Acca F

Session 1
Audit and Other Assurance

Engagements
FOCUS
This session covers the following content from the ACCA Study Guide.
A. Audit Framework and Regulation

1. The concept of audit and other assurance engagements
a) Identify and describe the objective and general principles of external
audit engagements.
b) Explain the nature and development of audit and other assurance
engagements.
c) Discuss the concepts of accountability, stewardship and agency.
d) Define and provide the objectives of an assurance engagement.
e) Explain the five elements of an assurance engagement.
f) Describe the types of assurance engagement
g) Explain the level of assurance provided by an external audit and other
review engagements and the concept of true and fair presentation.
Session 1 Guidance
Review the development of external audit, internal audit and assurance services (s.1). Understand
that an external audit is a specific form of assurance service (s.1.3, s.2.1).
Understand the concepts of accountability, stewardship and agency (s.2.2). Learn the audit
objective and appreciate the basic elements contained in an auditor's report, including management's
responsibilities and the auditor's responsibilities (s.2.3).
Understand the terms reasonable assurance, materiality, professional judgment, professional
scepticism and a "true and fair view" (s.2.3).
(continued on next page)
F8 Audit and Assurance (INT) Becker Professional Education | ACCA Study System
Ali Niaz - ali.niaz777@gmail.com

VISUAL OVERVIEW
Objective: To introduce the concepts of audit and assurance engagements.
DEVELOPMENT
• External Audit
• Internal Audit
• Assurance Services
EXTERNAL AUDIT INTERNAL AUDIT ASSURANCE

(SESSION 32) ENGAGEMENTS
• As an Assurance
Service • IFAE
• Stewardship, Agency • Five Elements
and Accountability • Types of Engagement
• Auditor's Report • Evidence Gathering
• The Audit Process • Review Engagements
• Other Engagements
Session 1 Guidance
Review the audit process, including its application to internal audit (s.2.4).
Learn the definition of an assurance engagement and its five elements (s.3.1-s.3.2).
Understand the difference between reasonable assurance engagements and limited assurance
engagements (s.3.3).
© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-1

Session 1 • Audit and Other Assurance Engagements F8 Audit and Assurance (INT)
1 Development
1.1 External Audit

The development of joint-stock corporations during the middle of
the 19th century brought about a need for directors to report to
the shareholders whose capital they managed.
As ownership and management became significantly separated,
shareholders (and in today's corporate environment, other
stakeholders) required independent verification that what the
directors (management) reported was in fact true.
< Following a series of scandals, statutory audits (i.e. carried
out in accordance with statutory provisions) became
mandatory for companies in the UK in 1900. The auditor was
required to be independent of the company, hence the use of
an external auditor.
< Up to this time, the purpose of an audit was to detect fraud,
technical errors and errors of principle. However, as the size
and complexity of companies grew, case law developed the
principle that it was unreasonable to expect auditors to detect
all aspects of fraud, even though they were expected
to exercise reasonable skill and care.
< As companies grew in size, with many becoming international
organisations, it became impracticable for auditors to verify
the 100% accuracy of financial records and so the audit of
financial statements became an attestation (substantiation,
testimony) of their credibility (i.e. believability).*
*In line with the increasing complexity of company activities and

procedures, the auditors' application of reasonable skill and care has
moved away from the passive approach of a watchdog to the highly
sceptical approach of Sherlock Holmes. As discussed in greater
detail later in this study system, auditors must now, for example,
apply fraud risk assessment procedures throughout their audit and,
at the first sniff of any fraud possibility, thoroughly investigate and
follow through.
< The objective of an external audit, which must be performed

by an independent auditor following accepted standards
(e.g. International Standards on Auditing), is to express
an opinion (in terms of truth and fairness) on whether the
financial statements are prepared, in all material respects, in
accordance with an identified reporting framework (e.g. IFRS)
and relevant law.
1-2 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

F8 Audit and Assurance (INT) Session 1 • Audit and Other Assurance Engagements
1.2 Internal Audit

The modern form of internal audit was initially developed as the
growth and increasing complexity of entities in the early 1900s
stretched the capabilities of managers to effectively manage.
< Senior management appointed specialist employees to
review and report on various financial and other processes
and to ensure that appropriate controls were being
effectively applied.
< The role of the early internal auditors ranged from checking
routine financial and operational functions with a heavy
emphasis on compliance, security and detection of fraud, to
(in some cases) the analysis and appraisal of financial and
operational activities.* *The Institute of
Internal Auditors (IIA)
< The role of internal audit, whether required by legislation
was founded in 1941.
(e.g. in public sectors), listing regulations, corporate
governance codes (e.g. the UK Corporate Governance Code)
or as voluntary activity, has expanded rapidly since the 1970s,
reflecting the economic and international growth
of organisations.
< With the introduction of corporate governance codes and the
extended use of risk management in corporate management,
the objective of internal audit has significantly evolved over
the last few decades:
 to provide to management an independent, objective
assurance and consulting activity designed to add value
and improve an organisation's operations; and
 to help an organisation accomplish its objectives by
bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control
and governance processes.
1.3 Assurance Services

Over the past 30 years or so, the auditing profession has sought
to broaden its role (and income streams) with external auditors
developing a wide range of assurance services (of which the
financial statement audit is just one part).
Assurance services—independent professional services that improve

the quality of information, or its context, for decision-makers.

