Ch04 PrinciplesOfAuditing Ed3
Ch04 PrinciplesOfAuditing Ed3
Ch04 PrinciplesOfAuditing Ed3
docEd3 1
Chapter 4
AN AUDITORS SERVICES
5. Know the various subject matters that can be covered in an assurance engagement.
Auditor services are work that an audit firm performs for their clients. Except for consulting
services, the work that auditors do is under the guidance of engagement standards set by the
International Auditing and Assurance Standards Board (IAASB). All auditor services standards have
as their basis the IESBA Code of Ethics (see Chapter 3) and International Standards on Quality
Control (ISQC). In this chapter we discuss the basic requirements of assurance engagements,
345843475.doc
345843475.docEd3 2
limitation and quality control. We will give details on other assurance engagements including
sustainability, internal controls and review engagements and non-assurance engagements such as
compilation in Chapter 14. Consulting services engagements will not be discussed in this book
ILLUSTRATION 4.1
345843475.doc
345843475.docEd3 3
345843475.doc
345843475.docEd3 4
All auditor services standards have as their basis the Code of Ethics for Professional
Accountants (the IESBA Code) issued by the International Ethics Standards Board of Accountants
(IESBA). (discussed in Chapter 3 Ethics for Professional Accountants) and International Standard
on Quality Control 11 (ISQC # 1) (see Chapter 1 International Auditing Overview). The Code has
been employed by IFAC from the early days. Quality control standards are currently being created
by the IAASB.
Engagements (assurance engagements), and others result from the Related Services Framework
(related services engagements). Three sets of standards (ISAs, ISREs and ISAEs) share the
assurance engagement framework and one standard set (ISRS) is based on the related services
framework. ISAs, ISREs, ISAEs and ISRSs are collectively referred to as the IAASBs Engagement
Standards.
International Standards on Auditing (ISAs) are to be applied in the audit of historical financial
information.
information.
345843475.doc
345843475.docEd3 5
engagements, engagements to apply agreed upon procedures to information, and other related
International Standards on Auditing (ISA) 200 Overall Objectives Of The Independent Auditor And
The Conduct Of An Audit In Accordance With International Standards On Auditing describes the
main concepts applicable to audit, review or special purpose frameworks. Financial statement audit
standards are described in ISA 200799. Special Purpose Frameworks and other examinations of
historical financial information are given in ISA 800-899. Review standards are ISREs 2000-2699.
Other than Audits or Reviews of Historical Financial Information describes concepts applicable to
assurance services whose subject matter is not related to historical financial information. These
Engagements.
1 ISAEs 30003399 which are topics that apply to all assurance engagements.
2 ISAEs 34003699 which are subject specific standards, for example standards relating to
345843475.doc
345843475.docEd3 6
The subject matter of ISAEs 34003699 now includes examination of prospective financial
information (ISAE 3400) and assurance reports on controls at a service organization (ISAE 3402).
statistical, environmental), systems and processes (e.g. internal control (such as that required under
the Sarbanes-Oxley Act), corporate governance, environmental management systems), and behavior
(corporate governance, compliance, and human resources practices). Right now, because IAASB
does not set these standards, reports of social, environmental and economic assurance engagements
are commonly based on a whole variety of established criteria, for example, the Global Reporting
Initiative (GRI) Sustainability Reporting Guidelines.3 These audit services will be discussed in
Not all engagements performed by auditors are assurance engagements. Other engagements
frequently performed by auditors that do not meet the definition of an assurance engagement and
which are therefore not covered by the framework for assurance engagements include:
engaged to testify as an expert witness in accounting, auditing, taxation or other matters, given
stipulated facts.
Engagements covered by International Standards on Related Services ISRS are based on the
Related Services Framework a framework that is still in the development stage at the IAASB.
Standards under this framework (ISRSs) are applied currently to two audit services: engagements to
345843475.doc
345843475.docEd3 7
perform agreed-upon procedures regarding financial information (ISRS 4400) and compilation
procedures no assurance is expressed. Instead, users of the report assess for themselves the
procedures and findings reported by the auditor and draw their own conclusions from the auditors
audit procedures in a very limited agreed upon area with a proscribed set of users. These audit
IAEPs, IRSPSs)
The IAASBs Standards contain basic principles and essential procedures together with related
guidance in the form of explanatory and other material, including appendices. International
Auditing Practice Notes (IAPNs), represented by IAPN 1000-1100, are issued to provide
interpretive guidance and practical assistance to auditors in implementing ISAs for audit, review,
and special purpose engagements. Although there are currently no practice notes for assurance
engagements or related services, in the planning stage are International Assurance Engagement
Practice Notes (IAEPNs), provide interpretive guidance for ISAEs, and International Related
Services Practice Notes (IRSPNs) will provide assistance for auditors implementing ISRSs.
designed to enhance the degree of confidence of the intended users4 (other than the responsible
party5) about the outcome of the evaluation or measurement of a subject matter6 against criteria7.
The outcome of the evaluation or measurement of a subject matter is the information that
results from applying the criteria to the subject matter. For example, an assertion about the
345843475.doc
345843475.docEd3 8
effectiveness of internal control (outcome) results from applying a framework for evaluating the
effectiveness of internal control, such as COSO 8 or CoCo9, (criteria) to internal control, a process
(subject matter). The assurance framework uses the term subject matter information to mean
the outcome of the evaluation or measurement of a subject matter. It is the subject matter
information about which the practitioner gathers evidence to provide a reasonable basis for
The subject matter of an assurance engagement is the topic about which the assurance
engagement is conducted. Subject matter could be financial statements, statistical information, non-
financial performance indicators, capacity of a facility, etc. The subject matter could also be systems
and processes (e.g. internal controls, environment, IT systems) or behavior (e.g. corporate
governance, compliance with regulation, human resource practices). The assurance engagement
evaluates whether the subject matter conforms to suitable criteria that will meet the needs of an
intended user.
