Module 1

Assurance environment Pg4

- Three subsets of assurance engagements are:

 Audits of historical information (Reasonable assurance)
 Reviews of historical information (Limited assurance)
 Assurance engagements other than audit and review (Reasonable or limited)

The Internalisation of Auditing pg 5/6

- The main regulatory agencies on auditing & assurance globally are:

 International Federation of Accountants (IFAC): Global organization for the
accounting profession to serve the public interest of strengthening the profession
 International Forum of Independent Audit regulators (IFIAR): Oversight of the
auditing profession
 International ethics standard board for accountants (IESBA): Restructured code of
ethic, the internal code of ethics
 International Auditing and Assurance Standards Boards (IASB): Develops and issues
standards for the three types of assurance engagements: Audits(ISA), reviews(ISRE’s)
and other assurance engagements(ISAE’s)

Regulation of Auditing in Australia pg.7

Refer to page 7/8 to read the role of each regulator.

Pg 11. Assurance Engagement Framework

- International Framework for Assurance Engagements issued by the IASB: Applies to all
assurance arrangements only.
- Accountants must also adhere to the Code of Ethics for Professional Accountants
- The Framework is not a standard – does not include requirements for performance
- The Framework refers to assurance standards and the code where applicable
- Matters contained in the framework are
 Ethical principles
 Quality control standards
 Description of assurance engagements
 Attestation and direct engagements
 Reasonable and limited assurance engagements
 Scope of the framework
 Elements of an assurance engagement (There are 5 elements: Three party
relationship, subject matter, criteria, evidence & assurance report)

Ethical Principles p.12

Framework specified that firms perform assurance engagements comply with the
fundamental ethical principles outlined in IESBA’s Code.
- THE IESBA code outlines threats to compliance and how to identify, evaluate and addressing
them to eliminate or reduce to an acceptable level.
- The IESBA was established by IFAC to develop ethical principles for accountants
- The code is divided in to four 4 Parts
 1. Fundamental principles & Conceptual Framework:
 2. Applies to professional Accountants in business
 3. Applied to professional accounts in public practice
 4. Covers independence standards for- a) Audits and review engagements and b)
other assurance and non-assurance arrangements.
1. Fundamental principles are: Integrity, objectivity, professional competence and due Care,
Confidentiality & professional behavior. Refer to page 12 for definitions.
Conceptual Framework are: Threats and Safeguards.
- Using the conceptual framework recommended by the Code, member must identity any
threats to compliance with the fundamental principles, evaluate those threats, and address
threats to compliance with the fundamental principals in section 110 of the code.
- When threats are significant, members must apple safeguards to eliminate or reduce them
to an acceptable level
- If members cannot implement appropriate safeguards, they must either decline or
discontinue the specific professional service or consider resigned from client/employer.
- Threats that can jeopardize compliance with the fundamental principles are: pg.13
 Self-interest threat –may arise due to other financial interests of auditor/accountant
 Self-review threat – may arise when assurance teams need to form opinion on their
own work
 Advocacy – may arise when auditor is asked to promote their client in particular way
 Familiarity – may occur because of long or close relationship with client
 Intimidation – may occur when professional accountant Is deterred from acting
objectively because of actual or perceived threats

- Safeguards that eliminate or reduce threats cane be created by the following: pg.14
 The profession, legislation, or regulation
 In the work environment of the assurance client
 In the work environment of the audit firm
- In exercising judgment on the significance of threats and safeguards, accountants must
consider what a reasonable and informed third party would likely conclude on whether
compliance with the fundamental principles have been compromised.

