Assurance engagement and prospective financial information 2
1. ASSURANCE
ENGAGEMENTS AND
PROSPECTIVE
FINANCIAL
INFORMATION
Part I
Compiled by Sako Mayrick
1 Sako Mayrick
2. COMPLEMENTARY READING
Handbook of International Quality
Control, Auditing Review, Other
Assurance, and Related Services
Pronouncements, 2012 Edition
Volume II
IESBA Ethical Requirements
International Financial Reporting
Standards
2 Sako Mayrick
3. Introduction to Assurance Engagements
AICPA defines assurance engagements as
„Independent Professional Services that
improve information quality or its context'.
„Assurance services reduce the information
risk; risk that the information provided is
incorrect, on more than just financial data.
The major purpose of assurance services is
to provide independent and professional
opinions that improve the quality of
3 information to management as well as other
Sako Mayrick
4. Audit and Assurance Engagements
Audits actually can be considered a type of
assurance service. However, audits are only
designed to test the validity of the financial
statements and that only.
Under an assurance engagement CPA's can provide
a variety of services ranging from information
systems security reviews to customer
satisfaction surveys.
Unlike audit and attestation services that are often
highly structured, assurance services tend to be
customized and implemented when performed for a
smaller group of decision makers within the firm.
Often Mayrick
Sako
managers must make decisions on things they
4
have incomplete or inaccurate data for, and decisions
5. Assurance Services and Consultancy
Assurance services can test financial and non-financial
information; due to this assurance services can be
classified as consulting services.
However, assurance services are not considered
consulting because in consulting services generally, a
practitioner (Certified Public Accountant) uses his
professional knowledge to make recommendations for a
future event or a procedure, such as the design of an
information system or accounting control system.
In contrast, assurance services are designed to test the
validity of past data of the business cycles. Although
there is no boundary to what a practitioner can test in
assurance services, a practitioner will not likely accept an
Sako Mayrick
5 assurance engagement in which his firm or previous
6. Examples of Assurance Services
Assurance Services Non Assurance
Services
Business risk Bookkeeping and
assessment Accounting
Information System Tax Services
Security Review
Customer Satisfaction Certain Management
survey Consultancy
Internal Audit Other Management
outsourcing Consultancy
Accounts Receivable
6
Review
Sako Mayrick
7. Categories of Assurance
Risk assessment – assurance that an entity‟s profile of business
risks is comprehensive and evaluation of whether the entity has
appropriate systems in place to effectively manage those risks.
Business performance measurement – assurance that an entity
performance measurement system contain relevant and reliable
measures for assessing the degree to which the entity‟s goals
and objectives are achieved or how its performance compares to
competitors.
Information system reliability – assurance that an entity‟s internal
information system provide information for operating and
financial decisions.
Electronic commerce – assurance that systems an tools used in
electronic commerce provide appropriate data integrity, security,
privacy and reliability.
7 Health care (any other discipline) performance measurement –
Sako Mayrick
assurance about the effectiveness of the subject matter provided
8. INTERNATIONAL FRAMEWORK
FOR ASSURANCE ENGAGEMENT
(AE)
Aim at defining, describing the elements and
objectives of an assurance engagement
It identified engagements to which ISA, ISRE
and ISAE apply
It provides frame of reference for
CPA –PP
Others involved with assurance engagements
including intended users of report and other
parties
8
It is used by IAASB in its development of ISA,
Sako Mayrick
ISAEs and ISREs
9. INTERNATIONAL FRAMEWORK
FOR ASSURANCE ENGAGEMENT
Framework is not a standard neither it provides
procedural requirement
Principles are contained in ISAs, ISREs and
ISAEs
Principles, essential procedures and related
guidance consistent with the framework
It contains six major parts;
introduction, definition and objective of
assurance engagement, scope of the
framework, engagement acceptance, elements
9 Sako Mayrick
of assurance engagement and inappropriate
10. INTERNATIONAL FRAMEWORK
FOR ASSURANCE ENGAGEMENT
Practitioners in assurance engagement
are governed by
ISAs, ISAEs, ISRE‟s
Framework
Code of Ethics for Professional
Accountants
International Standards on Quality
control
10 Sako Mayrick
11. Meaning of assurance engagement
Is an engagement in which a practitioner
expresses conclusion designed to enhance
the degree of confidence of intended users
other than responsible party about the
outcome of evaluation or measurement of
subject matter against criteria.