Under International Framework for Assurance Engagements, there are two types of assurance
acceptably low level based on the circumstances of the engagement 10 as the basis for a positive form
reduction in assurance engagement risk to a level that is acceptable in the circumstances of the
engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis
345843475.doc
345843475.docEd3 9
The International Framework for Assurance Engagements describes five elements 11 that all
1. a three party relationship involving a practitioner, a responsible party, and the intended
users;
3. suitable criteria;
Illustration 4.2 is a context data flow diagram of the engagement process. Illustration 4.3
shows a more in depth (zero level) data flow diagram of the relations between the five elements
ILLUSTRATION 4.2
345843475.doc
345843475.docEd3 10
party, and the intended users. The practitioner (e.g. auditor, accountant, expert) gathers evidence to
provide a conclusion to the intended users about whether a subject matter (e.g. financial statements)
The responsible party is the person (or persons) - usually management or the board of
directors- who in a direct reporting engagement is responsible for the subject matter. In an assertion-
based engagement, the responsible party is responsible for the subject matter information (the
The responsible party may or may not be the party who engages the practitioner (the engaging
party). The responsible party ordinarily provides the practitioner with a written representation that
The intended users are the person, persons or class of persons for whom the practitioner
prepares the assurance report. The responsible party can be one of the intended users, but not the
345843475.doc
345843475.docEd3 11
only one. Whenever practical, the assurance report is addressed to all the intended users. Also,
whenever practical, intended users are involved with the practitioner and the responsible party in
determining the nature, timing and extent of procedures and is required to pursue any matter he
becomes aware of that leads him to believe that a material modification should be made to the
As you can see from Illustration 4.3, the responsible party selects criteria (e.g. the tax code),
determines the subject matter (financial statements) and engages the practitioner (public
accountant). The subject matter and criteria taken together generates the subject matter information.
For example, the tax code criteria and financial statements subject matter combine to make the
company income tax returns. In an audit, the criteria could be IFRS, the subject matter is financial
performance and position of the company, and subject matter information would be the income
statement and balance sheet. In preparing internal control assurances, the criteria could be the
COSO criteria, subject matter internal controls, and the subject matter information could be a
ILLUSTRATION 4.3
PROCESSES
345843475.doc
345843475.docEd3 12
The practitioner determines if the criteria are suitable, collects evidence about the subject
matter information and issues an assurance report. For example, the auditor determines if the proper
income tax codes are being used, evaluates the income tax information provided by the company by
seeking evidence that the information is complete and all transactions from which the data were
derived exist. Put another way a responsible party measures, the auditor re-measures.
Subject Matter
The subject matter, and subject matter information, of an assurance engagement can take many
345843475.doc
345843475.docEd3 13
financial performance and cash flows) for which the subject matter information may be the
Non-financial performance or conditions (for example, performance of an entity) for which the
Physical characteristics (for example, capacity of a facility) for which the subject matter
Systems and processes (for example, an entitys internal control or IT system) for which the
Behavior (for example, corporate governance, compliance with regulation, human resource
practices) for which the subject matter information may be a statement of compliance or a
statement of effectiveness.
The subject matter must be identifiable and capable of consistent evaluation or measurement against
identified, suitable criteria (such as International Financial Reporting Standards (IFRS)). It must
also be in a form that can be subjected to procedures for gathering evidence to support that
evaluation or measurement.
Suitable Criteria
Suitable criteria are the benchmarks (standards, objectives, or set of rules) used to evaluate
evidence or measure the subject matter of an assurance engagement. For example, in the preparation
of financial statements, the suitable criteria may be IFRS, US Generally Accepted Accounting
Principles (US GAAP), or national standards. When reporting on social or environmental aspects of
345843475.doc
345843475.docEd3 14
Several standards may guide the report, depending on the assurance service. When using
accounting criteria to report on internal control, the criteria may be an established internal control
framework, such as the COSO report criteria, or individual control objectives specifically designed
for the engagement. When reporting on compliance, the criteria may be the applicable law,
regulation or contract, or an agreed level of performance (for instance, the number of times a
companys board of directors is expected to meet in a year). Without the frame of reference
misunderstanding.
An auditor cannot evaluate or measure a subject matter on the basis of his own expectations,
judgments and individual experience. That would not constitute suitable criteria. The characteristics
Relevance: relevant criteria contribute to conclusions that meet the objectives of the
Completeness: criteria are sufficiently complete when relevant factors that could affect the
conclusions in the context of the engagement objectives are not omitted. Complete criteria
include, where relevant, benchmarks for presentation and disclosure of the subject matter.
including, where relevant, presentation and disclosure of the subject matter, when used in
Understandability: understandable criteria are clear and comprehensive and are not subject to
345843475.doc
345843475.docEd3 15
Criteria can be either established or specifically developed. Established criteria are those embodied
in laws or regulations, or issued by recognized bodies of experts that follow due process. Examples
of established criteria are GAAP, IFRS, the national tax code, etc. Specifically developed criteria
are those identified for the purpose of the engagement and which are consistent with the
engagement objective. Examples of specifically developed criteria are criteria generally understood
by the intended users (e.g. the criterion for measuring time in hours and minutes is generally
understood); or criteria available only to specific intended users (e.g. the terms of a contract, or
criteria issued by an industry association that are available only to those in the industry). Criteria
need to be available to the intended users to allow them to understand how the subject matter has
Story Ernst & Young (E&Y) were the independent auditors of HealthSouth between 2000 and 2002.
They also conducted janitorial inspections of the companys facilities. These inspections were
called pristine audits. E&Y advised HealthSouth to classify the payments for pristine audits as
audit-related fees.
surgery, diagnostic and rehabilitative healthcare services in the USA with approximately 1,800
worldwide facilities in the USA, Australia, Puerto Rico, and the UK. Its former CEO, Richard M.
Scrushy, is under an 85-count federal indictment, accused of conspiracy, securities fraud, mail
345843475.doc
345843475.docEd3 16
A US government indictment charged that between 1996 and 2002 HealthSouth managers, at the
insistence of Scrushy, inflated profits by $2.74 billion. Scrushy certified the HealthSouth financial
statements when he knew that they were materially false and misleading. On November 4, 2003,
he became the first CEO of a major company to be indicted for violating the Sarbanes-Oxley Act,
which holds executives personally accountable for their companies financial reporting. (Business
Week 2003).
Six months elapsed from the start of the SECs investigation to the filing of its fraud suit against
Scrushy in March 2003. It took just seven weeks, from March 19 to May 5, for the US Justice
Department to accumulate 11 guilty pleas from Scrushy aides. All five CFOs in the companys
Pristine Audits
Scrushy devised a facilities inspection program called Pristine Audits and hired E&Y to do the
work. The primary purpose of the inspections was to check the cleanliness and physical
appearance of HealthSouths surgical and rehabilitation facilities. Under the program, E&Y made
unannounced visits to each facility once a year, using dozens of junior-level accountants who
were trained for the inspections at HealthSouths headquarters. For the most part E&Y used audit
personnel who were not members of the HealthSouth audit-engagement team to conduct the
pristine audits.
The accountants carried out the reviews using as criteria a 50-point checklist designed by Mr.
Scrushy. The checklist included procedures such as seeing if magazines in waiting rooms were
orderly, the toilets and ceilings were free of stains, and the trash receptacles all had liners. Other
items on the checklist included: check the walls, furniture, floors and whirlpool areas for stains;
check that the heating and cooling vents are free of dust accumulation; that the floors are free
of trash; and that the overall appearance is sanitary. A small portion of the checklist pertained
petty-cash drawers were secure and company equipment was properly tagged. The checklists
did not cover insurance-billing procedures or the quality of the medical treatment. (Weil 2003a)
In 2002 E&Y ended their relationship with HealthSouth, and HealthSouth discontinued the
pristine audits.