Factors contributing to the increasing demand for assurance

services include:
< The rapid expansion of available information (e.g. systems
capabilities of capturing, processing and delivering relevant
and reliable information).
< The changing information needs of businesses and consumers
(e.g. minimising information overload).
< The increase in demand for relevant information for decision-
makers (e.g. budgets, cash flows, raw material consumption
and reserves, production capacity, business systems, business
purchase, due diligence).
< Use of new technology (e.g. Internet transaction and data
security) and new business processes (e.g. business-wide
integrated supply chain management, outsourcing).
< Changing expectations and demands of customers, suppliers
and other stakeholders (e.g. quality control, market trends).
< Globalisation of businesses creating worldwide needs
(e.g. compliance with central ethical supply-chain codes
and key performance indicators by developing world suppliers
and business partners).
< Increasing corporate accountability demanding more
relevant and reliable information (e.g. corporate governance,
compliance with laws and regulations, environmental
performance, corporate social reporting, global reporting
initiative).
Typical assurance services include:*
*Only audits and reviews are within the syllabus. The other
assurance services are illustrative only.
< Audits of financial statements and reviews of historical

financial information.
< Prospective financial information (e.g. cash flows) reviews.
< Business ethics audits, social responsibility reporting,
environmental reporting.
< Risk assessments (including e-commerce).
< Value for money audits.
< Performance measurement.
< Systems and control reliability.

2 External Audit
An external audit provides confidence in the integrity of corporate
reporting for the benefit of stakeholders and society as a whole,
by providing an external and objective view on the statutory
financial statements. Specifically, the audit enhances the degree
of confidence of the shareholders in the financial statements.
2.1 As an Assurance Service

As an assurance service, an external audit must include the
five elements of an assurance engagement, which are further
discussed in section 3.
1. The subject matter of an external audit engagement is the
financial statements prepared under IFRS.
2. The three-party relationship in an external audit includes:
< thedirectors, who are responsible for the financial
statements;
< the practitioner (i.e. the external auditor); and
< the shareholders (and other intended users of the financial
statements).
3. The criteria used by the external auditor to evaluate the
financial statements (e.g. International Financial Reporting
Standards—IFRS).
4. The external auditor plans and performs the audit engagement
to obtain sufficient appropriate evidence in order to support the
expression of an opinion on the financial statements.
5. The external auditor issues an appropriate audit report at the
end of the audit engagement.

Directors
RESPONSIBLE
PARTY
IFRS used to
Criteria prepare financial
statements
Financial
Statements SUBJECT MATTER
IFRS used to
Criteria evaluate TS
Sufficient
appropriate
Evidence
evidence
to support
opinion
*A strength of the
external audit is
its structure and
Assurance
INTENDED PRACTITIONER approach through the
Report use of a regulatory
USER
environment and
Audit application of
Shareholders Opinion External auditor principles based on
ISAs. This may also
be considered a
weakness as many
2.2 Stewardship, Agency and Accountability users of financial
statements expect
Generally companies are owned by their shareholders, but
auditors to be able to
managed by the directors. The directors are appointed by the
detect all errors and
shareholders. The shareholders then appoint the auditors to fraud (regardless of
report to them (provide assurance) on the information provided size) and to provide
to them by the directors (the annual financial statements as 100% assurance
required by law). In most jurisdictions, the relationships among that management is
the directors, shareholders and auditors are described in terms of running the business
stewardship, agency and accountability.* efficiently and
effectively. As this
is not the role of the
auditor an "expectation
gap" exists between
what auditors
Stewardship, agency and accountability are specifically mentioned by actually do and what
the examiner in the syllabus. They have been examined in the past stakeholders expect
and are likely to be examined in the future. them to do.

