PwC Comments on Proposed ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

We believe it may benefit users’ understanding to group the definitions of the various parties to the engagement together under a new definition – 'Appropriate party(ies)', in particular given the use of this term throughout the standard. The content of paragraph 9 can then be included to accompany this definition. We suggest the following:

'Appropriate party(ies):

1. Engaging party – The party(ies) that engages……. .
2. Measurer or evaluator – The party(ies) who measures or evaluates……
3. Responsible party – The party(ies) responsible for the underlying…….

For the purposes of this ISAE and other ISAEs, references to 'appropriate party(ies)' should be read hereafter as 'the responsible party, the measurer or evaluator, or the engaging party, as appropriate. '

We suggest it is appropriate to include, as application material to this definition, the content from the Assurance Framework that describes engagements that are not an assurance engagement (paragraphs 19-21 in the proposed revised Framework), as we believe this is a common area of misunderstanding. This is also consistent with the premise that ISAE 3000 should contain all guidance necessary for a practitioner to understand and conduct an assurance engagement without the need to separately refer to the Framework. We recommend the following additional material:

'Not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that are not consistent with the description in paragraph 8(a) (and therefore are not covered by this standard) include:

• Engagements covered by International Standards for Related Services (ISRS), such as agreed-upon procedures engagements and compilations of financial or other information.
• The preparation of tax returns where no conclusion conveying assurance is expressed.
• Consulting (or advisory) engagements¹, such as management and tax consulting.

An assurance engagement may be part of a larger engagement, for example, when a business acquisition consulting engagement includes a requirement to convey assurance regarding historical or prospective financial information. In such circumstances, this standard is relevant only to the assurance portion of the engagement.

The following engagements, which may be consistent with the description in paragraph 8(a), are not considered assurance engagements in terms of this standard:

1. Engagements to testify in legal proceedings regarding accounting, auditing, taxation or other matters; and
2. Engagements that include professional opinions, views or wording from which a user may derive some assurance, if all of the following apply:
   1. Those opinions, views or wording are merely incidental to the overall engagement;
   2. Any written report issued is expressly restricted for use by only the intended users specified in the report;
   3. Under a written understanding with the specified intended users, the engagement is not intended to be an assurance engagement; and
   4. The engagement is not represented as an assurance engagement in the professional accountant’s report. '

We also recommend the following minor wording amendment to the definition of limited assurance (consistent with the language adopted in ISAE 3410):

'Limited assurance engagement―An assurance engagement in which the practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement. The practitioner’s conclusion is expressed in a form that conveys that, based on the procedures performedand evidence obtained, nothing has come to the practitioner’s attention to cause the practitioner to believe the subject matter information is materially misstated. The setnature of procedures performed in a limited assurance engagement isdifferent from, and their extent less than,limited compared with that necessary in a reasonable assurance engagement, however are but is planned to obtain a level of assurance that is, in the practitioner’s professional judgment, meaningful to the intended users. The limited assurance report communicates thelimited nature lesser extent of the assurance obtained. '

For the reasons set out in the main body of this letter, we recommend that the content describing the sufficiency and appropriateness of evidence be deleted. This is better located in the application material related to the requirements dealing with evidence. We also recommend a minor wording amendment as shown:

'Evidence―Informationused obtained by the practitioner in arriving at the practitioner’s conclusion…. '

The second sentence describing the role of the practitioner in a direct engagement is repetitive of paragraph 8 (b) and is equally not part of the definition of 'practitioner'. We believe this should be deleted.

We recommend additional wording as follows:

'The practitioner shall not represent compliance with this or any other ISAE unless the practitioner has complied with the requirements of this ISAE and any othersubject matter-specific ISAE relevant to the engagement. '

We believe this paragraph is repetitive of paragraph 7. We suggest that the content of this paragraph would be better located as application material to paragraph 7. We further recommend that the application material included in ISRE 2400 (Revised) paragraphs A12-A14 may be appropriate to incorporate into such application material, tailored accordingly. We have included further recommendations at the end of this appendix to align the standard with the exposure draft of ISRE 2400 (Revised) where, in our opinion, matters have been better dealt with in that standard.