345843475.doc
345843475.docEd3 17
Describing the pristine audits, Mr. Scrushy told an investor group: We believe one of the reasons
that we have done so well has to do with the fact that we do audit all of our facilities, 100 percent,
annually. And we use an outside audit firm, our auditors, Ernst & Young. They visit all our
facilities, 100 percent. On its website, HealthSouth said the pristine audit, administered
independently by Ernst & Young LLP...ensures that all of our patients enjoy a truly pristine
experience during their time at HealthSouth. The average score was 98 percent, with more than
HealthSouths April 2001 proxy (form DEF14A), filed with the SEC, said the company paid E&Y
$1.03 million to audit its 2000 financial statements and $2.65 million of all other fees. The proxy
said the other fees included $2.58 million of audit-related fees, and $66,107 of non-audit-
related fees. In its April 2002 proxy, HealthSouth said it paid E&Y $1.16 million for its 2001 audit
and $2.51 million for all other fees. The proxy said the other fees included $2.39 million for
Neither proxy described in any detail the audit-related or non-audit-related services for which
E&Y was paid. Andrew Brimmer, a HealthSouth spokesman, was quoted as saying the audit-
related-fee figures for each year included about $1.3 million for the pristine audits. Mr. Brimmer
said HealthSouth paid E&Y $5.4 million for 2002, including $1.1 million for financial-statement
audit services and $1.4 million for the pristine audits. (Weil 2003a)
A March 2002 E&Y report to HealthSouths Board of Directors included an attachment that
summarized E&Ys fees and provided a suggested Proxy Disclosure Format. The attachment
classified the pristine audits as audit-related services and the fees for them as audit-related
David Howarth, a spokesman for E&Y is quoted as saying: The audit-related category is not
limited to services related to the financial statement audit per se. At the time of HealthSouths
disclosures, there were no SEC rules that defined audit-related services. Describing operational
audit procedures as audit-related services was reasonable. Howarth claimed that SEC ruled that
audit-related fees would include assurance services traditionally performed by the independent
345843475.doc
345843475.docEd3 18
auditor, including internal-control reviews. He maintained the pristine audit was an internal
control review. Under the new SEC rules adopted in response to the Sarbanes-Oxley Act, these
(internal control review) fees are specifically mentioned as ones that should be included in audit-
After the Weil 2003b article appeared, Scott A. Taub, the Deputy Chief Accountant of the SEC
wrote a letter to E&Y partner Ed Caulson. Taub wrote: The Commissions current rules state that
registrants are to disclose, under the caption Audit-Related Fees, the aggregate fees billed in
each of the last two fiscal years for assurance and related services by the principal accountant
that are reasonably related to the performance of the audit or review of the registrants financial
statements. (emphasis added) It is clear from a reading of the release text and related rules that
the Commissions intent is that only fees for services that are reasonably related to the
performance of an audit or review of the financial statements and that traditionally have been
Discussion Questions What criteria would the pristine audits have to meet to be considered an audit
engagement?
What criteria would the pristine audits have to meet to be considered audit-related?
Can the pristine audits be considered an assurance service? How does the pristine audit
Helyar, J., 2003, The Insatiable King Richard; He started as a nobody. He became a hotshot
CEO. He tried to be a country star. Then it all came crashing down. The bizarre rise and fall of
SEC, 2003, Litigation Release 18044, SEC charges HealthSouth Corp., CEO Richard Scrushy
with $1.4 Billion Accounting Fraud, US Security and Exchange Commission, March 20.
Taub, S., 2003, Letter to Ed Coulson, Partner Ernst & Young, Office of Chief Accountant, US
Weil, J., 2003a, What Ernst Did for HealthSouth Proxy Document Says Company Performed
345843475.doc
345843475.docEd3 19
Weil, J., 2003b, HealthSouth and Ernst Renew Flap Over Fee Disclosures, Wall Street Journal,
July 1.
Evidence
The practitioner plans and performs an assurance engagement with an attitude of professional
skepticism to obtain sufficient appropriate evidence about whether the subject matter information is
free of material misstatement. The practitioner considers materiality, assurance engagement risk,
and the quantity and quality of available evidence when planning and performing the engagement,
in particular when determining the nature, timing and extent of evidence-gathering procedures.
Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the
quality of evidence; that is, its relevance and its reliability. The quantity of evidence needed is
affected by the risk of the subject matter information being materially misstated (the greater the
risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher
the quality, the less may be required). The reliability of evidence is influenced by its source and by
its nature, and is dependent on the individual circumstances under which it is obtained, which will
Materiality is relevant when the auditor determines the nature, timing and extent of evidence-
gathering procedures, and when assessing whether the subject matter information is free of
misstatement. Materiality is considered in the context of quantitative and qualitative factors, such as
relative magnitude and the nature and extent of the effect of these factors on the evaluation of the
subject matter.
345843475.doc
345843475.docEd3 20
Ordinarily, available evidence will be persuasive rather than conclusive. The quantity or
The characteristics of the subject matter. For example, when the subject matter is future
oriented, less objective evidence might be expected to exist than when the subject matter is
historical.
Circumstances of the engagement other than the characteristics of the subject matter, when
evidence that could reasonably be expected to exist is not available because of, for example, the
Assurance Report
The auditor provides a written report containing a conclusion that conveys the assurance
obtained from the subject matter information. ISAs, ISREs and ISAEs establish basic elements for
assurance reports. Also, the auditor considers other reporting responsibilities, including
In terms of the responsible partys assertion (for example: In our opinion the responsible
partys assertion that internal control is effective, in all material respects, based on XYZ
Directly in terms of the subject matter and the criteria (for example: In our opinion internal
345843475.doc
345843475.docEd3 21
An auditor may conduct a reasonable assurance or a limited assurance engagement with different
conclusions.