Express conclusion
Enhance degree of confidence of users (
not party) on outcome
Evaluation of subject matter against criteria
11 Sako Mayrick
12. Examples of Evaluation
Recognition, measurement, presentation and
disclosure represented in the financial
statements (outcome) from applying IFRS
(Criteria) to the entity‟s financial
position, financial performance and cash flows
(subject matter)
An assertion about effectiveness of IC (Outome)
results from applying framework for evaluating
effectiveness on IC such as (COSO) or (CoCo)
(Criteria) to internal control process (subject
matter)
Sako Mayrick
12 Subject matter information is also used to mean
13. Assertion based or direct reporting
engagements
In assertion based, evaluation of subject matter is
performed by responsible party, the subject matter
information is in form of an assertion by the responsible
party that is made available to the intended users
In direct reporting engagement, the practitioner either
directly performs the evaluation or measurement of the
subject matter, or obtains a representation from the
responsible party that has performed the evaluation or
measurement that is not available to the intended users.
The subject matter information is provided to the intended
users in the assurance report.
In direct reporting engagement, the responsible party is
responsible for the subject matter BUT in assertion based
engagement a responsible party is responsible for subject
matter information (the assertion), and may be responsible
for subject matter.
A responsible party may or may not be a party who engages
13 Sako Mayrick
the practitioner (the engaging party)
14. Reasonable assurance and limited
assurance
Reasonable assurance is the reduction in
assurance engagement risk to an acceptably
low level in circumstances of engagement
as a basis of a positive form of expression of
practitioners conclusion
Limited assurance is the reduction of
assurance engagement risks to a level that
is acceptable in the circumstances of the
engagement, but where that risk is greater
than
Sako Mayrick
for a reasonable assurance
14
engagement, as a basis of a negative form
15. Circumstances of engagement
Terms of engagement e.g. reasonable or
limited
Characteristics of the subject matter
The criteria to be used
Needs of the intended users,
Relevant characteristics of the
responsible party and its environment
Other matters e.g events, transactions,
15
conditions and practices that may have
Sako Mayrick
16. Scope of the AE as per
Framework
Not all AE are covered unless it meets the
definition, examples not covered;
Engagements covered by ISREs e.g. agreed
upon procedures engagement and
compilation of financial and other
information
Preparation of tax returns
Consulting (or advisory)engagements e.g.
management and tax consulting
16 An AE may be part of a larger engagement
Sako Mayrick
17. Other Non- AE though meets
definition
Legal testimony in accounting, auditing, taxation or
other matters
Professional opinion, views or wording
In non assurance engagement, practitioners should
avoid to use words such as Framework, ISAs,
ISREs or ISAEs; inappropriately use the words,
assurance, audit or review; or including a statement
that could reasonably mistaken for conclusion
designed to enhance degree of confidence of
intended users about the outcome of evaluation or
measurement or subject matter against a criteria
17 Sako Mayrick
18. Pre- condition to accept AE
Relevant ethical requirements e.g.
independences, professional competence
are satisfied
The following are exhibited
Subject matter is appropriate
Criteria is suitable
Access to sufficient appropriate evidence
Conclusion on reasonable or limited
assurance is contained in a written report
Satisfaction on rational purpose for the
18 engagement
Sako Mayrick
19. Elements of AE
A three party relationship
Practitioner, responsible party and
intended users
An appropriate subject matter
Suitable criteria
Sufficient appropriate evidence
A written assurance report in a form
appropriate to a reasonable assurance
engagement or a limited assurance
19 Sako Mayrick
engagement
20. Characteristics of suitable criteria
Relevance
Completeness
Reliability
Neutrality; free from bias
Understandability
Criteria can either be established or specifically developed.
established criteria are those embodied in laws or regulations,
or issued by authorized or recognized bodies of experts that
follow a transparent due process. Specifically developed
criteria are those designed for the purpose of the
engagement. Whether criteria are established or specifically
developed affects the work that the practitioner carries out to
assess their suitability for a particular engagement.
