INSTRUCTOR’S MANUAL

to accompany
AUDITING AND ASSURANCE: PRINCIPLES, STANDARDS, AND FUNDAMENTALS 2012 ed.
Prepared by:
MARK FRANCIS G. NG, CPA

ASSURANCE CONCEPTS AND THE

PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS

MAJOR TOPICS FOR DISCUSSION

The Concept of Assurance

The Spectrum of Assurance, Attestation, and Auditing

Philippine Framework for Assurance Engagements

Classifications of Assurance Engagements

Examples of Assurance and Non-assurance Engagements

Engagement Acceptance

Elements of an Assurance Engagement

Professional Skepticism

Materiality and Assurance Engagement Risk

The Concept of Reasonable Assurance

Inappropriate Use of the Practitioner’s Name

RELEVANT STANDARDS AND PRONOUNCEMENTS

Philippine Framework for Assurance Engagements

What is meant by assurance?

THE CONCEPT OF ASSURANCE

To give assurance to something means giving confidence or believability to it so that other people could use it and “add
value” to whatever purpose the decision maker intends to use it

The concept of assurance is related to two other concepts, that is, attestation and auditing
Discuss the spectrum of assurance, attestation, and auditing. How is each type of service defined? What
generalizations can be inferred from the relationship of the services in the spectrum?
THE SPECTRUM OF ASSURANCE, ATTESTATION, AND AUDITING

Assurance services are independent professional services that improve the quality of information, or its
context, for decision makers

Practitioners (the technical term used for CPAs and professionals who provide assurance services) vouch for the
genuineness of the information and attach their credibility to it. The result is information that is more useful, believable, and
reliable

Note that in the definition, assurance services are described as independent professional services

This phrase in the definition emphasizes the concept that practitioners have to possess the characteristic of independence
which is one of the most important ethical considerations and professional concepts that govern the entire study of auditing
and assurance.

Independence, in the auditing parlance, generally refers to a freedom from conflicts of interest that might impair one’s
objectivity and integrity in the conduct of services allowed by the profession.

It is the characteristic of independence that instills public confidence in the practitioners and the services that they render

Attestation services occur when a practitioner is engaged to issue or does issue a report on a subject matter, or
an assertion about a subject matter that is the responsibility of another party.

The issuance of a report is said to be the manifestation of a practitioner’s attest function wherein he attaches his
credibility and integrity as to the genuineness of the information in an assurance service The practitioner reports about the
reasonableness of a subject matter often termed as an assertion which are representations being made by a
responsible party. The attest function formalizes the reporting responsibility that is inherent in an assurance service

Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between those assertions and
established criteria and communicating the results to interested users”

1

Assurance services comprise the broadest scope of services in the spectrum.

Assurance services encompass both attestation and auditing.

Attestation, on the other hand, encompasses auditing which is the most basic type of service in the spectrum

Assurance services are the broadest type of services in the spectrum.

Assurance services encompass both attestation and audit. Therefore, we can conclude that all attestation services are
assurance services and that audits are also assurance services. However, not all assurance services are attestation services
and, in the same manner, not all assurance services are audits.

Attestation encompasses audit. Therefore, we can conclude that all audits are attestation services; however, not all
attestation services are audits.

Audits are the simplest type of assurance services. From the spectrum, we can conclude that an audit is an assurance
service (since it improves the quality of information and lends credibility to it) and that it is also an attestation service (its
attest function being manifested in the issuance of an audit report which is the main output of the audit process)
What is the function of the Philippine Framework for Assurance Engagements?
THE PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS

The Philippine Framework for Assurance Engagements (hereinafter referred to as the Framework):
 defines and describes the elements and objectives of an assurance engagement, and
 identifies engagements to which Philippine Standards on Auditing (PSAs) apply. (Framework, par. 1)

However, it is emphasized that the Framework does not itself establish standards or provide procedural requirements for the
performance of assurance engagements. (Framework, par. 2)

The Framework consists of the following parts:(Framework, par. 3)
 Definition and objective of an assurance engagement
 Scope of the Framework
 Engagement acceptance
 Elements of an assurance engagement
 Inappropriate use of the practitioner’s name
What are some ethical considerations required of a practitioner in the conduct of an assurance engagement?
ETHICAL PRINCIPLES AND CONSIDERATIONS
The Framework acknowledges the provisions of the Code of Ethics for Professional Accountants in the Philippines, which is adopted
from the IFAC Code of Ethics for Professional Accountants. The Code sets out the fundamental ethical principles that all professional
accountants are required to observe, including:

