Documente Academic
Documente Profesional
Documente Cultură
to accompany
AUDITING AND ASSURANCE: PRINCIPLES, STANDARDS, AND FUNDAMENTALS 2012 ed.
Prepared by:
MARK FRANCIS G. NG, CPA
Attestation services occur when a practitioner is engaged to issue or does issue a report on a subject matter, or
an assertion about a subject matter that is the responsibility of another party.
The issuance of a report is said to be the manifestation of a practitioner’s attest function wherein he attaches his
credibility and integrity as to the genuineness of the information in an assurance service The practitioner reports about the
reasonableness of a subject matter often termed as an assertion which are representations being made by a
responsible party. The attest function formalizes the reporting responsibility that is inherent in an assurance service
Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between those assertions and
established criteria and communicating the results to interested users”
1
Assurance services comprise the broadest scope of services in the spectrum.
Assurance services encompass both attestation and auditing.
Attestation, on the other hand, encompasses auditing which is the most basic type of service in the spectrum
Assurance services are the broadest type of services in the spectrum.
Assurance services encompass both attestation and audit. Therefore, we can conclude that all attestation services are
assurance services and that audits are also assurance services. However, not all assurance services are attestation services
and, in the same manner, not all assurance services are audits.
Attestation encompasses audit. Therefore, we can conclude that all audits are attestation services; however, not all
attestation services are audits.
Audits are the simplest type of assurance services. From the spectrum, we can conclude that an audit is an assurance
service (since it improves the quality of information and lends credibility to it) and that it is also an attestation service (its
attest function being manifested in the issuance of an audit report which is the main output of the audit process)
What is the function of the Philippine Framework for Assurance Engagements?
THE PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS
The Philippine Framework for Assurance Engagements (hereinafter referred to as the Framework):
defines and describes the elements and objectives of an assurance engagement, and
identifies engagements to which Philippine Standards on Auditing (PSAs) apply. (Framework, par. 1)
However, it is emphasized that the Framework does not itself establish standards or provide procedural requirements for the
performance of assurance engagements. (Framework, par. 2)
The Framework consists of the following parts:(Framework, par. 3)
Definition and objective of an assurance engagement
Scope of the Framework
Engagement acceptance
Elements of an assurance engagement
Inappropriate use of the practitioner’s name
What are some ethical considerations required of a practitioner in the conduct of an assurance engagement?
ETHICAL PRINCIPLES AND CONSIDERATIONS
The Framework acknowledges the provisions of the Code of Ethics for Professional Accountants in the Philippines, which is adopted
from the IFAC Code of Ethics for Professional Accountants. The Code sets out the fundamental ethical principles that all professional
accountants are required to observe, including:
Integrity, which implies not merely honesty but fair dealing and truthfulness
Objectivity, which imposes the obligation on all professional accountants to be fair, intellectually honest, and free of
conflicts of interest
Professional competence and due care, which provides that a professional accountant should continually strive to
improve his knowledge and skills to ensure that a client or employer receives the advantage of competent professional
service based on up-to-date developments in practice, legislation, and techniques, and that the professional accountant
should have the responsibility to perform professional services in accordance with technical and professional standards,
carefully, thoroughly, and on a timely basis
Confidentiality, which states that a professional accountant should not use or disclose any information during the course of
performing professional services without proper and specific authority or unless there is a legal or professional right or duty
to disclose; and
Professional behavior, which states that a professional accountant should act in a manner consistent with the good
reputation of the profession and refrain from any conduct which might bring discredit to the profession
What are the different classifications of assurance engagements?
Give examples of assurance engagements and non-assurance engagements and the nature and scope of each.
ASSURANCE ENGAGEMENTS
“Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria
Assurance, in the context of the Framework, refers to the auditor’s satisfaction as to the reliability of an assertion
being made by one party for use by another party
Assertion-based engagements
These are assurance engagements on a subject matter that has written assertions or representations.
The evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter
information is in the form of an assertion by the responsible party that is made available to the intended users.
Audits and reviews of financial statements fall under this category.
2
REASONABLE ASSURANCE VS. LIMITED ASSURANCE ENGAGEMENTS
3
Compilation (PSA 120, par. 18)
In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to auditing expertise to
collect, classify and summarize financial information.
This ordinarily entails reducing detailed data to a manageable and understandable form without a requirement to test the
assertions underlying that information.
The procedures employed are not designed and do not enable the accountant to express any assurance on the financial
information. However, users of the compiled financial information derive some benefit as a result of the accountant's
involvement because the service has been performed with due professional skill and care.
4
Non-assurance engagements only involve two parties.
The term practitioner as used in the Framework is broader than the term “auditor” as used in the Philippine Standards on
Auditing (PSAs), which relates only to practitioners performing audit or review engagements. Practitioners are the
professionals requested to perform assurance engagements on a variety and a wide range of subject matters.
The responsible party is the person (or persons) who is responsible for the subject matter or subject matter information
of the assurance engagement.
In a direct reporting engagement, the responsible party is responsible for the subject matter; in an assertion-based
engagement, the responsible party may be responsible for the subject matter information (assertion) and may be
responsible for the subject matter.