As several requirements refer to complying with 'relevant ethical requirements' we recommend that the heading under which this paragraph resides be amended to state'Relevant Ethical Requirements'. Alternatively the approach adopted in ISRE 2400 (Revised) may be applied with a formal definition of the term provided. This requirement could then be simplified.

We suggest that the need for the appropriate parties to understand their relevant roles and responsibilities needs to be made explicit in the requirement. We propose the following alternative wording:

'The appropriate parties understand their respective roles and responsibilities and that these are suitable in the circumstances. '

We suggest additional wording as shown (consistent with the related application material):

'The practitioner will have access to therecords and evidence needed to support the practitioner’s conclusion. '

We believe that the requirement to assess whether there is a rational purpose for the engagement should be incorporated into requirement 18. In our opinion this should be the first consideration preceding the other elements identified in requirement 18, rather than the last item in paragraph 20. Note this is also consistent with the treatment in the exposure draft of ISRE 2400 (Revised). We propose a new paragraph 18 (a) as follows:

'The practitioner shall accept or continue an assurance engagement only when:

1. The practitioner is able to identify the purpose for the engagement and the intended users of the subject matter information, and is satisfied that there is a rational purpose for the engagement including, in the case of a limited assurance engagement, that a meaningful level of assurance can be obtained. '

Refer also to our comment on paragraph A53 in respect of application material related to a ‘rational purpose’.

We believe that there may be actual, or at best perceived, conflict between the statements in requirements 26 and 62 with respect to referencing the fact of the engagement being conducted in accordance with ISAEs. The former states (including a referencing error corrected in our quote) that:

'An engagement conducted in accordance with such laws or regulations does not comply with ISAEs. Accordingly, the practitioner shall not include any reference within the assurance report to the engagement having been conducted in accordance with ISAE 3000 or any other ISAE(s). (See also paragraph 612)'

While, the latter states:

'If the practitioner is required by laws or regulations to use a specific layout or wording of the assurance report, the assurance report shall refer to this or other ISAEs only if the assurance report includes, at a minimum, each of the elements identified in paragraph 60. '

Similar to the ISAs, this seems to be saying that compliance with the performance requirements in the ISAE is necessary to assert compliance with the ISAE, but that reporting requirements might vary as long as a minimum set of elements is present. It might be useful to clarify this point to avoid the possible perception of inconsistency, or even contradictory, requirements.

Please refer also to our recommendation in respect of consistency with the exposure draft of ISRE 2400 (Revised) which we believe would address this issue.

This requirement is clearly drafted as a responsibility of the engagement partner. As such, we believe this needs to follow the heading'Responsibilities of the Engagement Partner'. Refer also to our related comment on paragraph 29 in the section titled 'Recommended changes to align the standard with the exposure draft of ISRE 2400 (Revised)'.

We believe this requirement should refer to 'identified' misstatements in the first instance:

'The practitioner shall accumulateuncorrected misstatements identified during the engagement other than those that are clearly trivial. '

We also suggest that the approach adopted in the exposure draft of ISAE 3410 follows a more logical flow to the assessment of misstatements that is , identify, communicate and request correction, and evaluation of the effect of uncorrected misstatements. We believe the principles in requirements 48 to 54 of ISAE 3410 are appropriate for all assurance engagements and therefore encourage the IAASB to consider whether these should be reflected in ISAE 3000. As a minimum we believe this section of requirements should address identification, accumulation, communication and correction of misstatements. See our related comment on paragraph 56 (b) that deals with evaluating uncorrected misstatements.

