1. ASSURANCEENGAGEMENTS ANDPROSPECTIVEFINANCIALINFORMATION Part I Compiled by Sako Mayrick1 Sako Mayrick

2. COMPLEMENTARY READING Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition Volume II IESBA Ethical Requirements International Financial Reporting Standards2 Sako Mayrick 3. Introduction to Assurance Engagements AICPA defines assurance engagements as Independent Professional Services that improve information quality or its context. Assurance services reduce the information risk; risk that the information provided is incorrect, on more than just financial data. The major purpose of assurance services is to provide independent and professional opinions that improve the quality of3information to management as well as other Sako Mayrick 4. Audit and Assurance Engagements Audits actually can be considered a type ofassurance service. However, audits are onlydesigned to test the validity of the financialstatements and that only. Under an assurance engagement CPAs can providea variety of services ranging from informationsystems security reviews to customersatisfaction surveys. Unlike audit and attestation services that are oftenhighly structured, assurance services tend to becustomized and implemented when performed for asmaller group of decision makers within the firm.Often Mayrick Sakomanagers must make decisions on things they4have incomplete or inaccurate data for, and decisions 5. Assurance Services and Consultancy Assurance services can test financial and non-financial information; due to this assurance services can be classified as consulting services. However, assurance services are not considered consulting because in consulting services generally, a practitioner (Certified Public Accountant) uses his professional knowledge to make recommendations for a future event or a procedure, such as the design of an information system or accounting control system. In contrast, assurance services are designed to test the validity of past data of the business cycles. Although there is no boundary to what a practitioner can test in assurance services, a practitioner will not likely accept an Sako Mayrick 5 assurance engagement in which his firm or previous 6. Examples of Assurance ServicesAssurance ServicesNon AssuranceServicesBusiness risk Bookkeeping andassessmentAccountingInformation SystemTax ServicesSecurity ReviewCustomer Satisfaction Certain ManagementsurveyConsultancyInternal AuditOther Managementoutsourcing ConsultancyAccounts Receivable6Review Sako Mayrick 7. Categories of Assurance Risk assessment assurance that an entitys profile of business risks is comprehensive and evaluation of whether the entity has appropriate systems in place to effectively manage those risks.Business performance measurement assurance that an entity performance measurement system contain relevant and reliable measures for assessing the degree to which the entitys goals and objectives are achieved or how its performance compares to competitors.Information system reliability assurance that an entitys internal information system provide information for operating and financial decisions.Electronic commerce assurance that systems an tools used in electronic commerce provide appropriate data integrity, security, privacy and reliability.7 Health care (any other discipline) performance measurement Sako Mayrick assurance about the effectiveness of the subject matter provided 8. INTERNATIONAL FRAMEWORKFOR ASSURANCE ENGAGEMENT(AE) Aim at defining, describing the elements andobjectives of an assurance engagement It identified engagements to which ISA, ISREand ISAE apply It provides frame of reference for CPA PP Others involved with assurance engagements including intended users of report and other parties8 It is used by IAASB in its development of ISA,Sako Mayrick ISAEs and ISREs 9. INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENT Framework is not a standard neither it providesprocedural requirement Principles are contained in ISAs, ISREs andISAEs Principles, essential procedures and related guidance consistent with the framework It contains six major parts;introduction, definition and objective ofassurance engagement, scope of theframework, engagement acceptance, elements9Sako Mayrickof assurance engagement and inappropriate 10. INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENT Practitioners in assurance engagementare governed by ISAs, ISAEs, ISREs Framework Code of Ethics for ProfessionalAccountants International Standards on Qualitycontrol10 Sako Mayrick 11. Meaning of assurance engagement Is an engagement in which a practitionerexpresses conclusion designed to enhancethe degree of confidence of intended usersother than responsible party about theoutcome of evaluation or measurement ofsubject matter against criteria. Express conclusion Enhance degree of confidence of users (not party) on outcome Evaluation of subject matter against criteria11 Sako Mayrick 12. Examples of Evaluation Recognition, measurement, presentation and disclosure represented in the financial statements (outcome) from applying IFRS (Criteria) to the