Module 5: Other Assurance Engagements

Audits of specialised areas pg 291

- Covers audits of historical info other than general purpose FS

- E.g. of specialised areas:
 special purpose financial statements,
 single financial statements and components
 summary financial statements
- 3 international auditing standards covering audits of specialised areas. ISA 800, 805, 810

Special purpose financial statements pg 291

- E.g. tax basis of accounting for a set of FS to accompany entities tax return
- Designed to meet the needs of the specific users
- Requirements of the ISA’s to general purpose financial statements audits remain applicable
- Auditor report will describe the purpose for which the financials statements are prepared and identified
intended users or refers to them in the notes.
- Covered by ISA 800

Single Financial Statements and special financial statements components pg 293

- Auditor may be asked to conduct an audit on a single financial statements e.g P&L
- Also may be asked to conduct an audit on a single component e.g AR, AP
- Guidance on how to conduct audit is in ISA 805
- Appropriate for these engagement to be performed on basis of agreed-upon procedures rather than as an
audit due to scope restrictions.
- Important to consider
 If auditor is also engaged to audit complete set of financial statements. If not, they need to
determine if practicable to audit single.
 Whether the expected resonation of the financial statement or element will provide adequate
disclosure to allow intended users to appropriately understand
 Whether the expected form of audit opinion Is appropriate in the circumstances
 The concept of materiality in relation to other Financial info

Summary Financial Statements pg293

- Entity may sometimes prepare a summary from audited financial statements to inform users of the
highlights of entities performance and financial position, or provide info more beneficial to their needs
- Provides members with info evaluating business without detailed accounting disclosures
- Reduced level of info expected to be sufficient for users to understand performance, position, financing and
investing activities of entity.
- Covered by ISA 810
- Auditor will need to determine whether info in summary is consistent with full financial statements that they
have audited
- Before accepting engagement, audit is required to: Refer to bottom of page 293 for list of requirements
Review Engagements pg 295

- To be able give conclusion in review, assurance practitioner will undertake procedures to gain high level of
understanding on entity business and how the business is reflected in FS.
- Purpose of reviews is determine whether the FS are believable and plausible
- Covered by two standards:
 ISRE 2410 – reviews of interim and other financial information performed by the independent
auditor of the entity
 ISRE 2400 – Covers engagements to review financial statements performed by an assurance
practitioner who is not the auditor of the entity.
- 4 different situations in which a review engagement is conducted in:
1. A review of interim financial information performed by the auditor of entity
2. A review where the assurance practitioner is not the auditor of the entity
3. A review of financial information for SME
4. A review of other historical financial information

1. Review of interim financial information performed by the auditor of the entity pg 296
- Auditor is required to bring in the knowledge acquired when undertaking the annual audit
- In planning review, auditor should therefore update knowledge of the business, organisation, accounting
system, operating characteristics and nature of assets, libs, equity rev, etc.
- Allows auditor to gain greater sense where risks of MS likely to occur and plan response appropriately.
- Limited procedures: made up mostly of enquiring, observing, reading, and evaluating material. Enquire
about:
 Entities accounting principals
 Managements identification of events requiring adjustment or disclosure
 Whether been a change of assessment by governance re going concern
 Entities procedures for recording, classifying transactions
 All material assertions in FS
- Analytical procedures involve
 Comparison of FS with statements from prior periods
 Comparison of FS with anticipated results
 Any other relationships of financial info that expected to conform to a predictable pattern based on
entity experience or industry norm
- Review report should have:
 Appropriate title: “Report on review on interim FS”
 Contain an identification of the interim financial info reviewed
 Clearly indicate limited evidence gathering procedures were undertaken and only limited assurance
is being provided
 A statement saying a review is substantially less in scope than an audit in accordance with [auditing
standards] and no audit opinion can be expressed on all significant matters that may be picked up in
an actual audit
- If matters do come to the auditor’s attention that FS not presented true and fairly then can modify review
report to state a qualified or adverse conclusion.
 2. Review where the assurance practitioner is not the auditor of the entity pg. 298
- Auditor would not have detailed knowledge on entity as did not conduct the annual audit
- However still can be expected to provide similar level of assurance

3. Review of financial information for SME’s pg 299

- Guarantees.