Consistent with our previous comments, we recommend that the requirement does not directly refer to 'sufficient appropriate evidence', as we believe this term is not appropriate in the context of a limited assurance engagement. We believe that the use of this term can remain in the application material on the basis that additional clarification and context is provided in respect of how this term is interpreted in a limited assurance engagement. We therefore recommend the following change to the requirement and the associated application material, as shown:

Para 44 –'The practitioner shall evaluate thesufficiency and appropriateness of the evidence obtained in the context of the engagement…. . '

Para A105 –'Whether sufficient appropriate evidence has been obtained on which to base the practitioner’s conclusion is a matter of professional judgment.In the context of a limited assurance engagement, the sufficiency and appropriateness of evidence relates to whether the evidence obtained adequately addresses areas of the subject matter information where material misstatements are likely to arise and whether the nature, timing and extent of procedures performed is sufficient to obtain a level of assurance that is meaningful to the intended users. '

We question whether the wording of the requirement is sufficiently clear. We suggest an application material paragraph may be useful to further explain what characteristics 'about' the measurement or evaluation of the underlying subject matter against the applicable criteria the practitioner may obtain from the measurer or evaluator.

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficiency and appropriateness':

'The practitioner shall form a conclusion about whether the reported outcome of the measurement or evaluation of the underlying subject matter is free from material misstatement. In forming that conclusion, the practitioner shall consider:

1. The practitioner’s conclusion in paragraph 44 regarding thesufficiency and appropriateness evaluation ofthe evidence obtained;

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient appropriate evidence':

Para 57 -'If the practitioner is unable to obtainsufficient appropriate evidencethat provides a basis for forming a conclusion, a scope limitation exists and the practitioner shall express a qualified conclusion, disclaim a conclusion, or withdraw from the engagement, where withdrawal is possible under applicable laws or regulations, as appropriate.

Para A136 –'An inability to perform a specific procedure does not constitute a scope limitation if the practitioner is able to obtainsufficient appropriate auditevidence by performing alternative procedures. '

We believe it is important to highlight the rationale for the identification or description of the subject matter information, or subject matter, to provide context for the practitioner’s assessment of the disclosure by the appropriate party(ies). We propose the following amended wording:

'The assurance report shall include at a minimum the following basic elements:

1. …
2. …
3. An identification or description of the subject matter information and, when appropriate, the underlying subject matterthat is sufficiently comprehensive to enable the intended users to understand the nature and scope of the assurance. In the case of a direct engagement, this may be reflected in the description of the findings and basis for the practitioner’s conclusion in the assurance report. When the practitioner’s conclusion is worded in terms of a statement made by the measurer or evaluator, that statement shall be appended to the assurance report, reproduced in the assurance report or referenced therein to a source that is available to the intended users. '

Please refer to our comments in response to question 4. We also recommend the following revised wording for the second sentence:

'In a limited assurance engagement the summary of the work performed shall state that the practitioner’s procedures aremore limited less than for a reasonable assurance engagement……'

We believe the use of the term 'where appropriate' is ambiguous. We suggest this bullet of the requirement be redrafted as follows and, in addition, be re-located to be the final bullet (note this bullet should also cross refer to paragraph A156 and not A158):

'Where appropriate, When the practitioner deems it necessary, the conclusion shall inform the intended users of the context in which the practitioner’s conclusion is to be read. (Ref: Para. A1586)'

We suggest that this requirement could be presented more clearly, as follows:

'In those cases where the practitioner’s unqualified is expressing a conclusionwould be that is worded in terms of a statement made by the measurer or evaluator, and that statement has identified and properly described that the subject matter information is materially misstated, the practitioner shall either:

1. Express a qualified or adverse conclusion worded in terms of the underlying subject matter and the criteria(that is, conclude that the subject matter information is materially misstated consistent with the statement made by the measurer or evaluator); or
2. If specifically required by the terms of the engagement to word the conclusion in terms ofthe statement made by the measurer or evaluator, express an unqualified conclusionon that statement but emphasize the mattergiving rise to the material misstatement of the subject matter information by specifically referring to it in the assurance report. '

Refer also to our comment on paragraphs 64 and 65 in the second part of this appendix.

We believe the title of this paragraph creates the impression that the content is incorrectly located in the wider context of the engagement that is , it feels strange to be referring to the practitioner’s conclusion as the first application guidance paragraph. We suggest the revised title and wording shown below would place this paragraph more in context. We have also suggested additional guidance to address engagements that may involve reporting only a single conclusion but that also contain multiple elements.