The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures the
subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users.
The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report.
The responsible party can be one of the intended users, but not the only one.
In the same manner, the responsible party and the intended users may be from different entities or the same entity.
Of the three parties involved in an assurance engagement, the intended users are generally given emphasis as to how an
engagement will qualify as an assurance engagement.
The engagement users are the ones for whom the practitioner’s attest function is primarily directed aside from reporting
also to the responsible party which may also be considered as an intended user. This is how CPAs gain public confidence in
the profession and the industry.
Consulting services, as an example of a non-assurance engagement, only involves two parties: the practitioner and the
responsible party.
The practitioner only recommends uses for information which the responsible party may or may not wish to follow.
What constitutes an appropriate subject matter?
SUBJECT MATTER
The Framework provides that the subject matter of an assurance engagement should be appropriate, which means that it
must be in line and apt for the assurance engagement to be provided.
Furthermore, for a subject matter to be appropriate, it should be:
Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and
Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to
support a reasonable assurance or limited assurance conclusion, as appropriate.
The subject matter, and subject matter information, of an assurance engagement can take many forms, such as:
Financial performance or conditions
Non-financial performance or conditions
Physical characteristics
Systems and processes
Behavior
What are criteria? What are the different types of criteria?
What is meant by suitable criteria? How does criteria become suitable?
CRITERIA
The Framework defines criteria as “the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure.”
These are the frame of reference within which the subject matter of the assurance engagement is tested for its degree of
correspondence and reasonableness.
Criteria can be:
Formal, for example in the preparation of financial statements, the criteria may be Philippine Financial Reporting
Standards; when reporting on internal control, the criteria may be an established internal control framework or
individual control objectives specifically designed for the engagement; and when reporting on compliance, the criteria
may be the applicable law, regulation or contract; or
Less formal, for example an internally developed code of conduct or an agreed level of performance (such as the
number of times a particular committee is expected to meet in a year).
Established, for example those embodied in laws or regulations, or issued by authorized or recognized bodies of
experts that follow a transparent due process; or
Specifically developed, for example those designed for the purpose of the engagement.
It is important to note that the Framework provides that the criteria to be used for an assurance engagement should be
suitable, that is capable of reasonably consistent evaluation or measurement of a subject matter within the context of
professional judgment.
Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding.
Furthermore, suitable criteria are said to be context sensitive, that is, relevant to the engagement circumstances
A given set of criteria is said to be suitable if it exhibits the following characteristics:
Relevance
Completeness
Reliability
Neutrality
Understandability
It should be noted that the practitioner assesses the suitability of criteria for a particular engagement and the relative
importance of each characteristic based on his professional judgment.
5
What constitutes the bulk of the work of a practitioner in an assurance engagement? Why is this so?
Distinguish between sufficiency and appropriateness of evidence.
What generalizations can be presented regarding the reliability of evidence?
SUFFICIENT APPROPRIATE EVIDENCE
The bulk of the work of a practitioner in an assurance engagement (more specifically, an auditor in the conduct of an audit
of financial statements) lies in obtaining and evaluating evidence.
The evidence-gathering process constitutes the “dirty work” of a practitioner in that his generalization or conclusion about
the reasonableness of the information provided by the responsible party will be based from the evidence that the
practitioner has obtained and evaluated.
A practitioner cannot provide an expression of assurance without obtaining and evaluating evidence.
As provided by the Framework, evidence should possess two qualities in an assurance engagement: sufficiency and
appropriateness.
When these two qualities are present, the evidence is considered to be competent evidence.
Sufficiency is the measure of the quantity of evidence.
Appropriateness is the measure of the quality of evidence, that is, its relevance and reliability.
In the conduct of an assurance engagement (let’s say, an audit for example), the practitioner is not required to gather all
evidence that could be gathered; the practitioner only gathers evidence that he deems relevant and useful for the particular
engagement.
The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the
greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality,
the less may be required).
Accordingly, the sufficiency and appropriateness of evidence are interrelated.
However, it should be noted that merely obtaining more evidence may not compensate for its poor quality.
The reliability of evidence supporting its appropriateness is influenced by its source and by its nature, and is dependent on
the individual circumstances under which it is obtained.
GENERALIZATIONS ABOUT THE RELIABILITY OF EVIDENCE
Evidence is more reliable when it is obtained from independent sources outside the entity.
Evidence that is generated internally is more reliable when the related controls are effective.
Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable
than evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a
contemporaneously written record of a meeting is more reliable than a subsequent oral representation of what was
discussed).
Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.
What is meant by persuasive evidence?
PERSUASIVENESS OF AVAILABLE EVIDENCE
Aside from considering sufficiency and appropriateness as characteristics, evidence is also said to be competent when it is
persuasive.
Persuasiveness of evidence, in the audit parlance, means that the evidence is capable of enabling the practitioner or
auditor to make a decision regarding the reasonableness of the information in the assertions being represented by the
responsible party, that would potentially affect the practitioner’s opinion to be included in the assurance report.