entitys financial position, financial performance and cash flows (subject matter) An assertion about effectiveness of IC (Outome) results from applying framework for evaluating effectiveness on IC such as (COSO) or (CoCo) (Criteria) to internal control process (subject matter) Sako Mayrick12 Subject matter information is also used to mean 13. Assertion based or direct reportingengagements Inassertion based, evaluation of subject matter is performed by responsible party,the subject matter information is in form of an assertion by the responsible party that is made available to the intended users In direct reporting engagement, the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users. The subject matter information is provided to the intended users in the assurance report. In direct reporting engagement, the responsible party is responsible for the subject matter BUT in assertion based engagement a responsible party is responsible for subject matter information (the assertion), and may be responsible for subject matter. A responsible party may or may not be a party who engages13 Sako Mayrick the practitioner (the engaging party) 14. Reasonable assurance and limitedassurance Reasonable assurance is the reduction in assurance engagement risk to an acceptably low level in circumstances of engagement as a basis of a positive form of expression of practitioners conclusion Limited assurance is the reduction of assurance engagement risks to a level that is acceptable in the circumstances of the engagement, but where that risk is greater thanSako Mayrick for a reasonableassurance14 engagement, as a basis of a negative form 15. Circumstances of engagement Terms of engagement e.g. reasonable orlimited Characteristics of the subject matter The criteria to be used Needs of the intended users, Relevant characteristics of theresponsible party and its environment Other matters e.g events, transactions,15conditions and practices that may haveSako Mayrick 16. Scope of the AE as per Framework Not all AE are covered unless it meets the definition, examples not covered; Engagements covered by ISREs e.g. agreed upon procedures engagement and compilation of financial and other information Preparation of tax returns Consulting (or advisory)engagements e.g. management and tax consulting16 An AE may be part of a larger engagement Sako Mayrick 17. Other Non- AE though meets definition Legal testimony in accounting, auditing, taxation orother matters Professional opinion, views or wording In non assurance engagement, practitioners shouldavoid to use words such as Framework, ISAs,ISREs or ISAEs; inappropriately use the words,assurance, audit or review; or including a statementthat could reasonably mistaken for conclusiondesigned to enhance degree of confidence ofintended users about the outcome of evaluation ormeasurement or subject matter against a criteria17Sako Mayrick 18. Pre- condition to accept AE Relevant ethical requirements e.g. independences, professional competence are satisfied The following are exhibited Subject matter is appropriate Criteria is suitable Access to sufficient appropriate evidence Conclusion on reasonable or limitedassurance is contained in a written report Satisfaction on rational purpose for the18engagement Sako Mayrick 19. Elements of AE A three party relationship Practitioner, responsible party andintended users An appropriate subject matter Suitable criteria Sufficient appropriate evidence A written assurance report in a form appropriate to a reasonable assurance engagement or a limited assurance19 Sako Mayrick engagement 20. Characteristics of suitable criteria Relevance Completeness Reliability Neutrality; free from bias Understandability Criteria can either be established or specifically developed. established criteria are those embodied in laws or regulations, or issued by authorized or recognized bodies of experts that follow a transparent due process. Specifically developed criteria are those designed for the purpose of the engagement. Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement.Sako Mayrick20 21. Professional Skepticism The practitioner plans and performs an assurance engagement with an attitude of professional skepticism recognizing that circumstances may exist that cause the subject matter information to be materially misstated. An attitude of professional skepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. For example, an attitude of professional skepticism is necessary throughout the engagement process for the practitioner to reduce the risk of overlooking suspicious circumstances, of over generalizing when drawing21Sako Mayrick conclusions from observations, and of using faulty 22. Sufficiency and appropriateness of evidence Sufficiency is a measure of quantity of evidence. Appropriateness is a measure of the quality of evidence; that is its relevance and reliability. The quantity of evidence is affected by the risk of the subject matter information being materially misstated and the quality of such22 evidence. Sako Mayrick 23. Reliability of evidence Evidence is more reliable