Source: Philippine Framework for Assurance Engagements

Framework on Assurance Engagements in the PH

Assurance Engagements
• Defines elements and objectives of an assurance engagement
• Identifies which engagement would PSAs, PSREs, and PSAEs apply

2 Types Assurance Engagements/Services:

1. Reasonable Assurance - positive form of assurance/conclusion (gather evidence) - AUDIT
• High, but not absolute, level of assurance on subject matter
• Ex. Audit of FS
2. Limited Assurance - negative form of assurance/conclusion (lesser procedures) - REVIEW
• Moderate (lower than reasonable) level of assurance on the subject matter
• Ex. Verify sales records

• Opinion B - you qualified -> based on the work you performed (lower level of assurance)
• Opinion A - no scope of work qualified -> direct to the point opinion

Non-Assurance Engagements
• Engagements other than assurance engagements
• Applicable standards: PSRSs or other regulatory frameworks

Types based on Availability of subject matter information

1. Assertion-Based
• Assertion by responsible party (made by the management)
• Made available to intended users
• Ex. Assertion of fair presentation of FS
2. Direct Reporting
• Subject matter info is provided to intended users in assurance report
• Professional accountant (not filed in a separate document)
• Ex. Operating effectiveness of Internal control (mgt did not provide an assertion)

• Client Acceptance
• Relevant ethical requirements must be satisfied (Code of Ethics)
• 5 principles (accountants)
 i. Professional behavior
ii. Professional competence
iii. Integrity
iv. Objectivity
v. Confidentiality
• Additional for auditors -> independence (in mind and appearance)
• Engagements exhibits the following:
• Subject matter is appropriate
• Criteria are suitable and available
• Access to sufficient appropriate evidence
• Written report
• Rational purpose for engagement
• Client's Management does not lack integrity
• Client agrees to the terms of engagement
• Engagement Letter: must be signed before starting the engagement (contains
terms of the agreement)
• Management Representation Letter: symbolizes that (1) mgt acknowledges its
responsibility (ultimate responsibility to FS); (2) acknowledge and certify that all
procedures and evidence gathered are true and valid
• Management Letter: recommendations of auditor for improvements in internal
control
• Rejected? => engaging party may request non-assurance engagement
• Changes in the Engagements
• CANNOT CHANGE from assurance to non-assurance or reasonable to limited
assurance without reasonable justification
▪ Examples of reasonable justification:
• Change in requirements
• Client misunderstanding
• Mgt lacks money
• Obtained Evidence WILL NOT BE DISREGARDED

ELEMENTS OF ASSURANCE ENGAGEMENTS [PERCS]

a. 3-party relationship
• Practitioner - requested to perform engagement (ex. SGV, PWC, EY, KPMG, Deloitte)
[may consult an expert - lawyer: lawsuits, engineers: salvage value; actuary: employee
benefits)
• Responsible Party - responsible for subject matter or subject matter information, or
both
• Intended users - for whom assurance report is prepared (if for specific purpose -> limit
availability of report to the public)
b. Appropriate subject matter
• Financial or non-financial performance, physical characteristics, systems, and processes,
or behavior
• Appropriate: identifiable and capable of measurement against criteria
• Subject matter information (Assertion): evaluation or measurement of subject matter
(compared already with the criteria - initial evaluation of client)
• Appropriate: can be subjected to procedures to form a conclusion
c. Suitable criteria
 • Benchmarks used to evaluate the subject matter and are available to intended users
• Ex. Formal - PFRS, COSO's Internal Control integrated framework, or laws and
regulations [ESTABLISHED CRITERIA]
• Ex. Less formal - internally developed code, rules and regulations, and policies
[SPECIFICALLY DEVELOPED CRITERIA]
• Suitable criteria: [RUN-CR]
i. Relevance: contribute to conclusions
ii. Completeness: relevant factors not omitted
iii. Reliability: consistent
iv. Neutrality: free from bias
v. Understandability: clear, comprehensive
d. Sufficient appropriate evidence
• Professional Skepticism: questioning mind and critical assessment (you don't assume
client is honest or dishonest) -> free from material misstatement [ATTITUDE]
• Professional Judgement: apply relevant training, professional knowledge, skills and
experience in decision-making [COMPETENCE]
• [SUFFICIENT] - corroborating/supporting evidence (quantity)
• [APPROPRIATE] - relevance and reliability (quality)
• Guidelines: (more reliable if)
i. Independent source (external party)
ii. Controls are effective
iii. Directly obtained
iv. In documentary form
v. Original documents
• Other considerations in gathering evidence:
• Different sources or nature
• More difficult when it covers a period
• Cost-benefit is considered (benefit should always outweigh the
costs)
• Materiality
• Engagement risk (possibility of wrong opinion) = [inherent risk *
control risk * detection risk]
i. Risk of material misstatement (measure only)
• Inherent risk (susceptibility to misstatements)
• Control risk (internal control might not detect
misstatements)
ii. Detection risk
• Controllable by auditor
• More procedures, lower detection risk
• Nature, timing, and extent
• *practitioner is not trained or expected to be an expert in authentication*
• Why not absolute assurance?
• Judgment: FS and procedures - uses judgment
• Selective testing: sampling (didn't check all data/documents/accounts)
• Inherent limitations: controls, FS, and auditor
• Most evidence are persuasive, rather than conclusive
e. Written assurance report
• Audit: positive form of assurance
 • Unqualified - "presented fairly in all material respects"
• Qualified - "presented fairly, except for" (material misstatement or scope
limitation or uncertainty)
• Adverse - "do not present fairly" (material and pervasive misstatements)
• Disclaimer - "do not express an opinion" (high degree of scope limitation and
uncertainty)
• Review: negative form of assurance
• "nothing has come to our attention that causes us to believe that the financial
statements is not presented fairly in all material respects"

Auditor association with financial information

• Higher degree of confidence, attached name of auditor
• Auditor attaches a report or consents to the use of the auditor's name
• If auditor is not associated in this manner (third parties can assume no responsibility of
the auditor)
• Unauthorized use of auditor's name:
• Require mgt to cease doing so and consider further steps, such as:
• Inform any known third party users
• Seek legal advice