2.2.1 Stewardship
Stewardship is the practice of managing another person's
property. Directors and other managers of an enterprise have the
responsibility of stewardship for the property of that enterprise,
which is owned by the shareholders.
Example 1 Stewardship
Suggest FIVE responsibilities of company directors.
Solution
1.
2.
3.
4.
5.
2.2.2 Agency
An agent is an individual (or another entity) employed or used to
provide a particular service. The individual utilising the agent is
referred to as the principal.
Example 2 Agency
Describe the possible agency relationships among shareholders, directors and
auditors.
Solution

2.2.3 Accountability
Accountability is where one party is held responsible (answerable)
to another party for its actions; it will be required to justify its
actions and decisions to that party.
Example 3 Accountability
Explain the accountability of directors to shareholders.
Solution
2.3 Auditor's Report
The objective of an audit of financial statements is:

 to enable an independent auditor to obtain reasonable assurance
about whether the financial statements are free from material
misstatement, whether due to fraud or error; and (thereby)
 to express an opinion on whether the financial statements are
prepared, in all material respects, in accordance with an identified
financial reporting framework.
The auditor's report is the key means of communicating to Although the audit
the shareholders (and indirectly to other stakeholders) of report will be
considered in greater
the business.
detail in a later
< Understanding the end result of the auditor's work provides an session, you will be
overview of the whole process. The basic concepts underlying examined on many
the report need to be understood. of the key concepts
discussed in this
< An example of an auditor's report, which expresses the section.
auditor's opinion, follows.

Independent Auditor's Report To…………………… On whose

behalf audit is
carried out
Reference can
be by page We have audited the accompanying financial statements of
numbers ABC Company, which comprise the statement of financial
position as at December 31, 20XX, and the statement of
comprehensive income, statement of changes in equity
and statement of cash flows for the year then ended, and
a summary of significant accounting policies and other
explanatory notes.
Detailed
responsibilities Management's Responsibility for the Financial
reflecting Statements
engagement Management is responsible for the preparation of financial
letter statements that give a true and fair view in accordance with
International Financial Reporting Standards and for such
internal control as management determines is necessary to
enable the preparation of financial statements that are free Standards
from material misstatement, whether due to fraud or error. complied with
Auditor's Responsibility
Our responsibility is to express an opinion on these financial
statements based on our audit. We conducted our audit in
accordance with International Standards on Auditing.
Reasonable, Those standards require that we comply with ethical
but not requirements and plan and perform the audit to obtain
absolute, reasonable assurance whether the financial statements
assurance are free from material misstatement.
An audit involves performing procedures to obtain audit Nature
evidence about the amounts and disclosures in the of audit
financial statements. The procedures selected depend on examination
the auditor's judgement, including the assessment of the (scope)
risks of material misstatement of the financial statements,
whether due to fraud or error. In making those risk
assessments, the auditor considers internal control relevant
to the entity's preparation and fair presentation of the
financial statements in order to design audit procedures
that are appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness
of the entity's internal control. An audit also includes
evaluating the appropriateness of accounting policies used
and the reasonableness of accounting estimates made by
management, as well as evaluating the overall presentation
of the financial statements.
We believe that the audit evidence we have obtained is
sufficient and appropriate to provide a basis for our audit Or "present
opinion. fairly, in
Opinion all material
respects,"
Unmodified In our opinion, the financial statements give a true and
implies that, fair view of the financial position of ABC Company as of
for example, December 31, 20XX, of its financial performance and its
changes in cash flows for the year then ended in accordance with
accounting International Financial Reporting Standards… (and comply
principles, with…).
etc have
Relevant
been properly And/or applicable GAAP statutes/law
determined
and disclosed Signature
Date Must include
Address

2.3.1 Management and Auditor's Responsibility

Management is responsible for preparing and fairly presenting
the financial statements (e.g. in accordance with the applicable
financial reporting framework).* *Although it is not
< Management's responsibility is stated in: specifically stated,
management's
 the auditor's report; responsibility
 the engagement letter between the auditors and directors includes designing,
(see Session 5); and implementing and
 the letter of representation from the directors to the maintaining the
auditors (see Session 20). necessary internal
control, selecting and
< Oversight of management's responsibilities (including those applying appropriate
for the financial statements) is provided by those charged with accounting policies and
governance. The structures of governance will vary depending making accounting
on the jurisdiction that management operates within and the estimates that are
applicable corporate governance code (see Session 3). reasonable in the
< An audit of financial statements does not relieve management circumstances.
or those charged with governance of their responsibilities.
< The auditor is responsible for expressing an opinion on the
financial statements based on the audit. The scope of audit
work is described in the report. The auditor is not responsible
for the financial statement's form and content.
< Although the auditor's opinion enhances the credibility of the
financial statements, users cannot assume that the opinion
is an assurance as to the future viability of the entity or
the efficiency or effectiveness with which management has
conducted the affairs of the entity.
2.3.2 International Standards on Auditing (ISA)

< Each ISA provides:
 an introduction (usually scope and effective date),
objectives and definitions;
 requirements (i.e. what must be done); and
 application and other explanatory material (which is cross-
referenced from the introduction, objectives, definitions and
requirements).*
< An audit conducted in accordance with ISAs must consider the
requirements of: *The scope and
authority of ISAs is
 ISAs (i.e. to plan, evaluate controls, obtain evidence, form
discussed in Session 2.
conclusions and report);
 relevant professional bodies (e.g. ACCA);
 legislation and regulations (e.g. Companies Acts);
 the terms of the audit engagement and reporting
requirements.
2.3.3 Ethical Requirements
The auditor should comply with the International Federation of
Accountants (IFAC) Code of Ethics for Professional Accountants
as authored by the International Ethics Standards Board for
Accountants (IESBA) (see Session 4).