'The Practitioner’s Conclusion Multiple Element Engagements

Where the subject matter information is made up of a number ofaspects elements and the practitioner has been engaged to report on each of those elements, separate conclusions may be providedon each aspect.For example, an entity may report on matters relating to sustainability and emissions in one document and request the practitioner to report separately on each of those elements.While not all such conclusions need to relate to the same level of assurance, each conclusion is expressed in the form that is appropriate to either a reasonable assurance engagement or a limited assurance engagement.When engaged to report a single reasonable assurance conclusion on subject matter information that comprises multiple elements, for example net greenhouse gas emissions, and a limited level of assurance can only be obtained on one or more material elements, it is not appropriate to express an overall reasonable assurance conclusion on the subject matter information.'

We recommend the following minor wording change in the second sentence:

'In a limited assurance engagement, the practitioner performs a set of procedureswhose nature is different from, and their extent less than,that is limited compared with that necessary in a reasonable assurance engagement…. . '

We also suggest the following amendment to the second bullet point to reiterate that it is the practitioner, and not the engaging party, that has sole responsibility for determining the nature, timing and extent of procedures:

'Instructions or other indications from the engaging party about the nature of the assurance the engaging party is seeking the practitioner to obtain. For example, the terms of the engagement may stipulate particular procedures that the engaging partyconsiders necessary believes responds to the needs of the intended users or particular aspects of the subject matter information the engaging party would like the practitioner to focus procedures on(Ref: Para A17). '

Lastly, we suggest it may be helpful to include the following material, which has been adapted from paragraphs 2 and 4 of ISA 320 and is relevant to providing the practitione. context for determining what is 'meaningful to the intended users':

'In determining what is meaningful t. the intended users, it is reasonable for the practitioner to assume that users:

1. Have a reasonable knowledge of the entity and its activities and of the subject matter, and a willingness to study the subject matter information with reasonable diligence;
2. Understand that the subject matter information is prepared, presented, and the practitioner’s work conducted, to levels of materiality; and
3. Recognize the uncertainties inherent in the measurement of amounts based on the use of estimates, judgment and the consideration of future events.

In addition, the practitioner considers the common information needs of intended users as a group. The possible effect of misstatements on specific individual users, whose needs may vary, is not considered. '

We suggest the following amended wording for the third sentence:

'The role of the practitioner in an attestation engagement is to obtainsufficient appropriate evidencethat provides a basis for formingin order to express a conclusion about whether the subject matter information, as prepared by the measurer or evaluator, is free from material misstatement. '

Consistent with the previous comment we recommend the following changes:

'In addition to measuring or evaluating the underlying subject matter, the practitioner in a direct engagement also applies assurance skills and techniques to obtainsufficient appropriate evidence in order toexpress form a conclusion about whether the subject matter information is materially misstated. '

We recommend deleting 'sufficient appropriate' from the second sentence as shown:

'It is this obtaining ofsufficient appropriate evidence that distinguishes a direct engagement from a mere compilation. '

We recommend the following change, which is consistent with the proposed change in the Assurance Framework:

'Regardless of the involvement of others however, and unlike an agreed-upon procedures engagement (which involves reportingfactual findings based upon the procedures, rather than a conclusion):…'

We suggest that the guidance in paragraph A21 is of sufficient importance in setting the context of the application of the standard that it should be incorporated directly into paragraph 4.

We suggest that this is moved to the end of the application material on preconditions for an assurance engagement, as it is presented as a specific industry example and should follow the explanation of the underlying principles.

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient and appropriate':

'Such that the information about it can be subjected to procedures for obtainingsufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate. '

We suggest that the language in this paragraph be made consistent with paragraph A10 to avoid inconsistent interpretations of its intended authority, as shown:

'If criteria are specifically designed for the purpose of preparing the subject matter information in the particular circumstances of the engagement, they are not suitable if they result in subject matter information or an assurance report that is misleading to the intended users. Itis desirable may be appropriate in such cases for the intended users or the engaging party to acknowledge that specifically developed criteria are suitable for the intended users’ purposes. The absence of such an acknowledgement may affect what is to be done to assess the suitability of the applicable criteria, and the information provided about the criteria in the assurance report. '

Please refer to our comment on paragraph 20 (b)(v). In addition, we question whether the final three bullets in this paragraph are related to the engagement having a rational purpose.