Integrity, which implies not merely honesty but fair dealing and truthfulness

Objectivity, which imposes the obligation on all professional accountants to be fair, intellectually honest, and free of
conflicts of interest

Professional competence and due care, which provides that a professional accountant should continually strive to
improve his knowledge and skills to ensure that a client or employer receives the advantage of competent professional
service based on up-to-date developments in practice, legislation, and techniques, and that the professional accountant
should have the responsibility to perform professional services in accordance with technical and professional standards,
carefully, thoroughly, and on a timely basis

Confidentiality, which states that a professional accountant should not use or disclose any information during the course of
performing professional services without proper and specific authority or unless there is a legal or professional right or duty
to disclose; and

Professional behavior, which states that a professional accountant should act in a manner consistent with the good
reputation of the profession and refrain from any conduct which might bring discredit to the profession
What are the different classifications of assurance engagements?
Give examples of assurance engagements and non-assurance engagements and the nature and scope of each.
ASSURANCE ENGAGEMENTS

“Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria

Assurance, in the context of the Framework, refers to the auditor’s satisfaction as to the reliability of an assertion
being made by one party for use by another party

CLASSIFICATIONS OF ASSURANCE ENGAGEMENTS

ASSERTION-BASED VS. DIRECT REPORTING ENGAGEMENTS

Assertion-based engagements

These are assurance engagements on a subject matter that has written assertions or representations.

The evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter
information is in the form of an assertion by the responsible party that is made available to the intended users.

Audits and reviews of financial statements fall under this category.

Direct reporting engagements

These are assurance engagements on a subject matter regardless of whether or not a written assertion was made on it.

The practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a
representation from the responsible party that has performed the evaluation or measurement that is not available to
the intended users.

The subject matter information is provided to the intended users in the assurance report.

2
 REASONABLE ASSURANCE VS. LIMITED ASSURANCE ENGAGEMENTS

REASONABLE ASSURANCE ENGAGEMENTS

The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an
acceptably low level in the circumstances of the engagement as the basis for a positive form of expression
of the practitioner’s conclusion.

These engagements make use of a broad range and scope of procedures to substantiate the reasonableness
and genuineness of information.

In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive form, for
example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria.” This form
of expression conveys “reasonable assurance.”

Having performed evidence-gathering procedures of a nature, timing and extent that were reasonable given
the characteristics of the subject matter and other relevant engagement circumstances described in the
assurance report, the practitioner has obtained sufficient appropriate evidence to reduce assurance
engagement risk to an acceptably low level.

Audits of financial statements is an example of a reasonable assurance engagement.

LIMITED ASSURANCE ENGAGEMENTS

On the other hand, the objective of a limited assurance engagement is a reduction in assurance
engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is
greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the
practitioner’s conclusion.

These engagements make use of only a limited scope of procedures that are deliberately limited relative to a
reasonable assurance engagement.

Engagement risk is said to be greater in a limited assurance engagement rather than in a reasonable
assurance engagement primarily because of the limited scope of procedures that are utilized in a limited
assurance engagement.

In a limited assurance engagement, the practitioner expresses the conclusion in the negative form, for
example, “Based on our work described in this report, nothing has come to our attention that causes us to
believe that internal control is not effective, in all material respects, based on XYZ criteria.” This form of
expression conveys a level of “limited assurance” that is proportional to the level of the practitioner’s
evidence-gathering procedures given the characteristics of the subject matter and other engagement
circumstances described in the assurance report.

A review of financial statements is an example of a limited assurance engagement.

EXAMPLES OF ASSURANCE ENGAGEMENTS (A-R-O)

Audits (PSA 120, par. 7; 11-13)

The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial
statements are prepared, in all material respects, in accordance with an identified financial reporting framework. Audits
provide reasonable assurance, or a high, but not absolute, level of assurance that the information subject to audit is free of
material misstatement.

The phrases used to express the auditor’s objective is “present fairly, in all material respects”.