2.3.4 Reasonable Assurance

In an audit engagement, the auditor provides a high, but not
absolute, level of assurance (expressed positively in the audit
report as reasonable assurance) that the information subject
to audit (i.e. the financial statements) is free of material
misstatement.
< To provide reasonable assurance, the auditor carries out
specific detailed routines, conducts relevant testing and
assesses the accumulated evidence collected in respect of the
financial statements as a whole (as detailed in the report's
scope paragraph).* *The detailed routines
and tests enable the
< An auditor cannot obtain absolute (e.g. 100%) assurance
auditor to express a
because of the inherent limitations in an audit (see Session 2).
positive conclusion
< Thus an audit can never be a guarantee that the financial on the assertions
statements are free of material misstatement, but it does being made by the
give reasonable assurance that they are. directors (that the
financial statements
2.3.5 Materiality show a true and fair
view and have been
prepared in accordance
with specific laws and
regulations). Basically,
the auditor believes
Omissions or misstatements of items are material if they could, that the evidence
individually or collectively, influence the decisions of users taken on obtained is sufficient
the basis of the financial statements. and appropriate to
provide a basis for his
opinion.
Materiality is an expression of relative significance or importance
of a matter, whether quantitative or qualitative (e.g. values and
discursive disclosures), in the context of the financial statements
as a whole (see Session 10).
< In planning their audit, the auditors must consider those areas
that are material to the financial statements and the possibility
that material errors could be contained in the (unaudited)
financial statements (financial statement risk).
< Audit procedures must minimise the risk that such errors
remain undetected by the audit. The auditors are not
responsible for the detection of misstatements that are not
material to the financial statements taken as a whole.

2.3.6 Professional Judgement
Professional judgement is applied by the auditor in all stages of the

audit process.
There are four primary areas in which professional judgement is

particularly important:
1. In interpreting relevant ethical requirements and the
application of ISAs.
2. In understanding the entity and its environment
(with particular emphasis on materiality and audit risk).
3. In determining the audit scope and audit plan (e.g. in deciding
the nature, timing and extent of audit procedures) to meet the
requirements of ISAs and gather audit evidence.
4. In drawing conclusions based on evidence obtained (e.g. in
assessing the persuasiveness of conflicting evidence from
different sources, evaluating management's judgements in
applying the applicable financial reporting framework and
assessing the reasonableness of the estimates made by *In a principle-based
management in preparing the financial statements).* approach (e.g. using
ISAs) professional
2.3.7 Professional Scepticism judgement is critical.
Poor professional
judgement can result
in auditors issuing
inappropriate audit
opinions and being
The auditor should plan and perform (i.e. conduct) the audit with sued. In a rules-based
an attitude of professional scepticism recognising that circumstances approach, professional
may exist that will cause a material misstatement in the financial judgement would be of
statements minimum use as only
the rules would need
to be followed.
Professional scepticism is an attitude that includes a questioning
mind and a critical assessment of evidence.
< It is required throughout the audit process:
 for the auditor to reduce the possibility of marginalising
a critical element of risk to the business during the risk
assessment;
 to identify conditions that may indicate possible fraud;
 to avoid inappropriate assumptions when determining the
nature, timing and extent of the audit procedures and
evaluating results;
 for the auditor to be alert for audit evidence that contradicts
or brings into question the reliability of documents or
management representations; and
 to assess management's judgements that involve estimation
or subjective matters.
< In planning, conducting and reviewing the audit, an auditor
should therefore assume neither dishonesty nor unquestioned
honesty of management.

2.3.8 "True and Fair View"

The term "true and fair view" is not defined in International
Standards on Auditing (ISAs) and definitions should therefore
be regarded with caution.
< True or truth relates to factual accuracy (bearing in mind
materiality). The information provided conforms to required
standards, regulations and law.
< Fairness relates to the presentation of information and
the view conveyed to the reader. Such information is free
from bias. The financial statements reflect the commercial
substance and reality of the underlying balances and
transactions.
< View indicates that a professional judgement has been
reached.*
*A degree of imprecision is inevitable because of inherent

limitations. For example, the auditor does not inspect 100% of all of
the entity's transactions.
A true and fair view means that the appropriate financial

framework (e.g. IFRS) has been complied with. IFRS does
allow different accounting policies to be applied (e.g. the cost
or revaluation method under IAS 16). Using either alternative
provides a true and fair view if it has been applied in accordance
with IFRS.
2.4 The Audit Process