The fifth bullet deals with limitations on scope – we suggest that this needs to be explained in the context of whether the scope of the engagement would be meaningful to users as opposed to limitations on the scope of the practitioner’s work being imposed. We believe that the language used in paragraph 16 (a) of the exposure draft of ISAE 3410 provides an appropriate basis for developing more appropriate wording.

The sixth and final bullets deal with risks or difficulties in achieving the objectives of the engagement. This is separate from the assessment of whether there is a rational purpose. We suggest that this content be relocated, for example as part of acceptance and continuance considerations.

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient and appropriate' in the first sentence:

'In a direct engagement, the practitioner both measures or evaluates the underlying subject matter and obtainssufficient appropriate evidence about that measurement or evaluation. '

In the third bullet we suggest the following alternative wording:

'Evaluating whethersufficient appropriate evidencethat provides a basis for forming a conclusion has been obtained, and whether more needs to be done to achieve the overall objectives of ISAE 3000 and any relevant subject matter-specific ISAE. '

We do not believe it is appropriate to extend consideration of materiality to ‘relevant decisions’ of users as opposed to ‘economic decisions’. We do not believe there is a sufficient framework or approach that would guide the practitioner’s judgements in interpreting what the ‘decisions’ of users may be. Applying the materiality concept to more complex qualitative disclosures, such as may be included in some assurance engagements, for example, GHG statements, is difficult. Without further guidance, and without the benefit of established benchmarks, practitioners are likely to struggle with this.

Refer to our comment on paragraph 2 in the second part of this appendix. If the additional application guidance on reliance on a firms quality control systems is added, based on our recommendation, then much of this application material can be deleted and a reference to that application guidance added to a shorter paragraph explaining its application in the context of a practitioner’s expert.

We recommend that two additional bullets be added, as follows:

• 'That known or suspected fraud and actual or possible non-compliance with laws and regulations, for which the effects may affect the subject matter information, have been disclosed to the practitioner; and
• That significant events that have occurred subsequent to the measurement date and through to the date of the practitioner’s report, that may require adjustment to, or disclosure in, the subject matter information have been disclosed to the practitioner. '

We also suggest it may be helpful to include, at the end of this paragraph, a cross reference back to the application material dealing with written representations in relation to access to information (paragraphs A51-A52).

Consistent with our previous comments we suggest the following alternative wording for the first sentence:

'Thesetnature of procedures performed in a limited assurance engagement is, by definition,limited compared with different from, and their extent less than,that necessary in a reasonable assurance engagement. '

We also suggest it may be helpful to cross refer to this application material from paragraph 20 (b)(iii).

We believe that the paragraph is not sufficiently clear and suggest the following clarification to make explicit the intended wording to be applied:

'In a direct engagement, the practitioner’s conclusion is always worded in terms of the underlying subject matter and the criteria, that is, the first example shown in paragraph A154 above. '

We are concerned that this paragraph gives undue focus to fraud matters and does not address other common matters that should be communicated to the appropriate party(ies). We propose the following amended wording:

'Matters that may be appropriate to communicate with the responsible party, the measurer or evaluator, the engaging party or others include fraud or suspected fraud,matters involving non-compliance with laws and regulations that are other than clearly inconsequential, significant difficulties, if any, encountered during the engagement,and in the case of an attestation engagement,perceivedbias in the preparation of the subject matter information. '

We note that ISAE 3402 and ISAE 3410 include requirements relating to documentation principles and the final assembly of the engagement file that use identical text to the content included in these application material paragraphs. We believe such requirements, in compliance with ISQC1, are applicable to all assurance based engagements that will be performed in accordance with ISAE 3000 (Revised) and are of sufficient importance that they should have appropriate authority. As such, we find it inconsistent that these be treated as application material in the principles based standard but then repeated as replica requirements in subject matter-specific ISAEs.

We, therefore, recommend that paragraphs A170 and A171 are elevated to requirements (using the language included in the exposure draft of ISAE 3410 (paragraphs 62 – 64, tailored as necessary to refer to the 'appropriate party(ies)')) and that paragraphs A172, A174 and A175 also be elevated to requirements (based on the form of language included in paragraphs 66 and 67 of ISAE 3410).

