Other assurance assignments

Question 1

Other assurance assignments 1.1 Audit compared with assurance

Nature of work

Answer 1

Statutory audit
Determined by Companies
Act 2006 and ISAs. Main audit
procedures are set out in ISA
500:
 Inspection
 Observation
 Confirmation
 Recalculation
 Reperformance
 Analytical procedures
 Enquiry

Other assurance
Scope is determined by the
terms of engagement and
relevant International Standards
on Assurance Engagements or
International Standards on
Review Engagements.
Procedures usually more
limited:
 Enquiry
 Analytical procedures
 Written management
representations.
i.e. less work than audit

Question 2

Other assurance assignments

Level of
assurance

Answer 2

Statutory audit
Reasonable

Other assurance
Usually limited

Question 3

Other assurance assignments

Report to

Answer 3

Statutory audit
Shareholders

Other assurance
Usually management

Question 4

Other assurance assignments

Report on

Answer 4

Statutory audit
Express an opinion on:
 The financial statements
(whether they are true &
fair, properly prepared)
 Certain other matters
e.g. the information
contained in the directors’
report and strategic report
is consistent with the
financial statements.

Other assurance
Express an opinion on:
 The financial statements
(whether they are true &
fair, properly prepared)
 Certain other matters
e.g. the information
contained in the directors’
report and strategic report
is consistent with the
financial statements.

Question 5

Other assurance assignments

Circulation of
report

Answer 5

Statutory audit
In the public domain once the
financial statements are filed

Other assurance
Likely to be restricted

Question 6

Other assurance assignments 1.2 Review of historical financial information (ISRE 2400)

Answer 6

Some clients require a review of the financial statements rather than a
full audit.
Procedures focus on:
 obtaining knowledge of the entity
 making enquiries
 performing analytical procedures
 obtaining written representations from management.
If an issue is identified, then additional procedures will be performed.
Negative assurance will be given. The negative opinion will state ‘nothing has come
to our attention to suggest that the accounts are not true and fair’. The reviewer also
states that it isn’t a statutory audit.
Example:
 Independent verification required for small charities or for companies under the
audit threshold.
1.3 Review of interim financial information (ISRE 2410)
In some cases (particularly listed companies) a review of the interim
financial statements will be required. These statements will be prepared
under IAS 34 (covered in the next chapter).
This is a specific example of a review of historical information so the approach to the
engagement will be similar to ISRE 2400 above.

Question 7

Other assurance assignments 1.4 Review of prospective financial information (ISAE 3400)

Answer 7

This is more difficult than a review of historic financial information
because it is reporting on future events.
Prospective financial information will usually take the form of budgets
and forecasts.
Examples of work required when reviewing, e.g. a business plan:
 Consider the competence of the preparer (e.g. how accurate have past
forecasts been?).
 Cast/recalculate to check mathematical accuracy.
 Vouch to any supporting documentation there may be, e.g. contracts of sale.
 Review assumptions for reasonableness. Agree estimated costs to current
actual costs and consider price rises. Discuss with management.
 Statement of profit or loss: Agree that accounting policies are consistent with
the financial statements (e.g. depreciation rates), and compare contents to
identify missing costs etc. Agree b/f balances to accounting records.
 Cash flows: Agree timings for amounts going in and out of the bank account
(e.g. initial outflow to purchase equipment, receipts from customers after 30-day
credit period etc.). Agree b/f cash balance to cash at bank ledger account.

Question 8

Other assurance assignments 1.5 Assurance reports on controls at a service organisation (ISAE 3402)

Answer 8

A service organisation is an entity that provides services to user entities
that are relevant to their internal controls (e.g. controls over IT
systems).
There are two types of assurance report:
 Type 1 – a report on the description and design of controls at a
service organisation.
 Type 2 – a report on the description, design and operating
effectiveness of controls at a service organisation.

Question 9

Other assurance assignments 2.1 What is due diligence?

Answer 9

Due diligence is the process of gathering information for an investor about a potential
investee in order to make an informed decision about the investment, including
whether or not to invest, and what amount to invest. It is usually performed in an
acquisition or a refinancing scenario.
The investee will have more information about its business than the investor when
setting a deal price. Due diligence helps to narrow this information gap to enable a
more informed decision by the investor on the performance, position and risks of the
target company when offering a price.
Due diligence may:
 identify assets: ascertain legal title/rights, identify and value intangibles
 identify and quantify potential risks
 ensure the bid price is reasonable
 give assurance to providers of finance
 help with post-acquisition planning such as:
– identify possible areas of synergy
– identify key personnel to tie in post-acquisition
– identify key areas in need of reorganisation.