In forming the audit opinion, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions on
which to base the opinion

Reviews (PSA 120, par. 14-16)

The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an audit, anything has come to the auditor's attention that causes
the auditor to believe that the financial statements are not prepared, in all material respects, in accordance with an
identified financial reporting framework.

Reviews provide a moderate level of assurance.

A review comprises inquiry and analytical procedures.

While a review involves the application of audit skills and techniques and the gathering of evidence, it does not ordinarily
involve (1) an assessment of accounting and internal control systems, (2) tests of records and of responses to inquiries by
obtaining corroborating evidence through inspection, observation, confirmation, and computation, which are procedures
ordinarily performed during an audit.

The level of assurance provided in a review report is correspondingly less than that given in an audit report.

Other Assurance Engagements

EXAMPLES OF NON-ASSURANCE ENGAGEMENTS (A-C-P-M-O)

Agreed-upon procedures (PSA 120, par. 17)

In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those procedures of an audit
nature to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings.

The recipients of the report must form their own conclusions from the report by the auditor.

The report is restricted to those parties that have agreed to the procedures to be performed since others, unaware of the
reasons for the procedures, may misinterpret the results.

3
Compilation (PSA 120, par. 18)

In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to auditing expertise to
collect, classify and summarize financial information.

This ordinarily entails reducing detailed data to a manageable and understandable form without a requirement to test the
assertions underlying that information.

The procedures employed are not designed and do not enable the accountant to express any assurance on the financial
information. However, users of the compiled financial information derive some benefit as a result of the accountant's
involvement because the service has been performed with due professional skill and care.

Preparation of tax returns, with no opinion expressed.

Management consulting, which are two-party contracts in which a consultant recommends uses for information
Other non-assurance engagements
What requirements are set forth by the Framework with regards to engagement acceptance?
ENGAGEMENT ACCEPTANCE
As provided by the Framework, a practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge
of the engagement circumstances indicate that:

Relevant ethical requirements, such as independence and professional competence will be satisfied; and

The engagement exhibits all of the following characteristics:
 The subject matter is appropriate;
 The criteria to be used are suitable and are available to the intended users;
 The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion;
 The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a
limited assurance engagement, is to be contained in a written report; and
 The practitioner is satisfied that there is a rational purpose for the engagement
What is meant by independence?
How does independence in mind differ from independence in appearance?
Firm-wide independence from team-wide independence?
INDEPENDENCE: FACT VERSUS APPEARANCE

There are two kinds of independence that concerns the practitioner on a personal level: independence in mind (also called
independence in fact) and independence in appearance.

Independence in fact is a state of mind – an attitude of impartiality. It is the practitioner’s way of saying that in himself
he knows that he is independent, e.g. free from any conflict of interest with the client.

However, because a practitioner’s “state of mind” cannot be observed in quite the same way that a behavior can actually be
observed, the profession has relied on independence in appearance which exemplifies the manifestation that
practitioners remain free of any overt interest in a client that would damage the appearance of independence.

FIRM-WIDE VERSUS TEAM-WIDE INDEPENDENCE

In previous practice, the profession has followed the concept of firm-wide independence that operates in this manner: if
a member of an engagement team (the team tasked to provide the assurance service for a client, headed by a lead
engagement partner and his members) is found to be in conflict of interest with the client, the entire firm is prohibited from
entering into the engagement.

However, in current practice, the profession is now following the concept of team-wide independence, operating under
the concept that if a member of an engagement team is found to be in conflict of interest with a client, that team or that
member of the team is replaced with another team or team member with the firm still being allowed to conduct the
engagement.

CHANGES FROM ONE ENGAGEMENT TO ANOTHER

Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance
engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable
justification.

A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of
the engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner
does not disregard evidence that was obtained prior to the change.

Elaborated in PSA 210 “Agreeing the Terms of Audit Engagements”
What are the elements of an assurance engagement?
ELEMENTS OF AN ASSURANCE ENGAGEMENT
The Framework provides that for a particular engagement to be considered an assurance engagement, it must possess all of the
following elements:

A three party relationship involving a practitioner, a responsible party, and intended users;

An appropriate subject matter;

Suitable criteria;

Sufficient appropriate evidence; and

A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance
engagement
Who are the three parties involved in an assurance engagement? Describe the role and function of each.
THREE-PARTY RELATIONSHIP

Assurance engagements are three-party contracts composed of a practitioner, a responsible party, and intended users.