2.4.1 Stages
Agree to terms
of engagement
Understand the
Form opinion
entity and its
(Auditor's
environment
report)
Documentation
Obtain written
representations Plan
Review Asses risk and

internal control
Substantiate
assets, liabilities, Reliance on
transactions & effectiveness of
disclosures control

Step Description
Engagement Auditor must send all clients an engagement letter

letter setting out the auditor's duties and responsibilities,
as well as those of management.
Session 5
Planning Planning and controlling audit work is essential to
performing work to the required high standard of
Session 7
skill and care. Planning includes understanding the
entity, its environment, internal control and the risk
of material misstatements.
Assess risk As part of the process to determine audit
strategy and the nature, timing and extent of
Sessions 8 and 9
audit procedures (the audit plan), auditors must
understand the risks faced by an entity and
relate such risks to the possibility of material
misstatements arising in the financial statements.
The auditor must also understand the entity's
risk assessment procedures and how the entity's
management deal with identified risks.
Understand Regardless of the audit approach used, auditors
internal must understand the design of internal controls and
controls if such controls have been implemented, as part of
their overall risk assessment. This helps them to
Session 9
assess the risk of material errors in the financial
statements.
Control Where the auditor decides to gain audit assurance
effectiveness from controls in an entity, the effectiveness of such
Session 12 controls must be tested.
Substantive Balances and transactions in the financial
work statements, together with disclosures, must be
verified based on key substantive assertions
Session 15
(e.g. completeness, existence, occurrence).
Review and Auditors should ensure that the audit has been
finalisation carried out in accordance with ISAs and that audit
procedures working papers fully support the audit opinion.
Procedures would normally also include analytical
Session 29
review of the financial statements, subsequent
events and going concern reviews.
Obtain The auditor asks management to formally confirm
management in writing that they are responsible for the fair
representations presentation of the financial statements, the design
and implementation of internal control to prevent
Session 20
and detect fraud; that they have recognised
and carried out their legal and governance
responsibilities and that they approve the financial
statements. Representations may also be required
from management to support audit evidence
(e.g. that all liabilities have been fully disclosed;
that the entity has title to all assets).
Sign auditor's After the directors have approved the financial
report statements, the auditor signs the audit report.
Session 30 This may be unmodified (most common) but under
certain circumstances, it may also be modified and
the opinion qualified.

2.4.2 Application to Internal Audit

Many of the methods and procedures used in external audit also
apply to internal audit.
< Internal auditors need terms of engagement (i.e. they must
know the scope, requirements and objectives of the work they
are being asked to perform).
< They need to plan their work to be efficient and effective and
to obtain realistic results.
However, many methods and procedures are expanded for
internal audit because internal auditors focus on the efficiency and
effectiveness of operations in addition to the financial statements.
< Internal auditors should understand the entity, its environment
and its exposure to risks faced in much greater depth than the
external auditor (as they deal with the entity on a day-to-day
basis).
< They must have a thorough understanding of all business
systems and controls and their effectiveness, not just the
systems and controls related to the financial statements.
< Control effectiveness, assets, liabilities, and transactions may
be part of their work, although they also cover all aspects of
management effectiveness and efficiency in an entity.
< While external auditors concentrate on the financial
statements, internal auditors consider, for example, the
quality and timeliness of information received, processed and
*For example, that
reported to management and other third parties.*
monthly management
< Internal audit reports do not express an opinion on a true reports are sent to the
and fair view, but will be specifically related to the stated bank.
requirement of their task.

3 Assurance Engagements
3.1 International Framework for Assurance

Engagements (IFAE)
Assurance engagement—an engagement in which a practitioner

expresses a conclusion designed to enhance the degree of confidence
of the intended users, other than the responsible party, about the
outcome of the evaluation or measurement of a subject matter against
criteria (per IFAE).
The IFAE defines and describes the elements and objectives of an

assurance engagement. The framework covers audits, reviews of
historical financial information and other assurance engagements.
International Framework for

Assurance Engagements
Audit and Assurance Engagements

Reviews of Other than Audits or
Historical Reviews of Historical
Financial Financial Information
Information
ISA 100+ ISRE 2000+ ISAE 3000+

International International International
Standards on Standards Standards on
Auditing on Review Assurance
Engagements Engagements