In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive
form, for example: In our opinion internal control is effective, in all material respects, based on
XYZ criteria. This form of expression conveys reasonable assurance. Having performed
evidence gathering procedures that were reasonable given the characteristics of the subject matter,
the auditor has obtained sufficient appropriate evidence to reduce assurance engagement risk to an
acceptably low level. In most assurance services the audit conclusion is expressed in the positive
form, (See Chapter 12 Audit Reports and Communications.) The opinion on an audit of financial
statements and a report on internal controls for the Sarbanes-Oxley Act are both examples of
In a limited assurance engagement, the practitioner expresses the conclusion in the negative
form, for example, Based on our work described in this report, nothing has come to our attention
that causes us to believe that internal control is not effective, in all material respects, based on XYZ
criteria. This form of expression conveys a level of limited assurance that is proportional to the
level of the practitioners evidence-gathering procedures given the characteristics of the subject
matter and other engagement circumstances. In a review of historical financial statements [under
International Standards for Review Engagements (ISRE)], the conclusion is expressed in the
negative form, for example, nothing has come to our attention that causes us to believe that
[subject matter] does not conform, in all material respects, with [criteria]. This form of expression
conveys limited assurance, which indicates that the auditor has obtained sufficient appropriate
evidence to reduce assurance engagement risk to a moderate level. Prospective financial reports
345843475.doc
345843475.docEd3 22
give a disclaimer that actual results are likely to be different from forecast (projection). (See
The differences between Reasonable Assurance and Limited Assurance is given in Illustration
4.415
A practitioner does not express an unqualified (unmodified) conclusion for either type of
There is a limitation on the scope of the practitioners work. The practitioner expresses a
the limitation is. In some cases the practitioner considers withdrawing from the
engagement.
management) assertion, and that assertion is not fairly stated, in all material
respects; or
o The practitioners conclusion is worded directly in terms of the subject matter and
345843475.doc
345843475.docEd3 23
When it is discovered after the engagement has been accepted, that the criteria are
345843475.doc
345843475.docEd3 24
include only the basic elements identified in appropriate ISAs and International Standards on
Assurance Engagements (ISAEs). Long-form not only gives the auditors conclusion on
compliance ISAs and ISAEs, but also reports in detail the terms of the engagement, the criteria
being used, findings relating to particular aspects of the engagement and related recommendations.
The assurance engagement calls for planning, gathering evidence, and reporting. The extent of
planning, the sufficiency of evidence, acceptable engagement risk, and the level of assurance of the
opinion will depend on the type of assurance engagement. An assurance engagement based on
historical financial information requires more intensive planning and evidence gathering than a
related services engagement. The auditor should reduce assurance engagement risk to an acceptably
low level in the case of a historical financial information engagement. It is also possible to conduct
an assurance engagement that provides a reasonable level of assurance on a subject matter other
than historical financial information (e.g. the subject matter of a sustainability report or internal
control report).
345843475.doc
345843475.docEd3 25
Audits or Reviews of Historical Financial Information discusses preparing an assurance report for
audits other than financial statement audits (we will cover in Chapter 12) and reviews (covered in
Chapter 14). In preparing the audit report the practitioner should conclude whether sufficient
appropriate evidence has been obtained to support the conclusion expressed in the assurance report.
The assurance report should be in writing and should contain a clear expression of the practitioners
conclusion about the subject matter information. The ISAEs does not require a standardized format
for reporting on all assurance engagements, but rather identifies the basic elements required to be
The standard elements of the report include the title, addressee, the identification of the subject
matter information , identification of the criteria, identification of the responsible party and their
responsibilities, the practitioners responsibilities, a statement that the engagement was performed
in accordance with ISAEs, summary of the work performed, practitioners conclusion, assurance
report date, practitioners name and specific location, and, if appropriate, a description of any
significant inherent limitations, or a statement restricting the use to certain intended users .
A title that clearly indicates the report is an independent assurance report 17. An appropriate
title helps to identify the nature of the assurance report, and to distinguish it from reports issued by
others.
An addressee identifies the party or parties to whom the assurance report is directed.
Whenever practical, the assurance report is addressed to all the intended users, but in some cases
345843475.doc
345843475.docEd3 26
A statement to identify the responsible party and to describe the responsible partys and the
practitioners responsibilities: this informs the intended users that the responsible party is
responsible for the subject matter in the case of a direct reporting engagement, or the subject matter
information in the case of an assertion-based engagement, and that the practitioners role is to
Where there is a subject matter specific ISAE, that ISAE may require that the assurance report
The name of the firm or the practitioner, and a specific location, which ordinarily is the city
where the practitioner maintains the office that has responsibility for the engagement: this informs
the intended users of the individual or firm assuming responsibility for the engagement.
ILLUSTRATION 4.5
345843475.doc
345843475.docEd3 27
Subject Matter
In the body of the report is a description of the subject matter, for example, identification of the
subject matter and explanation of the subject matter characteristics. The subject matter description
gives the name of the entity to which the subject matter relates and the period of time covered. Are
prospective? Are there inherent limitations such as the imprecision of the measurement techniques
being applied?
An identification and description of the subject matter information and the subject matter
The point in time or period of time to which the evaluation or measurement of the subject
matter relates;
The name of the entity or component of the entity (such as a subsidiary company or
transactions in the sales cycle) to which the subject matter relates; and
information of which the intended users should be aware, and how such characteristics may
influence the precision of the evaluation of the subject matter against the identified criteria.
For example:
o Changes in the subject matter or other engagement circumstances that affect the
comparability of the subject matter information from one period to the next. When
345843475.doc
345843475.docEd3 28
criteria for the preparation and presentation of financial statements in the private sector, but specific
users may decide to specify some other comprehensive basis of accounting (OCBOA) such as cash
accounting, rules of a regulatory authority, or income tax basis that meets their specific information.
When users of the report have agreed to criteria other than established criteria, then the assurance
report states that it is only for the use of identified users and for the purposes they have specified.
The assurance report identifies the criteria so the intended users can understand the basis for
the auditors conclusion. Disclosure of the source of the criteria, measurement methods used and
significant interpretations made are important for that understanding. The auditor may consider
disclosing: the source of the criteria (e.g. laws, regulations, recognized bodies of experts,
measurement methods used, and any significant interpretations made in applying the criteria).
The summary will help the intended users understand the nature of the assurance conveyed by
the assurance report. ISA 700, Forming an Opinion and Reporting on Financial Statements 18 and
ISRE 2400, Engagements to Review Financial Statements provide a guide to the appropriate type
particular subject matter, the summary might include a more detailed description of the work
performed.
345843475.doc
345843475.docEd3 29
Because in a limited assurance engagement an appreciation of the nature, timing, and extent of
conclusion expressed in the negative form. The limited assurance summary is more detailed than for
a reasonable assurance engagement and identifies the limitations on the nature, timing, and extent of
evidence-gathering procedures. The summary for a limited assurance engagements states that the
evidence-gathering procedures are more limited than for a reasonable assurance engagement, and
statement restricting use because subject matter criteria has limited availability
measurement of the subject matter against the criteria is necessary in the assurance report. For
example, in an assurance report related to the effectiveness of internal control, it may be appropriate
to note that the historic evaluation of effectiveness is not relevant to future periods due to the risk
that internal control may become inadequate because of changes in conditions, or that the degree of
When the criteria used to evaluate or measure the subject matter are available only to specific
intended users, or are relevant only to a specific purpose, a statement restricting the use of the
assurance report to those intended users or that purpose. Furthermore, when the assurance report is
intended only for specific intended users or a specific purpose this would be stated in the assurance
report.
