The International Auditing and Assurance Standards Board (IAASB) defines assurance engagements in the International Framework for Assurance Engagements as follows:
“An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria."
In other words, it is an engagement to express an opinion giving assurance to a set of people on information which is the responsibility of others. It can include some or all of the following aspects:
Environmental due diligence (evaluating whether the entity has achieved certain targets, for example).
Financial due diligence (reviewing a target company's financial statements to identify matters such as contingent liabilities and loan covenants).
IT due diligence (evaluating the risks inherent in a company's IT systems and the quality of those systems).
Operational due diligence (evaluating the operational risks associated with the company).
People due diligence (evaluating key staff positions, termination costs following a restructuring and integration costs).
Regulatory due diligence (a review of a company's compliance with regulation).
Review of grant claims.
The following characteristics differentiate an external audit from other types of assurance engagements, which include:
An audit is the objective examination and evaluation of an entity's financial statements.
The purpose is to ensure that the financial records are a true and fair representation of the transactions they claim to represent.
The processes used and the examinations performed are known as “auditing”.
The auditor’s conclusions are based on the evidence obtained during the audit process and are communicated in an assurance report.
During an audit engagement, the auditor will give a high level of assurance, but not an absolute one, that the information being audited is free from material misstatement. The audit report notes this well, referring to it as reasonable assurance.
Assurance vs Audit
Audit refers to the techniques and procedures used to obtain evidence.
Assurance is what is obtained as a result of the audit procedures performed.
ISRE (International Standard on Review Engagements) 2400 Engagements to Review Financial Statements is the standard to govern review engagements.
ISRE 2400 (Revised) addresses:
The practitioner’s responsibilities when engaged to review historical financial statements (when the practitioner is not the auditor of the entity); and
The form and content of the practitioner’s report on the financial statements.
A review engagement is also known as a limited assurance or negative engagement.
It gives users limited assurance of the accuracy or correctness of financial statements.
A review engagement takes less time than an audit engagement since less effort is involved.
During the engagement, the auditor performs inquiry and analytical review procedures to provide a moderate level of assurance required to give a Negative Assurance report.
In other words, since a review engagement consists primarily of inquiry and analytical procedures, there is a greater risk that material misstatements will not be detected compared to an audit.
Negative assurance is where a professional accountant gives an assurance that nothing has come to their attention which indicates that the subject matter has not been prepared under the framework it is being measured against.
To develop a judgement to express negative assurance, the practitioner is required by Paragraph 7 of ISRE 2400 to gather sufficient acceptable evidence, generally through inquiry and analytical techniques.
The procedures that the practitioner followed to arrive at this conclusion will be deciphered by the practitioner, who will consider the pertinent content of the ISRE in addition to guidance issued by relevant professional bodies, legislation, and regulation.
In addition, the conditions of the engagement between the practitioner and the client could include agreed-upon procedures.
Whilst a review engagement is not an external audit, the characteristics of a review engagement are similar.
The practitioner should undertake planning before carrying out the detailed work, which would include (among other things):
Obtaining an understanding of the entity and the environment in which it operates.
Determining materiality levels.
Using the work of others.
Obtaining sufficient appropriate evidence
To conclude, the practitioner must obtain evidence to support the assertions made in the financial statements (or other documents on which the practitioner is forming a conclusion) and in this respect, the practitioner should:
Ensure they documents all important matters about the review engagement.
Apply professional judgement in determining the nature, timing and extent of procedures.
Perform work on events after the reporting period (subsequent events).
The practitioner should ensure they extend procedures in these areas where material misstatements are suspected.
In a review engagement, the practitioner will provide the interested parties with a review report which should contain a clear written expression of negative assurance.
As is the case in an audit, the practitioner should review and assess the conclusions drawn from the evidence obtained and use this as the basis for the expression of negative assurance and consider whether any of this evidence indicates that the financial statements do not give a true and fair view (or do not present fairly in all material respects) under the applicable financial reporting framework.
Where matters have come to the attention of the practitioner, they should describe those matters which may have the following effects:
Impact of finding(s)
Effect on the assurance report
Practitioner will express a qualified opinion of negative assurance
Practitioner will express an adverse opinion that the financial statements do not give a true and fair view (or do not present fairly in all material respects)
Limitation in scope which is material to a single area
The practitioner should express a qualified opinion of negative assurance relating to amendments which may be required if the limitation did not exist
Limitation in scope which is pervasive
No assurance will be provided by the practitioner
Comparing Audits, Reviews, and Compilations