3.2 Five Elements of an Assurance Engagement

The five elements of an assurance engagement are:
a three-party relationship;
an appropriate subject matter;
 suitable criteria;
 sufficient, appropriate evidence; and
 a written assurance report.
Three-party relationship: an assurance engagement includes
three separate parties:
a practitioner;

a party responsible for the subject matter or an assertion

about the subject matter; and
 the intended users of the assurance report.
Subject matter: data prepared by, or assertions made by, the
responsible party.
Criteria: benchmarks (relevant, complete, reliable, neutral,
understandable) against which the subject matter can be
assessed and an opinion provided.
Evidence: the practitioner plans and performs an assurance
engagement with an attitude of professional skepticism to obtain
sufficient appropriate evidence about whether the subject matter
is free of material misstatement.
Assurance Report: a written report given by the practitioner to
the intended users that provides either reasonable assurance or
limited assurance about the subject matter.
3.3 Types of Assurance Engagement

Practitioners are permitted to perform two types of assurance
engagements:
1. reasonable assurance engagements; and
2. limited assurance engagements.
For assurance engagements involving historical financial
statements:
< reasonable assurance engagements are called "audits"; and
< limited assurance engagements are called "reviews".
*The practitioner must consider the detail of the engagement and

the requirements of those requesting the engagement, to decide
which assurance level he is able to provide before accepting the
engagement. Having accepted, for example, a reasonable assurance
engagement, the practitioner cannot then decide to issue a report
based on limited assurance because, for example, expected evidence
could not be obtained. He must qualify his opinion on the reasonable
assurance report.

3.3.1 Reasonable Assurance Engagement

A reasonable assurance engagement provides a high level of
assurance through the expression of a conclusion in the positive
form. For example, "In our opinion the financial statements give
a true and fair view".
< The practitioner should obtain sufficient appropriate evidence
in order to express a conclusion in this positive form.
< The assurance engagement risk (i.e. the risk that an
inappropriate opinion will be given) should be reduced to
an acceptably low level given the circumstances of the
engagement.
< The easier it is to objectively measure the subject matter
(e.g. information that is qualitative, quantitative, historical),
the more formal the measurement criteria (e.g. IFRS,
corporate governance codes), the more independent, reliable
and persuasive the evidence that can be obtained, and the
greater the assurance that can be given on the subject matter.
< In audit engagements the auditor provides reasonable
assurance through obtaining sufficient appropriate audit
evidence to be able to draw conclusions on which to base
an opinion (see Session 15).
3.3.2 Limited Assurance Engagement

A limited assurance engagement provides a low level of assurance
through the expression of a conclusion in the negative form. For
example, "Based on our review, nothing has come to our attention
that causes us to believe that the accompanying financial
statements do not give a true and fair view".
< The level of work carried out is limited and can only allow
the practitioner to provide a negative form of expression.
< The assurance engagement risk is greater (but still
acceptable) than that for a reasonable assurance engagement
(i.e. if the same level of work were carried out to provide
reasonable assurance, there would be an unacceptably high
risk of giving an inappropriate opinion).
< Where the subject matter, criteria and measurement are
subjective and informal, the evidence obtained may not be
sufficiently independent, reliable and/or persuasive, and the
practitioner may conclude that reasonable assurance cannot
be given and that only limited assurance is appropriate.
< In a review engagement, the evidence obtained is through
enquiry and analytical review. This is sufficient to enable only
limited assurance to be given.*
*Specific limited assurance services have been developed to meet

the needs of users (e.g. reviews of historic financial information).
For example, in Canada audit exemption applies for appropriate
companies. A limited assurance review report is given instead of the
audit report.

Example 4 Assurance
State (and explain) the form of assurance that could be given on a company's code
of business ethics.
Solution
3.4 Evidence Gathering Procedures and Reports

The procedures used to gather evidence and the reports issued
will vary depending on whether a reasonable assurance or limited
assurance engagement is being performed.
3.4.1 Reasonable Assurance Engagement

Evidence gathering for this type of engagement requires the
practitioner to do the following:
< Obtain an understanding of the engagement circumstances
(Session 7).
< Assess risks and respond to those risks (Sessions 8 and 9).
< Perform further procedures using a combination of inspection,
observation, confirmation, recalculation, performance
recalculation, analytical procedures and inquiry.
< Further procedures may involve tests of the operating
effectiveness of controls, substantive procedures and obtaining
corroborating information (Sessions 12 and 15).
< Evaluate the evidence obtained (Session 29).
When reporting, the practitioner expresses the conclusion in the
positive form, such as:
"In our opinion, internal control is effective, in all material
respects, based on XYZ criteria."

