Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

Assurance Services
Overview
Assurance engagements include both (1) attestation engagements, in which a party other than
the practitioner measures or evaluates the underlying subject matter against the criteria, and
(2) direct engagements, in which the practitioner measures or evaluates the underlying
subject matter against the criteria.
Not all engagements performed by practitioners are assurance engagements. Other frequently
performed engagements that are not assurance engagements include:
(a) Engagements covered by International Standards on Related Services (ISRS), such as
agreed-upon procedure and compilation engagements;2
(b) The preparation of tax returns where no assurance conclusion is expressed; and
(c) Consulting (or advisory) engagements, such as management and tax consulting.
In conducting an assurance engagement, the objectives of the practitioner are:
(a) To obtain either reasonable assurance or limited assurance, as appropriate, about whether
the subject matter information is free from material misstatement;
(b) To express a conclusion regarding the outcome of the measurement or evaluation of the
underlying subject matter through a written report that conveys either a reasonable assurance
or a limited assurance conclusion and describes the basis for the conclusion; and
(c) To communicate further as required by this ISAE and any other relevant ISAEs.

Definition
For purposes of ISAEs, an assurance engagement means―An engagement in which a
practitioner aims to obtain sufficient appropriate evidence in order to express a conclusion
designed to enhance the degree of confidence of the intended users other than the responsible
party about the subject matter information (that is, the outcome of the measurement or
evaluation of an underlying subject matter against criteria). Each assurance engagement is
classified on two dimensions:
Each assurance engagement is classified on two dimensions: Either a reasonable assurance
engagement or a limited assurance engagement:
1. (a)Reasonable Assurance Engagement―An assurance engagement in which the
practitioner reduces engagement risk to an acceptably low level in the circumstances of the
engagement as the basis for the practitioner’s conclusion. The practitioner’s conclusion is
expressed in a form that conveys the practitioner’s opinion on the outcome of the
measurement or evaluation of the underlying subject matter against criteria.
1. (b).Limited Assurance Engagement―An assurance engagement in which the
practitioner reduces engagement risk to a level that is acceptable in the circumstances of the
engagement but where that risk is greater than for a reasonable assurance engagement as the
basis for expressing a conclusion in a form that conveys whether, based on the procedures
performed and evidence obtained, a matter(s) has come to the practitioner’s attention to cause
1
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

the practitioner to believe the subject matter information is materially misstated. The nature,
timing, and extent of procedures performed in a limited assurance engagement is limited
compared with that necessary in a reasonable assurance engagement but is planned to obtain
a level of assurance that is, in the practitioner’s professional judgment, meaningful. To be
meaningful, the level of assurance obtained by the practitioner is likely to enhance the
intended users’ confidence about the subject matter information to a degree that is clearly
more than inconsequential.

2 (a) Attestation Engagement―An assurance engagement in which a party other

than the practitioner measures or evaluates the underlying subject matter against the criteria.
A party other than the practitioner also often presents the resulting subject matter information
in a report or statement. In some cases, however, the subject matter information may be
presented by the practitioner in the assurance report. In an attestation engagement, the
practitioner’s conclusion addresses whether the subject matter information is free from
material misstatement.

2 (b) Direct Engagement―An assurance engagement in which the practitioner

measures or evaluates the underlying subject matter against the applicable criteria and the
practitioner presents the resulting subject matter information as part of, or accompanying, the
assurance report. In a direct engagement, the practitioner’s conclusion addresses the reported
outcome of the measurement or evaluation of the underlying subject matter against the
criteria.

Assurance
Services

Attestation Services

Auditing

Figure 1. The Relationships among Auditing, Attestation, and Assurance Services

Audits of historical financial statements are specific types of attestation. In an audit

engagement the owners of the entity appoint a certified Public Accountant (CPA) to examine
the financial statements that have been prepared by the management in order to give their
professional opinion as whether such financial statements show a true and fair view.

2
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

In the context of assurance engagements the entity’s management is referred to as a

responsible party, the owners of the entity who appoints the CPA are the intended users and
the CPA who evaluates the financial statements prepared by management are referred to as
auditors. In most countries including Tanzania auditors are registered as Certified Public
Accountants in Public Practice (CPA_PP) and operate as audit firms. In most cases audit firm
comprises at least two audit partners registered as CPA_PP
Qualifications Required for Registration as Auditors
For a person to be registered as a CPA_PP in Tanzania, he or she should possess all
professional qualities including the following:
1. A certified public accountant (CPA) professional degree or its equivalent, such as, ACCA,
CA, RIA, CMA, etc.
2.Must have had at least 3 years post-CPA experience under the supervision of a CPA-PP, or
hold a practicing certificate from recognized professional elsewhere.
3. He or she should apply for registration as a CPA_PP and should be endorsed by three
referees including his or her employer, two of whom must be registered as CPA- PP with the
National Board of Accountants & Auditors (NBAA) Tanzania. The referees should know the
applicant professionally, and who should be able to vouch from personal knowledge of the
applicant's accounting/auditing experience and character.
The NBAA is a regulatory body for accountants & auditors in Tanzania established by an act
of Parliament.
4. Such person must undergo a mandatory scheme of continuing professional education
(CPE) Scheme each year. The objective of the scheme is to update and expand the auditor’s
knowledge so as to maintain high standards demanded of a modern professional accountants.
All registered members of the NBAA are required to update their accounting knowledge
through CPE programs.
The NBAA may impose disciplinary proceedings or sanctions against its members for non-
compliance with the CPE requirements. These include demotion from one category of
registration to a lower level or, in serious cases his or her registration may be deleted from the
Board's membership. In the latter case such person will not be allowed to practice as an
accountant. In all cases such decision will be published in the official government gazette.
Review Questions
Question 1
Assurance services can range from evaluations and reporting on the accuracy of financial
statements, to quality of services provided by the commercial banks via the internet
Assurance services include both attestation and audit services. Attestation services are a
subset of assurance services and always involve a report that goes to a third party.
Required
Explain major differences between: (1) assurance and attestation services; (2) attestation and
audit services. You may use any relevant figure to illustrate your answer.
3
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

