ICAEW.com works better with JavaScript enabled.

New horizons

Non-audit assurance reporting offers audit firms the potential to develop new services, new streams of revenue, and new ways to support business. Lesley Meall talks to Ruth Ward, the faculty’s assurance expert, about the possibilities and practicalities.

Non-audit assurance services are a relatively new area for many firms, but there has never been a better time to explore them. “There are great opportunities in this space for audit firms of all sizes and complexity across the spectrum,” says Ruth Ward, the Audit & Assurance Faculty technical manager who specialises in assurance.

By applying their professional judgement objectively, independently and with scepticism to data, controls, processes and other subject matter areas, against specified criteria, and then expressing an assurance conclusion using one of the available frameworks (see chart), professional accountants can provide a strong signal of reliability. And the need for businesses to provide credible financial and non-financial information to their various and very many stakeholders may never have been greater.

The new audit exemptions (in the UK) will take many firms out of statutory audit, but where this happens, it seems likely to increase the need for assurance of non-audited financial information. Meanwhile, changes in regulatory, market and business reporting (across the globe) are increasing the demand for assurance of non-financial information.

“These are exciting times,” enthuses Ward. “Firms have the opportunity to develop a whole new range of services, new streams of revenue, and new ways to support business.”

So far, the large firms have been the main innovators in assurance – not least because they have the greatest resources. But with high-level international standards, technical releases from ICAEW, and the help of the faculty's "Assurance Sourcebook", all firms can deliver assurance services of quality and value.

Developing assurance

"The Assurance Sourcebook: A Guide to Assurance Services" is an extensive and comprehensive work that offers guidance, support and practical assistance to firms.

“I think that members are going to find it very useful,” says Ward. It pulls together assurance guidance from the International Auditing and Assurance Standards Board IAASB) and ICAEW (including AAF Technical Releases), gives historical and current context to all of this, and explains how it can be applied. “It’s very practical,” says Ward, and leads practitioners through processes such as how to approach a client about assurance and how to select the appropriate type of assurance.

“At the moment, many member firms and their clients are unaware of the potential of assurance,” says Ward, and the "Assurance Sourcebook" shows practitioners the range of possibilities.

It is important to differentiate the financial statement audit from a financial statement review – the procedures performed in the latter are often (but not always) substantially less than those performed in a statutory audit. However, various types of assurance can be based on unaudited historical financial information, giving credibility to it and confidence to those who use it.

“Start-ups are a good example of this,” says Ward. “The key figures that their banks are looking at are half-yearly, so an assurance engagement could give these the seal of approval, and give extra comfort over the figures that the bank uses to support its assessment of the business.” It also serves to highlight the importance of the user of assurance. “Assurance services have proved most successful when the benefit to third parties is clear and significant,” she adds.

Subject matter

Assurance that is based on historical financial information isn’t the only area that merits exploration. The range of information used in the decision-making processes of business managers and stakeholders (including investors, lenders and others) is expanding to reflect changes in business practices, technology and in society, and new areas of risk.

In the past assurance has been successfully applied to areas such as internal controls (helping management to enhance the quality of their systems and controls as well as providing confidence to external stakeholders, such as the organisations they provide services to), and sustainability information (adding robustness to the transparency required in this area and enhancing confidence in sustainability information as a whole). But new assurance gaps are emerging too: for example, investors in large companies are starting look for assurance on companies’ narrative reports. So the material that could form the subject of an assurance engagement includes, but is not restricted to: quantitative information, including financial information and performance measures such as KPIs;

  • aspects of information technology, such as information flows and security;
  • management of information flows;
  • regulatory processes and compliance;
  • compliance with contractual agreements;
  • operations and projects, including where performed by third parties;
  • governance, strategy and management processes;
  • environmental information;
  • internal controls and the internal-control environment;
  • risk-management systems and processes;
  • ethics and behaviour; and
  • financial processes.

“You can be bespoke and build assurance engagements around KPIs that are really important to the business and KPIs that are really valued by stakeholders,” says Ward, and the "Assurance Sourcebook" provides more detail on all of this and more; it is 66 pages long and growing. Although some of it has been written with a broad range of readers in mind – management, investors, government and other policymakers, or anyone interested in enhancing the credibility of information produced today – it will be an invaluable document for professional accountancy practitioners. Faculty members will be pleased to find that it draws on the assurance experiences of ICAEW members to identify good practice and both technical and practical innovations, and it illustrates these with case studies, to demonstrate:

  • how to determine an organisation’s needs and define the right service;
  • how to structure and scope engagements in light of standards and guidance, and practical considerations;
  • and how to deliver assurance engagements – from acceptance, through planning and performance, to reporting.