3.4.2 Limited Assurance Engagement

As with reasonable assurance engagements, the practitioner
obtains an understanding, assesses risks and responds to those
risks (but in the context of limited assurance).
The evidence gathering procedures are deliberately set to be
more limited (e.g. analytical review and inquiry). Confirmations,
recalculations, performance recalculation and test of controls,
for example, are not considered as part of the work programme
necessary to achieve the user's requirements.
When reporting, the practitioner expresses the conclusion in the
negative form, such as:
"Based on our work described in this report, nothing has come to
our attention that causes us to believe that internal control is not
effective, in all material respects, based on XYZ criteria."
3.5 Review Engagements

< A review of historical financial information is a limited
assurance engagement.
The standards for review engagements are found in International

Standards for Review Engagements (ISRE) 2400 and 2410. Although
these ISREs are not examinable documents, you should understand
the concept of reviews within the general assurance framework.
< The objective of a review engagement is to enable a

practitioner to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an
audit, anything has come to his attention that causes him to
believe that the financial statements are not prepared, in all
material respects, in accordance with an identified financial
reporting framework.
This is a negative form of report that provides limited assurance.
< In a review engagement, the practitioner obtains sufficient

appropriate evidence primarily through inquiry and
analytical procedures.
< An example of a review report follows.

Illustration 1 Standard Review

Report
Review Report To . . .
We have reviewed the accompanying statement of financial position
of ABC Company at 31 December 20X1, and the related statements of
comprehensive income and cash flows for the year then ended.
These financial statements are the responsibility of the Company's
management. Our responsibility is to issue a report on these financial
statements based on our review.
We conducted our review in accordance with the International
Standard on Review Engagements 2400 Engagements to Review
Financial Statements. This standard requires that we plan and
perform the review to obtain moderate assurance as to whether the
financial statements are free of material misstatement. A review is
limited primarily to inquiries of company personnel and analytical
procedures applied to financial data, and thus provides less assurance
than an audit. We have not performed an audit and, accordingly, we
do not express an audit opinion.
Based on our review, nothing has come to our attention that causes
us to believe that the accompanying financial statements do not
give a true and fair view (or are not presented fairly, in all material
respects) in accordance with International Financial Reporting
Standards.
Signature
Date
Address

3.6 Other Assurance Engagements

Assurance engagements other than audits, which follow ISAs, and
reviews of historical financial information, which follow ISREs, are
covered by the International Standard on Assurance Engagements,
ISAE 3000.
< The general principles and approach of ISAE 3000 are basically
the same as those for an audit (which is, of course, a specific
form of assurance service). For example:
< Comply with the ISAE and any other relevant ISAEs.
< Use ISAs and ISRE as necessary to provide guidance.
< Comply with the Code of Ethics.
< Implement quality control procedures applicable to each
engagement.
< Agree on, or update, terms of engagement with the client.
< Ensure assurance team has appropriate professional
competence.
< Plan the engagement to ensure effective performance.
< Exercise professional scepticism.
< Assess the appropriateness of the subject matter.
< Assess the suitability of the criteria to measure or evaluate the
subject matter.
< Consider engagement risk (to reduce it to an acceptable level)
and materiality.
< If the work of an expert is to be used, apply the same ethical
and assignment approach to the expert as if he were a
member of assignment team.
< Obtain sufficient appropriate evidence on which to base a
conclusion.
< Obtain representations from the responsible party as
appropriate.
< Consider subsequent events (events after the reporting date).
< Prepare an assurance report taking into consideration
the objectives of the engagement (reasonable or limited
assurance) and whether sufficient appropriate evidence has
been obtained.
< Consider the need to report to other parties, including
reporting governance matters to those charged with
governance.

Session 1
Summary
< Assurance services are independent professional services that improve the quality of
information for decision-makers. Audits and reviews are assurance services.
< The objective of an audit is to obtain reasonable assurance that the financial statements
are free from material misstatement and to express an opinion on whether the financial
statements are properly prepared in accordance with a financial reporting framework.
< Management is responsible for:
• preparing and fairly presenting the ﬁnancial statements;
• designing, implementing and maintaining internal control;
• selecting and applying appropriate accounting policies; and
• making reasonable accounting estimates.
< The auditor is responsible for expressing an opinion on the financial statements.
< An auditor should conduct an audit in accordance with ISAs and comply with IFAC's Code
of Ethics for Professional Accountants.
< Key concepts in auditing are reasonable assurance, materiality, professional judgement,
professional scepticism and "true and fair."
< The audit process includes:
• agreeing to the terms of the engagement;
• planning and risk assessment;
• understanding and testing the effectiveness of internal controls (when appropriate);
• substantive procedures; and
• ﬁnal review procedures before signing the auditor's report.
< The five elements of an assurance engagement are a three-party relationship, an
appropriate subject matter, suitable criteria, sufficient appropriate evidence, and a written
assurance report.
< Assurance engagements provide either reasonable (positive/high) assurance or limited
(negative/low) assurance. Audit engagements provide reasonable assurance and review
engagements provide limited assurance.