Question 2
It has been stated that for a person to be registered as a CPA_PP(external auditor), he or she
must have a recognized professional accounting qualification. In addition to that, such person
should have a relevant working experience.
Required
(a) Mention the level of accounting qualification that is required of an auditor
(b) Mention the minimum post-qualification experience that is required of an auditor
Explain the importance of a Continuing Professional Educat
Categories of Assurance Engagements
The framework for assurance engagement indicates that assurance services can be classified
into two main categories: (i) Attestation (assertion) engagements and (ii) non-attestation
engagements. This is illustrated in figure: 2

Assurance Services

Attestation Engagements .Non- Attestation Engagement

i. Financial Statement Audits .i Information-RiskAssurance

ii. Financial Forecasts
iii Effectiveness of Internal Control
iv. Cost/Benefit Analysis Reports
v. Effectiveness of Internal Audit
.ii Customer Satisfaction
Survey
.iii Evaluation of IM* Policies
. iv Internal Audit Outsourcing

Figure 2: The framework for Assurance Engagements

Note, This figure presents an overview of assurance services that can be
provided to intended users to aid reasonable decision makings,
*Investment Management

Business: Demand for Reliable Information

Business risk is the risk that an entity will fail to achieveits objectives. Failing to achieve
objectives can eventually result in temptation to misstate financial statements to avoid
business failure. The misstated financial statements may lead to information risk. Information
risk is the probability that the information circulated by an entity will be false or misleading
and cannot be used to make sound decisions. But, the problem with users of business

4
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

information is that most of them are not able to collect reliable information for decision
making due to several limitations. These limitations lead to the need of assurance services
The need for assurance services arise because of: (i) potential bias in providing information,
that is, the party providing information may want to convey a better impression than the real
circumstances merit; (ii) remoteness (distance) between a user of business information and
the entity providing such information; (iii) complexity of business information as well as the
related processes. It is difficult to determine the proper presentation of such information
without a review by an independent expert who provides assurance services such as an
independent accountant and; (iv) need to minimize financial surprises that are caused by
restatements of financial statements.
Potential bias in providing information
Management has a vested interest to make the business appear better than it is actually is.
Management has inside information that they may or may not want to share with users. Thus
at any point in time the party which prepares the subject matter (e.g. management)will have
more information about the subject matter than the intended users (e.g. shareholders). The
responsible party might thus take advantage of this information asymmetry to deceive the
intended users who have less information compared to the responsible party
Remoteness of investors from operations – Usually, investors are not able to personally
visit business locations to check on how their investments are being used. Therefore, there is
a significant disadvantage as people no longer interact directly with other parties, including
the other shareholders. Most users cannot interview management or review management
financial records, yet they rely on the financial statements produced by management for
making significant decisions
Complexities of business information – Decisions makers are not trained to collect,
compile, and summarize the key operating information by themselves. Many business
transactions are now more complex than before. Several users of business information
depend on independent experts to get assurance that the complex business information
presented fairly and fully disclosed in the financial statements
Avoid Surprises
In the last ten years, a number of financial statements users such as banks and pension funds
lost billions of money because financial information, and in some instances the auditors were
unreliable. Financial statements were restated because misstatements were found subsequent
to the original issuance of financial statements. The reasons for restatement varied, but
ranged from (i) misapplication of accounting standards, (ii) fraudulent financial reporting,
(iii) aggressive accounting especially in developing estimates, and (iii) ignoring cut off
periods, such as, recording sales in wrong period.
The Need for Unbiased Reporting
Assurance services are related to decision making. Making good decisions requires good
information which shows a true and fair view. The information can be financial or otherwise.
The information should not favour one user over another because all users are considered
important. In many cases the interests of the various users can be in conflict with others. For

5
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

example, the existing shareholders might want management to use accounting principles that
result in higher levels of reported income, but lending institutions, such as banks generally
prefer a conservative approach to valuation and income recognition. Appendix: 1 presents an
overview of potential users of financial information and the use of such information.
Key Elements of an Assurance Engagement
The key elements in an assurance engagement are as follows:
(1) A three party relationship involving (i) a practitioner, such as, an auditor, a reviewer etc.
(ii)a responsible party, such as corporate management, board of directors , money borrowers
etc., and (iii) intended users, such as, shareholders, banks, donors, contributors etc.)
(2) An appropriate subject matter, such as, financial statements, effectiveness of internal
controls or IT systems etc.
(3) Suitable criteria, such as, International Financial Reporting Standards (IFRSs) used in
preparing financial statements
(4) Sufficient appropriate evidence; and
(5) A written assurance report, such as, audit reports in the audit engagements
 Three Party Relationships
Assurance engagements usually involve three separate parties (peoples or group of
peoples as follows:
– The practitioner:This is an Assurance services provider. This should be an
independent person who evaluates a subject matter and express an opinion on
whetherthe subject matter is materially misstated. The practitioner provides the
assurance to the intended users about the subject matter information in an assurance
report.
– The intended users:allpersons, other than responsible party, who seek assurance of
practitioner. They are persons or class of persons for whom the practitioner prepares
the assurance report. In certain cases, the intended user and the responsible party may
from the same entity. For example, in audit engagements, the board of directors may
seek assurance about the information provided by the management.
– The responsible party: This is a person or group of persons who is responsible for
the subject matter. In a direct reporting engagement, is responsible for the subject
matter; or in an assertion-based engagement, is responsible for the assertion. This may
or may not be the party who engages the practitioner but it must acknowledge its
responsibility for the subject matter to the practitioner.The responsible party
ordinarily provides the practitioner with a written representation that evaluates or
measures the subject matter against the identified criteria,

6
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

Figure: 3 illustrates the relationship among the three parties to an assurance engagement

Seek assurance from the

Intended User practitioner

Responsible
Expresses For the
conclusion Subject matter
about the
Practitioner Responsible Party
Subject matter

Figure 3. A three party relationship in an assurance relationship.