Sako Mayrick
20
21. Professional Skepticism
The practitioner plans and performs an assurance
engagement with an attitude of professional skepticism
recognizing that circumstances may exist that cause the
subject matter information to be materially misstated.
An attitude of professional skepticism means the
practitioner makes a critical assessment, with a questioning
mind, of the validity of evidence obtained and is alert to
evidence that contradicts or brings into question the
reliability of documents or representations by the
responsible party.
For example, an attitude of professional skepticism is
necessary throughout the engagement process for the
practitioner to reduce the risk of overlooking suspicious
circumstances, of over generalizing when drawing
21 Sako Mayrick
conclusions from observations, and of using faulty
22. Sufficiency and appropriateness of
evidence
Sufficiency is a measure of quantity
of evidence. Appropriateness is a
measure of the quality of evidence;
that is its relevance and reliability.
The quantity of evidence is affected
by the risk of the subject matter
information being materially
misstated and the quality of such
22
evidence.
Sako Mayrick
23. Reliability of evidence
Evidence is more reliable when it is obtained from independent
sources outside the entity.
Evidence that is generated internally is more reliable when the
related controls are effective.
Evidence obtained directly by the practitioner (for
example, observation of the application of a control) is more
reliable than evidence obtained indirectly or by inference (for
example, inquiry about the application of a control).
Evidence is more reliable when it exists in documentary
form, whether paper, electronic, or other media (for example, a
contemporaneously written record of a meeting is more reliable
than a subsequent oral representation of what was discussed).
Evidence provided by original documents is more reliable than
evidence provided by photocopies or facsimiles.
23 Sako Mayrick
24. Assurance Engagement Risks
Assurance engagement risk is the
risk that the practitioner expresses an
inappropriate conclusion when the
subject matter information is
materially misstated
Inherent (subject matter) risks
Control Risks
Detection Risks
24 Sako Mayrick
25. Assurance Engagement Report
Reasonable assurance
the practitioner expresses the conclusion in
the positive form, for example: “In our opinion
internal control is effective, in all material
respects, based on XYZ criteria.”
Limited assurance
the practitioner expresses the conclusion in the
negative form, for example, “Based on our work
described in this report, nothing has come to
our attention that causes us to believe that internal
control is not effective, in all material respects, based
on XYZMayrick
25 Sako criteria.”
26. INTERNATIONAL STANDARDS
ISREs (2000 -2699)
ISREs 2400 - Engagement to Review Financial Statements
Prev. ISA 910
ISAREs 2410 - Review of Interim Financial Information
Performed by independent Auditor of the Entity
ISAEs ( 3000 – 3699)
ISAE 3000
Assurance Engagement other than Audits or Reviews of HFI
ISAE 3400
Examination of Prospective Financial Information
Prev. ISA 810
ISAE 3402
Assurance Reports on Controls at a Service Organization
ISRSs
ISRE 4400 – Engagement to perform agreed upon procedures
26 Engagements to Compile FS (ISA 920 and 930 respectively)
Sako Mayrick
27. ENGAGEMENT TO REVIEW FS
ISRE 2400
Done by a Practitioner who is not an
auditor of an entity
For a practitioner who is the auditor
of the entity performs similar review
according to ISRE 2410 “Review of
Interim Financial Information
Performed by an independent
Auditor of the Entity”
Sako Mayrick
27
28. Objective of Rev. Engagement
Practitioner using appropriate procedures which do
not provide evidence that would be required in an
audit
Anything has come to the practitioner to believe
that the FS are not prepared in all material
respects, in accordance with applicable FRF
(Negative Assurance)
Practitioner should comply with the IESBA Code of
Professional Ethics such as independence,
Integrity, Objectivity, due care, confidentiality,
competence, professional behavior and technical
standards.