when it is obtained from independentsources outside the entity. Evidence that is generated internally is more reliable when therelated controls are effective. Evidence obtaineddirectlybythepractitioner (forexample, observation of the application of a control) is morereliable than evidence obtained indirectly or by inference (forexample, inquiry about the application of a control). Evidence is more reliable when it exists in documentaryform, whether paper, electronic, or other media (for example, acontemporaneously written record of a meeting is more reliablethan a subsequent oral representation of what was discussed). Evidence provided by original documents is more reliable thanevidence provided by photocopies or facsimiles.23Sako Mayrick 24. Assurance Engagement Risks Assurance engagement risk is therisk that the practitioner expresses aninappropriate conclusion when thesubject matter information ismaterially misstated Inherent (subject matter) risks Control Risks Detection Risks24Sako Mayrick 25. Assurance Engagement Report Reasonable assurancethe practitioner expresses the conclusion inthe positive form, for example: In our opinioninternal control is effective, in all materialrespects, based on XYZ criteria. Limited assurancethe practitioner expresses the conclusion in thenegative form, for example, Based on our workdescribed in this report, nothing has come toour attention that causes us to believe that internalcontrol is not effective, in all material respects, basedon XYZMayrick25Sako criteria. 26. INTERNATIONAL STANDARDS ISREs (2000 -2699) ISREs 2400 - Engagement to Review Financial Statements Prev. ISA 910 ISAREs 2410 - Review of Interim Financial Information Performed by independent Auditor of the Entity ISAEs ( 3000 3699) ISAE 3000 Assurance Engagement other than Audits or Reviews of HFI ISAE 3400 Examination of Prospective Financial Information Prev. ISA 810 ISAE 3402 Assurance Reports on Controls at a Service Organization ISRSs ISRE 4400 Engagement to perform agreed upon procedures26 Engagements to Compile FS (ISA 920 and 930 respectively) Sako Mayrick 27. ENGAGEMENT TO REVIEW FS ISRE 2400 Done by a Practitioner who is not anauditor of an entity For a practitioner who is the auditorof the entity performs similar reviewaccording to ISRE 2410 Review ofInterim Financial InformationPerformed by an independentAuditor of the Entity Sako Mayrick27 28. Objective of Rev. Engagement Practitioner using appropriate procedures which do not provide evidence that would be required in an audit Anything has come to the practitioner to believe that the FS are not prepared in all material respects, in accordance with applicable FRF (Negative Assurance) Practitioner should comply with the IESBA Code of Professional Ethics such as independence, Integrity, Objectivity, due care, confidentiality, competence, professional behavior and technical standards.28Sako Mayrick Scope of the review is ISRE and it provides 29. Terms of Engagement It includes Objective Management Responsibility for FS Scope of the review including reference to ISRE Unrestricted access to records, documentation and information Sample report Fact that engagement cannot be relied to disclose errors and other irregularities fraud etc Statement that this is not an audit29Sako Mayrick 30. Procedures in RE Understanding of the entity and industry Inquiries on accounting principles and practices Inquiries on procedures for recording, classifying and summarizingtransactions Inquiries on material assertions in the FS Analytical procedures Comparison of FS of current and previous period Comparison of FS with anticipated results Study relationship of elements of FS with patterns and Industry norms Inquiries of the meetings actions for BoD, committees andshareholders Reading the FS on conformity to the basis of accounting Reports from other practitioners Inquiries to a person with responsibility on accounting matters Whether all transactions have been recorded Whether FS are prepared in accordance with the basis indicated Changes of business activities or accounting principles Management representation30 Subsequent eventsSako Mayrick Read appendix 2 of ISRE for detailed procedures 31. Reporting Negative form of assurancenothing has come to the practitionersattention based on the review thatcauses the practitioner to believe thefinancial statements do not give a true andfair view (or are not presented fairly, in allmaterial respects) in accordance with theapplicable financial reporting framework(negative assurance)31 Sako Mayrick 32. ISRE 2410Review of Interim Fin. Information Is performed by an independent auditor of the entity Objective of an engagement to review interim financialinformation is to enable the auditor to express aconclusion whether, on the basis of the review,anything has come to the auditors attention thatcauses the auditor to believe that the interim financialinformation is not prepared, in all material respects, inaccordance with an applicable financial reportingframework. The auditor makes inquiries, and performsanalytical and other review