 A subject matter
The subject matter of an assurance engagement may vary considerably.
However, it is likely to fall into one of three categories:
– Data (for example, financial statements or business projections)
– Systems or processes (for example, internal control systems or computer systems)
– Behaviour (for example, social and environmental performance or corporate
governance)

Two conditions relating to the subject matter are important for an assurance engagement:
1. The subject matter must be identifiable and is capable of consistent evaluation
against suitable criteria.
2. The subject matter must be in a form that can be subjected to evidence collection
procedures to support the evaluation.

 Suitable criteria
The person providing the assurance must have something by which to judge whether the
information about a subject matter is reliable and can be trusted upon.
For example, in an assurance engagement relating to audits of financial statements, the
criteria would be (i) the requirements of the Companies Act (2002) and (ii) whether the
financial statements have been prepared in accordance with the applicable financial reporting
framework, such as IFRS. By using the suitable criteria, the practitioner will be able to verify
whether the financial statements have been prepared in accordance with the suitable criteria,
and if they have, then the practitioner can conclude that there is a degree of assurance that the
financial statements shows a true and fair view and are therefore, reliable.
7
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

In the context of company behaviour, suitable criteria for the effectiveness of corporate
governancemight be the Companies Act 2002 and the Guidelines for Corporate Governance
Practice (2002) issued under the Capita Markets and Securities Act (CMSA) 1994).
 Sufficient appropriate evidence to support the assurance opinion
The assurance provider will seek to obtain sufficient appropriate evidence as the basis for
supporting the assurance provided by him or her. He or she must substantiate the opinion that
he or she draws in order that the user can have confidence that it is reliable. He or she must
obtain evidence as to whether the criteria have been met.
 Assurance Report
Oncethe evaluation (examination) of the subject matter is finalised an evaluation report
should be prepared by the practitioner to an intended party. The evaluation report shall be an
auditors’ report if the subject matter was the financial statements and the assurance
engagement was an audit of financial statements.
An Audit of Historical Financial Statements of a Company
Objectives of an audit of financial statements
The objective of an audit of financial statements is to enable the auditor to express an opinion
on whether the financial statements have been prepared, in all material respects, in
accordance with an applicable financial reporting framework (IAS and IFRS). The financial
statements prepared in accordance with IAS and IFRS show a true and fair view and
therefore, reliable. True and fair view may be described as follows: True: Information is
factual and conforms to reality, not false. In addition the information conforms to required
standards and law. The accounts have been correctly extracted from the books and
records.Fair: Information is free from discrimination and bias in compliance with expected
standards and rules. The accounts should reflect the commercial substance of the company’s
underlying transactions.
The five elements of an audit engagement are as follows:
 Three party involvement
(i) The Intended Party: The shareholders of the company,and other
interestedusers of the financial statements
(ii) The Responsible Party: The board of directors (BOD). In Tanzania the BOD
is responsible for the preparation of financial statements (the subject matter)
(iii) The practitioner: The Independent(external) auditor appointed by the
shareholders of the company. This is usually the audit firm
 Subject matter
– The historical financial statements prepared by the BOD. This is the requirement of
the Companies Act (2002).
 Suitable Criteria
In Tanzania the Companies Act (2002), The NBAA’s requirements, and accounting
standards, that is the IAS and IFRS are the suitable criteria in preparing and
presenting the financial statements
 Evidence
8
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

Sufficient and appropriate evidence is required to support an assurance opinion. The

Practitioner should indicatewhether the subject matter information conforms to the
identified criteria and whether it is free from material misstatements.
 Conclusion in the form of an audit opinion
An expression of an audit opinion in the form of areport should be written and
provided to the intended users: the BOD. Audit report is usually written in a
prescribed format
Consulting Services Are Not Assurance Services
Consulting Services include advisory and related service activities, the nature and scope of
which are agreed with the customer, are intended to add value and improve an organization's
governance, risk management, and control processes without the internal auditor assuming
management responsibility. There are several fundamental differences between assurance
services and consulting services: (i) the number of parties involved in the engagement, (ii the
purpose of the engagement, and (iv) the communication of engagement results.

Consulting services are advisory in nature and many times are conducted at the request of
management. Consequently the nature and scope of the consulting engagement are subject to
agreement with the engagement customer.Types of Consulting Engagements include:
— Participating in an advisory role for high-risk projects such as information systems
development.
— Advising on certain enterprise risk management activities.
— Training Consulting Engagements (Consulting engagements that are educational in nature
include:Training on risk management and internal control

Interactive Question One

You are a professional accountant who has been approached by Dr. Mabo, who wants to
invest in Company X. He has asked you for assurance whether the most recent financial
statements of Company X are a reliable basis for him to make his investment decision.
Required
Identify the key elements of an assurance engagement in this scenario, if you accepted the
engagement.
Answer To Interactive Question One
1 Three party involvement:
 Dr. Mabo (the intended user)
 You (the practitioner)
 The directors of Company X who produce the financial statements (the responsible
party)
2 Subject matter
 The most recent financial statements of Company X are the subject matter
3 Relevant criteria
9
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

 It is most likely in this instance that the criteria would be accounting standards (i.e.,
IFRS), so that Jamal can be assured that the financial statements were properly
prepared and comparable with other companies' financial statements
`4 Evidence
 You would have to agree the extent of procedures in relation to this assignment with
Dr. Mabo so that he knew the level of evidence you were intending to seek. This
would depend on several factors, including the degree of secrecy in the proposed
transaction and whether the directors of Company X allowed you to inspect the books
and documents
5 Reports
 Again, the nature of the report would be agreed between you and Dr. Mabo

Interactive Question Two

Every assurance engagement havefive essentials or elements:
1 Existence of three party relationship which involves: (i) an assurancepractitioner;
(ii) a responsible party; and (iii) theintended users.
2 Subject matter
3 Suitable Criteria
4 Sufficient appropriate evidence collected as a result of
examination
5 Expression of opinion by the practitioner providing an assurance