28 Sako Mayrick
Scope of the review is ISRE and it provides
29. Terms of Engagement
It includes
Objective
Management Responsibility for FS
Scope of the review including reference to ISRE
Unrestricted access to records, documentation
and information
Sample report
Fact that engagement cannot be relied to
disclose errors and other irregularities fraud etc
Statement that this is not an audit
29 Sako Mayrick
30. Procedures in RE
Understanding of the entity and industry
Inquiries on accounting principles and practices
Inquiries on procedures for recording, classifying and summarizing
transactions
Inquiries on material assertions in the FS
Analytical procedures
Comparison of FS of current and previous period
Comparison of FS with anticipated results
Study relationship of elements of FS with patterns and Industry norms
Inquiries of the meetings actions for BoD, committees and
shareholders
Reading the FS on conformity to the basis of accounting
Reports from other practitioners
Inquiries to a person with responsibility on accounting matters
Whether all transactions have been recorded
Whether FS are prepared in accordance with the basis indicated
Changes of business activities or accounting principles
Management representation
30 Subsequent events
Sako Mayrick
Read appendix 2 of ISRE for detailed procedures
31. Reporting
Negative form of assurance
“nothing has come to the practitioner‟s
attention based on the review that
causes the practitioner to believe the
financial statements do not give a true and
fair view (or are not presented fairly, in all
material respects) in accordance with the
applicable financial reporting framework
(negative assurance)‟‟
31 Sako Mayrick
32. ISRE 2410
Review of Interim Fin. Information
Is performed by an independent auditor of the entity
Objective of an engagement to review interim financial
information is to enable the auditor to express a
conclusion whether, on the basis of the review,
anything has come to the auditor‟s attention that
causes the auditor to believe that the interim financial
information is not prepared, in all material respects, in
accordance with an applicable financial reporting
framework. The auditor makes inquiries, and performs
analytical and other review procedures in order to
reduce to a moderate level the risk of expressing an
inappropriate conclusion when the interim financial
32 information is materially misstated.
Sako Mayrick
33. ISAE 3000
Assurance Engagements other than audits or
reviews of HFI
The ISAE uses the terms reasonable assurance
engagement and limited assurance engagement
The objective of a reasonable assurance engagement is
a reduction in assurance engagement risk to an
acceptably low level in the circumstances of the
engagement as the basis for a positive form of
expression of the practitioner‟s conclusion. The objective
of a limited assurance engagement is a reduction in
assurance engagement risk to a level that is acceptable
in the circumstances of the engagement, but where that
risk is greater than for a reasonable assurance
engagement, as the basis for a negative form of
33expression of the practitioner‟s conclusion
Sako Mayrick
34. ISAE 3000
Acceptance
The practitioner should accept (or continue where
applicable) an assurance engagement only if the
subject matter is the responsibility of a party other
than the intended users or the practitioner.
The practitioner should accept (or continue where
applicable) an assurance engagement only if, on
the basis of a preliminary knowledge of the
engagement circumstances, nothing comes to the
attention of the practitioner to indicate that the
requirements of the IESBA Code or of the ISAEs
34
will not be satisfied.
Sako Mayrick
35. Engagement and Planning
Written form of engagement is recommended
Planning
Developing of overall scope and strategy, timing and
conduct of engagement
Characteristics of the subject matter
Understanding of the entity
Engagement process and possible sources of evidence
Identification of intended users, materiality and risks
Personnel and expertise requirement including nature
and extend of expert‟s involvement
Professional skepticism
Professional judgment
35 Sako Mayrick
36. Understanding of the subject matter
Subject matter should be understood
to clearly identify and assess the risks
of subject matter information
Materiality and engagement risks
Appropriateness of the subject matter
Adequate skills and knowledge on
subject matter
Obtain sufficient evidence of expert
36
work
Sako Mayrick
37. Obtaining evidence
Sufficiency and appropriate
Professional skepticism
Practitioner should consider the reliability of information to be used
as evidence e.g. photocopies, facsimiles, filmed, digitized and
other electronic documents including consideration of controls
Evidence is part of iterative process
Understanding subject matter
Assessment of risk and response for NTE of audit procedures
Perform procedures linked to identified risks using combination
of Inspection, Observation, confirmation, recalculation, re-
performance, Analytical procedures and inquiry including
corroborating information.
