Assurance service/engagement Auditing 2 lecture 1 Assurance service/engagement

Study guide The Concept of Audit and Assurance Definition of Assurance engagement Examples of Assurance engagements Objectives of assurance engagements Elements of assurance engagement Level of assurance Risk measurement and analysis

The Concept of Audit and Assurance Audit is the process and Assurance is the product. Auditors go through the process of testing client’s financial reports (audit) in order to give the client the confidence that their report is what it seems to be (assurance).

The Concept of Audit and Assurance The traditional audit of financial statements gives assurance to readers of the financial statements that the information is credible, reliable and free from material mis- statements. However, an audit is just one example of an assurance engagement Recently, investors and others have found the need for many other types of assurance.

Definition Assurance engagements means an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against a criteria.

Examples of Assurance engagements Management have been asked to provide more information about the enterprise they manage which includes; Non-financial performance measures Internal controls Risks facing the enterprise Systems reliability E-commerce assurance Social matters (eg. Employment policies) Environmental policies and achievements Behaviour (corporate governance, compliance with regulations)

Examples of Assurance engagements In many situations, there are people who need to be assured about something: ● parents need assurance that schools are suitably educating their children ● diners need assurance that a restaurant is serving food that is safe to eat ● shareholders need assurance that the published Financial Statements of a company are not wrong ● directors need assurance that the systems inside the company they run are working.

Objectives of an assurance engagement. The objective of an assurance engagements is for a practitioner to evaluate or measure a subject matter that is the responsibility of another party against identified suitable criteria, and to express a conclusion that provides the intended user with a level of assurance about that subject matter.

Elements of assurance engagement (a) a three party relationship involving: The practitioner The responsible party The intended user (b) a subject matter (any of the info as shown in slides 6 and 7) (c) a suitable criteria (d) an engagement process (e) a conclusion and report

The three party relationship The three party relationship involves: The practitioner/the assurance provider– the party who forms the opinion on the subject matter and gives the assurance The responsible party – the person preparing/working on the subject matter; (company, government, dpt, etc) The intended user– the party who relies on the assurance report. (investors, public, pressure group)

Suitable criteria Criteria are the standards or benchmarks used to evaluate or measure the subject matter of an assurance engagement. It is easy to consider criteria for financial statements but in other matters criteria are not always established.

Engagement process The engagement process involves; Agreeing the terms of the engagement in an engagement letter. A methodology for evidence gathering, and evaluation and measurement to support a conclusion. A conclusion and a report.

Conclusion and report The practitioner’s conclusion and report relates to an assertion by the responsible party. The assertion is the responsible party’s conclusion about the subject matter based on identified suitable criteria. The practitioner can either express a conclusion about; The assertion by the responsible party or The subject matter in a form similar to the assertion made by the responsible party.

Level of assurance Level of assurance can be a reasonable level of assurance or limited assurance. It is not possible to give an absolute level of assurance (explain why?)

Reasonable level of assurance (Positive assurance) The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstance of the engagement as the basis for a positive form of expression of the practitioner’s conclusion. If a lot of detailed checking is done, the “assurance-provider” will be able to conclude that the responsible person has done their job properly, or has not. This is known as “positive assurance”.

Limited assurance (Negative assurance) The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practioner’s conclusion. If a smaller amount of checking is done, the assurance provider may only be able to report that “no errors/problems were found”, but may not feel able to confirm that there are no errors ... because they have not checked enough to be sure. This is known as “negative assurance”.

The report The report will have several sections as follows; Title An addressee An identification and description of the subject matter information and, when appropriate, the subject matter. Identification of the criteria When the report is for a restricted purpose, identification of the parties to whom the report is restricted and for what purpose it was prepared. A statement that the engagement was carried out in accordance with ISAEs A summary of the work performed The practitioner’s conclusion The assurance report date The name of the firm or the practitioner and the place of issue of the report.

Qualified, adverse or disclaimers of conclusions Where the practitioner is limited in scope, a qualified conclusion or a disclaimer should be given. When the assertion is not fairly stated or the subject matter information is materially misstated, a qualified or adverse conclusion should be expressed. If the criteria or subject matter is not appropriate, a qualified or adverse conclusion should be expressed if the intended users are likely to be misled, or a qualified conclusion or a disclaimer in other cases.

Risk assessment In accepting an assurance engagement, a reporting accountant accepts an engagement risk. The risk can arise in a number of ways; The risk that the reporting accountant will express an inappropriate conclusion that the subject matter conforms in all material respects with suitable criteria. The loss or injury from litigation or adverse publicity. These risks arise out of inherent, control or detection. Thus two types of risks; business or audit.

Risk measurement and analysis Risk can be assessed in several ways as follows; Significance (materiality) Likelihood of occurrence Ability to be managed A risk threshold for each type of risk is then developed. Below the threshold the risk can be accepted. Above the threshold the risk cannot be accepted but either must be managed in some way or the engagement must be declined.

Risk measurement and analysis Risk can be measured by qualitative or quantitative criteria. A qualitative approach is subjective and based on less tangible criteria, eg. Legal opinion or future predictions. Advantage is that it harnesses the use of experience. A quantitative approach is one which incorporates tangible and statistical or mathematical approach. It is best to combine the two approaches.

Quiz 1 1. Provide the names of the practitioners as in slide 7 above

Quiz 2 Can you think of any criteria for evaluating the following subject matters; (a) a magazine’s monthly circulation (b) effectiveness of a company’s internal control system (c) risks facing a software company (d) schools are suitably educating their children (e) restaurant is serving food that is safe to eat (f) published financial statements of a company are not wrong (g) Miss Malaika context.