345843475.doc
345843475.docEd3 30
Practitioners Conclusion
denial of conclusion.
the conclusion should be expressed in the positive form. The practitioners conclusion may, for
example, be worded as follows: In our opinion internal control is effective, in all material respects,
based on XYZ criteria or In our opinion the responsible partys assertion that internal control is
In the case of a review of financial statements, the conclusion should be expressed in the
negative form. For example, Based on our work described in this report, nothing has come to our
attention that causes us to believe that internal control is not effective, in all material respects, based
on XYZ criteria or Based on our work described in this report, nothing has come to our attention
that causes us to believe that the responsible partys assertion that internal control is effective, in all
The conclusion should clearly express a reservation in circumstances where some or all
aspects of the subject matter do not conform, in all material respects, to the identified criteria; or the
When the subject matter information is made up of a number of different aspects, separate
conclusions may be provided on each aspect. The conclusion should inform the intended user of
The practitioner should not express unqualified conclusion when the following circumstances
345843475.doc
345843475.docEd3 31
There is a limitation on the scope of the practitioners work, that is, either circumstances or
the responsible party imposes restrictions that prevent him from obtaining sufficient
In those cases where the practitioners conclusion is worded in terms of the responsible
partys assertion which is not fairly stated; and the subject matter information is materially
discovered, after the engagement has been accepted, that the criteria are unsuitable or the
subject matter is not appropriate for an assurance engagement. The practitioner should
express a qualified conclusion when the effect of a matter is not as material or pervasive as
expressed as being except for the effects of the matter to which the qualification relates.
The auditor communicates relevant matters arising from the assurance engagement with those
charged with governance (such as the audit committee). Relevant matters of governance interest
include only information that has come to the attention of the auditor as a result of performing the
assurance engagement. He is not required to design procedures for the specific purpose of
An auditor who, before the completion of an assurance engagement, is requested to change the
engagement should consider if that is appropriate. He should not agree to a change where there is no
reasonable justification for the change. Examples of a reasonable basis for requesting a change in
the engagement are a change in circumstances that affects the intended users requirements or a
345843475.doc
345843475.docEd3 32
information are assurance engagements that have as their subject matter historical financial
information.
about whether the financial statements as a whole are free from material misstatement, whether due
to fraud or error, thereby enabling the auditor to express an opinion whether the financial statements
are prepared, in all material respects, in accordance with an identified financial reporting
framework. The auditor also must report on the financial statements, and communicate as required
by the ISAs, in accordance with the auditors findings. The expression of a conclusion by an auditor
is designed to enhance the degree of confidence intended users can have about historical financial
statements.. The rest of this book is about financial statement audit engagements, so these will not
be discussed here.
Limitations
Professional Judgment
345843475.doc
345843475.docEd3 33
The introduction to Handbook of International Quality Control, Auditing, Review, Other Assurance,
And Related Services Pronouncements states The nature of the International Standards requires the
judgment is the application of relevant training, knowledge and experience, within the context
provided by auditing, accounting and ethical standards, in making informed decisions about the
courses of action that are appropriate in the circumstances of the audit engagement. The ISAs
require that the auditor exercise professional judgment and maintain professional skepticism
Professional judgment is required for the critical elements of auditing including criteria,
significant deficiencies in internal control 22, and determination of whether an audit objective has
been achieved. The assessment of risks is a matter of professional judgment, rather than a matter
To plan the audit and evaluate evidence, the auditor exercises professional judgment, for
example, when25:
Determining materiality26
Considering the appropriateness of the selection and application of accounting policies, and
Identifying areas where special audit consideration may be necessary, for example, related
345843475.doc
345843475.docEd3 34
performing further audit procedures to obtain sufficient appropriate audit evidence; and
Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the
interpretation of relevant ethical requirements and the ISAs and the informed decisions required
throughout the audit cannot be made without the application of relevant knowledge and experience
to the facts and circumstances. Professional judgment is necessary in particular regarding decisions
about:27
The nature, timing and extent of audit procedures used to meet the requirements of the ISAs
Evaluating whether sufficient appropriate audit evidence has been obtained, and whether
The drawing of conclusions based on the audit evidence obtained, for example, assessing
Determination of what other matters arising from the audit significant to the oversight of
The exercise of professional judgment in any particular case is based on the facts and
circumstances that are known by the auditor. Consultation on difficult or contentious matters during
the course of the audit, both within the engagement team and between the engagement team and
others within or outside the firm, assist the auditor in making informed and reasonable judgments.
345843475.doc
345843475.docEd3 35
Consultation uses appropriate research resources as well as the collective experience and technical
appropriately documented. An important factor in determining the form, content and extent of audit
the work and evaluating the results. Documentation of the professional judgments made, where
significant, serves to explain the auditors conclusions and to reinforce the quality of the judgment.
The auditor is required to prepare audit documentation sufficient to enable an experienced auditor,
having no previous connection with the audit, to understand the significant professional judgments
The auditor may consider it helpful to prepare and retain as part of the audit documentation a
summary (sometimes known as a completion memorandum) that describes the significant matters
identified during the audit and how they were addressed, The summary may facilitate effective and
efficient reviews and inspections of the audit documentation, particularly for large and complex
audits. Further, the preparation of such a summary may assist the auditors consideration of the
significant matters. It may also help the auditor to consider whether there is any individual relevant
Professional Skepticism
The ISAs require31 that the auditors professional actions including planning and performing an
assurance engagement must be carried out with an attitude of professional skepticism recognizing
that circumstances may exist that cause the subject matter information (financial statements,
345843475.doc
345843475.docEd3 36
includes a questioning mind, being alert to conditions which may indicate possible misstatement
due to error or fraud, and a critical assessment of audit evidence. 32 An attitude of professional
skepticism means the practitioner makes a critical assessment, with a questioning mind, of the
validity of evidence obtained and is alert to evidence that contradicts or brings into question the
attitude of professional skepticism is necessary throughout the engagement process for the auditor
to reduce the risk of overlooking suspicious circumstances, of over generalizing when drawing
conclusions from observations, and of using faulty assumptions in determining the nature, timing
Professional skepticism is necessary to the critical assessment of audit evidence. This includes
questioning contradictory audit evidence and the reliability of documents and responses to inquiries
and other information obtained from management. It also includes consideration of the sufficiency
and appropriateness of audit evidence obtained in the light of the circumstances, for example, in the
case where fraud risk factors exist. Professional skepticism includes being alert to audit evidence
that contradicts other audit evidence obtained, information that brings into question the reliability of
documents and responses to inquiries, conditions that may indicate possible fraud, and
circumstances that suggest the need for audit procedures in addition to those required by the ISAs.