Evaluation the sufficiency and appropriateness of evidence
37 Sako Mayrick
38. Quality Control and Quality
Review
Quality Control
Policies and procedures to provide
reasonable assurance on compliance to
professional standards and regulatory and
legal requirements and reports are
appropriate
Quality Control review
Process to provide an objective evaluation
before the report is issued, of the significant
judgments the engagement team made and
Sako Mayrick
38
conclusions they reached in reporting
39. Elements of quality control
Leadership
Ethical requirements
Acceptance and continuance of
client relationship and specific
engagements
Human resources
Engagement performance
39
Monitoring
Sako Mayrick
40. Subsequent events and other
procedures
See detailed procedures on Appendix 2 of
ISREs as applicable in this ISAE
40 Sako Mayrick
41. Reporting
Reasonable assurance
In our opinion internal control is effective, in all
material respects, based on XYZ criteria” or “In
our opinion the responsible party’s assertion that
internal control is effective, in all material respects,
based on XYZ criteria, is fairly stated
Limited assurance
Based on our work described in this report, nothing
has come to our attention that causes us to
believe that internal control is not effective, in all
material respects, based on XYZ criteria” or “Based on
our work described in this report, nothing has come to
our attention that causes us to believe that the responsible
Sako Mayrick
party’s assertion that internal control is effective, in all
41
42. ISAE 3400 (ISA 810)
PROSPECTIVE FINANCIAL
INFORMATION
The purpose of this International Standard on
Assurance Engagements (ISAE) is to establish
standards and provide guidance on engagements to
examine and report on prospective financial
information including examination procedures for
best-estimate and hypothetical assumptions.
This ISAE does not apply to the examination of
prospective financial information expressed in
general or narrative terms, such as that found in
management‟s discussion and analysis in an
entity‟s annual report, though many of the
42 procedures outlined herein may be suitable for
Sako Mayrick
43. Objectives
In an engagement to examine prospective financial information, the
auditor should obtain sufficient appropriate evidence as to whether:
(a) Management’s best-estimate assumptions on which the prospective
financial information is based are not unreasonable and, in the case of
hypothetical assumptions, such assumptions are consistent with the purpose
of the information;
(b) The prospective financial information is properly prepared on the basis of
the assumptions;
(c) The prospective financial information is properly presented and all
material assumptions are adequately disclosed, including a clear indication
as to whether they are best-estimate assumptions or hypothetical
assumptions; and
(d) The prospective financial information is prepared on a consistent
basis with historical financial statements, using appropriate accounting principles.
Sako Mayrick
43
44. Prospective Financial Information
Means financial information based on
assumptions about events that may
occur in the future and possible
actions by an entity. It is highly
subjective in nature and its
preparation requires the exercise of
considerable judgment. Prospective
financial information can be in the
form of a forecast, a projection or a
44 combination of both, for example, a
Sako Mayrick
45. Forecasts and Projections
A “forecast” means prospective financial information prepared on the basis of
assumptions as to future events which management expects to take place and
the actions management expects to take as of the date the information is
prepared (best-estimate assumptions).
A “projection” means prospective financial information prepared on the basis
of: (a) Hypothetical assumptions about future events and management actions
which are not necessarily expected to take place, such as when some entities
are in a start-up phase or are considering a major change in the nature of
operations; or
(b) A mixture of best-estimate and hypothetical assumptions.
Such information illustrates the possible consequences as of the date the
information is prepared if the events and actions were to occur (a “what-if”
scenario). Mayrick
45 Sako
46. PFI Uses and responsibility
Prospective financial information can include financial statements
or one or more elements of financial statements and may be
prepared:
(a) As an internal management tool, for example, to assist in
evaluating a possible capital investment; or
(b) For distribution to third parties in, for example:
• A prospectus to provide potential investors with information
about future expectations.
• An annual report to provide information to shareholders,
regulatory bodies and other interested parties.
• A document for the information of lenders which may include,
for example, cash flow forecasts.