2. Professional Accountants in Public Practice pg.14

- Provided guidance on applying the conceptual framework from part 1
- Specific issues relevant to public practitioners are:
 Conflicts of Interest
 Professional appointments
 Second opinions
 Fees and other types of remuneration
 Inducements (Including gifts and hospitality)
 Custody of client assets
  Responding to non-compliance with laws and regulations – An IESBA Standard

Quality Control Standards p.g18

- Framework specifies that ethical principles, independence requirements and quality control
within firms as recognized in the public interest and an integral part of high quality
assurance arrangements.
- Framework outlines that professional accountants performing assurance engagements are
subject to ISQC “Quality control of firms that perform audits and reviews of financial
statements, and other Assurance related agreements”
- Auditing standard ISA 220 Quality control for an Audit of Financial Statements discusses
specific engagement matters.
- Much of the points discussed in ISQC is repeated in ISA 220. ISQC more broad, ISA 220
specific
- In Feb 2019 IASSB issued proposed international standard changes on quality management
to add: more proactively manage quality to address stakeholder expectations and concerns,
improve the scalability of standards, modernize standards and keep them fit for purpose.
Elements of Quality Control p.18/19

- There are 6 areas where a firm should have QC policies in place:

1. Leadership responsibilities for quality within the firm (Underpins all other elements of
QC. Important for a firm to have a strong QC culture by the example of leadership sets)
2. Relevant ethical requirements (firm should develop, document and implement policies
describing permitted behavior, reflecting the advice of the code)
3. Acceptance and continuance of client relationships and specific engagements.
Assurance firm must consider integrity of each client (risk check list), including potential
issues. Determine that is competent to perform the engagement. Determine it can
comply with the code, in particular matters related to independence.
4. Human resources: Effective recruitment process help firms select individuals of integrity
who have to capacity to perform competently (ISQC 1 para A,24)
5. Engagement performance Engagement performance means complementing assurance
engagements in accordance with professional standards, and legal and regulator
requirements. Refer to page 20 for engagement support materials, supervision and
review, consultation, an engagement QC review <<< make up engagement performance.
6. Monitoring: Refers to ongoing examination of QC systems and procedures to ensure
that they are appropriate and carried our consistently and properly. Pg.22

A Framework for Audit Quality pg.23

- The IAASB published a Framework for Audit Quality: Key elements that Create an
Environment for Audit Quality
- Holistic manner. Quality framework provides audit quality at engagement, firm and national
level
- Three parts to the quality framework: Input, process and output
Description of assurance engagements p.25

- Two descriptions: Attestation and Direct assurance engagements

 Attestation: Were a party other than the assurance practitioner measures or
evaluates the underlying subject matter against the criteria (ie prepares financial
statements in accordance with the accounting standards). The auditors roles is to
attest to whether in their opinion the report is in accordance with the stated
framework.
 Direct: Where Assurance practitioner directly measures or evaluates the underlying
subject matter against the criteria. Auditor directly tests the content themselves.
- There is no overlap between attestation or direct. It’s either one or the other. The key
distinction is who measures or evaluates the underlying subject matter against the criteria.
- In attestation management prepare the report and the practitioner examines the report to
provide assurance to the reader. In direct, practitioner develops report and provides the
assurance.
- Audits and reviews of financial statements HAVE to be attestation engagements. Not
allowed to be direct.
Reasonable and limited assurance engagements p.26

- The framework sets out distinction between reasonable and limited assurance engagements
- An Audit is an example of a reasonable assurance engagement
- A review is an example of a limited assurance engagement

Reasonable assurance engagements:

- High level of assurance but not an absolute level of assurance

- Absolute is not possible due to inherent limitation of an audit, where most of evidence
obtained is persuasive rather than conclusive
- Auditor needs to obtain reasonable assurance about whether the financial statements are
free of material misstatement.
- Reasonable assurance arises when auditor obtains sufficient appropriate evidence to
reduce audit risk to an acceptably low level
- Sufficient appropriate evidence includes:
o Obtaining and understanding engagement circumstances
o Assessing risks
o Responding to these risks
o Performing further procedures, including substantive procedures
o Evaluating the evidence obtained
- The entire audit process is geared towards an expression of opinion on the financial
statements
- The assurance report for reasonable assurance agreement conveys the practitioners opinion
on the outcome of the assessment of the subject matter against the criteria
- “In our opinion, the financial statements are fairly presented…