Required
Briefly describe with examples the above elements of an assurance engagement
Answer To Interactive Question Two
1. Three Party Relationships
Assurance engagements usually involve three separate parties as follows:
—The assurance practitioner: This is an expert who provides assurance services.He or she
should be an independent person who evaluates a subject matter and express an opinion on
whether (or not) the subject matter is materially misstated. The practitioner provides the
assurance to the intended users about the subject matter information in an assurance report.
Examples include an auditor of historical financial statement
—The intended users:all those persons, other than responsible party, who seek assurance
from practitioner. They are persons for whom the practitioner prepares the assurance report.
For example, the board of directors may seek assurance about the information provided by
the management. In the case of an audit of the financial statements of a company, the specific
intended users are the shareholders. Butwhenever practical, the assurance report should be
addressed to all the intended users.
—The responsible party: This is a person who is responsible for the subject matter. The
responsible party ordinarily provides the practitioner with a written representation that
evaluates or measures the subject matter against the identified criteria. In the financial
statement audit, the responsible party is a person who prepares the financial statements (e.g.
management or board of directors)

10
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

2. The subject matter

It is the subject matter information about which the practitioner gathers sufficient appropriate
evidence to provide a reasonable basis for expressing a conclusion in an assurance report.it is
likely to fall into one of three categories: (i) Data (for example, financial statements of the
corporation), Systems or processes (for example, internal control systems or computer
systems), and behaviour (for example, quality of corporate governance)
3. Suitable criteria
The person providing the assurance must have something by which to judge whether the
information is reliable and can be trusted. For example, in an assurance engagement relating
to financial statements, the criteria would be (1) the requirements of the Companies Act 2002
and (2) whether the financial statements have been prepared in accordance with the
applicable financial reporting framework, such as the international financial reporting
standards (IFRS).
4. Sufficient appropriate evidence to support the assurance opinion
The assurance provider will seek to obtain sufficient appropriate evidence as the basis for the
assurance provided. He or she must substantiate the opinion that he/she draws in order that
the user can have confidence that it is reliable. He or she must obtain evidence as to whether
the criteria have been met
5. Assurance Report
Once the evaluation (examination) of the subject matter is finalised an evaluation report
should be prepared by the practitioner to the intended party. In the case of the audit of
financial statements the evaluation report shall be an auditors’ opinion expressed in an audit
report
MULTIPLE CHOICE QUESTIONS
1 There is a similarity between assurance, attestation and audit services. But these
services have also a significant difference.Which of the following statements is not
correctaboutthe differences between Assurance and Attestation engagements?
A An assurance engagement is amuch broader term and concept compared to
attestation engagement.
B It is wrong say that all attestation engagements are assurance engagements but
not every assurance engagement is attestation engagement.
C It will not be wrong if we say that all attestation engagements are assurance
engagements but not every assurance engagement is attestation engagement
D Attestation engagements are a subset of assurance services

2 An assurance engagement is an engagement undertaken by the practitioner and at the

conclusion of engagement a practitioner expresses an opinion about the evaluation of
subject matter. The purpose of the assurance service is to:
A enhances the confidence of intended users (other than responsible party) over the
evaluation of subject matter
11
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

B enhances the confidence of intended users responsible party over the evaluation
of subject matter
C enhances the confidence of intended users (including the practitioner) over the
evaluation of subject matter
D All statements A, B and C above are correct
3 Which of the following statement is not correctregarding the provision of assurance
services?
A the intended party who receives the assurance generally pays for the assurance
received
B Assurance services always involve a report by a responsible person to an
intended party on which an independent assurance practitioner provides
assurance.
C assurance services can be provided either on information, process or behaviour
D Only statements A and C are correct

4 Which of the following statements is not correctabout the conduct of an audit of

historical financial statements
A An audit is part of an attestation and assurance services
B The purpose of an audit engagement is to ascertain the degree of correspondence
between those assertions and established criteria and to communicate the results
to interested users
C An audit is a type of attest function in which an auditor provides an opinion
about whether management (asserter) has prepared financial statements
in conformity with an applicable financial reporting framework (criteria).
D An auditor is required to evaluate whether the financial statements have been
prepared in accordance withthe International Financial Reporting Standards
(IFRS) and the International Standards on Auditing (ISA)

5 Assurance services are intended to enhance the credibility of information about a

subject matter by evaluating whether the subject matter conformswith suitable
criteria. Which of the following statements about assurance services is NOT TRUE
A Assurance engagement is an engagement conducted by a practitioner at the end
of which he or she expresses an opinion on the subject matter against a criteria.
B Examples of assurance services include: audit of financial statements, evaluation
of the effectiveness of internal controls or, effectiveness of IT systems
C Examples of assurance services include: evaluation of financial forecast
reports,information risk assessment and customer satisfaction surveys.
D A and B above are the only correct statements
6 For an engagement to be an assurance engagement it must have the following three
party relationship: a practitioner; a responsible party and intended users. The other
four components of an assurance engagement are the presence of:
A A subject matter, a suitable criteria, supporting evidence, intended users
B A subject matter, a suitable criteria, supporting evidence, expression of
opinion
12
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

C A subject matter, a suitable criteria, supporting evidence, an assurance expert

D A subject matter, a suitable criteria, supporting evidence, a responsible party

7 An attestation is an engagement in which an attester (practitioner) provides a report as

to whether an assertion made by the asserter has been prepared in conformity with the
appropriate criteria. All of the following are examples of attestations except
A An audit of historical statements
B An evaluation of effectiveness of internal controls.
C Evaluations of the client’s compliance with specified laws
D Customer Satisfaction Survey

8 An audit is a type of attest function in which an auditor provides an

independent opinion about whether management (asserter) has prepared financial
statements in conformity with an applicable financial reporting framework (criteria).
In Tanzania the appropriate financial reporting frameworks is
A International Standards on Auditing (ISA)
B Generally Accepted Accounting Principles (GAAP)
C International Standards on Assurance Engagements (ISAE)
D International Financial Reporting Standards (IFRS).