procedures in order toreduce to a moderate level the risk of expressing aninappropriate conclusion when the interim financial32information is materially misstated.Sako Mayrick 33. ISAE 3000 Assurance Engagements other than audits orreviews of HFI The ISAE uses the terms reasonable assurance engagement and limited assurance engagement The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form of expression of the practitioners conclusion. The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of 33expression of the practitioners conclusionSako Mayrick 34. ISAE 3000Acceptance The practitioner should accept (or continue where applicable) an assurance engagement only if the subject matter is the responsibility of a party other than the intended users or the practitioner. The practitioner should accept (or continue where applicable) an assurance engagement only if, on the basis of a preliminary knowledge of the engagement circumstances, nothing comes to the attention of the practitioner to indicate that the requirements of the IESBA Code or of the ISAEs34 will not be satisfied. Sako Mayrick 35. Engagement and Planning Written form of engagement is recommended Planning Developing of overall scope and strategy, timing and conduct of engagement Characteristics of the subject matter Understanding of the entity Engagement process and possible sources of evidence Identification of intended users, materiality and risks Personnel and expertise requirement including nature and extend of experts involvement Professional skepticism Professional judgment35 Sako Mayrick 36. Understanding of the subject matter Subject matter should be understood to clearly identify and assess the risks of subject matter information Materiality and engagement risks Appropriateness of the subject matter Adequate skills and knowledge on subject matter Obtain sufficient evidence of expert36 work Sako Mayrick 37. Obtaining evidence Sufficiency and appropriate Professional skepticism Practitioner should consider the reliability of information to be usedas evidence e.g. photocopies, facsimiles, filmed, digitized andother electronic documents including consideration of controls Evidence is part of iterative process Understanding subject matter Assessment of risk and response for NTE of audit procedures Perform procedures linked to identified risks using combinationof Inspection, Observation, confirmation, recalculation, re-performance, Analytical procedures and inquiry includingcorroborating information. Evaluation the sufficiency and appropriateness of evidence37Sako Mayrick 38. Quality Control and QualityReview Quality Control Policies and procedures to provide reasonable assurance on compliance to professional standards and regulatory and legal requirements and reports are appropriate Quality Control review Process to provide an objective evaluation before the report is issued, of the significant judgments the engagement team made andSako Mayrick38 conclusions they reached in reporting 39. Elements of quality control Leadership Ethical requirements Acceptance and continuance of client relationship and specific engagements Human resources Engagement performance39 Monitoring Sako Mayrick 40. Subsequent events and other procedures See detailed procedures on Appendix 2 ofISREs as applicable in this ISAE40 Sako Mayrick 41. Reporting Reasonable assurance In our opinion internal control is effective, in all material respects, based on XYZcriteria or Inour opinion the responsible partys assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated Limited assurance Based on our work described in this report, nothing has come to our attention that causes us tobelieve that internal controlis not effective, in allmaterialrespects, based on XYZ criteria or Based onour workdescribed in this report, nothing has come toour attention that causes us to believe that the responsible Sako Mayrickpartys assertion that internal control is effective, in all41 42. ISAE 3400 (ISA 810)PROSPECTIVE FINANCIALINFORMATION The purpose of this International Standard on Assurance Engagements (ISAE) is to establish standards and provide guidance on engagements to examine and report on prospective financial information including examination procedures for best-estimate and hypothetical assumptions. This ISAE does not apply to the examination of prospective financial information expressed in general or narrative terms, such as that found in managements discussion and analysis in an entitys annual report, though many of the42 procedures outlined herein may be suitable for Sako Mayrick 43. ObjectivesIn an engagement to examine prospective financial information, theauditor should obtain sufficient appropriate evidence as to whether:(a) Managements best-estimate assumptions on which the prospectivefinancial information is based are not unreasonable and, in the case ofhypothetical assumptions, such assumptions are consistent with the purposeof the information;(b) The prospective financial information is properly prepared on the basis ofthe assumptions;(c) The prospective financial information is