4

Non-assurance engagements only involve two parties.

The term practitioner as used in the Framework is broader than the term “auditor” as used in the Philippine Standards on
Auditing (PSAs), which relates only to practitioners performing audit or review engagements. Practitioners are the
professionals requested to perform assurance engagements on a variety and a wide range of subject matters.

The responsible party is the person (or persons) who is responsible for the subject matter or subject matter information
of the assurance engagement.

In a direct reporting engagement, the responsible party is responsible for the subject matter; in an assertion-based
engagement, the responsible party may be responsible for the subject matter information (assertion) and may be
responsible for the subject matter.

The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures the
subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users.

The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report.

The responsible party can be one of the intended users, but not the only one.

In the same manner, the responsible party and the intended users may be from different entities or the same entity.

Of the three parties involved in an assurance engagement, the intended users are generally given emphasis as to how an
engagement will qualify as an assurance engagement.

The engagement users are the ones for whom the practitioner’s attest function is primarily directed aside from reporting
also to the responsible party which may also be considered as an intended user. This is how CPAs gain public confidence in
the profession and the industry.

Consulting services, as an example of a non-assurance engagement, only involves two parties: the practitioner and the
responsible party.

The practitioner only recommends uses for information which the responsible party may or may not wish to follow.
What constitutes an appropriate subject matter?
SUBJECT MATTER

The Framework provides that the subject matter of an assurance engagement should be appropriate, which means that it
must be in line and apt for the assurance engagement to be provided.

Furthermore, for a subject matter to be appropriate, it should be:
 Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and
 Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to
support a reasonable assurance or limited assurance conclusion, as appropriate.

The subject matter, and subject matter information, of an assurance engagement can take many forms, such as:
 Financial performance or conditions
 Non-financial performance or conditions
 Physical characteristics
 Systems and processes
 Behavior
What are criteria? What are the different types of criteria?
What is meant by suitable criteria? How does criteria become suitable?
CRITERIA

The Framework defines criteria as “the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure.”

These are the frame of reference within which the subject matter of the assurance engagement is tested for its degree of
correspondence and reasonableness.

Criteria can be:
 Formal, for example in the preparation of financial statements, the criteria may be Philippine Financial Reporting
Standards; when reporting on internal control, the criteria may be an established internal control framework or
individual control objectives specifically designed for the engagement; and when reporting on compliance, the criteria
may be the applicable law, regulation or contract; or
 Less formal, for example an internally developed code of conduct or an agreed level of performance (such as the
number of times a particular committee is expected to meet in a year).
 Established, for example those embodied in laws or regulations, or issued by authorized or recognized bodies of
experts that follow a transparent due process; or
 Specifically developed, for example those designed for the purpose of the engagement.

It is important to note that the Framework provides that the criteria to be used for an assurance engagement should be
suitable, that is capable of reasonably consistent evaluation or measurement of a subject matter within the context of
professional judgment.

Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding.

Furthermore, suitable criteria are said to be context sensitive, that is, relevant to the engagement circumstances

A given set of criteria is said to be suitable if it exhibits the following characteristics:
 Relevance
 Completeness
 Reliability
 Neutrality
 Understandability

It should be noted that the practitioner assesses the suitability of criteria for a particular engagement and the relative
importance of each characteristic based on his professional judgment.

5
What constitutes the bulk of the work of a practitioner in an assurance engagement? Why is this so?
Distinguish between sufficiency and appropriateness of evidence.
What generalizations can be presented regarding the reliability of evidence?
SUFFICIENT APPROPRIATE EVIDENCE

The bulk of the work of a practitioner in an assurance engagement (more specifically, an auditor in the conduct of an audit
of financial statements) lies in obtaining and evaluating evidence.

The evidence-gathering process constitutes the “dirty work” of a practitioner in that his generalization or conclusion about
the reasonableness of the information provided by the responsible party will be based from the evidence that the
practitioner has obtained and evaluated.

A practitioner cannot provide an expression of assurance without obtaining and evaluating evidence.

As provided by the Framework, evidence should possess two qualities in an assurance engagement: sufficiency and
appropriateness.