9 Indicate a statement that is not correctabout assurance, attestation, and audit services
A Attestation services are a type of audit services
B Audit services are a type of assurance services
C Audit services are a type of attestation services
D Attestation services are a type of assurance services
10 Identify a statement that is not correctabout assurance, attestation, and audit services
A Some attestation services may not be categorised as assurance services
B Some of the assurance services may not fit in the category of attestation services
C Some attestation services may not fit in the category of audit services
D Some of the audit services may not fit in the category of attestation services
11 Which of the following statement is not correctabout the assurance services
A Auditing is a subset of attestation, and attestation is a subset of assurance
B Auditing is a subset of assurance, and also a subset of attestation
C Attestation is a subset of assurance, and attestation is also a subset of auditing
D Assurance, attestation and audit engagements both involve the collection of
sufficient appropriate evidence by the practitioner (assurance provider)

12 Identify a statement that is not correctabout assurance, attestation, and audit services
A Attestations are wider services compared to assurance services
B An attestation engagement involves an assentation or assertions made by a party
(person) that is responsible for the subject matter
C Attestation engagements includes audit engagement but assurance engagements
do not include audit engagements
D Attestations include audit engagements but assurance engagements do not

13
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

13 The attributes needed for all assurances services are usually the same. Identify an
attribute that is NOT NEEDED FORALLcategories of assurance services
A The assurance provider should have knowledge of the subject matter
B The assurance provider should be independent of the responsible party
C The subject matter should be evaluated in accordance with an agreed-upon criteria
D The assurance provided should provide an absolute assurance report
14 Assurance creates confidence by reducing information risk. Assurances services can
range from financial statements to quality of products and services sold via the
internet. The items on which assurance is provided are collectively referred to as:
A Financial information
B Subject matter
C All of the above
D None of the above
15 Assurance creates confidence to the users of assurance services by reducing
information risk (the risk that the information is not true and fair). In all categories of
assurance services an assurance provider is required to evaluate the subject matter:
A In accordance with the international standards on assurance engagements (ISAE)
B And provide a report in the form of an opinion to the intended users
C And report whether it complies with the appropriate criteria
D In accordance with the international standards on auditing (ISA)

16 In all attestation services the _______ is defined as the person responsible for the
subject matter
A Intended user
B Assurance practitioner
C Responsible party
D The company management

17 ______ is any declaration or a set of declarations about whether the subject matter is
based on or in conformity with the selected criteria
A An attestation
B An audit
C An assertion
D An assurance report in the form of an opinion

18 Because the practitioner’s role in an attest engagement is that of an attester, the

practitioner should not take on the role of ______ for the subject matter
A The responsible party
B Assurance provider
C Collecting sufficient appropriate evidence
D Evaluating the subject matter

19 Regardless of the procedures performed by the practitioner, the responsible party must
A accept responsibility for its assertion and the subject matter

14
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

B Evaluate the subject matter against a suitable criteria

C accept responsibility for its assertion but not the subject matter
D None of the above statements (A, B, and C) is true
20 Performing attest services is different from preparing and presenting subject matter or
an assertion. Preparing a subject matter involves
A collecting, classifying, summarizing, and communicating information;
B gathering persuasive evidence to support the subject matter or an assertion
C None of the above two statements (a and B) is true
D All of the above two statements (A and B) are true

21 performing attest services involves the following:

A gathering evidence to support the subject matter or the assertion
B collecting, classifying, summarizing, and communicating information;
C All of the above two statements (A and B) are true
D None of the above two statements (A and B) is true

22 Before accepting an attestation engagements, the practitioner must have reason to

believe that the subject matter is capable of evaluation against criteria that are
A Suitable and available to users but not necessarily to the responsible party
B Suitable and available to users including the responsible party
C Are known to the practitioner alone as he is an expert of the subject matter
D None of the above three statements (A, B and C) is true

23 Criteria are the standards or benchmarks used to measure and present the subject
matter and against which the practitioner evaluates the subject matter. Suitable criteria
must have all the following attributesEXCEPT
A Objectivity (Impartiality)—should be free from bias.
B Measurability—should permit reasonably consistent measurements, qualitative
or quantitative, of subject matter
C Subjectivity (Partiality)---should be biased in favour of the intended user
D Relevance—should be relevant to the subject matter.

24 In an attest engagement the practitioner must maintain independence in mental attitude

in all matters relating to the engagement. Which of the following statements is not true
concerning the practitioner’s (attester’s) independence?
A The practitioner should maintain the honesty and impartiality necessary to reach
an unbiased conclusion about the subject matter or the assertion
B independence in mental attitude means objective consideration of facts, unbiased
judgments on the part of the practitioner in forming and expressing conclusions
C Independence in mental attitude presumes an undeviating concern for a biased
conclusion about the subject matter or an assertion
D Independence in mental attitude presumes an undeviating concern for an
unbiased conclusion about the subject matter or an assertion

25 In an attest engagement the practitioner must obtain sufficient appropriate evidence to

15
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

provide a reasonable basis for the conclusion that is expressed in the report. Which of
the following statement is not true about sufficient appropriate evidence?
A Appropriateness of evidence is the measure of the quality of evidence
B Sufficiency of evidence is the measure of the quantity of evidence
C Sufficiency of evidence is the measure of the quality of evidence
D Obtaining more evidence in an attest engagement may not compensate for its
poor quality.

26 In any assurance engagement there are three parties involved: the responsible party,
the practitioner and the user.
In respect of the given subject matter which party prepares the subject matter?
A A responsible party
B An intended user
C An assurance provider
D Both the intended user and an assurance provider

27 Which of the following is a CORRECT statement regarding assurance services?

A Assurance services must be performed by Certified Public Accountants (CPAs)
B An attestation service is a type of audit service
C Assurance services improve the quality of information for decision makers
D Assurance services can only be performed on financial data.

