Appropriate checks and balances can make the management-selected criteria of assurance engagements seem less scary, as John Ward outlines.
Assurance engagements performed under the International Standard for Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information allow management to develop their own criteria. The criteria determine the basis used by management to compile the subject matter in their report. They are also used by the practitioner in conducting the assurance engagement to ‘measure’ the management report.
Why is this possible? It sounds very risky. What are the risks and pitfalls for the practitioner when assuring against management-created criteria? And how do management and the practitioner ensure that the criteria are appropriate? As a profession, we are deeply inured to the structure of the statutory audit and the infrastructure that comes with it, including: double-entry bookkeeping, control environments, internal controls, accounting standards, reporting standards, auditing standards and stock exchange listing requirements, to name but a few. But what happens when you are given a subject matter and none of that infrastructure? The simple answer is that there is nothing to stop management creating criteria for a specific purpose to support an assurance engagement.
This is an extract from an article in the February 2015 edition of Audit & Beyond, the magazine of the Audit and Assurance Faculty.
To read the complete article, subscribe to Faculties Online or join the Audit and Assurance Faculty and get access to this article in full, plus all future publications, events, webinars and services.