When these two qualities are present, the evidence is considered to be competent evidence.

Sufficiency is the measure of the quantity of evidence.

Appropriateness is the measure of the quality of evidence, that is, its relevance and reliability.

In the conduct of an assurance engagement (let’s say, an audit for example), the practitioner is not required to gather all
evidence that could be gathered; the practitioner only gathers evidence that he deems relevant and useful for the particular
engagement.

The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the
greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality,
the less may be required).

Accordingly, the sufficiency and appropriateness of evidence are interrelated.

However, it should be noted that merely obtaining more evidence may not compensate for its poor quality.

The reliability of evidence supporting its appropriateness is influenced by its source and by its nature, and is dependent on
the individual circumstances under which it is obtained.

GENERALIZATIONS ABOUT THE RELIABILITY OF EVIDENCE
 Evidence is more reliable when it is obtained from independent sources outside the entity.
 Evidence that is generated internally is more reliable when the related controls are effective.
 Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable
than evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
 Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a
contemporaneously written record of a meeting is more reliable than a subsequent oral representation of what was
discussed).
 Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.
What is meant by persuasive evidence?
 PERSUASIVENESS OF AVAILABLE EVIDENCE

Aside from considering sufficiency and appropriateness as characteristics, evidence is also said to be competent when it is
persuasive.

Persuasiveness of evidence, in the audit parlance, means that the evidence is capable of enabling the practitioner or
auditor to make a decision regarding the reasonableness of the information in the assertions being represented by the
responsible party, that would potentially affect the practitioner’s opinion to be included in the assurance report.

Following the concept of reliability of evidence as influenced by its source and by its nature as illustrated by the
generalization on the reliability of evidence, the following conclusions relating to persuasiveness of evidence may be
derived:
 the most persuasive type of evidence are those that are purely externally-generated
 the least persuasive type of evidence are those that are purely internally-generated

However, it should be noted that the persuasiveness of evidence is still a matter of the practitioner’s professional judgment.
How does the cost-benefit relationship operate in the concept of evidence?
 COST-BENEFIT RELATIONSHIP

Another important concept which the practitioner has to take into consideration when gathering and evaluating evidence is
the cost-benefit relationship. This concept simply states that “the benefits to be derived from obtaining the particular
type of evidence should exceed the cost of obtaining it”.

The practitioner considers the relationship between the cost of obtaining evidence and the usefulness of the information
obtained.

However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence gathering
procedure for which there is no alternative.

This does not mean that simply because a particular evidence-gathering procedure is costly the practitioner should no
longer conduct the procedure and obtain the evidence that it could potentially give. No matter how costly an evidence-
gathering procedure is, as long as the practitioner believes that the evidence to be derived from it would be significantly
beneficial and provide persuasive evidence to the engagement, then it is justifiable to obtain that evidence.

The practitioner should use professional judgment and exercises professional skepticism in evaluating the quantity
and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.

WRITTEN ASSURANCE REPORT

This is the main output of an assurance engagement.

Note that the Framework requires that the assurance report should be written as this is the manifestation of the
practitioner’s attest function or the process of communicating the results to the intended users.

Furthermore, the Framework provides that the report should be in a form appropriate to either a reasonable assurance
engagement (e.g., audit report) or a limited assurance engagement (e.g., review report).
6
What is the concept of professional skepticism?
PROFESSIONAL SKEPTICISM

The Framework states that “the practitioner plans and performs an assurance engagement with an attitude of professional
skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material
misstatement.

Professional skepticism
 means that the practitioner recognizes that “circumstances may exist that cause the subject matter information to be
materially misstated.”
 means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is
alert to evidence that contradicts or brings into question the reliability of documents or representations by the
responsible party.


An attitude of professional skepticism is necessary throughout the engagement process for the practitioner
 to reduce the risk of overlooking suspicious circumstances
 of over generalizing when drawing conclusions from observations, and
 of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and
evaluating the results thereof

Professional skepticism does not mean always being dubious of fraudulent evidence or information or that the client always
hides something that they do not want the practitioners to know.

Professional skepticism mainly denotes that the practitioner neither considers information presented to be absolutely
false nor assume that management exhibits unquestioned honesty.