28 Which of the following is considered an assurance engagement?

A Advising a client on tax planning
B Preparation of financial statement
C Compilation of accounting information
D An audit of historical financial statements
29 Which of the following statement is NOT CORRECT about the Tanzania’s auditors?
A Auditors should hold a CPA professional degree or is equivalent
B Auditors must have at least a three years post- CPA experience as audit trainees
C Auditors must be experts in all types of assurance services
D Each year auditors must undergo a continuing professional education scheme

Reference: International Standards on Assurance Engagements (ISAEs)

Appendix
International Standard on Assurance Engagements (ISAE) 3000, Assurance Engagements
Other than Audits or Reviews of Historical Financial Information (previously ISAE 100)

Description of important terms of the Assurance Engagements

Definition:An assurance engagement is an engagement in which a practitioner aims to obtain
sufficient appropriate evidence in order to express a conclusion designed to enhance the
16
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

degree of confidence of the intended users other than the responsible party about the outcome
of the measurement or evaluation of an underlying subject matter against criteria.
The outcome of the measurement or evaluation of an underlying subject matter is the
information that results from applying the criteria to the underlying subject matter. For
example:

 Historical financial performance or condition (for example, historical financial

position, financial performance and cash flows) for which the subject matter
information may be the recognition, measurement, presentation and disclosure
represented in financial statements.
 Future financial performance or condition (for example, prospective financial
position, financial performance and cash flows) for which the subject matter
information may be the recognition, measurement, presentation and disclosure
represented in a financial forecast or projection.
 Non-financial performance or conditions (for example, performance of an entity) for
which the subject matter information may be key indicators of efficiency and
effectiveness.
 Physical characteristics (for example, capacity of a facility) for which the subject
matter information may be a specifications document.
 Systems and processes (for example, an entity’s internal control or IT system) for
which the subject matter information may be a statement about effectiveness.
 Behavior (for example, corporate governance, compliance with regulation, human
resource practices) for which the subject matter information may be a statement of
compliance or a statement of effectiveness.
Criteria―The benchmarks used to measure or evaluate the underlying subject matter. The
“applicable criteria” are the criteria used for the particular engagement.
Engaging party―The party (s) that engages the practitioner to perform the assurance
engagement.

Evidence―Information used by the practitioner in arriving at the practitioner’s conclusion.

Evidence includes both information contained in relevant information systems, if any, and
other information. For purposes of the ISAEs:
All assurance engagements have at least three separate parties: the practitioner, the
responsible party and the intended users. Depending on the engagement circumstances, there
may also be a separate role of measurer or evaluator, or engaging party

Intended users―The individual(s) or organization(s), or group(s) thereof that the

practitioner expects will use the assurance report. In some cases, there may be intended users
other than those to whom the assurance report is addressed

Practitioner―The individual(s) conducting the engagement (usually the engagement partner

or other members of the engagement team, or, as applicable, the firm). Where this ISAE

17
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

expressly intends that a requirement or responsibility be fulfilled by the engagement partner,

the term “engagement partner” rather than “practitioner” is used.

Responsible party―The party (s) responsible for the underlying subject matter.

Underlying subject matter―The phenomenon that is measured or evaluated by applying

criteria

The following observations can be made about these roles

 Every assurance engagement has at least a responsible party and intended users, in
addition to the practitioner.
 The practitioner cannot be the responsible party, the engaging party or an intended
user.
 In a direct engagement, the practitioner is also the measurer or evaluator.
 In an attestation engagement, the responsible party, or someone else, but not the
practitioner, can be the measurer or evaluator.
 The responsible party can be the engaging party.
 The responsible party can be one of the intended users, but not the only one.

Detailed explanations
Criteria
Criteria are the benchmarks used to measure or evaluate the underlying subject matter.
Criteria can be formal, for example in the preparation of financial statements, the criteria may
be International Financial Reporting Standards or International Public Sector Accounting
Standards; when reporting on the operating effectiveness of internal controls, the criteria may
be based on an established internal control framework or individual control objectives
specifically designed for the purpose; and when reporting on compliance, the criteria may be
the applicable law, regulation or contract

Suitable criteria are required for reasonably consistent measurement or evaluation of an

underlying subject matter within the context of professional judgment. Without the frame of
reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding
Evidence
Assurance engagements are planned and performed with an attitude of professional
skepticism to obtain sufficient appropriate evidence in the context of the engagement about
the reported outcome of the measurement or evaluation of the underlying subject matter
against the criteria. Professional judgment needs to be exercised in considering materiality,
engagement risk, and the quantity and quality of available evidence when planning and
performing the engagement, in particular when determining the nature, timing and extent of
procedures.

Assurance Report

18
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

83. The practitioner forms a conclusion on the basis of the evidence obtained, and provides a
written report containing a clear expression of that assurance conclusion about the subject
matter information. Assurance Standards establish basic elements for assurance reports. The
practitioner’s conclusion is clearly separated from information or explanations that are not
intended to affect the practitioner’s conclusion,
To summarize the above formal definition, read through the following example to understand
how assurance engagement is performed and how it enhances the confidence of users
Example 1 (An audit Service)
Board of Directors or Management (responsible party) of company A Ltd fulfilled its
responsibility of evaluating its financial position, financial performance and changes in cash
flows (these three aspects are in short the subject matter) by publishing financial statements
in accordance with International Financial Reporting Standards (criteria) and the assets,
liabilities etc. are recognized, measured, presented and disclosed in the financial statements
(subject matter information) as per the requirements of IFRSs.
Practitioner (auditor) is appointed by the shareholders (intended party/users) to express his or
her opinion (assurance) in the form of a report over the recognition, measurement,
presentation and disclosures i.e. financial statements (subject matter information) made by
the management (responsible party) are actually in accordance with IFRSs (criteria) and the
actual financial position, performance and changes in cash flow (subject matter).
From the definition of assurance engagement and also from the above example we
understood that not every engagement undertaken by the practitioner amounts to assurance
engagement. For an engagement to be assurance engagement it must have the
following FIVE essentials or elements (also known as essentials or elements of assurance
engagements):
1. Existence of three party relationship which involve: (i) Practitioner
2. A (ii) responsible party and (iii) Intended users
3. Subject matter
4. Criteria;
5. Sufficient appropriate evidence collected as a result of examination
6. Expression of opinion in the form of a written report issued by the practitioner
providing assurance of:

REVIEW QUESTIONS ON ASSUARANCE SERVICES

(The questions focus on the two types of assurance provided by practitioners)
(For Tutorials)

Illustration 1
Jimmy & Co are the auditors of Metal Co. Ltd. Metal Co Ltd. have approached the bank to
extend their overdraft limit in order to finance a short term that project they intend to

19
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

undertake. The bank has asked that the cash flow projections be provided for the project and
that assurance be provided over the projections by Jimmy & Co.

