The audit process spreads on a vast range of activities. The external auditors conduct an audit in a business entity to safeguard the interests of the stakeholders. For instance, think of the shareholders, creditors, debtors, investors, governments, regulators, and other stakeholders. The fair and successful operations of a business entity and transparent internal control system guarantee that the interests of stakeholders are protected.
How does the audit process test if credible information is communicated to the stakeholders? How does an audit ensures that the business operations and financial statements are prepared by maintaining integrity and trueness?
Assurance is the part of the audit that builds the confidence of the external and internal stakeholders to trust the information provided by a business entity. The audit process includes the internal auditors’ internal perspective and external perspective of an external assurance provider. The external auditor is considered the external assurance provider.
The International Auditing and Assurance Standards Board(IAASB) has developed an Amended Framework for Assurance Engagements to define the external assurance engagement scope. In this article, we’ll discover assurance engagement, its scope, and criteria. We will also answer the question, ‘is agreed-upon procedure part of the external assurance engagement?’
What Is Assurance Engagement?
The definition of assurance engagement in IAASB Framework, Para 7 is,
Assurance engagement means an engagement in which a practitioner(auditor) expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party(the audited company) about the outcome of the evaluation or measurement of a subject matter against criteria.
Different terms are used in the definition. The practitioner is an external auditor hired to perform the independent audit of the business entity. The criteria relate to the International Financial Reporting Standards or any other standards defined for the audited process. Similarly, subject matter means the audited process. For instance, the financial statements will be subject matter in an external audit.
A simplified definition of an assurance engagement is,
The external auditor performs different procedures, verifications, and reviews to make a professional judgment about a business entity’s financial statements, internal controls, and management transparency. All the activities undertaken to give professional judgment and opinion are collectively called assurance engagement.
Elements Of Assurance Engagement
There are five elements of an engagement to be called assurance engagement. If an engagement has the following elements, only then will it be called assurance engagement:
a. Three-party Relationship
There must exist a three-party relationship for the performance of assurance engagement. Following are the three parties in an assurance engagement:
- The practitioner that is an auditor
- The responsible party that is the company being audited
- The intended users that are external stakeholder
b. Subject Matter
There must be an appropriate subject matter for the performance of assurance engagement. The subject matter has the following characteristics: qualitative or quantitative nature, objective or subjective nature, historical or future insights, etc. To standardize, an appropriate subject matter must be:
- Identifiable and can be evaluated consistently and reliably
- Evidence can be collected to make a reasonable or limited assurance
The examples of subject matter include the financial performance of a company, non-financial performance, physical assets, systems, and internal control, organization or corporate governance, etc.
The auditor requires standards and benchmarks for evaluation, review, and testifying the subject matter in any assurance engagement. Therefore, the benchmarks for a certain subject matter are called criteria. For instance, the International Financial Reporting Standards(IFRS) are criteria for financial information and statement preparation. Criteria must be:
There must be sufficient evidence related to the subject matter for verification and evaluation, leading to assurance. The evidence must be reliable, material, appropriate, and can be critically assessed by the auditor.
e. Written Report Of Assurance
After the assurance engagement, the auditor prepares a report stating his professional judgment and opinion gained during the audit process and fieldwork. The written report might express reasonable assurance or limited assurance. The reasonable assurance implies that the auditor is satisfied and expresses a positive opinion based on sufficient evidence, suitable criteria, and verifiable subject matter.
The limited assurance means the negative opinion of the auditor. The report signifies that the evidence, subject matter, and criteria provided to the auditor were not enough to find any discrepancy. However, there might be any if the circumstances are changed.
Scope Of Assurance Engagement Framework
The scope of an assurance engagement is highlighted in the International Framework for Assurance Engagements issued in 2005. The scope explains what type of engagements are part of the assurance engagement. Also, it highlights the engagements not treated as part of the assurance engagement.
According to the scope of the Assurance Engagement Framework, a specific assurance engagement can be a part of broader engagement. For instance, if a business is sold, the acquisition consulting engagement also involves due diligence.
It requires testing, reviewing, and assurance about the past, present, and future financial metrics and information. In the perspective of business acquisition consulting engagement, the Assurance Engagement Framework will only apply for the financial assurance portion and not other legal & consultation assurance.
What Is Not Part Of Assurance Engagement?
An external auditor performs many engagements during the audit process that might or might not require a public opinion. According to para 7 of the IAASB framework, assurance engagement also deals with the engagements leading to the practitioner’s independent opinion. Therefore, the following engagements are not part of assurance engagement:
- The International Standards of Related Services have defined different engagements, and these engagements are not considered part of the assurance engagement.
- The tax return filing does not require any public assurance. Therefore, it is also not the part of assurance engagement undertaken by an auditor.
- Any consulting or advisory engagements for business, tax, management, acquisition, etc.
Besides the engagements discussed above, some engagements fulfill assurance criteria but are not performed under the Assurance Engagement Framework. The examples of such engagements are as follow:
- Any engagement is undertaken by the auditor for verifying any legal proceedings regarding tax, accounting, auditing, etc., matters of the responsible party.
- Any engagement that results in a public opinion or judgment might appear to be an assurance for the external stakeholders.
Is Agreed-Upon Procedure Part Of Assurance Engagement?
We talked about the scope of the assurance engagement and what is not included in it. According to the Assurance Engagement Framework, the engagements defined under the International Standards of Related Services are not included in the assurance engagement. Whereas the agreed-upon procedures are part of ISRS.
Therefore, the agreed-upon procedures are not concluded as a part of the assurance engagement.
The question is, if the agreed-upon procedures are not recognized under the scope of the assurance engagement, what is it then?
The non-audit engagements and services provided to different business corporations deal with various engagements that require careful evaluation. However, these non-audit services might or might not require assurance. The most common engagement undertaken by the business entity that does not require assurance is agreed-upon procedures engagement.
The agreed-upon procedures engagements are the activities undertaken by the auditor for evaluation, review, and assessment of the financial statements. The auditor presents a factual report based on the findings he derives from such engagements. However, no assurance is expressed.
The report on the agreed-upon procedures is not publicly distributed. It only remains confined to the parties that have agreed on the procedures.
What Are Agreed-Upon Procedures?
The agreed-upon procedure engagement is defined under ISRS 4400 to engage in the specific procedures as agreed and acknowledged by the engagement parties. The procedures must be appropriate for the specific engagement based on its purpose. Such procedures must be sufficient and reliable to report the findings of the specific engagement.
The agreed-upon procedures can be outlined and agreed upon by the hiring company or the clients before an audit. The audit standards in audit design are also built based on the AUP defined by the engaging party. The most common examples of the agreed-upon procedures engagements are as follow:
- Performing the due diligence at the time of business acquisition
- Checking security balances
- Verification of cash balances
- Royalty agreement compliance
- Reviewing internal control systems and internal control environment.
- Payroll audits.
The following table will help you understand how each subject matter within an audit must have agreed-upon procedures. The table is related to agreed-upon procedures from the preparer’s point of view(auditor):
|Subject Matter||Risk||Agreed-Upon Procedures|
|Inventory Stock||The physical existence of stock. Fraud In Recording.||Performing tests of controls. Sample counting for physical verification Three-way matching to detect fraud.|
|Payroll Audit||Accuracy of the records. Compliance with the legal regulations.||Reviewing the calculations. Contracts and timesheets checking Verification and evidence collection about the existence of employees.|
The agreed-upon procedure engagements are a very critical part of the audit process in any business organization. However, the assurance engagement does not cover its scope that means the auditor will not express a public assurance. But the reports on agreed-upon procedures engagements are shared with the concerned parties.