The most theoretical concept of professional skepticism is not finding errors in the information provided by the responsible
party or assuming that the information provided is incorrect, but rather assuming that the information provided is
reasonable and genuine and obtain and evaluate evidence to prove that indeed the information is reasonable
and genuine.

Only when the practitioner encounters evidence that contradicts such information provided will he consider that the
information is false or inaccurate.

AUTHENTICATION OF DOCUMENTATION

An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected
to be an expert in such authentication.

However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies,
facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and
maintenance where relevant.
What is meant by materiality?
MATERIALITY

Aside from professional skepticism, two other salient concepts provided in the Framework are materiality and assurance
engagement risk.

“Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis
of the financial statements. Materiality depends on the size of the item or error judged in the particular circumstances of its
omission or misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative
characteristic which information must have if it is to be useful.”

Materiality is relevant when the practitioner determines the nature, timing and extent of evidence gathering procedures, and
when assessing whether the subject matter information is free of misstatement.

When considering materiality, the practitioner understands and assesses what factors might influence the decisions of the
intended users.

Furthermore, materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the
nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests
of the intended users.

It should be noted that the assessment of materiality and the relative importance of quantitative and qualitative factors in a
particular engagement are matters for the practitioner’s judgment.
What is the concept of assurance engagement risk? What are its components?
ASSURANCE ENGAGEMENT RISK

The primary reason why assurance engagements cannot provide absolute assurance (only reasonable or moderate
assurance) is primarily because of the concept of assurance engagement risk.

The framework defines assurance engagement risk as the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.

This is the risk that the practitioner might conclude that the subject matter of an assurance engagement is reasonable and
genuine when in fact it is not.

In a reasonable assurance engagement (audit), the practitioner reduces assurance engagement risk to an acceptably low
level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of
expression of the practitioner’s conclusion.

The level of assurance engagement risk is higher in a limited assurance engagement (review engagement) than in a
reasonable assurance engagement because of the different nature, timing or extent of evidence gathering procedures. Note
that a review engagement only utilizes a limited scope of procedures as compared to an audit.

However in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering
procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative
form of expression.

7

In general, assurance engagement risk can be represented by the following components, although not all of these
components will necessarily be present or significant for all assurance engagements:
 a. The risk that the subject matter information is materially misstated, which in turn consists of:
 Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that
there are no related controls; and
 Control risk: the risk that a material misstatement that could occur will not be prevented, or detected and
corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some
control risk will always exist because of the inherent limitations of the design and operation of internal control; and
 b. Detection risk: the risk that the practitioner will not detect a material misstatement that exists
What is the concept of reasonable assurance?
Why is reasonable assurance less than absolute assurance? How does the cost-benefit relationship operate under the
concept of reasonable assurance?
THE CONCEPT OF REASONABLE ASSURANCE

Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party
for use by another party.

Audits and reviews only provide reasonable and moderate levels of assurance, respectively.

It is never possible for any assurance engagement to provide an absolute level of assurance since this tantamount to 100%
guarantee that the subject matter is entirely free of material misstatements which realistically cannot happen.

As provided in the Framework, reasonable assurance is less than absolute assurance. Reducing assurance
engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the following:
 The use of selective testing
 The inherent limitations of internal control
 The fact that much of the evidence available to the practitioner is persuasive rather than conclusive
 The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence
 In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria

The concept of reasonable assurance is also related to the cost-benefit relationship that states that “the benefits to be
derived from obtaining the particular type of evidence should exceed the cost of obtaining it”.

“Reasonable assurance” is a concept relating to accumulating evidence necessary for the practitioner to conclude in relation
to the subject matter information taken as a whole. To be in a position to express a conclusion in the positive form required
in a reasonable assurance engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part
of an iterative, systematic engagement process
What actions are available to the practitioner in case of the inappropriate use of the practitioner’s name as provided in
the Framework?
INAPPROPRIATE USE OF THE PRACTITIONER’S NAME

A practitioner is associated with a subject matter when the practitioner reports on information about that subject matter or
consents to the use of the practitioner’s name in a professional connection with that subject matter.

If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner.

If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter,
the practitioner requires the party to cease doing so.

The practitioner also considers what other steps may be needed, such as informing any known third party users of the
inappropriate use of the practitioner’s name or seeking legal advice.