Limited Assurance agreements pg.27

- Provides less confidence to users than a reasonable assurance engagement as the

engagement risk is greater
- Framework suggest limited assurance agreements should be ‘meaningful’ – more than
inconsequential.
- Sufficient evidence includes
o Obtaining and understanding of the subject matter information and other
engagement circumstances
- Procedures deliberately limited in comparison to a reasonable assurance agreement.
- Limited assurance agreement expresses a conclusion based on procedures performed and
evidence obtained if anything has come to the auditor’s attention that the material
information has been materially misstated.
- “Nothing has come to our attention that would lead us to believe that the financial
statements are not fairly presented ...
Scope of the framework pg. 27

- When an assurance engagement is part of a large engagement that includes consulting or

advisory work, the framework is only relevant to the assurance portion of the report.

Elements of an assurance engagement p.28

- Framework has the elements of an assurance agreement which are: p.29

 o A three party relationship involving (practioner, responsible party,
responsible for the underlying subject matter and intended users of the
assurance report)
o An appropriate underlying subject matter
o Criteria (rules governmening the preparation of the underlying subject
matter)
o Sufficient appropriate evidence (providing the basis of the assurance
report)
o A written assurance report

Underlying subject matter p.30

- Level of assurance doesn’t impact appropriateness of underlying subject matter

- An underlying subject matter is identifiable and capable of consistent
measurement/evaluation against identified criteria

Criteria p30

- Criteria are the standards, rules or benchmarks used to prepare and evaluate subject matter
information of an assurance agreement. Criteria can be formal (preparing financial
statements in accords to IFRS less formal, internal developed code of conduct or an agreed
level of performance
Characteristics of suitable criteria page 31

Evidence page 32

- Practitioner has to gather evidence that is both sufficient (quantity) and appropriate
(quality)
- High-quality evidence is both relevant and reliable.
- In situations of high risk the practitioner is expected to gather a greater amount of evidence
and seek high quality evidence.

Professional Skepticism pg.33

- Framework describe skepticism as an attribute that incudes being alert to inconsistent

evidence, information that indicates the need to question the reliable of documents, the
need to collect additional evidence beyond what is specified in the audit standards,
conditions indicating a likely misstatement
- Professional skepticism … means to make critical assessments with a questioning mind about
the validity of evidence obtained and is also alert to evidence that contradicts the reliability
of documents or representations of the responsible party.
- “Skeptical mindset, skeptical attitude. Questioning mind
Professional Judgment pg.35

- Involves assurance practitioner applying their training, knowledge and experience to make
appropriate decisions and reach conclusions.
- Framework: “Professional judgment is essential to an assurance engagement”
- Professional judgment is required to be exercise throughout an assurance engagement but
must not be used to justify decisions unless supported by the facts and circumstance of the
engagements or sufficient appropriate evidence.
- Table 1.9 on page 36 identifies many circumstances where professional judgment is
required.

Materiality page 37

- Judgments pertaining to evidence collection and evaluation are made within the context of
materiality.
- An omission, misstatement, or non-disclosure is material if it could adversely affect users
decisions based on the financial statements.
- Materiality is relevant when the practitioner. Plants engagement, determines their
procedures for gathering evidence and assesses whether the subject matter information is
free of misstatement.

Engagement risk pg.37

- Assurance engagement risk is the risk that the practitioner reports that the subject matter
information is fairly presented when in fact it’s being materially misstated. Also known as
audit risk.
 - Key requirement of a quality assurance agreement is to keep audit risk at an acceptable low
level
- Assurance provider assesses the engagement risk during the planning stage by assessing
three components
o Inherent risk - the susceptibility of the subject matter information to be materially
misstated by the underlying subject matter. Eg. Risk of business and economic
environment
o Control risk: The risk of misstatement will not be prevented or detected or corrected
by the internal control system. Eg important control of cash is bank rec. if no bank
rec is performed then control risk increases.
o Detection risk: The risk that the assurance practitioner evidence-gathering
procedures will not detect a material misstatement. Detection risk is affected by
quality, reliability and relevance of evidence. If doing inventory audit then a sample
of 20 items will have lower detection risk then a sample of only 10 items.

