What information should be included in a well-designed final assurance engagement communication?

Where the client and the practitioner establish that an assurance service is being sought, ISAE 3000 (Revised) provides two options; reasonable and limited assurance.

For a reasonable assurance engagement the practitioner needs to reduce the assurance engagement risk (the risk that an inappropriate conclusion is expressed when the information on the subject matter is materially misstated) to an acceptably low level as the basis for a positive form of expression of the practitioner’s conclusion. Such risk is never reduced to nil and therefore, there can never be absolute assurance.

Buyer's guide to assurance on non-financial information

For a limited assurance engagement the practitioner collects less evidence than for a reasonable assurance engagement but sufficient for a negative form of expression of the practitioner’s conclusion. The practitioner achieves this ordinarily by performing different or fewer tests than those required for reasonable assurance or using smaller sample sizes for the tests performed.

The practitioner uses the same risk basis for planning their work and the same levels of materiality in evaluating the outcome of tests for reasonable and limited assurance engagements. Since the extent of evidence collected for a limited assurance engagement may be limited due to the reduced sample sizes and test coverage adopted, the level of risk of material misstatement remaining is potentially higher than in a reasonable assurance engagement. Hence, the practitioner is not in a position to express the same degree of confidence as in a reasonable assurance engagement.

The conclusion in a limited assurance engagement is accordingly framed in a negative sense: "Based on the procedures performed, nothing came to our attention to indicate that the management assertion on XYZ is materially misstated." In contrast with a reasonable assurance conclusion which would be formed in a positive sense, ie: "Based on the procedures performed, in our opinion, the management assertion on XYZ is reasonably stated."

Practitioners may be familiar with the limited nature of the work performed in relation to a published review opinion for listed company half-year financial statements. The half-year review is an example of a limited assurance engagement that is conducted by the company’s auditor under ISRE 2410.

These reviews are ordinarily based on inquiry of management and analytical procedures. Analytical procedures typically involve the comparison of actual information against the expectations formed based on the prior year and industry average. The limited nature of the work is justified because the practitioner has a base of history with the client’s previous financial statement audit and an understanding of the client’s control environment which generally helps the practitioner to determine the reliability of the information produced by management.

While there are certain parallels between half-year reviews and other limited assurance engagements conducted under ISAE 3000 (Revised), there are also differences.

Half-year review of financial statements

The half-year review is a defined concept in relation to a clearly defined subject matter, ie the financial statements, and for which there is an expectation of a strongly defined internal control environment appropriate for the size and complexity of the client, structure through accounting practices, double entry book-keeping and other checks and balances required by company law and regulation.

The company’s auditor will have obtained a sound understanding of these matters and conducted recent tests of controls and substantive procedures as part of the annual audit. This background therefore reduces the need for detailed tests beyond inquiry, analytical review and other procedures of limited nature.

Limited assurance over non-financial information

In contrast, a non-financial limited assurance engagement may tackle a subject matter which is less well defined and for which the control environment is far less mature and robust. For example, the calculation of a company’s carbon footprint may have been performed by an individual and the results collected on a spreadsheet and supported by files of memorandum information.

The subject matter information is unlikely to be extracted from a double entry bookkeeping system, reducing the possibility of obtaining cumulative evidence through directional testing. Moreover the relationships, if any, between the non-financial subject matter and trends in other internal and external information sources may not have been identified. Accordingly, the comfort the practitioner can obtain from analytical review alone may be greatly reduced.

The concept of limited assurance allows the assurance provider to accept engagements that provide a range of potential levels of comfort to users of the resulting assurance reports. The only restrictions are that limited assurance should deliver a lower level of comfort than reasonable assurance and that the level of comfort provided should be meaningful.

Because a limited assurance report could represent such a range of levels of comfort, it can be much more important for the assurance practitioner to:

• ensure there is a good shared understanding of the scope of work agreed with the responsible party and/or users;
• document the scope of work in an appropriate level of detail in the terms of engagement; and
• describe the work performed in a plain English in the assurance report.

What information should be included in an assurance engagement observation description?

What four elements are included in a well

What are the three phases of the assurance engagement process?

What are the four reasons for conducting an assurance engagement?