Standards and guidance
A comprehensive list of standards and guidance covering external assurance engagements. Find out which standards apply for engagements by subject area, as well as information on individual standards and the practical application of guidance to assurance engagements.
|Please note: All of the IFAC standards referenced below sit beneath and operate within the structures described in the Amended International Framework for Assurance Engagements published by the International Auditing and Assurance Standards Board (IAASB).|
Page reviewed March 2021. Next review due March 2022.
All IAASB standards, including ISAE 3000 (Revised), are available from: ifac.org
|ISQC1||International Standard on Quality Control, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Services Engagements||Deals with a firm’s responsibilities for its system of quality control for audits and reviews of financial statements, and other assurance and related services engagements. This ISQC is to be read in conjunction with relevant ethical requirements. Issued by IAASB.|
|ISAE 3000 (Revised)||Assurance Engagements Other than Audits or Reviews of Historical Financial Information||
Provides requirements and guidance on assurance engagements, other than audit or reviews of historical financial information. It is a principles-based standard that is capable of being applied effectively to a broad range of underlying subject matters, and provides a basis for current and future subject-specific ISAEs.
|ISAE (UK) 3000||Assurance Engagements Other than Audits or Reviews of Historical Financial Information||Provides requirements and guidance on assurance engagements, other than audit or reviews of historical financial information. It is a principles-based standard that is capable of being applied effectively to a broad range of underlying subject matters, and provides a basis for current and future subject-specific ISAEs.
Issued by the FRC in July 2020.
|ISAE 3402||Assurance Reports on Controls at a Service Organization||For practitioners engaged to give an assurance report on internal controls at service organisations. The scope of assurance reporting covers internal controls over the service the service organisation provides that are relevant to user entities’ internal control over their financial reporting. ISAE 3402 expands on how ISAE 3000 (Revised) is to be applied in a reasonable assurance engagement to report on controls at a service organisation.|
|ISAE 3410||Assurance Engagements on Greenhouse Gas Statements||Deals with assurance engagements to report on an entity’s greenhouse gas statement. Assurance engagements envisaged may cover a GHG statement and other information, for example, when the practitioner is engaged to report on a sustainability report of which a GHG statement is only one part. ISAE 3410 expands on how ISAE 3000 (Revised) is to be applied in an assurance engagement to report on an entity’s GHG statement.|
|ISAE 3420||Assurance Engagements to Report on the Compilation of Pro Forma Financial Information in a Prospectus||Deals with reasonable assurance engagements undertaken by a practitioner to report on the responsible party’s compilation of pro forma financial information included in a prospectus. The ISAE applies where such reporting is required by securities law or the regulation of the securities exchange in the jurisdiction in which the prospectus is to be issued, or this reporting is generally accepted practice in such jurisdiction.|
|ISRE 2400 (Revised)||Engagements to Review Historical Financial Statements||Establishes standards and provide guidance on the practitioner’s professional responsibilities when a practitioner, who is not the auditor of an entity, undertakes an engagement to review financial statements and on the form and content of the report that the practitioner issues in connection with such a review. ICAEW issued technical guidance on performing an assurance review engagement on the financial statements of unaudited companies. See AAF 09/13.|
|ISRE 2410||Review of Interim Financial Information Performed by the Independent Auditor of the Entity||Establishes standards and provides guidance on the auditor’s professional responsibilities when the auditor undertakes an engagement to review interim financial information of an audit client, and on the form and content of the report.|
|ISRS 4400||Engagements to Perform Agreed-Upon Procedures Regarding Financial Information||Establishes standards and provides guidance on the auditor’s professional responsibilities when an engagement to perform agreed-upon procedures regarding financial information is undertaken and on the form and content of the report that the auditor issues in connection with such an engagement.|
|ISRS 4410 (Revised)
||Compilation Engagements||Establishes standards and provides guidance on the practitioner’s professional responsibilities when an engagement to perform agreed-upon procedures regarding financial information is undertaken and on the form and content of the report that the auditor issues in connection with such an engagement.|
|SSAE 18||Reporting on Controls at a Service Organization||Issued by AICPA as the authoritative US guidance for reporting on service organisations.|
ICAEW and other guidance
All ICAEW Audit & Assurance Faculty Technical Releases, including AAF 01/06, are available here.
