What is feasible?

There are many different ways that an external assurance engagement can be adjusted to meet different circumstances. There are also various limits to what can be done, for ethical, technical, or practical reasons. The scope of an assurance engagement will depend to a certain extent on the maturity of governance processes and controls around the relevant business activities.

Familiarity with the breadth of potential assurance engagements and the key components of the assurance framework enables the practitioner to work with the responsible party and the users/recipients of the assurance to design an assurance engagement that meets all party’s needs. (Read more about investigative services.)

Discussion with clients when scoping an assurance engagement is an important process. It should help the practitioner to obtain a sound understanding of the objective of the engagement, the nature of the subject matter, and the requirements of both the client and users. This understanding helps the practitioner plan procedures to gather sufficient and appropriate evidence to come to a conclusion that is useful in the light of the user need.

The practitioner should note that it is possible to obtain assurance on almost any subject matter (or subject matter information) provided that the scope of the assurance engagement is in line with the relevant standards. For example, the method of measuring or evaluating the subject matter is appropriate, criteria are suitable, and sufficient and appropriate evidence exists.

However, an assurance engagement may not always represent the optimal approach from a cost-benefit perspective. Other approaches, such as agreed-upon procedures, may achieve the required outcome with less effort on the part of both management and the practitioner.

To work out what is feasible, three questions should be considered:

• Does guidance for this kind of engagement exist?
• Are the five elements of assurance present?
• Is quality control in place?

Does guidance for this kind of engagement exist?

Some external assurance engagements take place frequently, either because they are required by a regulator or because they address a commonly occurring need. In these cases there may well be existing guidance or reference materials. For example:

• Historical financial information - ISAs (International Standards on Auditing) or ISREs (International Standards on Review Engagements).
• Any other subject matter - ISAEs (International Standards on Assurance Engagements).

In addition, the International Auditing and Assurance Standard Board (IAASB) issues International Standards on Related Services covering non assurance services such as AUPs and compilation engagements. For example, ISAE 3000 (Revised) covers assurance engagements other than audits or reviews of historical financial information, as described in the Amended International Framework for Assurance Engagements (the Framework).

Where a subject-matter specific ISAE is relevant to the subject matter of a particular engagement, that ISAE applies in addition to ISAE 3000 (Revised) . Therefore, subject-matter specific ISAEs supplement, but do not replace ISAE 3000 (Revised) . Subject matter specific standards, include: ISAE 3402 relating to financial internal controls of service organisations and ISAE 3410 relating to greenhouse gas emission statements.

Members of ICAEW should apply ISAE 3000 (Revised) to engagements falling within the scope of the standard, supplementing it with any applicable subject matter specific standard.

The assurance provider should ensure that the client is aware of the standard that they are making use of for the engagement.

• Read more on existing standards and guidance for various subject matter areas.

Are the five elements of assurance present?

Five elements must be present for an engagement to be considered assurance under the Amended International Framework for Assurance Engagements developed by IAASB. These are:

1. A three-party relationship
2. An appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. A written assurance report

If any of these elements is missing, it will need to be identified and developed before external assurance can be provided. This could take some time, which may be a reason to consider an alternative solution instead of external assurance.

Is quality control in place?

In addition, ISAE 3000 (Revised) emphasises that quality control should be an integral part of the practitioner firm performing the assurance engagements.

This requires the team and reviewer being subject to Parts A and B of the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA Code) and the practitioner performing the engagement being subject to ISQC 1, or other professional requirements being at least as demanding as ISQC 1.

Business activities

Owners and managers are engaged in activities to fulfil the objectives of the organisation. Management has a responsibility for the design and implementation of appropriate processes.  The board of directors or, where applicable, the audit committee, has responsibility for the governance of the organisation.

Within this environment assurance can play a key role in enhancing stakeholder confidence over operations within the scope of the engagement.

• Read more on the business activities and the responsibilities of management