Chapter 1: What is assurance?

Chapter learning objectives

Upon completion of this chapter you will be able to:

  • Explain the nature and objectives of audit and assurance;
  • Discuss the concepts of accountability, stewardship, agency, true and fair and reasonable assurance;
  • Explain reporting as a means of communication to stakeholders;
  • Explain the five elements of an assurance engagement; and
  • Explain the level of assurance provided by audit and other review assignments.

1 What is assurance?

"An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria." (International Audit and Assurance Standards Board Handbook)

In simple terms, giving assurance means: offering an opinion about specific information so the users of that information are able to make confident decisions knowing that the risk of the information being 'incorrect' is reduced.

2 The elements of an assurance engagement

There are 5 elements of an assurance engagement:

(i)the three parties involved:

  • the practitioner (i.e. the reviewer of the information);
  • the intended users (of the information); and
  • the responsible party (i.e. the preparer of the information).

(ii) the subject matter under scrutiny;

(iii)suitable criteria against which to judge the reliability and accuracy of the subject matter (e.g. IFRS);

(iv)sufficient appropriate evidence to substantiate an opinion; and

(v) a written report in an appropriate form.

Illustration 1: Buying a house

Consider someone who is buying a house.

Most members of the public lack the technical expertise to assess the structural condition of property. There is therefore a risk that someone pays a large sum of money to purchase a structurally unsafe property which needs further expenditure to make it useable.

To reduce this risk it is normal for house buyers (the users) to pay a property surveyor (the practitioner) to perform a structural assessment of the house (the subject matter). The surveyor would then report back (written report) to the house buyer identifying any structural deficiencies (measured against suitable structural criteria). With this information the potential buyer can then make their decision to buy or not to buy with confidence that they know what the structural condition of the house is.

Note: the practitioner is offering a professional service. They must therefore:

  • be competent;
  • be objective and independent; and     
  • follow certain expected standards of performance.

All of these issues will be considered in the chapters that follow.

Types of assurance service

  • an audit of financial statements
  • a review of financial statements
  • risk assessment reports
  • systems reliability reports
  • reports on social and environmental issues (e.g. to validate an employer’s claims about being an equal opportunities employer or a company’s claims about sustainable sourcing of materials)
  • reviews of internal controls
  • value for money audit in public sector organisations.

3 Assurance in the context of a company

Who are the likely users of corporate information?

Typically, the users of corporate information are referred to as stakeholders. These are people, or groups, who are influenced by, or can influence, the company’s decisions and actions.

Examples of stakeholder groups

Examples of stakeholder groups are:

  • shareholders;
  • management and those charged with the governance of a business;
  • other employees;
  • customers;
  • suppliers;
  • government offices;
  • lenders of funds; and
  • community organisations.

These stakeholders will need information about the company in order to make decisions. Of course, the decisions they make will all be different.

Illustration 2

  • Shareholders need to decide whether to alter their shareholdings.
  • Employees need to make career decisions.
  • Customers need to manage their supply chain.

One of the primary sources of information about a company is the financial statements. This contains information that almost all of the stakeholder groups will find useful. In particular, the shareholders (often considered as the primary stakeholder group) will need reliable financial statements to appraise the performance of their shareholding.

Usefulness of financial statements

  • Employees may be able to judge whether they think their levels of pay are adequate compared to the directors and results of the company.
  • Those charged with governance can see whether they think management have struck the right balance between their own need for reward (remuneration, share options etc) and the needs of other stakeholders.
  • Customers, suppliers and lenders can make judgements about whether the company has sufficient financial strength (i.e. liquidity) to justify future trading/financial relationships.
  • The government can decide whether the right amounts of tax have been paid etc.

4 The development of assurance engagements

Incorporation and the separation of ownership and control

Businesses can operate through a number of different vehicles. It is common for investors in those businesses to seek the protection of limited company status. This means that whilst they could lose the funds they invest in a business they cannot be held personally responsible for satisfying the remaining corporate debts. The creation of a limited company is referred to as incorporation.

Incorporation has the following implications:

  • the creation of a legal distinction between the owners of the business and the business itself;
  • the opportunity for the owners/investors to detach themselves from the operation of the business; and
  • the need for managers to operate the business on a daily basis.