|AAF 01/06||Assurance reports on internal controls of service organisations made available to third parties||Issued in 2006 for practitioners engaged to give an assurance report on internal controls at service organisations. The scope of assurance reporting covers internal controls over the service the service organisation provides and is not restricted to controls related to financial reporting. The guidance contains reporting and assessment criteria for a range of financial service organisations.
|AAF 01/06 Stewardship Supplement||Stewardship Supplement to AAF 01/06||Issued to assist asset managers to obtain an assurance report on their compliance with the UK Stewardship Code published by the Financial Reporting Council (FRC) in 2010. The framework of assurance reporting follows that of AAF 01/06. The UK Stewardship Code was issued to enhance the quality of engagement between institutional investors and companies they invest in to help improve long-term returns to shareholders and the efficient exercise of governance responsibilities.|
|AAF 02/06||Identifying and managing certain risks arising from the inclusion of reports from auditors and accountants in prospectuses||Guidance which addresses safeguards for accountants who prepare reports for inclusion in or with prospectuses and investment circular and for auditors whose audit report is to be included or referred to in a prospectus or other investment circulars.|
|AAF 09/13||Assurance Review Engagements on Historical Financial Statements||Guidance on performing assurance reviews of financial statements of UK companies that are exempt from statutory audit requirement. AAF 09/13 is consistent with ISRE 2400 (Revised).|
|AAF 04/06||Assurance engagements: Management of risk and liability||Guidance which assists accountants to mitigate their risks and liability when undertaking assurance engagements.|
|AAF 07/16||Chartered accountants’ reports on the compilation of financial statements of incorporated entities||Guidance on the compilation of accounts of incorporated entities ie, prepared in accordance with the Companies Act 2006.|
|AAF 08/16||Chartered accountants’ reports on the compilation of historical financial information of unincorporated entities||Guidance on compilation of historical financial information of unincorporated entities for general or specific purposes.|
|ITF 01/07||Assurance report on the outsourced provision of information services and information processing services||Closely follows the framework set out in AAF 01/06 for specific type of outsourced services – information and information processing services.|
|Providing Assurance on Client Assets to the Financial Conduct Authority
||Published by the FRC in 2015. The Standard provides guidance on the responsibilities of an auditor appointed to report on regulated firms’ compliance with the FCA’s Client Asset (CASS) rules. The document is available from frc.org.uk.|
|SIR 4000||Investment Reporting Standards Applicable to Public Reporting Engagements on Pro forma Financial Information||SIR 4000 contains basic principles and essential procedures with which a reporting accountant is required to comply in the conduct of an engagement to report on pro forma financial information, which is included within an investment circular prepared for issue in connection with a securities transaction governed wholly or in part by the laws and regulations of the UK. The document is available from frc.org.uk.|
|Sustainability assurance: Your choice||This booklet from ICAEW highlights key issues around the assurance of sustainability information using a series of questions and answers. The questions cover report users, what an assurance service is, what it should achieve, and what other services could help enhance business sustainability.|
|Chartered accountant services: A Practical Guide||This information sheet outlines three different services that chartered accountants provide to assist client with company accounts. It also highlights when these services are appropriate and the key benefits arising from them.|
|SOC 1, 2, 3||SSAE 18 is typically complemented by the Service Organization Control (SOC) Reporting Framework (SOC 1, 2, 3). SOC 1-3 are developed to provide a reporting framework for service organisations on their internal control over financial reporting (SOC 1), for IT related controls concerning, for example, cloud computing, managed service, data centres (SOC 2) and web trust (SOC 3). SOC 1-3 are also issued by the AICPA. Access restricted to AICPA members only.|
|Amended International Framework for Assurance Engagements||Published by IAASB in 2004, the framework sets out high-level principles applicable to various types of assurance services and might help to address some of these issues. But the practical application of this guidance still needs thorough testing.|