Question 10

Other assurance assignments 2.2 Detailed due diligence work

Answer 10

Due diligence procedures are very similar to audit procedures, with a different focus.
Work should focus on:
 valuation of key assets
 information affecting the price (e.g. cash flow forecasts, EBITDA calcs etc.)
 identifying hidden or unrecognised obligations, as well as determining the value
of recognised obligations
 projections/forecasts
 commercial information.
Examples:
 Financial due diligence – giving assurance on the financial position, financial
risk and projections.
 Commercial due diligence – giving assurance on markets and external
economic environment.
 Operational due diligence – considering the operational risks and potential
improvements that can be made in a target company.
 Technical due diligence – giving assurance on new technologies (will probably
involve the use of experts).
 IT due diligence – giving assurance on the nature, reliability and risks of IT
systems and IT skills.
 Legal due diligence – giving assurance on legal rights and obligations including
the acquisition contract (will probably involve placing reliance on lawyers).
 HR due diligence – giving assurance on staff skills and HR contracts, including
whether key skilled workers can be retained and what the cost of potential
redundancies might be.
 Tax due diligence – any tax liabilities and their impact on the new group. Tax
structuring of acquisition and finance.

Question 11

Other assurance assignments 2.3 Warranties

Answer 11

The vendor may give warranties to the purchaser. Warranties are a type of insurance
whereby the vendor compensates the purchaser if the warranties are breached.
Examples of warranties include:
 sales contracts exist and are current
 all contingent liabilities have been disclosed
 tax has been paid or accrued for.

Question 12

Other assurance assignments Forensic accounting

Answer 12

The term ‘forensic accounting’ covers any investigative assignment into financial
matters. Examples include:
 fraud investigations
 professional negligence claims
 insurance claims
 assessing damages in a litigation
 financial disputes, e.g. partnership disputes or matrimonial disputes.
Forensic investigation is the steps taken to perform a particular forensic accounting
assignment from start to finish. It will include:
 planning
 gathering evidence (this stage is called forensic auditing)
 reviewing and concluding
 issuing a report.
Forensic accountants are often called to give evidence in court as an expert witness.
The main aspect of forensic accounting for the exam is fraud investigation.

Question 13

Other assurance assignments Forensic accounting 3.1 Fraud

Answer 13

There are three main categories of fraud:
 Corruption – conflict of interest, bribery, extortion.
 Asset misappropriation – e.g. theft, false billing, payroll fraud.
 Financial statement fraud – e.g. deliberate profit misstatement, bias.

Question 14

Other assurance assignments Forensic accounting 3.2 Conducting a fraud investigation: considerations Acceptance

Answer 14

 Do we have the necessary skills and experience?
 Ethical threats if the investigation is for an audit client: self-review, advocacy,
management. Do not accept appointment unless there are robust safeguards.
 Commercial – firms can charge a high fee for forensic assignments because of
the high level of risk involved and the degree of expertise needed.

Question 15

Other assurance assignments Forensic accounting 3.2 Conducting a fraud investigation: considerations Planning

Answer 15

Ensure that the forensic accountant understands the specific objectives of the
engagement, for example:
 identify the type of fraud, how long it has been operating, how it was concealed
 identify the fraudster
 quantify the loss
 gather evidence for a court case
 advise on how to prevent recurrence in the future
 obtain an understanding of the circumstances and events surrounding the
engagement, the context of the engagement, the resources available and any
limitation on the scope of the engagement
 consider the use of data analytic software, or other ways to gather evidence.

Question 16

Other assurance assignments Forensic accounting 3.2 Conducting a fraud investigation: considerations Gathering evidence

Answer 16

 Evidence must be robust and conclusive as it may be challenged in court.
 Procedures must be tailored to the specific type of fraud and how it was
committed.
 Techniques include:
– test controls for weaknesses
– analytical procedures – look for trends
– Data analytic software – when were the details altered?
– talk to employees
– ascertain responsibilities and access to identify which individuals may
have been involved
– substantive techniques (reconciliations, cash counts, review docs and
accounting records, comparisons etc.)
– review CCTV footage for evidence of how/when/who/how much etc.
 Must approach all information and documentation with a sceptical attitude as it
may be biased, false or incomplete. Look for complementary or contradictory
evidence to support/disprove conclusions.

Question 17

Other assurance assignments Forensic accounting 3.2 Conducting a fraud investigation: considerations Reporting

Answer 17

 Summary of evidence and conclusion.
 Quantify amount of loss suffered.
 Outline how the fraud was conducted.
 Advise how to prevent a similar fraud in the future.

Question 18

Other assurance assignments Forensic accounting 3.2 Conducting a fraud investigation: considerations Appearing in court as an expert witness

Answer 18

 Need to be independent and not biased towards any particular point of view.
 Confine evidence to matters which lie within the accountant’s expertise and
which are material to the matter in hand.

