Is Agreed Upon Procedures an Assurance Engagement?

The audit process spreads over a vast range of activities. External auditors conduct an audit of a business entity to safeguard the interests of the stakeholders.

For instance, consider shareholders, creditors, debtors, investors, governments, regulators, and other stakeholders.

A business entity’s fair and successful operations and a transparent internal control system guarantee that stakeholders’ interests are protected.

How does the audit process test if credible information is communicated to the stakeholders?

How does an audit ensures that the business operations and financial statements are prepared by maintaining integrity and trueness?

Assurance is the part of the audit that builds the confidence of the external and internal stakeholders to trust the information provided by a business entity.

The audit process includes the internal auditors and external perspectives of an external assurance provider. The external auditor is considered the external assurance provider. 

The International Auditing and Assurance Standards Board (IAASB) has developed an Amended Framework for Assurance Engagements to define the external assurance engagement scope. This article will discover assurance engagement, its scope, and its criteria.

We will also answer the question, ‘is the agreed-upon procedure part of the external assurance engagement?’

What Is Assurance Engagement?

The definition of assurance engagement in IAASB Framework, Para 7 is,

Assurance engagement means an engagement in which a practitioner(auditor) expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party(the audited company) about the outcome of the evaluation or measurement of a subject matter against criteria.

Different terms are used in the definition. The practitioner is an external auditor hired to perform the independent audit of the business entity.

The criteria relate to the International Financial Reporting Standards or any other standards defined for the audited process. Similarly, subject matter means the audited process. For instance, the financial statements will be subject matter in an external audit.

A simplified definition of an assurance engagement is,

The external auditor performs different procedures, verifications, and reviews to make a professional judgment about a business entity’s financial statements, internal controls, and management transparency. All the activities undertaken to give professional judgment and opinion are collectively called assurance engagement.

Elements Of Assurance Engagement

There are five elements of an engagement to be called assurance engagement. If an engagement has the following elements, only then will it be called assurance engagement:

Related article  What is a Special Audit? Scope and Why is it required?

a. Three-party Relationship

There must exist a three-party relationship for the performance of assurance engagement. Following are the three parties in an assurance engagement:

  1. The practitioner that is an auditor
  2. The responsible party is the company being audited
  3. The intended users are external stakeholders

b. Subject Matter

There must be an appropriate subject matter for the performance of assurance engagement. The subject matter has the following characteristics: qualitative or quantitative nature, objective or subjective nature, historical or future insights, etc. To standardize, an appropriate subject matter must be:

  • Identifiable and can be evaluated consistently and reliably
  • Evidence can be collected to make a reasonable or limited assurance

Examples of subject matter include a company’s financial performance, non-financial performance, physical assets, systems, internal control, organization or corporate governance, etc.

c. Criteria

The auditor requires standards and benchmarks for evaluation, review, and testifying on the subject matter in any assurance engagement.

Therefore, the benchmarks for a certain subject matter are called criteria. For instance, the International Financial Reporting Standards(IFRS) are financial information and statement preparation criteria. Criteria must be:

  • Relevant
  • Complete
  • Reliable
  • Neutral
  • Understandable

d. Evidence

There must be sufficient evidence related to the subject matter for verification and evaluation, leading to assurance. The evidence must be reliable, material, appropriate, and can be critically assessed by the auditor.

e. Written Report Of Assurance

After the assurance engagement, the auditor prepares a report stating his professional judgment and opinion gained during the audit process and fieldwork. The written report might express reasonable assurance or limited assurance.

The reasonable assurance implies that the auditor is satisfied and expresses a positive opinion based on sufficient evidence, suitable criteria, and verifiable subject matter.

Limited assurance means the negative opinion of the auditor. The report signifies that the evidence, subject matter, and criteria provided to the auditor were not enough to find any discrepancy. However, there might be any if the circumstances are changed.

Scope Of Assurance Engagement Framework

The scope of an assurance engagement is highlighted in the International Framework for Assurance Engagements issued in 2005.