Whilst this has provided financial protection for shareholders it does lead to one significant conflict:

Shareholders seek to maximise their wealth through the increasing value of their shareholding. This is usually driven by the profitability (both current and potential) of the company.

Directors/management seek to maximise their wealth through salary, bonuses and other employment benefits. This obviously reduces company profitability.

This has lead to the legal requirement for financial statements to be produced by directors to account for their stewardship of the company. These are sent to the owners/shareholders for their assessment of the performance of management.

This presents another conflict: the directors are responsible for preparing the financial statements and they benefit from reporting higher profits. There is therefore a need for an independent review of these financial statements. This is where assurance, in particular audit, comes in.


Stewardship is the responsibility to take good care of resources. A steward is a person entrusted with management of another person’s property, for example, when one person is paid to look after another person’s house while the owner goes abroad on holiday.

This relationship, where one person has a duty of care towards someone else is known as a ‘Fiduciary relationship’.

The steward is accountable for the way he carries out his role.

A fiduciary relationship is a relationship of ‘good faith’ such as that between the directors of a company and the shareholders of the company. There is a ‘separation of ownership and control’ in the sense that the shareholders own the company, while the directors take the decisions. The directors must take their decisions in the interests of the shareholders rather than in their own selfish personal interests.

Accountability means that people in positions of power can be held to account for their actions, i.e. they can be compelled to explain their decisions and can be criticised or punished if they have abused their position.

Accountability is thus central to the concept of good corporate governance – the process of ensuring that companies are well run – which we will look at in more detail in chapter 3.

Agency occur when one party, the principal, employs another party, the agent, to perform a task on their behalf.

The role of the auditor

The three parties involved in the audit process are:

  • the preparers: management/directors;
  • the users: shareholders; and
  • the practitioner: the auditors.

Management prepares the subject matter, in this case the financial statements. Auditors will review the financial statements and perform procedures to obtain sufficient appropriate evidence that the financial statements are a reasonable basis for making decisions. This means that they are prepared in accordance with a relevant financial reporting framework (i.e. suitable criteria). In the case of this text it is assumed that International Financial Reporting Standards are the basis of preparing the financial statements.

Finally the auditor prepares a written report (the audit report), which they present to the shareholders. This report summarises their opinion as to whether the financial statements are "fairly presented" (or "true and fair"). The concept of "fair presentation" is explored later but it basically means that the financial statements are:

  • reasonably accurate;
  • prepared in accordance with laws and regulations;
  • unbiased; and
  • clear/understandable.

5 Audit engagements

External audit

In most developed countries, publicly quoted companies and large companies are required by law to produce annual financial statements and have them audited by an external auditor.

Other organisations (e.g. small private companies, partnerships, etc.) may choose to be audited even if there is no legal requirement.

The objective of an external audit engagement is to enable the auditor to express an opinion on whether the financial statements

  • give a true and fair view (or present fairly in all material respects)
  • are prepared, in all material respects, in accordance with an applicable financial reporting framework.

The financial reporting framework to be applied will vary from country to country.

General principles to be followed

The auditor should follow certain general principles in the conduct of an external audit.

  • Compliance with applicable ethical principles, i.e. the IFAC Code of Ethics for Professional Accountants and the ethical pronouncements of the auditor’s professional body, e.g. the ACCA’s Rules of Professional Conduct (see later chapter).
  • Compliance with applicable auditing standards, i.e. the International Auditing and Assurance Standards Board’s (IAASB’s) International Standards on Auditing (ISAs).
  • Planning and performing the audit with an attitude of professional scepticism that recognises that the financial statements being audited may be materially misstated.

6 Types of assurance engagement

The IAASB International Framework for Assurance Engagements permits two types of assurance engagement:

  • reasonable; and    
  • limited;

Reasonable assurance engagements

In a reasonable assurance engagement, the practitioner:

  • Gathers sufficient appropriate evidence to be able to draw reasonable conclusions;
  • Concludes that the subject matter conforms in all material respects with identified suitable criteria; and
  • Gives a positively worded assurance opinion.

Illustration 3: Positively worded assurance opinion

"In our opinion, the financial statements present fairly, in all material respects (or give a true and fair view of) the financial position of ABC Company as at December 31 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards."