Nature, Timing and extent of Procedures pg38

- An assurance practitioner will use a combination of procedures to collect sufficient and

appropriate evidence
- Nature: Refers to the purpose of the test eg. To test controls. And the procedure used (eg,
inspection, observation, query).
- Timing: Refers to when the evidence is collected (interim period or year-end) Evidence
collected at year end is the most reliable. Because yearend testing focuses more on
substantive tests of balances than transactions.
- Extent: Refers to the quantity of information collected and tested. Equivalent to sufficiency.

Assurance Report pg.38

- A practitioner provides a written assurance report containing a clearly expressed conclusion

about the subject matter information
- The level of assurance determined involves consideration of the relationships between
underlying subject matter, criteria and quality of evidence.
- Basic elements of assurance reports are established by Assurance standards.
Type of Assurance Engagements pg.39

- In addition to historical and prospective financial information, entities report a large amount
of non-financial information such as :
o Additional disclosures relating to wider operating data, internal controls, cooperate
governance and risk management practices and outcomes
o Corporate social responsibilities
o Reporting to regulators regarding issues with compliance with regulatory
requirements

Overview of different types of assurance services that an assurance practitioner can provide: p.40

• Audits of financial statements

o According to ISA objectives of auditor to obtain reasonable assurance that financial
statements are free from material misstatement
o Within Australian context, this means financial reports have been prepared in
accordance with the Australian Accounting Standards. Presented fairly in all material
aspects; true and fair view (consistent and faithful application of accounting
standards)
o If compliance doesn’t give a true and fair view then must be disclosed in notes
o Entities reporting requirements specified in the corporations Act
o Corporation Act specifies :directors of the reporting entity must declare whether the
reporting entity will be able to pay its debts as and when they become due, whether
the financial records have been properly maintained, whether the financial report
and notes comply with Australian Accounting Standards including interpretations,
and whether the financial report and notes give a true and fair view
o Section 301 of the corporations act requires financial statements to be audited.
o Auditor must be independent of company, professional care, and comply with
Auditing and Assurance standards.
o Limitations: Nature of financial reporting: use of judgment due to subjectivity of
arising to accounting estimates. Nature of audit procedures: Refers to the reliance
on evidence produced by the client. Timeliness and cost of financial report: Refers to
the pressure an auditor faces to complete an audit in a certain time frame.

• Audits of specialised areas

o Audits of historical info other than general purpose financial statements eg. Special
purpose financial statements.
• Review engagements
o This is a review. Not an audit
o Reviews can be of complete financial reports, specific components, elements, amounts
or items of a financial report.
• Assurance of historical non-financial information

• Assurance on future-oriented information

• Assurance on systems and processes

• Assurance on aspects of behaviour

• Assurance of performance of an activity.

Application of standards pg.45

]
Page 46.

Page 46
Page 48

Evolving Business Model p.54

- A business model describes everything about how it creates and delivers value to its
stakeholders
- Business models needs to constantly evolve as entities react to changes by repositioning to
avoid emerging risks and to seize opportunities.
- Gaining an understanding of the entity, including its business model is important when
planning an audit and assessing the risk of misstatements.

Climate-risk Disclosure p.54

- The Task Force on Climate-related Financial Disclosures (TFCD), established in 2016 by the
G20 Financial stability Board, had made recommendations on the type of information that
entities should disclose to provide stakeholders a better understanding of entities climate –
risk related exposure.
- The TFCD identified two main categories of climate-related risks:
o Transition risks: Transition to a lower-carbon policy may entail extensive policy,
legal, technology and market changes
o Physical risks: Physical risks from climate change may be acute or chronic. Acute =
cyclone, one off evets. Chronic = long term shifts in climate
- To date climate risk disclosure is done on a voluntary basis not a statuary bases.
- Examples of voluntary disclosures: Under TFCD recommendations, Carbon disclosure project
and ESG suitability policies.