Related article  System Based Audit Approach - How Does It Work

The scope explains what type of engagements are part of the assurance engagement. Also, it highlights the engagements not treated as part of the assurance engagement.

According to the scope of the Assurance Engagement Framework, a specific assurance engagement can be a part of a broader engagement. For instance, if a business is sold, the acquisition consulting engagement also involves due diligence.

It requires testing, reviewing, and assurance about the past, present, and future financial metrics and information. From the perspective of business acquisition consulting engagement, the Assurance Engagement Framework will only apply to the financial assurance portion and not other legal & consultation assurance.

What Is Not Part Of Assurance Engagement?

An external auditor performs many engagements during the audit process that might or might not require public opinion.

According to para 7 of the IAASB framework, assurance engagement also deals with the engagements leading to the practitioner’s independent opinion. Therefore, the following engagements are not part of the assurance engagement:

  • The International Standards of Related Services have defined different engagements, and these engagements are not considered part of the assurance engagement.
  • The tax return filing does not require any public assurance. Therefore, it is also not part of the assurance engagement undertaken by an auditor.
  • Any consulting or advisory engagements for business, tax, management, acquisition, etc.

Besides the engagements discussed above, some engagements fulfill assurance criteria but are not performed under the Assurance Engagement Framework. The examples of such engagements are as follow:

  • The auditor undertakes any engagement for verifying any legal proceedings regarding tax, accounting, auditing, etc., matters of the responsible party.
  • Any engagement that results in public opinion or judgment might appear to be an assurance for the external stakeholders.

Is Agreed-Upon Procedure Part Of Assurance Engagement?

According to the Assurance Engagement Framework, the engagements defined under the International Standards of Related Services are not included in the assurance engagement. Whereas the agreed-upon procedures are part of ISRS. Therefore, the agreed-upon procedures are not concluded as a part of the assurance engagement.

The question is, if the agreed-upon procedures are not recognized under the scope of the assurance engagement, what is it then?

Related article  Inventory Observation (Objective and Explanation)

The non-audit engagements and services provided to different business corporations deal with various engagements that require careful evaluation.

However, these non-audit services might or might not require assurance. The most common engagement undertaken by the business entity that does not require assurance is agreed-upon procedures engagement.

The agreed-upon procedures engagements are the activities undertaken by the auditor to evaluate, review, and assess the financial statements. The auditor presents a factual report based on the findings he derives from such engagements. However, no assurance is expressed.

The report on the agreed-upon procedures is not publicly distributed. It only remains confined to the parties that have agreed on the procedures.

What Are Agreed-Upon Procedures?

The agreed-upon procedure engagement is defined under ISRS 4400 as engaging in the specific procedures as agreed and acknowledged by the engagement parties. The procedures must be appropriate for the specific engagement based on its purpose. Such procedures must be sufficient and reliable to report the findings of the specific engagement.

The agreed-upon procedures can be outlined and agreed upon by the hiring company or the clients before an audit. The audit standards in audit design are also built based on the AUP defined by the engaging party. The most common examples of the agreed-upon procedures engagements are as follows:

  • Performing the due diligence at the time of business acquisition
  • Checking security balances
  • Verification of cash balances
  • Royalty agreement compliance
  • Reviewing internal control systems and internal control environment.
  • Payroll audits.

The following table will help you understand how each subject matter within an audit must have agreed-upon procedures. The table is related to agreed-upon procedures from the preparer’s point of view(auditor):

Subject MatterRiskAgreed-Upon Procedures
Inventory StockThe physical existence of stock. Fraud In Recording.Performing tests of controls. Sample counting for physical verification Three-way matching to detect fraud.
Payroll AuditAccuracy of the records. Compliance with the legal regulations.Reviewing the calculations. Contracts and timesheets are checking Verification and evidence collection about the existence of employees.


The agreed-upon procedure engagements are a very critical part of the audit process in any business organization. However, the assurance engagement does not cover its scope, so the auditor will not express a public assurance. But the reports on agreed-upon procedures engagements are shared with the concerned parties.