Session 1 Quiz
Estimated time: 30 minutes
1. State the objective of an audit of financial statements. (1.1)

2. Briefly describe what internal auditing is. (1.2)
3. Define stewardship. (2.2.1)
4. State whom is responsible for the preparation and fair presentation of
financial statements. (2.3.1)
5. Explain reasonable assurance in an audit engagement. (2.3.4)
6. Define materiality. (2.3.5)
7. Describe THREE primary areas in which professional judgement is important. (2.3.6)
8. Define professional scepticism. (2.3.7)
9. Outline the stages of an audit. (2.4.1)
10. Define an assurance engagement, including its FIVE elements. (3.1, 3.2)
11. List and briefly discuss the TWO types of assurance engagements. (3.3, 3.4)

EXAMPLE SOLUTIONS
Solution 1—Stewardship
Responsibilities (e.g. duties embodied in statute and corporate
governance requirements) may include:
1. Keeping books of accounts and proper accounting records.
2. Safeguarding the entity's assets.
3. Implementing appropriate business, financial and risk management
controls.
4. Producing financial statements (statement of financial position,
statement of comprehensive income, statement of cash flows,
statement of changes in equity, disclosure notes) that show a true
and fair view and the results of their stewardship.
5. Producing a directors' report and other information (e.g. as required
by listing rules) which is consistent with the financial statements and
contains certain specified information.
Solution 2—Agency
● A director can be described as an agent having a fiduciary relationship
(one of trust) with a principal (i.e. the company that employs her).
● A director is similarly an agent of the shareholders.
● Auditors, as they are appointed by the shareholders in most
jurisdictions, are also agents of the shareholders.
Solution 3—Accountability
● Directors are accountable to the shareholders. Many jurisdictions
place legal requirements on directors with regard to how they are
accountable and the way they communicate with stakeholders, for
example through directors' reports and financial statements prepared
under an appropriate framework (e.g. IFRS).
● Directors of listed companies will also be subject to listing rules and
corporate governance codes (e.g. publication of interim financial
statements, regular meetings with financial institutions, profit and
going concern warnings, analysis and management of risk, audit
committees, annual general meetings).* *The role of the
● The auditors of a company's financial statements are accountable annual general
to shareholders. They act in the interest of the shareholders (the meeting (AGM) in
primary stakeholders) while also having regard to the wider public managing companies
interest in that other stakeholders will read their report (but note that is assumed knowledge
they are not the agents of any other stakeholder and their report is from F4 Corporate and
not addressed to such stakeholders, only to the shareholders). Business Law.
Solution 4—Assurance
This would be a limited assurance engagement. Although there is a
Code of Business Ethics, the subjectivity of applying any specific ethical
criteria and the subjectivity of measuring the application of such criteria
(e.g. what is not ethical to one business may be considered ethical by
another) would not enable the practitioner to reduce assurance risk to a
sufficiently low level to allow reasonable assurance to be given.

Acca F

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Acca F

Uploaded by

Copyright:

Available Formats

Session 1

Audit and Other Assurance

A. Audit Framework and Regulation

Ali Niaz - ali.niaz777@gmail.com

EXTERNAL AUDIT INTERNAL AUDIT ASSURANCE

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-1

Ali Niaz - ali.niaz777@gmail.com

1.1 External Audit

*In line with the increasing complexity of company activities and

< The objective of an external audit, which must be performed

1-2 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

1.2 Internal Audit

1.3 Assurance Services

Assurance services—independent professional services that improve

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-3

Ali Niaz - ali.niaz777@gmail.com

Factors contributing to the increasing demand for assurance

< Audits of financial statements and reviews of historical

1-4 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

2.1 As an Assurance Service

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-5

Ali Niaz - ali.niaz777@gmail.com

1-6 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

Suggest FIVE responsibilities of company directors.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-7

Ali Niaz - ali.niaz777@gmail.com

Explain the accountability of directors to shareholders.

2.3 Auditor's Report

The objective of an audit of financial statements is:

1-8 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

Independent Auditor's Report To…………………… On whose

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-9

Ali Niaz - ali.niaz777@gmail.com

2.3.1 Management and Auditor's Responsibility

2.3.2 International Standards on Auditing (ISA)

1-10 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

2.3.4 Reasonable Assurance

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-11

Ali Niaz - ali.niaz777@gmail.com

2.3.6 Professional Judgement

Professional judgement is applied by the auditor in all stages of the

There are four primary areas in which professional judgement is

1-12 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

2.3.8 "True and Fair View"

*A degree of imprecision is inevitable because of inherent

A true and fair view means that the appropriate financial

2.4 The Audit Process

Review Asses risk and

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-13

Ali Niaz - ali.niaz777@gmail.com

Engagement Auditor must send all clients an engagement letter

1-14 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

2.4.2 Application to Internal Audit

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 1-15

Ali Niaz - ali.niaz777@gmail.com

3.1 International Framework for Assurance