The auditor provides a written report containing a conclusion that conveys the assurance obtained as to whether the subject matter conforms, in all material respects, to the identified criteria. The assurance report may be in “short-form” or “long-form”. Short-form reports ordinarily include only the basic elements identified in appropriate International Standards on Auditing (ISA’s) and International Standards on Assurance Engagement (ISAEs). “Long-form” not only gives the auditor’s conclusion on compliance ISA’s and ISAEs, but also reports in detail the terms of the engagement the criteria being used, funding relating to particular recommendations.
Assurance Report Basic Elements
International Standard on Assurance Engagement does not require a standardized format for reporting on all assurance engagements, but rather identifies the basic elements required to be included on the assurance report.
The report on a review of procurement records should contain the following basic elements ordinarily in the following layout:
I. A title clearly indicating that the report is an independent assurance report.
The practitioners’ report is expressed in a written report attached to the report on the subject matter. The title of the report includes the term “assurance” to distinguish it from non-assurance engagements. It may be useful to refer to the type of assurance engagement (reasonable or limited). The explicit reference to “independence” in the title provides a user with immediate confirmation that the practitioner has met the required independence requirements.
II. An addressee.
The report will usually be addressed to the engaging parties which may include users as well as the client. The addressee may be included in the title of the report. Where an assurance report is for the entity itself, it is usual for the addressee to the company, as distinct from the directors who may be the responsible party.
III. An identification or description of the level of assurance obtained by the practitioner, the subject matter information and, when appropriate, the underlying subject matter. When the practitioner’s conclusion is phrased in terms of management’s statement, that statement must accompany the assurance report, be reproduced in the assurance report or be referenced to where it is available to the intended users. Critical identifying factors may include the point of time or period of time to which the subject matter relates and/or the specific information within a client’s report that is the subject of our report.
IV. Identification of the criteria against which the subject matter is evaluated or measured.
It may be relevant to identify the source of the criteria, for example specific legislation, regulation or contract terms, along with further detail describing the responsible party’s interpretation of the legislation or regulation, which together may be referred to as a “basis of preparation”. When the applicable criteria are designed for a specific purpose, a statement alerting readers to this fact and that, as a result, the subject matter information may not be suitable for another purpose.
V. Where appropriate, a description of any significant inherent or other limitations associated with the evaluation or measurement of the subject matter against the criteria.
Inherent limitations associated with the evaluation or measurement of the subject matter against the criteria and any limitations on scope incurred during the work. Some inherent limitation wordings have become standard, for example those relating to measurement methods applied to greenhouse gases, for which examples can be found in ISAE 3410 and those relating to the nature of internal controls, for which examples can be found in ISAE 3402.
VI. The identification of the responsible party, the measurer or evaluator if different, users where appropriate, and the respective responsibilities of the responsible party, measurer/evaluator and the practitioner.
The report clearly states the scope (by reference to the engagement letter, whether the engagement is direct or attestation) and the responsibilities of management and the practitioner.
The description of management’s responsibilities will vary but could
include:
• responsibilities conferred on management by the legislation or regulation that provides the criteria for the assurance engagement;
• preparation (and presentation) of the subject matter information, and, in the case of an attestation engagement, the accompanying statement;
• designing, implementing and maintaining internal control relevant to the preparation (and presentation) of the subject matter information;
• selecting or developing the criteria;
• ensuring compliance with certain laws or regulations;
• making judgments and estimates that are reasonable in the circumstances of the engagement;
• maintaining adequate records;
• preventing and detecting fraud; and
• training and supervision of personnel.
VII. A statement that the engagement was performed in accordance with ISAE 3000, applicable law or regulation.
VIII. A statement that the practitioner or firm of which the practitioner is a member applies international standards, or other professional requirements, or requirements in law or regulation.
IX. A statement that the practitioner complies with the independence, ethical requirements and other professional requirements, or requirements imposed by law or regulation.
X. An informative summary of the work performed. In the case of a limited assurance engagement, an appreciation of the nature, timing and extent of procedures performed is essential to understanding the conclusion. In describing the work performed, the practitioner may describe the types of testing performed: e.g., enquiry, inspection and review, observation and re-performance. In particular, it is helpful for the report to give a user a good idea of the relative extent of tests of controls and tests of detail.
XI. The practitioner’s conclusion in the agreed form.
For a reasonable assurance engagement, this shall be expressed in a positive form. For a limited assurance engagement, this shall be expressed in a form that conveys whether, based on the procedures performed and evidence obtained, a matter(s) has come to the practitioner’s attention to cause them to believe that the subject matter information is materially misstated.
XII. The name and signature of the firm/ practitioner.
XIII. The assurance report date
XIV. The location of the office performing the engagement.
XV. Identification of the applicable engagement letter.
XVI. Restrictions on the use of the assurance report to the client, and other parties to the engagement letter where appropriate.
The practitioners’ report makes clear for whom it is prepared and who is entitled to rely upon it and for what purpose. The practitioner should also consider the need to restrict the distribution of or replication of the report in whole or in part and where such restrictions are applied, they should be disclosed in the report.
XVII. Disclaimer of liability of the practitioner to users of the report other than the engaging parties.
Review Question
1. Distinguish between assurance engagements and non- assurance engagements
2. Discuss five main components of an assurance engagements:
3. Explain the importance of assurance engagements
4. Explain the five contents of the engagement letter
5. Discuss four types of engagements
6. List five elements of an assurance report