It is management responsibility for preparation and presentation of
prospective financial information
The auditor is, therefore, not in a position to express an opinion as
to whether the results shown in the prospective financial
information will be achieved. And therefore it is a moderate level of
46
assurance
Sako Mayrick
47. Acceptance of Engagement
Prerequisite
Intended uses of the information
Distribution, general or limited
Nature of assumptions
Elements to be included in the information
Period covered by information
There should be clear terms of engagement
Obtain sufficient level of knowledge about the business
and significant assumptions e.g.
controls, documentation on assumptions, statistical
, mathematical and CAATs; accuracy of information
Consider the extent of reliance on historical financial
Sako Mayrick
47
information
48. Period covered and examination
procedures
Period covered
Operating cycle e.g. project
Degree of reliability of assumptions
Needs of users
Examination procedures
Data reliability
Knowledge obtaining during any previous
engagements
Management competence on preparation of
prospective financial information
48 Adequacy and reliability of underlying data
Sako Mayrick
49. Presentation and Disclosure
PFI is information and not
misleading
Accounting policies
Assumptions should be clearly
disclosed and whether they
represent managements best
estimate or hypothetical
49 Sako Mayrick
50. Reporting
Title, address and identification of PFI
Reference to ISAE
Statement of management
responsibility
Reference to purpose of PFI
Statement of negative assurance
whether the assumptions provides a
reasonable basis for PFI
50 Sako Mayrick
Caveat on achievability of results
51. ISAE 3402
ASSURANCE REPORTS ON CONTROLS AT
SERVICE LEVEL ORGANIZATION
Service organization – A third-party
Organization (or segment of a third-
party organization) that provides
services to user entities that are likely
to be relevant to user entities‟ internal
control as it relates to financial
reporting.
The service auditor should also comply
51
with ISAE and ISAE 3000
Sako Mayrick
52. ISAE 3402
ASSURANCE REPORTS ON CONTROLS AT SERVICE LEVEL
ORGANIZATION
This International Standard on Assurance Engagements
(ISAE) deals with assurance engagements undertaken by a
professional accountant in public practice1 to provide a
report for use by user entities and their auditors on the
controls at a service organization that provides a service to
user entities that is likely to be relevant to user entities‟
internal control as it relates to financial reporting.
In addition to issuing an assurance report on controls, a
service auditor may also be engaged to provide reports such
as the following, which are not dealt with in this ISAE:
(a) A report on a user entity‟s transactions or balances
maintained by a service organization; or
(b) An agreed-upon procedures report on controls at a
52 Sako Mayrick
service organization.
Notes de l'éditeur
Other areas for assurance services are corporate policy compliance, outsourced internal auditing, trading partner accountability, mergers and acquisition, ISO 9000 certification, investment manager’s compliance and World Wide Web assertions.
In some cases, intended users (for example, bankers and regulators) impose arequirement on, or request the responsible party (or the engaging party ifdifferent) to arrange for, an assurance engagement to be performed for aspecific purpose. When engagements are designed for specified intended usersor a specific purpose, the practitioner considers including a restriction in theassurance report that limits its use to those users or that purpose.
Consulting engagements employ a professional accountant’s technical skills, education, observations,experiences, and knowledge of the consulting process. The consulting process is an analytical processthat typically involves some combination of activities relating to: objective-setting, fact-finding,definition of problems or opportunities, evaluation of alternatives, development of recommendationsincluding actions, communication of results, and sometimes implementation and follow-up. Reports (ifissued) are generally written in a narrative (or “long form”) style. Generally the work performed is onlyfor the use and benefit of the client. The nature and scope of work is determined by agreement betweenthe professional accountant and the client. Any service that meets the definition of an assuranceengagement is not a consulting engagement but an assurance engagement.