properly presented and all material assumptions are adequately disclosed, including a clear indicationas to whether they are best-estimate assumptions or hypotheticalassumptions; and(d) The prospective financial information is prepared on a consistentbasis with historical financial statements, using appropriate accounting principles.Sako Mayrick43 44. Prospective Financial Information Means financial information based onassumptions about events that mayoccur in the future and possibleactions by an entity. It is highlysubjective in nature and itspreparation requires the exercise ofconsiderable judgment. Prospectivefinancial information can be in theform of a forecast, a projection or a44combination of both, for example, a Sako Mayrick 45. Forecasts and Projections A forecast means prospective financial information prepared on the basis ofassumptions as to future events which management expects to take place andthe actions management expects to take as of the date the information isprepared (best-estimate assumptions). A projection means prospective financial information prepared on the basisof: (a) Hypothetical assumptions about future events and management actionswhich are not necessarily expected to take place, such as when some entitiesare in a start-up phase or are considering a major change in the nature ofoperations; or (b) A mixture of best-estimate and hypothetical assumptions.Such information illustrates the possible consequences as of the date theinformation is prepared if the events and actions were to occur (a what-ifscenario). Mayrick 45 Sako 46. PFI Uses and responsibility Prospective financial information can include financial statements or one or more elements of financial statements and may be prepared:(a) As an internal management tool, for example, to assist inevaluating a possible capital investment; or(b) For distribution to third parties in, for example: A prospectus to provide potential investors with informationabout future expectations. An annual report to provide information to shareholders,regulatory bodies and other interested parties. A document for the information of lenders which may include,for example, cash flow forecasts. It is management responsibility for preparation and presentation of prospective financial information The auditor is, therefore, not in a position to express an opinion as to whether the results shown in the prospective financial information will be achieved. And therefore it is a moderate level of46 assuranceSako Mayrick 47. Acceptance of Engagement Prerequisite Intended uses of the information Distribution, general or limited Nature of assumptions Elements to be included in the information Period covered by information There should be clear terms of engagement Obtain sufficient level of knowledge about the business and significant assumptions e.g. controls, documentation on assumptions, statistical , mathematical and CAATs; accuracy of information Consider the extent of reliance on historical financialSako Mayrick47 information 48. Period covered and examinationprocedures Period covered Operating cycle e.g. project Degree of reliability of assumptions Needs of users Examination procedures Data reliability Knowledge obtaining during any previousengagements Management competence on preparation ofprospective financial information48Adequacy and reliability of underlying dataSako Mayrick 49. Presentation and Disclosure PFI is information and notmisleading Accounting policies Assumptions should be clearlydisclosed and whether theyrepresent managements bestestimate or hypothetical49Sako Mayrick 50. Reporting Title, address and identification of PFI Reference to ISAE Statement of management responsibility Reference to purpose of PFI Statement of negative assurance whether the assumptions provides a reasonable basis for PFI50 Sako Mayrick Caveat on achievability of results 51. ISAE 3402 ASSURANCE REPORTS ON CONTROLS AT SERVICE LEVEL ORGANIZATION Service organization A third-party Organization (or segment of a third- party organization) that provides services to user entities that are likely to be relevant to user entities internal control as it relates to financial reporting. The service auditor should also comply51 with ISAE and ISAE 3000 Sako Mayrick 52. ISAE 3402ASSURANCE REPORTS ON CONTROLS AT SERVICE LEVELORGANIZATION This International Standard on Assurance Engagements (ISAE) deals with assurance engagements undertaken by a professional accountant in public practice1 to provide a report for use by user entities and their auditors on the controls at a service organization that provides a service to user entities that is likely to be relevant to user entities internal control as it relates to financial reporting. In addition to issuing an assurance report on controls, a service auditor may also be engaged to provide reports such as the following, which are not dealt with in this ISAE: (a) A report on a user entitys transactions or balances maintained by a service organization; or (b) An agreed-upon procedures report on controls at a52 Sako Mayrick service organization.