Question 19

Other assurance assignments Sustainability 4.1 Implications for the statutory audit of the financial statements

Answer 19

The UK statutory audit does not include the audit of any disclosures provided under
IFRS S1 General Requirements for Disclosure of Sustainability-related Financial
Information and IFRS S2 Climate-related Disclosures.
However, this does not mean that there are no implications for the auditor.
Impact on the financial statements
Auditors need to understand the environmental, social and governance issues facing a
company to assess the impact on the financial statements and the audit in general,
including:
 potential impairment of assets
 costs of non-compliance, e.g. fines, compensation, remediation
 constructive obligations, contingent liabilities and provisions
 impact on going concern status
 motives for manipulation of figures to achieve targets or covenants
 weaknesses in sustainability risk management by those charged with
governance.
Review of other information presented with the financial statements
Remember that ISA (UK) 700 requires the audit report to include a separate section
with a heading ‘Other information’ addressing any additional information provided
with the company’s financial statements.
ISA (UK) 720 states that if the other information contains a material misstatement
and the directors refuse to correct it, the uncorrected misstatement must be
described in the ‘other information’ section of the audit report.

Question 20

Other assurance assignments Sustainability 4.2 Sustainability audits

Answer 20

Companies may choose to have an assurance engagement performed with respect
to any social and environmental reports which they prepare.
Planning and performance of the engagement will be very similar to other assurance
engagements. Assurance firms may make use of AA1000 Assurance Standard
issued by AccountAbility – a global non-profit organisation.
AccountAbility also produce AA1000 Accountability principles which sets out the
following principles for sustainability reporting:
 Inclusivity – participation of stakeholders in developing and achieving an
accountable and strategic response to sustainability.
 Materiality – determine the significance of an issue to an organisation and its
stakeholders.
 Responsiveness – how an organisation responds to stakeholder issues that
affect its sustainability performance by its decisions, actions and performance
as well as communication with stakeholders.
 Impact – the effect of behaviour/performance/outcomes on the
economy/environment/society/stakeholders/the organisation itself.
The AA1000 Assurance Standard provides the following guidance on related
assurance engagements:
 Objective – evaluate and provide conclusions on adherence to AA1000
Assurance Standard principles and the quality of the disclosed information.
 Reports:
– there is no set wording for the assurance statement but a list of the
minimum information required is given in the standard.
– Type 1 reports: The assurance provider evaluates the nature and extent of
an organisation’s adherence to the four AA1000 Accountability Principles.
The focus is on how the organisation manages sustainability performance
and communicates, but does not provide assurance on the reliability of
the information provided.
– Type 2 reports: The assurance provider evaluates the nature and extent of
an organisation’s adherence to the four AA1000 Accountability Principles
and evaluates the reliability of the information provided.

Question 21

Other assurance assignments Sustainability 4.3 Greenhouse gas emission statements (ISAE 3410)

Answer 21

Companies listed on the main market of the London Stock Exchange are required to
make a disclosure of greenhouse gas emissions (GHG Statement).
 The level of assurance could be:
– reasonable – an opinion on whether the GHG Statement has been
prepared in accordance with the acceptable criteria
– limited – a conclusion on whether anything has come to the practitioner’s
attention to indicate that the GHG Statement has not been prepared in
accordance with the acceptable criteria.
 The engagement is likely to be complex, involving multidisciplinary teams and
subject to uncertainty due to the difficulty of estimation and measurement.
 In addition to assurance skills, the team will require skills relating to laws,
regulations, along with quantification and reporting.

Question 22

Other assurance assignments Internal audit

Answer 22

Internal auditors are employed by the directors of the company to add value by
improving the organisation’s operations.
Internal auditors are usually employees but the function could be outsourced to an
external provider.
Internal auditors may be members of the Institute of Internal Auditors (IIA). If so, they
are governed by the following standards issued by the IIA:
 The Code of Ethics: integrity, objectivity, confidentiality, competency.
 The International Standards for the Professional Practice of Internal Audit:
setting out the professional attributes the IA must have (including having a
defined purpose, and approaching work with proficiency and professional care),
and how an IA should perform his or her work (including proper planning,
performance and communication).
Typical IA assignments:
 Value for Money audits (see s5.1)
 Operational audits (see s5.2)
 Financial audits – similar to the activities of the external auditor, and involves
obtaining evidence to substantiate the financial information in the management
accounts and financial statements.
 Project audits – assessing whether a specific project performed efficiently and
achieved its objectives.
 Social and environmental audits (see earlier)
 Management audits – assessing the performance of management and the
management structure.

Question 23

Other assurance assignments 5.1 Value for Money (VFM) audits

Answer 23

A VFM audit focusses on whether the best combination of services has been
obtained for the lowest level of resources. It will focus on the following three areas:
 Economy – keeping the cost of resources to a minimum.
 Efficiency – the relationship between the output from goods and services and
the resources used to produce them.
 Effectiveness – how well the organisation’s objectives have been achieved.
Ultimately the company will aim to produce the best quality at the lowest cost.

Question 24

Other assurance assignments 5.2 Operational audits

Answer 24

An operational audit consists of reviewing a company’s policies over a particular
functional or operational area (e.g. procurement, HR etc.) to ensure that they are
adequate, and that they operate effectively. To do this the IA will:
 ascertain and review the department’s policies by obtaining documented
policies and discussing with staff/management
 assess if the policies are adequate and advise upon improvements
 test effectiveness by observing staff and through tests of controls
 IT audits – testing the IT controls over a particular aspect of a company’s
computer system.