4. Review of other historical financial information – Australian perspective

- ASRE 205
- Covers reviews of historical info other than a complete financial report
- Eg covered specific components, elements, accounts or items of financial report

Proposed changes to ASRE 2410 pg 297/298

Other Assurance Engagements Part 1 pg 301

- 5 types: either as reasonable or limited

- Covered by ISAE 3000 “ Assurance engagements other than audits and review of historical financial info”

Overarching Standard page 300

- ISAE 3000 umbrella standard for “other” assurance engagements.

- Pre-conditions include:
 An appropriate underlying subject matter
 Suitable criteria that will be available to intended users
 Evidence to support the practiconers conclusion
 Written report that presents the practioners conclusion
 A rational purpose for undertaking the engagement

Overview of other assurance engagement on page 301

< Page
302
 - Pg 303: Practitioner must prepare engagement documentation that provides a basis for the assurance report
that is sufficient and appropriate to enable an experienced practioner (with no previous connection of the
engagement) to understand:
 Nature, timing and extent of procedures performed
 The results of the procedures performed, and the evidence obtained
 Significant matters arising during the engagement, conclusions reached, and significant professional
judgements made

< Page 303

Assurance on Historical Non-Financial Reports

 Assurance on CSR Reports – Page 303

- Voluntary and becoming more widespread
- Environmental, employee and social reporting
- Assurance of CSR carried out either auditor , or specialist consulting firms
- Skilled needed for assurance quite broad as covered financial and non-financial info
- Companies disclose CSR info in their annual reports, websites, and separate standalone reports

 Assurance on Greenhouse Gas statements pg 304

 Assurance on sustainability reports pg 305
 Assurance on Water Accounting reports pg 307
 Assurance on Business Performance pg 308
- Three types: Assessing reliability of performance measures, assessing relevance of performance
measures, and assessing the criteria used for performance measurement.
 Assurance on Integrated reports pg 310

Assurance on Future-Orientated Information

 Assurance on Prospective Financial information pg 311

- ISAE 3400
- One of the few subject matters besides historical information there is specific guidance for
- Performed by big 4
- One of the most common assurance services provides besides historical info
- Forecast = expected assumptions Projections = hypothetical assumptions
 - Auditors objective page 312
- Procedure page 312
- Key points : While evidence may be available to support assumptions, generally speculative at best, auditor
not in positon to express opinion on whether prospective will be achieved, auditor usually only provides
moderate assurance, however can still provide reasonable assurance if appropriate level of satisfaction
achieved.

 Assurance of Compilation of Pro forma Financial information included in a Prospectus pg 313

- Issuer wants to show effect of a planned acquisition or divestment
- Common to demonstrate this by presenting adjusted past financial statements as if it took place
- Pro-forma info should be presented in the following columns:
1. Unadjusted financial info
2. Pro forma adjustments
3. Resulting pro forma financial info (ISAE 3420)

Other Assurance engagements Part 2 pg 315

- In this second part, covers assurance engagements in systems and processes and on aspects of behaviour

Systems and process pg 316

- One of the categorisations of underlying subject matter for other assurance services is “Systems and
processes” – In practice most common relate to the internal audit function

Internal Audit pg 315

- IASSB defines internal audit: “function of an entity that performs assurance and consulting activities
designed to evaluate and improve the effectiveness if the entities governance, risk management and
control processes”
- The role of the internal auditor:

- Internal auditor must be independent and objectives

- The Chief Audit Executive (CAE) must confirm to the board, at least annually, the independence of the
internal audit activity
- The CAE report to the board. The board:
 Approves the internal audit character
 Approves the risk-based internal audit plan
 Approves the internal audit budget and resource plan
 Receives info from CAE re internal audit activity performance
Nature of internal audit work: pg 317
Involves evaluating and contributing to the improvement of:
- Governance
- Risk Management
- Control

Pg320

Using the Internal control – Integrated framework pg 322

- COSO framework commonly used for assurance reports on internal control

- Requires : annual report to include management’s assessment of effectiveness of internal controls over
financial report
- The auditor attest to and report on managements internal control assessment.
- The COSO consists of five interrelated components
1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring activities
- There are 17 principals in total that come under the 5 interrelated components discussed on page 322/323
- Entity can achieve effective internal control by applying all 17 principals
- All principals apply to operations, reporting, and compliance objectives
Using the risk Management, control and Government process framework pg 324