Statutory audit is an example of a reasonable assurance assignment. The approach to these assignments must be consistent with local legislative requirements, such as the Companies Act in the UK, and audit work will need to be carried out in accordance with International Standards on Auditing (ISAs).

The greatest level of assurance auditors can provide is reasonable. The limitations of an audit mean that it is not possible to provide 'absolute' assurance. These limitations include:

  • Financial information includes subjective and judgemental matters.
  • Inherent limitations of controls used as audit evidence.
  • Representations from management may have to be relied upon as the only source of evidence in some areas.
  • Evidence is often persuasive not conclusive; and auditors
  • Do not review 100% of the transactions and balances, they test on a sample basis.

Some users incorrectly believe that an audit does provide absolute assurance; that the audit opinion is a guarantee the financial statements are 'correct'. This and other misconceptions about the role an auditor plays are often referred to as the 'Expectations Gap.' Other examples of these misconceptions include:

  • a belief that auditors test 100% of transactions and balances: they test on a sample basis;
  • a belief that auditors are required to detect fraud; auditors are required to offer an opinion that the financial statements are free from material misstatement, which may be caused by fraud;
  • auditors are responsible for preparing the financial statements; this is the responsibility of management.

Limited assurance engagement

In a limited assurance assignment the practitioner:

  • Gathers sufficient appropriate evidence to be able to draw limited conclusions;
  • Concludes that the subject matter, with respect to identified suitable criteria, is plausible in the circumstances; and
  • Gives a negatively worded assurance opinion.

Illustration 4: Negatively worded assurance opinion

"Nothing has come to our attention that causes us to believe that the financial statements as of 31 December 2011 are not prepared, in all material respects, in accordance with an applicable financial reporting framework."

An example of a limited assurance assignment is a review engagement. It is possible for small companies, who are not legally required to have a full audit, to have a review of their financial statements to enable them to present their accounts to potential lenders.

There is no precise definition of what is meant by reasonable or limited in this context. However, it is clear that the confidence inspired by a reasonable assurance report is designed to be greater than that inspired by a limited one.

It therefore follows that:

  • there are more regulations/standards governing a reasonable assurance assignment;
  • the procedures carried out in a reasonable assignment will be more thorough; and
  • the evidence gathered will need to be of a higher quality.

The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which do not provide all the evidence required in an audit, anything has come to the auditor’s attention that causes the auditor to believe that the financial statements are not prepared in accordance with the applicable financial reporting framework (ie negative/limited assurance).

Guidance on how to perform this type of assignment is given by the IAASB in International Standard on Review Engagements (ISRE) 2400, Engagements to Review Financial Statements.

Characteristics of a review engagement

Typically review engagements will be carried out using much more limited procedures than a statutory audit. Typically the following procedures are used:

  • analytical review; and
  • enquiry

These and other audit procedures will be explained in a later chapter.

Test your understanding 1

Auditors are frequently required to provide assurance for a range of non-audit engagements.


List and explain the elements of an assurance engagement.

Real exam question: June 2010

(5 marks)

Test your understanding 2

Describe FIVE differences between a review and an audit.

(10 marks)

7 Chapter summary

Test your understanding answers

Test your understanding 1

(1)An assurance engagement will involve three separate parties:

(i)The intended user who is the person who requires the assurance report;

(ii) The responsible party, which is the organisation responsible for preparing the subject matter to be reviewed; an

(iii)The practitioner (i.e. an accountant) who is the professional who will review the subject matter and provide the assurance.

(2)A second element is a suitable subject matter. The subject matter is the data that the responsible party has prepared and which requires verification.

(3)Suitable criteria are required in an assurance engagement. The subject matter is compared to the criteria in order for it to be assessed and an opinion provided.

(4)Appropriate evidence has to be obtained by the practitioner in order to give the required level of assurance.

(5)An assurance report is the opinion that is given by the practitioner to the intended user and the responsible party.

Test your understanding 2

Created at 5/24/2012 2:32 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Last modified at 10/4/2012 1:33 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London

Rating :

Ratings & Comments  (Click the stars to rate the page)


Recent Discussions

There are no items to show in this view.