Available frameworks

As well as taking a lead with the "Assurance Sourcebook", ICAEW has been at the forefront of the development of assurance frameworks and standards for historical financial statements and non-financial information. Its Technical Releases have proved a valuable source of good practice guidance on technical and practice issues in a range of assurance areas, helping organisations to apply the principles from international standards such as ISAE 3000 and ISAE 3402 in various situations. These range from AAF 01/06 "Assurance Reports on the Internal Controls of Service Organisations made Available to Third Parties", through AAF 02/09 "New Arrangements for Accountants Reporting to the Civil Aviation Authority", to AAF 01/10 "Framework Document for Accountants’ Reports on Grant Claims".

“AAF 01/06 is a real success story,” says Ward. Because of the extra guidance and scope it provides, lots of organisations have used it with the International Standard on Assurance Engagements ISAE 3402, as the two are complementary. As entities’ use of outside service organisations to accomplish tasks that affect the entity’s internal controls has grown, so has the use and relevance of 01/06, and it was recently updated as was the associated "Stewardship Supplement". The two can be found at the following links:

Since AAF 03/06 "The ICAEW Assurance Service on Unaudited Financial Statements" was issued on an interim basis in 2006, members have used it for hundreds of engagements. Now it is being reviewed to align it with ISRE 2400 (Revised) "Engagements to Review Historical Financial Statements" which was issued by the IAASB in September 2012 (see Technical updates December 2012/January 2013). The faculty plans to develop and update 03/06 and may rename it to reflect and encourage its use for reviews of annual accounts – something we may all be seeing many more of.

Essentials

As the "Assurance Sourcebook" outlines, the following conditions must be met before accepting an assurance engagement:

  • an expectation that relevant ethical requirements, such as independence and professional competence, will be satisfied;
  • an expectation that there is a rational purpose to the engagement; and
  • the engagement should exhibit all of the following five elements:
  • a three-party relationship involving the practitioner, a responsible party, and intended users;
    1. appropriate subject matter;
    2. suitable criteria exist and such criteria will be available to intended users;
    3. the practitioner will have access to sufficient appropriate evidence to support the conclusion; and
    4. a conclusion, in the form appropriate to the engagement, is to be contained in a written report.

Management responsibility

The "Assurance Sourcebook" provides practical guidance on the responsibilities of management and how this affects the level of assurance that can be offered over description, process or outcome. Management is responsible for the design and implementation of appropriate processes, while governance responsibilities rest with the board of directors, or where applicable, the audit committee or their equivalents, such as the board of trustees in non-corporate environments.

The way those responsible run the business affects the nature of the assurance engagement, as different owners and management may have different ideas on which aspects of their business should be examined by a practitioner, what should be used as criteria, to whom the report should be addressed, and what evidence may be available. The degree of monitoring of management, as evidenced through documentation, also affects the nature and scope of assurance engagement.

Practitioners need to identify a series of basic concepts for how owners or management, together with those charged with governance, operate and control the business or organisation, as they may typically be at one of the following four stages:

  1. Leading and establishing the tone at the top.
  2. Establishing strategy and aligning objectives.
  3. Implementing processes, policies and procedures.
  4. Utilising information flows to monitor the performance of the business or operations.

These concepts may be more formalised and better documented within larger organisations. In smaller organisations these concepts may be established as an integral part of the intentions and actions of the owners and managers but may not be systematically documented. The stage that management is at will affect the level of assurance that can be offered.

If management are at stage one (leading and establishing the tone at the top) then there is no tangible outcome to test, and processes may not be in place yet – but an assurance opinion could be given over the fairness of a written description of management activity.

At stage two management are likely to have designed controls and procedures but not yet fully implemented them – so an assurance opinion can go so far as to cover the design suitability, but there is not yet evidence to support an opinion about how effective the procedures are in practice.

Stages three and four give rise to outcomes. From stage three, the effectiveness of the control environment; from stage four, the truth and fairness of the information flows. So at these two stages assurance can cover outcomes.

The different management activities and related focus of assurance engagements can be regarded as a progression, with more comprehensive assurance provided as the management and governance of the entity increases in sophistication over time, and the "Assurance Sourcebook" provides the guidance that practitioners require to consider this and the five elements of assurance engagements (see Essentials above) and use it to inform the decisions they make about how to scope and structure their assurance engagements.

The faculty is keen to hear from members about the assurance engagements they are developing and delivering and how ICAEW can be of support. Please email any comments to ruth.ward@icaew.com.

This article first appeared in the November 2012 edition of Audit & Beyond, the magazine from the ICAEW Audit and Assurance Faculty.