- A further framework for risk management, control and governance process is contained in ISO 31000 “Risk
management – Guidelines”
- Main elements:
 Establish context. Establish strategic, organisational and risk management content in which the rest
of the process will take place
 Identify risks
 Analyses risk
 Evaluate risk
 Treat risk
 Monitor and review
 Record

Continuous auditing page 325

- Involves the use of embedded modules in a client’s computer system to performing auditing activities , such
as control and risk, assessments, on a more frequent basis
- Produces audit results simultaneously with, or a short period of time after, the relevant events.
- Advantages
 Greater audit coverage at lower cost
 Identifying control breakdowns in real time with correct action
 A continues rather than cyclical cycle

Aspects of behaviour pg 327

- One of the categorisations of underlying subject matter for other assurance services is aspect of behaviour
- In practice, one of the most common of these assurance services is the compliance engagement
- Compliance engagement covers entities compliance with rules, regulations and policies.

Compliance engagement pg 327

- Involves gathering evidence to ascertain whether the person or entity under review has followed the rules,
policies, procedures, laws and regulations.
- Objectives of assurance practitioner to obtain assurance about whether the entity has complied in all
material aspects with these requirements, and to communicate through a written assurance report that
expressed either a reasonable or limited assurance.
- Covered by ASAE 3100
- Can be either attestation or direct
Corporate Governance Assurance pg 331

Other assurance engagements Part 3 pg 393

Performance of an activity 393/394

- Considering with public sector performance

- Usually conducted for auditor General
- Very complex because of relationships between governments, parliaments and public sector
- Public sector auditor never considers the appropriateness of the policy its self
- Public auditor is instead evaluates the economical , efficiency and effectiveness of a policy
- The Australian National Audit Office (ANAO) supports the auditor general of AUs
- ANAO purpose is: 1. Financial statements Audits of Aus gov and 2. Performance audits of Aus gov
- Performance audits are concerned with:
 Economy – performance principle being minimisation of costs of resources
 Effectiveness – performance principle relating to the exten to which the intered objectives achieved
 Efficenicy – performance principle relating to minimisation of inputes for outputs

Economy page 335

- Refers to acquisition of the appropriate quality and quantity of resources at the appropaite time and at the
lowest cost
- E.g consider whether the org has followed sound procurement practices, followed established protocols for
tendering, and acquired appropriate type of resources.
- E.g of economy indicators would be: the features required of a new photocopier, reduction in costs through
better contracting, lower costs through bilk purchases.

Efficiency pg 335

- Refers to the use or resources; maximising outputs any given input

- E.g avoided duplication efforts by employees, avoided overstaffing,
- Efficiency indications compare: financial resources (cost – output), human resources (cost – output), physical
resources (assets - output), time resources (time – output)
- Easier to measure efficiency where the inputs are repetitive and predictable.
Effectiveness pg 336

- Most important
- Refers to the achievement of the objectives of a program/activity
- Goods and services can be provided economical and efficient but means nothing if it wasn’t effective
- Most difficult to assess in comparison to economy and efficiency as most public initiates are aimed at social
outcomes which are difficult to measure/ take years/ influenced by external factors
- Effectiveness is ends orientated rather than means orientated
- Important to distinguish between outputs and outcome
- Output: number of pamphlets handed out
- Outcome: reduced percentage of population being diagnoses with diabetes
- Outcomes demonstrate effectiveness of program
- An audit of effectiveness may include
 Audit or org or program or activity to determine whether effective
 Analysis of appropiatness or relavence of org governance structures
 Review of org and mangagement arrangements
 Review of system and processes
- Effectiveness indicators
 The level of outcome sought and the level achieved
 The size of a target group and proportion reached or served
 The market size and market share
- In real life distinction between efficiency and effectiveness is grey because overlap