Following the concept of reliability of evidence as influenced by its source and by its nature as illustrated by the
generalization on the reliability of evidence, the following conclusions relating to persuasiveness of evidence may be
derived:
the most persuasive type of evidence are those that are purely externally-generated
the least persuasive type of evidence are those that are purely internally-generated
However, it should be noted that the persuasiveness of evidence is still a matter of the practitioner’s professional judgment.
How does the cost-benefit relationship operate in the concept of evidence?
COST-BENEFIT RELATIONSHIP
Another important concept which the practitioner has to take into consideration when gathering and evaluating evidence is
the cost-benefit relationship. This concept simply states that “the benefits to be derived from obtaining the particular
type of evidence should exceed the cost of obtaining it”.
The practitioner considers the relationship between the cost of obtaining evidence and the usefulness of the information
obtained.
However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence gathering
procedure for which there is no alternative.
This does not mean that simply because a particular evidence-gathering procedure is costly the practitioner should no
longer conduct the procedure and obtain the evidence that it could potentially give. No matter how costly an evidence-
gathering procedure is, as long as the practitioner believes that the evidence to be derived from it would be significantly
beneficial and provide persuasive evidence to the engagement, then it is justifiable to obtain that evidence.
The practitioner should use professional judgment and exercises professional skepticism in evaluating the quantity
and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.
AUTHENTICATION OF DOCUMENTATION
An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected
to be an expert in such authentication.
However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies,
facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and
maintenance where relevant.
What is meant by materiality?
MATERIALITY
Aside from professional skepticism, two other salient concepts provided in the Framework are materiality and assurance
engagement risk.
“Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis
of the financial statements. Materiality depends on the size of the item or error judged in the particular circumstances of its
omission or misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative
characteristic which information must have if it is to be useful.”
Materiality is relevant when the practitioner determines the nature, timing and extent of evidence gathering procedures, and
when assessing whether the subject matter information is free of misstatement.
When considering materiality, the practitioner understands and assesses what factors might influence the decisions of the
intended users.
Furthermore, materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the
nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests
of the intended users.
It should be noted that the assessment of materiality and the relative importance of quantitative and qualitative factors in a
particular engagement are matters for the practitioner’s judgment.
What is the concept of assurance engagement risk? What are its components?
ASSURANCE ENGAGEMENT RISK
The primary reason why assurance engagements cannot provide absolute assurance (only reasonable or moderate
assurance) is primarily because of the concept of assurance engagement risk.
The framework defines assurance engagement risk as the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
This is the risk that the practitioner might conclude that the subject matter of an assurance engagement is reasonable and
genuine when in fact it is not.
In a reasonable assurance engagement (audit), the practitioner reduces assurance engagement risk to an acceptably low
level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of
expression of the practitioner’s conclusion.
The level of assurance engagement risk is higher in a limited assurance engagement (review engagement) than in a
reasonable assurance engagement because of the different nature, timing or extent of evidence gathering procedures. Note
that a review engagement only utilizes a limited scope of procedures as compared to an audit.
However in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering
procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative
form of expression.
7
In general, assurance engagement risk can be represented by the following components, although not all of these
components will necessarily be present or significant for all assurance engagements:
a. The risk that the subject matter information is materially misstated, which in turn consists of:
Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that
there are no related controls; and
Control risk: the risk that a material misstatement that could occur will not be prevented, or detected and
corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some
control risk will always exist because of the inherent limitations of the design and operation of internal control; and
b. Detection risk: the risk that the practitioner will not detect a material misstatement that exists
What is the concept of reasonable assurance?
Why is reasonable assurance less than absolute assurance? How does the cost-benefit relationship operate under the
concept of reasonable assurance?
THE CONCEPT OF REASONABLE ASSURANCE
Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party
for use by another party.
Audits and reviews only provide reasonable and moderate levels of assurance, respectively.
It is never possible for any assurance engagement to provide an absolute level of assurance since this tantamount to 100%
guarantee that the subject matter is entirely free of material misstatements which realistically cannot happen.
As provided in the Framework, reasonable assurance is less than absolute assurance. Reducing assurance
engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the following:
The use of selective testing
The inherent limitations of internal control
The fact that much of the evidence available to the practitioner is persuasive rather than conclusive
The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence
In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria
The concept of reasonable assurance is also related to the cost-benefit relationship that states that “the benefits to be
derived from obtaining the particular type of evidence should exceed the cost of obtaining it”.
“Reasonable assurance” is a concept relating to accumulating evidence necessary for the practitioner to conclude in relation
to the subject matter information taken as a whole. To be in a position to express a conclusion in the positive form required
in a reasonable assurance engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part
of an iterative, systematic engagement process
What actions are available to the practitioner in case of the inappropriate use of the practitioner’s name as provided in
the Framework?
INAPPROPRIATE USE OF THE PRACTITIONER’S NAME
A practitioner is associated with a subject matter when the practitioner reports on information about that subject matter or
consents to the use of the practitioner’s name in a professional connection with that subject matter.
If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner.
If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter,
the practitioner requires the party to cease doing so.
The practitioner also considers what other steps may be needed, such as informing any known third party users of the
inappropriate use of the practitioner’s name or seeking legal advice.