The auditor may accept records and documents as authentic unless he has reason to believe
the information is not genuine. However, the auditor is required to consider the reliability of
information to be used as audit evidence.33 In cases of doubt about the reliability of information or
indications of possible fraud, the ISAs require that the auditor investigate further and determine
what modifications or additions to audit procedures are necessary to resolve the matter. 34
345843475.doc
345843475.docEd3 37
reduce the risks of: overlooking unusual circumstances, over generalizing when drawing
conclusions from audit observations, and using inappropriate assumptions in determining the
of professional skepticism in accordance with the ISAs. There is no single way in which the
auditors professional skepticism is documented, but it may include, for instance, specific
management is often in the best position to perpetrate fraud, professional skepticism may make it
fraud.
If related party relationships and transactions exist at the auditee, the auditor would be an
increased emphasis on the importance of maintaining professional skepticism throughout the audit
regarding the potential for material misstatement associated with related parties.
Quality control is a very important consideration for auditors. International Standard on Quality
Control #1 ( ISQC #1)35 applies to all firms of professional accountants in respect to audits and
reviews, other assurance, and related services engagements. ISQC #1 gives the requirements
designed to enable the accounting firm to meet the objective of quality control. In addition, it
contains related guidance in the form of application and other explanatory material. ISA 220 36 deals
345843475.doc
345843475.docEd3 38
A major objective of the audit firm is to establish and maintain a system of quality control
to provide it with reasonable assurance that the accounting firm and its personnel comply with
professional standards, legal and regulatory requirements and that reports issued are appropriate in
the circumstances. The audit firm must establish, maintain, document and communicate to their
personnel a system of quality control that includes policies and procedures that address each of the
following elements:
Human resources.
Engagement performance.
Monitoring.
The audit firm must establish policies and procedures designed to promote an internal
Quality control policies and procedures require the firms chief executive officer to assume
ultimate responsibility for the firms system of quality control. The firms leadership and the
examples it sets significantly influence the internal culture of the firm. Actions and messages
should encourage a culture that recognizes and rewards high quality work. These actions and
messages may be communicated by, for instance, training seminars, meetings, formal or informal
dialogue, mission statements, newsletters, or briefing memoranda. They may be incorporated in the
345843475.doc
345843475.docEd3 39
The firm audit must establish policies and procedures such that any person assigned
operational responsibility for the firms system of quality control has sufficient and appropriate
experience and ability, and the necessary authority, to assume that responsibility. Sufficient and
appropriate experience and ability enables one responsible for the firms system of quality control to
identify and understand quality control issues and to develop appropriate policies and procedures.
Necessary authority enables that person to implement those policies and procedures.
The practitioner firm must establish policies and procedures designed to provide
reasonable assurance that the firm and its personnel comply with relevant ethical requirements.
The IESBA Code establishes the fundamental principles of professional ethics see Chapter 3.
Part B of the IESBA Code illustrates how the conceptual framework is to be applied in specific
situations for public accountants. It provides examples of safeguards that may be appropriate to
address threats to compliance with the fundamental principles. The fundamental principles are
reinforced in particular by: the leadership of the firm, education and training, monitoring; and a
The audit firm should establish policies and procedures designed to provide it with
reasonable assurance that the firm and its personnel maintain independence. (See Chapter 3.) .
These policies and procedures shall require: relevant information about client engagements,
including the scope of services, to evaluate the overall impact on independence requirements;
personnel to promptly notify the firm of threats to independence; and the accumulation and
reasonable assurance that the firm is notified of breaches of independence requirements. At least
annually, the firm must obtain written confirmation of compliance with its policies and procedures
345843475.doc
345843475.docEd3 40
requirements.
The practitioner firm must establish policies and procedures setting out criteria for
safeguards when using the same senior personnel on an assurance engagement over a long period of
time. For audits of financial statements of listed entities, this generally requires the rotation of the
engagement partner and the individuals responsible for engagement quality control review after a
specified period. The IESBA Code (see Chapter 3) discusses the familiarity threat that may be
created by using the same senior personnel on an assurance engagement over a long period of time
and the safeguards that might be appropriate to address such threats. For financial statement audits
of listed entities the IESBA Code requires the rotation of the key audit partner after a pre-defined
period, normally no more than seven years. National requirements may establish shorter rotation
Engagements
The auditor must establish policies and procedures for the acceptance and continuance of client
relationships designed to provide them with reasonable assurance that the firm is competent to
perform the engagement and have the capabilities, including time and resources, to do so and can
comply with relevant ethical requirements. Furthermore, policies should insure that the auditor has
considered the integrity of the client, and does not have information that would lead it to conclude
Human Resources
345843475.doc
345843475.docEd3 41
The audit firm must establish policies to insure that it has sufficient personnel with the competence,
and capabilities to perform engagements in accordance with professional standards, legal and
regulatory requirements. For instance, the audit firm must assign responsibility for each engagement
to an engagement partner and establish policies and procedures requiring that the identity and role
Engagement Performance
The firm must establish policies and procedures designed to insure that engagements are performed
in accordance with professional standards, and, legal and regulatory requirements. These policies
and procedures must include matters relevant to promoting consistency in the quality of
audit firm should establish policies and procedures regarding consultation and engagement quality
control. For instance, the consultation policy should be designed to provide it with reasonable
assurance that appropriate consultation takes place on difficult or contentious matters, sufficient
resources are available, the scope and conclusions resulting from the consultations are documented,
established. These policies would provide an objective evaluation of the significant judgments
made by the engagement team and the conclusions reached in formulating the report. The
engagement quality control report must not be dated until the completion of the engagement quality
control review. The engagement quality control review must include review of the financial
made, evaluation of the conclusions reached in formulating the report, and a discussion of
significant matters with the engagement partner. When the audit is of financial statements of listed
345843475.doc
345843475.docEd3 42
entities, the firm must evaluate their independence and see that appropriate consultation has taken
Documentation should reflect the work performed and support the conclusions reached.
The engagement quality control review requires documentation that the procedures required
by the firms policies on engagement quality control review have been performed, the review has
been completed on or before the date of the report; and contain a statement that the reviewer is not
aware of any unresolved matters that would cause the reviewer to believe that the judgments the
engagement team made and the conclusions it reached were not appropriate.
files. Engagement teams must complete the assembly of final engagement files on a timely basis
after the engagement reports have been finalized. The audit team must have in place policies to
maintain the confidentiality, safe custody, integrity, accessibility and retrievability of engagement
documentation.
