reliable and persuasive evidence that can be obtained.
• In audit engagements the auditor provides reasonable assurance by obtaining sufficient
appropriate audit evidence to draw conclusions to base an opinion (see Chapter 15).
3.3.2 Limited Assurance Engagement

A limited assurance engagement provides a limited or a lower level of assurance through

expressing a conclusion in the negative form. For example:
"Nothing has come to our attention that causes us to believe that the financial statements do not
present fairly, in all material respects (give a true and fair view of …"

• The level of work carried out is limited and can only allow the practitioner to
provide a negative form of expression.
• The assurance engagement risk is more significant (but still acceptable) than that for
a reasonable assurance engagement.
• Limited assurance is generally appropriate where:
o Subject matter and criteria are more subjective and informal; and
o Evidence may not be sufficiently independent or reliable.

Key Point

Reasonable assurance cannot be given in these circumstances.

• In a review engagement, the evidence obtained is through enquiry and analytical

review. This is sufficient to enable only limited assurance to be given.
There is a wide range of limited assurance engagements:

• Reviews of historical financial information (e.g. providing assurance on the reported

receivables figure of an acquisition target);
• Providing assurance on non-financial matters (e.g. environmental performance
indicators in a company’s annual report).

Activity 4 Assurance
State and explain the form of assurance that could be given on a company's code of business
ethics.
This would be a limited assurance engagement. Although there is a Code of Business Ethics, the
subjectivity of applying any specific ethical criteria and the subjectivity of measuring the
application of such criteria (e.g. what is not ethical to one business may be considered ethical by
another) would not enable the practitioner to reduce assurance risk to a sufficiently low level to
allow reasonable assurance to be given.
3.4 Evidence Gathering Procedures and Reports

The procedures used to gather evidence and the reports issued will vary depending on the level
of assurance required.

3.4.1 Reasonable Assurance Engagement

Evidence gathering for this type of engagement requires the practitioner to:

• Obtain an understanding of the engagement circumstances (Chapter 7).

• Assess risks and respond to those risks (Chapters 8 and 9).
• Perform further procedures using a combination of inspection, observation, confirmation,
recalculation, performance recalculation, analytical procedures and inquiry. This may involve
"tests of controls" and "substantive procedures" (Chapters 12 and 15).
• Evaluate the evidence obtained (Chapter 29).

When reporting, the practitioner expresses the conclusion in a positive form, such as:

"In our opinion, internal control is effective, in all material respects, based on XYZ criteria."

3.4.2 Limited Assurance Engagement

As for reasonable assurance engagements, the practitioner understands, assesses risks and
responds to those risks (but in the context of limited assurance).

The evidence-gathering procedures are deliberately set to be more limited (e.g. analytical review
and inquiry).

When reporting, the practitioner expresses the conclusion in the negative form, such as:

"Based on our work described in this report, nothing has come to our attention that causes us to
believe that internal control is not effective, in all material respects, based on XYZ criteria."

Key point

Confirmations, recalculations and tests of controls, for example, will not be undertaken.
3.5 Review Engagements
A review of historical financial information is a limited assurance engagement. The objective of
a review engagement is to enable a practitioner to state whether, based on procedures (which do
not provide all the evidence that would be required in an audit), anything has come to his attention
that causes him to believe that the financial statements are not prepared, in all material respects,
in accordance with an identified financial reporting framework.

Key point

This is a negative form of a report that provides limited assurance.

Exam advice

Although the standards for review engagements are not examinable documents, you should
understand the concept of reviews within the general assurance framework.

In a review engagement, the practitioner obtains sufficient appropriate evidence primarily

through inquiry and analytical procedures.

An example of a review report follows.

Exhibit 1 Standard Review Report

Review Report To . . .
We have reviewed the accompanying statement of financial position of ABC Company at 31
December 20X1, and the related statements of comprehensive income and cash flows for the
year then ended.
These financial statements are the responsibility of the Company's management. Our
responsibility is to issue a report on these financial statements based on our review.
We conducted our review in accordance with the International Standard on Review
Engagements 2400 Engagements to Review Financial Statements. This standard requires that
we plan and perform the review to obtain moderate assurance as to whether the financial
statements are free of material misstatement. A review is limited primarily to inquiries of
company personnel and analytical procedures applied to financial data, and thus provides less
assurance than an audit.
We have not performed an audit and, accordingly, we do not express an audit opinion.
Based on our review, nothing has come to our attention that causes us to believe that the
accompanying financial statements do not present fairly, in all material respects (give a true
and fair view of) in accordance with International Financial Reporting Standards.
Signature Date Address
Syllabus Coverage
This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation

1. The concept of audit and other assurance engagements

2. Identify and describe the objective and general principles of external audit engagements.
3. Explain the nature and development of audit and other assurance engagements.
4. Discuss the concepts of accountability, stewardship and agency.
5. Define and provide the objectives of an assurance engagement.
6. Explain the five elements of an assurance engagement.
7. Describe the types of assurance engagement.
8. Explain the level of assurance provided by an external audit and other review engagements
and the concept of true and fair presentation.
Summary and Quiz

• Assurance services are independent professional services that improve the quality of
information for decision-makers. Audits and reviews are assurance services.
• The objective of an audit is to obtain reasonable assurance that the financial statements are
free from material misstatement and to express an opinion on whether the financial
statements are properly prepared in accordance with a financial reporting framework.
• Management is responsible for:
o preparing and fairly presenting the financial statements;
o designing, implementing and maintaining internal control;
o selecting and applying appropriate accounting policies; and
o making reasonable accounting estimates.
• The auditor is responsible for expressing an opinion on the financial statements.
• An auditor should conduct an audit in accordance with ISAs and comply with
IESBA's Code of Ethics for Professional Accountants.
• Key concepts in auditing are reasonable assurance, materiality, professional judgment,
professional scepticism and "true and fair."
• The audit process includes:
o agreeing to the terms of the engagement;
o planning and risk assessment;
o understanding and testing the effectiveness of internal controls (when appropriate);
o substantive procedures; and
o final review procedures before signing the auditor's report.
• The five elements of an assurance engagement are a three-party relationship, an appropriate
subject matter, suitable criteria, sufficient appropriate evidence, and a written assurance
report.
• Assurance engagements provide either reasonable (positive/high) or limited
(negative/lower) assurance. Audit engagements provide reasonable assurance, and review
engagements provide limited assurance.