Performance information and indicators pg 337/338

- As part of performance auditing process: Public sector auditor collects performance information about the
subject matter relating to economy, efficiency and effectiveness
- Performance info is created by agency as part of admisntrative process
- Performance info made up of quantitive and qualitative that informs descion makers how well an acivity, a
major program, an organisation unit or the org as a whole is perfromanign against a set of policy objectives,
targets, and priorities.
- Pefromance info the used by management within agency to enhance descion making in context of economy,
efficient and effect.
- Performance indicators:
 Targets/goals
 Previous performance
 Performance of similar authorities or programs
- Performance indicators usually applied in two ways
 Ongoing
 Periodic when needed
- Indicators can be broken up in to inputs, outputs & outcomes.
 Inputs/outputs/outcomes page 340

Attributes of meaning performance indicators pg 340

 Relevant
 Quantifiable
 Verifiable
 Free form bias
 Appropriate
 A fair representation
 Balanced
 Cost-effective
Assurance Standards and regulation pg 342

- This section outlines assurance standards and regulatory environment affecting public sector performance
auditing.
- IASSB has not issued any international assurance standards dealing specifically with performance audits
- However covered in general terms by ISAE 3000
- Guidance also provided by the International Organisation of Supreme Audit Institutions (INTOSAI0
- Also covered by ASAE 3500
- Appointment of Auditor General reappointment discussed on page 343

Structure of performance Audit pg 343

- Public performance more concerned with economy, efficiency and effectiveness (referred to as activities)
over wealth creation.
- The specific activity being audited is known as topic

Elements of the Engagement (Public Performance engagement) Page 344

The Performance Audit Process pg 346

13 steps.

1. Select the organisation, program or Activity for Audit pg 347

 Determine what is significant and identify key risks
 Significance: Essential to selecting topics of audit. Responsibility of public sector auditor to
determine what is significant. Involved professional judgement.
 Factors to consider when determine if significant: public funds expended, impact on community
should elements not be efficient and effective, impacts on other programs.
 Other factors to consider significance: dollar value, public interest, inherent risk of the program,
potential for savings, others list on page 347
 With an understanding of significance, public sector auditor is able to identify potential topics for
audit

2. Identify Potential Audit topics pg 348

 Identify potential performance audit topics based on significance, risk to good management and
potential benefits
 Audit offices have limited resources there relatively small number of activies to be subject to
performance audit each year
 Selection in practice made in consultation with parliament, government entities, stakeholders,
although public sector auditor does have complete discretion
 Choices are made after environmental scan of key risks and challenges to public sector, and
indefiying factors that can increase performance. Significance inform choice as well.
 ANAO takes in to account a number of factors, RISK, IMPACT, IMPORTANCE< MATERIALITY,
AUDITABILITY, PREVIOUS COVERAGE.
3. Gaining an understanding of the organisation, program or Activity pg 351
 Valid Activities listed on page 351

4. Undertake a preliminary study (Optional) pg 351

 When organisation, program or activity selected for performance audit, public sector auditor may
conduct preliminary study.
 Purpose of prelim study: gather and evaluate info needed for further descion making and for the
conduct, control and report of an audit.
 Also provides info on size and scope of org activities as well as areas of uneconomical, inefficient
operations and lack of effectiveness’.
 If prelim not undertaken, info captures in comprehensive audit plan
 Audit scope covers: part of entity to be audited, matters subject to be audited, time period covered.
 Detailed audit plan in considered before deciding whether to proceed or to amend scope before
commencement.

5. Prepare the preliminary Study report pg 352

 If prelim study being undertaken, the public sector auditor usually prepare a prelim report, which
includes:
6. Discuss Preliminary Study Contents with Management pg 352
 Important to discuss with management of org being audited
 Discussions will centre on areas to be audited, basic audit objectives, general criteria, scope, key
management systems, and expected benefits.
 Also important to discuss with management in order to identify and correct any errors of fact or
misunderstanding
 Fundamental disagreement, such as disputes over criteria will lead to disagreement over the
conclusions of the audit reflected in the report.

7. Develop Detailed Audit Criteria pg 352

 After getting management feedback about general criteria in discussion, auditor will then refine
audit criteria to specific detailed level.
 Audit objectives and activity determine what suitable criteria to consider are.

8. Develop the Audit Plan, Including the Audit Program pg 354

 Audit plan is created to :
- Identify the resources (human and other) to be applied to the audit
- Make sure the resources are applied to the most appropriate areas, focusing on areas of highest risk and
materiality, in the most efficient way
- Identify any potential problems that may impede the audit
 Audit program is the documentation of the specific audit procedures to be carried out and their
timing, together with the staff member responsible for carrying out.
 Audit plans do not change during audit but audit programs can and often do change
 Performance audits are usually one off audit – not annual.