Required:
Explain (i) the type of assurance engagement that will be undertaken by Jimmy and Co, (ii)
the form of assurance that will be provided in their report and (iii) why this type of assurance
is appropriate for a cash flow projection. (5 Marks)

Answer 1
(i) The engagement that Jimmy & Co. are undertaking is a form of review engagement in
order to provide assurance to the bank that the cash flow projections are reasonable. (1
mark)

The assurance engagement is an example of a Limited Assurance Engagement which

provides the user with a moderate level of assurance rather than the high level of assurance
provided by Reasonable Assurance Engagements, such as audits of historical financial
statements (1 mark)

The assurance report is provided by Jimmy to enable the user of that report to determine what
level of reliance they can place on the information which is the subject of the report. (1mark)

(ii) The form of assurance provided by the report in this case will be a ‘limited assurance’ i.e.
that the Auditor has found nothing to suggest that the cash flow projections are not accurate
(1 mark)

(iii) Negative assurance is appropriate for a cash flow projection because it relates to the
future and is therefore uncertain. The auditor is unable to say with certainty whether the
assumptions made are correct.
(1 mark)

Illustration 2
You are the engagement partner in the audit of Mount Kitonga Co for the year ending 31
March 2022 and are currently planning the year-end audit. Mount Kitonga specializes in the
production of high quality bread of various kinds.

During the interim audit you noted that, in the present economic down-turn, the company has
suffered financially. This is because its costs are increasing and its prices have been higher
than its competitors. One indicator of the problems facing the company is that it has
consistently used a bank overdraft facility to finance its activities.

During the interim audit you had discussed with company’s management on what actions
were being taken to improve its liquidity and you were informed that the company plans to
expand its facilities for producing brown bread as this line had maintained its market share.
The company has asked its bank for a loan to finance such expansion

20
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

To support its request for a loan, the company has prepared a cash flow forecast for the two
years from the end of the reporting period and the internal audit department has reported on
the forecast to the board of directors. However, the bank has said it would like a report from
the external auditors to confirm the accuracy of the forecast. Following this request the
company has asked you to examine the cash flow forecast and then to report to the bank.

Required:
Explain the kind of assurance you could give in the context of the request by the bank. (4
marks)

Answer 2
You would inform management that it would not be possible to give a report on the accuracy
of the cash flow forecast. The forecast is an assessment of cash flows in the future which is
uncertain, particularly in the second year.

The bank should be informed that the kind of report that you could give is a limited assurance
or negative assurance report.

You would be able to state in your report the kind of work you had carried out, the
assumptions that management had made and then to give a negative form of assurance in
which you would state, among other things, that nothing had come to your attention that
would cause you to believe that the assumptions do not provide a reasonable basis for the
cash forecast.

You could then go on to say that the forecast has been properly prepared on the basis of the
assumptions. This is assuming that this kind of opinion is appropriate in the light of the work
you have performed.

Illustration 3
Ng’ongoyaMpuma’s new finance director, CPA Fatma Msumari has read about review
engagements and is interested in the possibility of Bambo& Co undertaking these in the
future. However, she is unsure how these engagements differ from an external audit and how
much assurance would be gained from this type of engagement.

Required:
(i) Explain the purpose of review engagements and how these differ from external audit
(2 marks)

(ii) Describe the level of assurance provided by external audits and review engagements.
(2 marks)

Answer 3
(i) Review engagements
Review engagements are often undertaken as an alternative to an audit, and involve a
practitioner reviewing financial data, such as six-monthly figures. This would involve the
practitioner undertaking procedures to state whether anything has come to their attention

21
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

which causes the practitioner to believe that the financial data is not in accordance with the
financial reporting framework.
A review engagement differs to an external audit in that the procedures undertaken are not
nearly as comprehensive as those in an audit, with procedures such as analytical review and
enquiry used extensively. In addition, the practitioner does not need to comply with the
International Standards on Auditing (ISAs) as these only relate to external audits of historical
financial statements.

(ii) Levels of assurance.

The level of assurance provided by audit and review engagements is as follows:

External audit – A high but not an absolute level of assurance is provided. This is known as
reasonable assurance. This provides comfort that the financial statements have been prepared
in all material respects in accordance with the applicable financial reporting standards, such
as, IFRS (or they show a true and fair view or are free of material misstatements).

Review engagements – where an opinion is being provided, the practitioner gathers

sufficient evidence to be satisfied that the subject matter is plausible; in this case a negative
assurance is given whereby the practitioner confirms that nothing has come to their attention
which indicates that the subject matter contains material misstatements.

Illustration 4
The International Framework for Assurance Engagements permits only two types of
assurance engagement, i.e. a reasonable assurance engagement and a limited assurance
engagement.

Required
Explain the difference between reasonable and limited assurance engagements.

Answer 4
Reasonable assurance engagement
In a reasonable assurance engagement, the practitioner gathers sufficient appropriate
evidence to conclude that the subject matter conforms in all material respects with identified
suitable criteria, and gives a report in the form of a positive assurance.

The term 'sufficient appropriate' is somewhat technical. 'Sufficient' refers to the quantity of
evidence obtained. The evidence collected has to be enough.

The term 'appropriate' refers to the quality of evidence obtained. “Appropriate” can further be
broken down into two elements, i.e. relevance and reliability. Evidence collected is
considered 'appropriate' if it is relevant to the assertion being tested and is obtained from a
reliable source.