practitioner reporting on an engagement that is not an assurance engagementwithin the scope of this Framework, clearly distinguishes that report from anassurance report. So as not to confuse users, a report that is not an assurancereport avoids, for example
The term “practitioner” as used in this Framework is broader than the term“auditor” as used in ISAs and ISREs, which relates only to practitionersperforming audit or review engagements with respect to historical financialinformation.24. A practitioner may be requested to perform assurance engagements on a widerange of subject matters. Some subject matters may require specialized skillsand knowledge beyond those ordinarily possessed by an individualpractitioner. As noted in paragraph 17 (a), a practitioner does not accept anengagement if preliminary knowledge of the engagement circumstancesindicates that ethical requirements regarding professional competence will notbe satisfied. In some cases this requirement can be satisfied by the practitionerusing the work of persons from other professional disciplines, referred to asexperts. In such cases, the practitioner is satisfied that those persons carryingout the engagement collectively possess the requisite skills and knowledge,and that the practitioner has an adequate level of involvement in theengagement and understanding of the work for which any expert is used.The subject matter, and subject matter information, of an assuranceengagement can take many forms, such as:• Financial performance or conditions (for example, historical orprospective financial position, financial performance and cash flows)for which the subject matter information may be the recognition,measurement, presentation and disclosure represented in financialstatements.• Non-financial performance or conditions (for example, performance ofan entity) for which the subject matter information may be keyindicators of efficiency and effectiveness.• Physical characteristics (for example, capacity of a facility) for whichthe subject matter information may be a specifications document.• Systems and processes (for example, an entity’s internal control or ITsystem) for which the subject matter information may be an assertionabout effectiveness.• Behavior (for example, corporate governance, compliance withregulation, human resource practices) for which the subject matterinformation may be a statement of compliance or a statement ofeffectiveness.Criteria are the benchmarks used to evaluate or measure the subject matterincluding, where relevant, benchmarks for presentation and disclosure. Criteriacan be formal, for example in the preparation of financial statements, thecriteria may be International Financial Reporting Standards or InternationalPublic Sector Accounting Standards; when reporting on internal control, thecriteria may be an established internal control framework or individual controlobjectives specifically designed for the engagement; and when reporting oncompliance, the criteria may be the applicable law, regulation or contract.Examples of less formal criteria are an internally developed code of conduct oran agreed level of performance (such as the number of times a particularcommittee is expected to meet in a year).
The practitioner plans and performs an assurance engagement with an attitudeof professional skepticism to obtain sufficient appropriate evidence aboutwhether the subject matter information is free of material misstatement. Thepractitioner considers materiality, assurance engagement risk, and the quantityand quality of available evidence when planning and performing the engagement, in particular when determining the nature, timing and extent ofevidence-gathering procedures.The practitioner plans and performs an assurance engagement with an attitudeof professional skepticism recognizing that circumstances may exist that causethe subject matter information to be materially misstated. An attitude ofprofessional skepticism means the practitioner makes a critical assessment,with a questioning mind, of the validity of evidence obtained and is alert toevidence that contradicts or brings into question the reliability of documents orrepresentations by the responsible party. For example, an attitude ofprofessional skepticism is necessary throughout the engagement process forthe practitioner to reduce the risk of overlooking suspicious circumstances, ofover generalizing when drawing conclusions from observations, and of usingfaulty assumptions in determining the nature, timing and extent of evidencegathering procedures and evaluating the results thereof.
An assurance engagement rarely involves the authentication of documentation,nor is the practitioner trained as or expected to be an expert in suchauthentication. However, the practitioner considers the reliability of theinformation to be used as evidence, for example photocopies, facsimiles,filmed, digitized or other electronic documents, including consideration ofcontrols over their preparation and maintenance where relevant
A practitioner does not express an unqualified conclusion for either type ofassurance engagement when the following circumstances exist and, in thepractitioner’s judgment, the effect of the matter is or may be material:(a) There is a limitation on the scope of the practitioner’s work (seeparagraph 55). The practitioner expresses a qualified conclusion or adisclaimer of conclusion depending on how material or pervasive thelimitation is. In some cases the practitioner considers withdrawingfrom the engagement.(b) In those cases where:(i) The practitioner’s conclusion is worded in terms of theresponsible party’s assertion, and that assertion is not fairlystated, in all material respects; or(ii) The practitioner’s conclusion is worded directly in terms of thesubject matter and the criteria, and the subject matterinformation is materially misstated,11the practitioner expresses a qualified or adverse conclusion dependingon how material or pervasive the matter is.When it is discovered after the engagement has been accepted, that thecriteria are unsuitable or the subject matter is not appropriate for anassurance engagement. The practitioner expresses:(i) A qualified conclusion or adverse conclusion depending on howmaterial or pervasive the matter is, when the unsuitable criteriaor inappropriate subject matter is likely to mislead the intendedusers; or(ii) A qualified conclusion or a disclaimer of conclusion dependingon how material or pervasive the matter is, in other cases.In some cases the practitioner considers withdrawing from theengagement.