9. Carry out Audit Procedures as Defined in the Audit Program pg 354

 Directed towards achieving the audit objectives.
 Involves gathering and evaluating info to compare actual practices against the criteria, and
obtaining relevant, reliable, sufficient, objectives and timely evidence to support any conclusions
reached and recommendations made.
 Techniques for examining economy, efficiency and effectiveness can be classed in 3 ways.
1. Techniques for reviewing inputs/outputs:
 Can costs be reduced while still achieving the same output?
  Can greater output be achieved for the same cost?
 Provides useful tools to measure efficiency
2. Techniques for system-based reviews
 Provides auditor with knowledge of the key systems, processes and controls that are
involved in the audit function or entity to identify:
- Risks to delivery or services and risks to achievement of outcomes
- Sources of and potential errors in performance data
- The reasons for any deviation from benchmarks
 Systems based reviews concentrate on systems and processes of an org including key
controls to detect fraud, error and non-performance.
 Main questions for system based reviews:
- What are the objectives for each area under review?
- How is success measured in each of the areas?
- Does management exercised proper control?
- How are staffing levels determined?
- More questions on page 355

3. Techniques for effectiveness evaluations pg 356

 Auditor needs to concentrate on ensuring that the org has systems in place to
determine and report upon its own effectiveness
 For performance measurement systems to be evaluated effectively, require the
following to be set and put in place: Objectives, responsibility for achieving these
objectives, performance indicators, systems to produce info to compare info with
norms.
 Auditor will concentrate clearly the org has set policy objectives and how effectively
the outcome of those objectives can be evaluated.
 The auditor has a valuable constrictive contribution to make in suggesting
improvements to performance measurement systems and the sources of data that
can be used.
 Main sources of Data used for effectiveness reviews:
- Citizen reviews
- Trained observer ratings
- Comparison with similar programs
- Internal records

Evidence pg 358

- Sometimes info not adequately reported there hard to obtain evidence

- Evidence relied upon therefore might be more persuasive than conclusive.
- Examples of methods of obtaining evidence include:
 Examination of existing records
 Written questionnaires
 Interviews and discussions with the client and the staff concerned

Cause and effect pg 358

 Once performance failure identified, two complementary forms of assessments take place: These are:
1. Determination of the causes of the lack of performance (may be several causes. Auditor needs to
identify causes that if changed will prevents similar occurrence. Forms basis of recommendation.
2. Assessment of the effect of the lack of performance
 In examining cause and effect, the auditor should be aware of the following:
- Cause and effect interrelated – knowledge in one assists understanding in the other
- Any adverse effects of control weakness should be quantified where practical
- Cause and effect may be isolated occurrence or part of a pattern (control weakness)
- Causes may be extern to system of audit

10. Analyse Evidence and Evaluate Findings so as to Develop Conclusions and Recommendations pg.359
- Auditor evaluates evidence against selected performance audit criteria in order to:
 Confirm or modify planning decisions and assessments
 Develop conclusions relate to the audit objectives
 Establish confidence in the audit conclusions
- Auditor must evaluate the extent and the impact of identified variations in the entities performance which
are material (significant) to the auditor’s conclusion.
- ‘Material variances impact performance in relation to economy, efficient and efficiency and reasonably
expected to influence decision making of intended users of assurance report.
- Process requires considerable professional judgement
- When auditor identifies a variation from performance audit criteria, they should do the following:
 Assess whether variation isolated or systematic
 Identify fundamental cause
 Assess and quantify impact
 Consider relative significance in relate to audit objectives of org
 Determine if management or parliament is aware of deficiency and whether correct action has
commence.
- When developing recommendation auditor should consider
 Circumstances that help/hinder organisation in meeting performance
 Feasibility and cost of adopting a recommendation
 Alternative courses of remedial action
 Positive and negative effects that arise if recommendations adopted
- Good practice to ensure recommendations:

11. Communicate
Summary of Draft Findings and Proposed Recommendations pg 360
12. Report to the head of the organisation, the Minister and Parliament pg 362
13. Follow up and report on Conculsions and Recommendations pg 364