Monitoring
The audit firm establishes a monitoring process designed to provide reasonable assurance
that their quality control policies and procedures are relevant, adequate, and operating effectively.
This monitoring process includes an evaluation of the firms system of quality control including
inspection of at least one completed engagement for each engagement partner and assignment of the
monitoring process to a partner who is not performing the engagement. The firm also evaluates the
effect of deficiencies noted as a result of the monitoring process and communicates to personnel
Recommendations for fixing deficiencies may include changing training and professional
development; the quality control policies and procedures; and disciplinary action against those who
345843475.doc
345843475.docEd3 43
fail to comply with the policies. For cases where the results of the monitoring procedures indicate
that an assurance report is inappropriate or that procedures were omitted, the firm should determine
what further action is appropriate and consider whether to obtain legal advice.
The results of the monitoring of quality control are communicated at least annually to
engagement partners and other appropriate individuals including its managing board of partners.
This communication should be detailed enough to enable the firm to take prompt and appropriate
the conclusions drawn, significant deficiencies and the actions taken to resolve them.
Handling complaints is an important part of quality control, therefore, the audit firm
establishes policies to provide reasonable assurance that it deals appropriately with complaints and
allegations that the work performed does not comply with professional standards, legal and
regulatory requirements. Clearly defined channels for firm personnel to raise any concerns should
be in place.
345843475.doc
345843475.docEd3 44
4.8 Summary
Auditor services are work that an audit firm performs for their clients. Except for consulting
services, the work that auditors do is under the guidance of engagement standards set by the
International Auditing and Assurance Standards Board (IAASB). Some engagement standards are
others result from the Related Services Framework (related services engagements). Two sets of
standards (ISAs and ISAEs) share the assurance engagement framework and one standard set
(ISRS) is based on the related services framework. ISAs, ISAEs and ISRSs are collectively referred
to as the IAASBs Engagement Standards. All auditor services standards have as their basis the
IESBA Code of Ethics (see Chapter 3) and International Standards on Quality Control (ISQC)
The two sets of standard based on the assurance framework are ISA and ISAE. International
Standards on Auditing (ISA) 200 Overall Objectives of The Independent Auditor and the Conduct
Of an Audit in Accordance with International Standards on Auditing describes the main concepts
Engagements (ISAE) 3000 Assurance Engagements on Subject Matters Other than Historical
Financial Information describes concepts applicable to assurance services whose subject matter is
Related Services ISRS are based on the Related Services Framework. Standards under this
framework (ISRS) are applied currently to two audit services: engagements to perform agreed-upon
procedures regarding financial information (ISRS 4400) and compilations (ISRS 4410).
There are two types of assurance engagement: a reasonable assurance engagement and a
345843475.doc
345843475.docEd3 45
in assurance engagement risk to an acceptably low level based on the circumstances of the
engagement as the basis for a positive form of expression of the practitioners conclusion. The
that is acceptable in the circumstances of the engagement, but where that risk is greater than for a
reasonable assurance engagement, as the basis for a negative form of expression of the
practitioners conclusion.
The International Framework for Assurance Engagements describes five elements that all
assurance engagements exhibit: (1) a three party relationship involving a practitioner; a responsible
party; and the intended users, (2) an appropriate subject matter, (3) suitable criteria, (4) sufficient
appropriate evidence and (5) a written assurance report in the form appropriate to a reasonable
party and the intended users. A subject matter of an assurance is the topic about which the assurance
performance indicators, systems and processes (e.g., internal controls, environment, and IT
systems) or behavior (e.g., corporate governance, compliance with regulation, human resource
practices). Suitable criteria, which can be either established or specifically developed, are the
benchmarks (standards, objectives or set of rules) used to evaluate evidence or measure the subject
matter of an assurance engagement. In general, the same evidence gathering procedures, quality
control and planning process apply to assurance services as applies to audits. The auditor provides a
written report containing a conclusion that conveys the assurance obtained from the subject matter
information.
In preparing the audit report the practitioner should conclude whether sufficient appropriate
evidence has been obtained to support the conclusion expressed in the assurance report. The
345843475.doc
345843475.docEd3 46
assurance report should be in writing and should contain a clear expression of the practitioners
conclusion about the subject matter information. ISAE does not require a standardized format for
reporting on all assurance engagements, but rather identifies the basic elements required to be
included in the assurance report. The standard elements of the report include the title, addressee, the
identification of the subject matter information , identification of the criteria, identification of the
responsible party and their responsibilities, the practitioners responsibilities, a statement that the
engagement was performed in accordance with ISAEs, summary of the work performed,
practitioners conclusion, assurance report date, and practitioners name and specific location, and,
if appropriate, a description of any significant inherent limitations, or a statement restricting the use
The auditor communicates relevant matters arising from the assurance engagement with those
charged with governance (such as the audit committee). Relevant matters of governance interest
include only information that has come to the attention of the auditor as a result of performing the
assurance engagement. He is not required to design procedures for the specific purpose of
The nature of the International Standards requires the professional accountant to exercise
training, knowledge and experience, within the context provided by auditing, accounting and ethical
standards, in making informed decisions about the courses of action that are appropriate in the
circumstances of the audit engagement. The ISAs require that the auditor exercise professional
judgment and maintain professional skepticism throughout the planning and performance of the
audit.
appropriate audit evidence and determining and communicating significant deficiencies in internal
345843475.doc
345843475.docEd3 47
control , and determination of whether an audit objective has been achieved, among other areas,
requires professional judgment. The assessment of risks is a matter of professional judgment, rather
The ISAs require that the practitioner auditors professional actions including planning and
performing an assurance engagement must be carried out with an attitude of professional skepticism
recognizing that circumstances may exist that cause the subject matter information (financial
that includes a questioning mind, being alert to conditions which may indicate possible
misstatement due to error or fraud, and a critical assessment of audit evidence. An attitude of
professional skepticism means the practitioner makes a critical assessment, with a questioning
mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into
Standard on Quality Control #1 ( ISQC #1) applies to all firms of professional accountants in
respect to audits and reviews, other assurance, and related services engagements. ISQC #1 gives
the requirements designed to enable the firm to meet the objective of quality control. In addition, it
contains related guidance in the form of application and other explanatory material. ISA 220 deals
A major objective of the audit firm is to establish and maintain a system of quality control
to provide it with reasonable assurance that the firm and its personnel comply with professional
standards, legal and regulatory requirements and that reports issued are appropriate in the
circumstances. The audit firm must establish, maintain, document and communicate to their
personnel a system of quality control that includes policies and procedures that address each of the
345843475.doc
345843475.docEd3 48
following elements: (1) leadership responsibilities for quality within the firm; (2) relevant ethical
requirements; (3) acceptance and continuance of client relationships and specific engagements; (4)
345843475.doc
345843475.docEd3 49
4. 9 Notes
345843475.doc
1
International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Quality
Control (ISQC) 1, Quality Controls for Firms that Perform Audits and Reviews of Financial Statements, and
Other Assurance and Related Services Engagements. Handbook of International Quality Control, Auditing
Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International
Federation of Accountants. New York.