A positive assurance is given when the auditor gives a 'direct' opinion on the financial
statements. This is illustrated as follows: 'the financial statements have been prepared in
all material facts in accordance with applicable financial reporting standards' The
opinion above shows that the auditor is very confident about making his/her statement simply

22
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

because the evidence collected and the work done have been extensive, covering all material
areas of the financial statements.

Limited assurance engagement

In a limited assurance engagement, the practitioner gathers sufficient appropriate evidence to
conclude that the subject matter is plausible in the circumstances. In other words, the auditor
gathers sufficient appropriate evidence but only to confirm that the financial statements are
'worthy of believe' from which to issue an opinion.
The quantity and quality of evidence gathered would be lower compared to those in a
reasonable assurance engagement, because the objective here is not to cover all material
respects of the financial statements.

The auditor then gives a negative assurance by providing an 'indirect' opinion on the
financial statements. This is illustrated as follows: 'nothing has come to our attention that
causes us to believe that the financial statements are not prepared in accordance with
applicable legislation and accounting standards'

The opinion above shows that the auditor is less confident about making his or her statement
because the evidence collected and the work done have been limited. The auditor is
essentially giving an opinion based on what he or she was able to find in the limited amount
of testing and checking.

The Framework states that the level of assurance given by a reasonable assurance
engagement is high, whereas a limited assurance engagement gives a moderate level of
assurance. It is not possible to give an absolute level of assurance because of the following:

Illustration 5
What is a review engagement?

Answer 5
A review engagement is an examination of historical financial statements undertaken by an
independent accountant who is not the auditor of the reporting entity. These statements are
ordinarily general purpose financial statements, although reviews may also be carried out on
other historical financial information. The term ‘review engagements’ also covers the review
of interim financial statements conducted by the entity’s auditor.

A review engagement is a form of a limited assurance engagement. In a limited assurance

engagement the independent accountants convey a level of assurance that is proportional to
the level of the independent accountants’ procedures given the characteristics of the subject
matter and other relevant engagement circumstances described in the assurance report. An
assurance engagement as ‘an engagement in which independent accountants express a
conclusion designed to enhance the degree of confidence of the intended users other than the
responsible party’.

The independent accountants’ objective in a review engagement is to express a conclusion as

to whether anything has come to the independent accountants’ attention that causes him to

23
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

believe that the financial statements have not been prepared in accordance with the applicable
financial reporting framework.

Who requires review engagements?

Certain entities such as small and medium-sized entities (SMEs) may be exempted from an
audit. This means that an audit is not required. Some SMEs may therefore, start to request
review engagements to enhance the stakeholders’ confidence that the entity’s financial
statements have been prepared in accordance with an applicable financial reporting
framework. The limited and less costly nature of a review engagement compared to an audit
provides SMEs with an attractive alternative when a statutory audit is not required.

The difference between reviews and audit engagements

In a review engagement, the independent accountants’ responsibilities (and the resulting
report) differ significantly from those of an audit engagement. The objective of an audit is to
obtain reasonable assurance to support a positive opinion as to whether the financial
statements show a true and fair view. The review engagement report is limited to a
conclusion on whether the independent accountants have become aware of any matter that
causes him or her to believe that the financial statements do not show a true and fair view

Although some of the enquiries and procedures performed in a review engagement may be
similar to procedures performed in an audit engagement, they do not have the effect of
converting the engagement into an audit. Since a review engagement consists primarily of
enquiry and analytical procedures, there is a greater risk that material misstatements caused
by fraud or error will not be detected as they would in an audit.

The level of confidence that users could reasonably be expected to derive from the
independent accountants’ report on a review engagement is therefore less than that which
may be derived from an audit.

Illustration 6
Mayanja adventures Co. provides scientific services to a wide range of clients. Typical
assignments range from testing food for illegal additives to providing forensic analysis on
items used to commit crimes to assist law enforcement officers.

The annual audit is nearly complete. As audit senior you have reported to the engagement
partner that a Mayanja adventure is having some financial difficulties. Income has fallen due
to the adverse effect of two high-profile court cases, where Mayanjaadventures’s services to
assist the prosecution were found to be in error. Not only did this provide adverse publicity
for Mayanja adventures, but a number of clients withdrew their contracts.

A cash flow forecast prepared internally shows Mayanja adventures requiring significant
additional cash within the next 12 months to maintain even the current level of services.
Mayanja adventures’ auditors have been asked to provide a negative assurance report on this
forecast.

Required:

24
Auditing and Assurances Services: Introduction Mwamba Ally Jingu: FCPA; PhD

In the context of the cash flow forecast, define the term ‘negative assurance’ and explain how
this differs from the assurance provided by an audit report on statutory financial statements.

Answer 6
Levels of assurance:
The level of assurance provided by audit and other review engagements is as follows:

External Audit – A high but not absolute level of assurance is provided, this is known as
reasonable assurance. This provides comfort that the financial statements are true and fair and
are free of material misstatements.

Other review engagements

Other review engagements where an opinion is being provided, the practitioner gathers
sufficient evidence to be satisfied that the subject matter is plausible; in this case negative
assurance is given whereby the practitioner confirms that nothing has come to his attention
which indicates that the subject matter contains material misstatements.

Reference

1. International Standard on Assurance Engagements (ISAE) 3000 (Revised),

Assurance Engagements Other than Audits or Reviews of Historical Financial
Information, provides that

Not all engagements performed by practitioners are assurance engagements. Other frequently
performed engagements that are not assurance engagements include
(a) Engagements covered by International Standards on Related Services (ISRS),
such as agreed-upon procedure and compilation engagements;2
(b) The preparation of tax returns where no assurance conclusion is expressed; and
(c) Consulting (or advisory) engagements, such as management and tax consulting.

Each assurance engagement is classified on two dimensions: Either a reasonable assurance

engagement or a limited assurance engagement

2. International Standard on Review Engagements 2400 (Revised) Engagements to

Review Historical Financial Statements

25