2
International Auditing and Assurance Standards Board (IAASB). 2012. Preface To The International Standards
On Quality Control, Auditing, Review, Other Assurance And Related Services Handbook of International
Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition,
Volume 1. International Federation of Accountants. New York.
3
Global Reporting Initiative. 2011. Sustainability Reporting Guidelines Version 3.1. GRI Secretariat.
www.globalreporting.org. https://www.globalreporting.org/resourcelibrary/G3.1-Sustainability-Reporting-
Guidelines.pdf Amsterdam, Netherlands.
4
The Intended users are the person, persons or class of persons for whom the practitioner prepares the assurance
report. The responsible party can be one of the intended users, but not the only one.
5
The Responsible party is the person (or persons) who: (a) In a direct reporting engagement, is responsible for
the subject matter; or (b) In an assertion-based engagement, is responsible for the subject matter information (the
assertion), and may be responsible for the subject matter.
6
The subject matter of an assurance engagement is the topic about which the assurance engagement is
conducted. Subject matter could be financial statements, statistical information, non-financial performance
indicators, capacity of a facility, etc.
7
Criteria are the benchmarks used to evaluate or measure the subject matter including, where relevant,
benchmarks for presentation and disclosure. Criteria can be formal or less formal. There can be different criteria
for the same subject matter. Suitable criteria are required for reasonably consistent evaluation or measurement of
a subject matter within the context of professional judgment.
8
Internal Control Integrated Framework, The Committee of Sponsoring Organizations of the
Treadway Commission.
9
Guidance on Assessing Control The CoCo Principles, Criteria of Control Board, The Canadian
Institute of Chartered Accountants.
10
Engagement circumstances include the terms of the engagement, including whether it is a reasonable assurance
engagement or a limited assurance engagement, the characteristics of the subject matter, the criteria to be used,
the needs of the intended users, relevant characteristics of the responsible party and its environment, and other
matters, for example events, transactions, conditions and practices, that may have a significant effect on the
engagement.
International Auditing and Assurance Standards Board (IAASB). 2012. International Framework for
11
Assurance Engagements. Paragraph 20. Handbook of International Quality Control, Auditing Review, Other
Assurance, and Related Services Pronouncements, 2012 Edition, Volume 2. International Federation of
Accountants. New York.
12
Ibid. See Paragraph 25 for examples of when the responsible party might be responsible for subject matter,
subject matter information, or both.
13
Ibid. Paragraph 36.
14
Ibid. See Paragraphs 43 46 for details of what constitutes reliability of evidence.
15
Ibid. Appendix
16
Assurance report content is described in paragraph 49 of : International Auditing and Assurance Standards
Board (IAASB). 2012. International Standards on Assurance Engagements (ISAE) 3000 Assurance
Engagements Other Than Audits or Reviews of Historical Financial Information. Handbook of International
Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition,
Volume 2. International Federation of Accountants. New York.
17
If a professional accountant not in public practice, for example an internal auditor, applies ISAEs, and(a) the
Framework or ISAEs are referred to in the professional accountants report; and (b) the
professional accountant or other members of the assurance team and, when applicable, the professional
accountants employer, are not independent of the entity in respect of which the assurance engagement is being
performed, the lack of independence and the nature of the relationship(s) with the assurance client are
prominently disclosed in the professional accountants report. Also, that report does not include the word
independent in its title, and the purpose and users of the report are restricted.
18
There has been a good deal of change in this standard. ISA 700, The Auditors Report on Financial
Statements was withdrawn in December 2006 , replaced by ISA 700, The Independent Auditors Report on a
Complete Set of General Purpose Financial Statements , which was replaced by the present ISA 700 Forming
an Opinion and Reporting on Financial Statements.
19
Professional judgment is the application of relevant training, knowledge and experience, within the context
provided by auditing, accounting and ethical standards, in making informed decisions about the courses of action
that are appropriate in the circumstances of the audit engagement.
Ibid. Preface To The International Standards On Quality Control, Auditing, Review, Other Assurance And
20
21
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit In Accordance With
International Standards on Auditing. Paragraph 7. Handbook of International Quality Control, Auditing Review,
Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of
Accountants. New York.
22
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 265 Communicating Deficiencies In Internal Control To Those Charged With Governance And
Management. Paragraph 5. Handbook of International Quality Control, Auditing Review, Other Assurance, and
Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New
York.
23
Ibid. ISA 200. Paragraph A32.
24
International Auditing and Assurance Standards Board (IAASB). 2012. International Standard for Quality
Control (ISQC) #1. Quality Control for Firms That Perform Audits and Reviews of Financial Statements, and
Other Assurance and Related Services Engagements. Paragraph A31. Handbook of International Quality
Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1.
International Federation of Accountants. New York.
25
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 315. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and
Its Environment ISA 315. Paragraph A1. Handbook of International Quality Control, Auditing Review, Other
Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of
Accountants. New York.
26
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 320 Materiality in Planning and Performing an Audit. Handbook of International Quality Control,
Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1.
International Federation of Accountants. New York.
27
Ibid. ISA 200. Paragraph A23
28
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 260 Communication With Those Charged With Governance. . Paragraph 16, 17 and A20. Handbook of
International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012
Edition, Volume 1. International Federation of Accountants. New York.
29
Ibid. ISQC # 1. Paragraph A36-A37.
30
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 230. Audit Documentation. Paragraph 8. Handbook of International Quality Control, Auditing Review,
Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of
Accountants. New York.
31
Ibid. ISA 200. Paragraphs 7, 15, and A18-A22.
32
ISA 200. Paragraphs 7, 15, and A18-A22.
33
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 500, Audit Evidence. Paragraph 7-8. Handbook of International Quality Control, Auditing Review,
Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of
Accountants. New York.
34
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 240, The Auditors Responsibilities Relating to Fraud in an Audit of Financial Statements. Paragraph
10, 30. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services
Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York.
35
International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Quality
Control # 1. (ISQC #1). Quality Control for Firms That Perform Audits and Reviews of Financial Statements,
and Other Assurance and Related Services Engagements. . Handbook of International Quality Control,
Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1.
International Federation of Accountants. New York.
36
International Auditing and Assurance Standards Board (IAASB). 2012. International Standards on Auditing
(ISA) 220, Quality Control for an Audit of Financial Statements. Handbook of International Quality Control,
Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1.
International Federation of Accountants. New York.