We also recommended in our response letter to the exposure draft of ISAE 3410 that the equivalent requirements in that standard, and in ISAE 3402, be removed via conforming amendments to this standard. However, we understand that it may be considered appropriate to reflect these requirements also in subject matter-specific ISAEs due to their overall importance. We have no objection to limited repetition but believe that the authority should be consistent for the reasons outlined above.

Furthermore, we request the IAASB to consider whether the requirement in ISAE 3410 relating to documentation of matters arising after the date of the assurance report (paragraph 65) equally should be reflected in ISAE 3000, as this again would be considered to be a generic requirement applicable to all assurance engagements.

We support the narrative description of the roles and responsibilities of the relevant parties to an assurance engagement. We recommend one minor amendment to point 2 (d) as follows:

'The practitioner obtainssufficient appropriate evidencethat provides a basis forin order to expressing a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the measurement or evaluation of the underlying subject matter against criteria. '

We do, however, feel that the diagram does not articulate as effectively as it could the relationships described in the narrative, in particular, the relationship of the practitioner to the assurance report and the differing role of the practitioner in an attestation versus a direct engagement. We urge the IAASB to consider whether revisions can be made to the diagram to convey more effectively to readers these relationships. Alternatively, we suggest that the diagram could be split into two simpler tables that might be more effective in contrasting the differences in responsibilities under each type of engagement.

We suggest that some additional application material that places into context how the engagement team may rely on the firm’s quality control systems is appropriate. We, therefore, recommend that paragraphs A6-A8 from IRSE 2400 (Revised) be added immediately following paragraph A59. Refer also to our related comments on paragraph 29.

We suggest the following introduction to this paragraph, consistent with ISRE 2400 (Revised):

'The Handbook’s Glossary of Terms (the Glossary) includes the terms defined in this ISAE, and also includes descriptions of other terms found in this ISAE, to assist in common and consistent interpretation and translation. '

We suggest that the application material in ISRE 2400 (Revised) paragraphs A31, A32 and A34 - A35 would be appropriate application material for this requirement and acts as an overarching introduction to the application material on acceptance and continuance (preceding current paragraph A33).

In conjunction with our comment on paragraph 26 below, in relation to the deleted final sentence, we suggest this paragraph be amended, as follows:

'If the preconditions for an assurance engagement are not present, the practitioner shall discuss the matter with the engaging party. If changes cannot be made to meet the preconditions, the practitioner shall not accept the engagement as an assurance engagement unless required by laws or regulations to do so. However, an engagement conducted under such circumstances does not comply with ISAEs.Accordingly, the practitioner shall not include any reference within the assurance report to the engagement having been conducted in accordance with ISAE 3000 or any other ISAE(s). '

We suggest additional wording for the first sentence as follows:

'The practitioner shall agree the terms of the engagement with the engaging party, prior to performing the engagement. '

While acknowledging the statement in paragraph A54 that the form and content of the engagement letter may vary with the engagement circumstances, we believe it would be appropriate to include guidance that set out matters that the engagement letter would ordinarily be expected to address. This may draw on the content of ISRE 2400 (Revised) paragraphs 35, A55 and A56, tailored accordingly.

We recommend the inclusion of application material consistent with paragraph A60 of ISRE 2400 (Revised).

We recommend that the additional application guidance given in ISRE 2400 (Revised) paragraphs A61 and A63, tailored accordingly, be included in relation to this requirement.

We further recommend that an additional requirement be included, immediatel. following paragraph 25, based on paragraph 39 of ISRE 2400 (Revised), as follows:

'If the terms of engagement are changed during the course of the engagement, the practitioner and the engaging party shall agree on and record the new terms of the engagement in an engagement letter or other suitable form of written agreement. '

Further to our comments in the first section of this appendix and paragraph 21 above, we believe that the order and flow of the requirements could be improved. We recommend that paragraph 26 be moved to follow paragraph 22.

We also suggest that the structure of paragraph 33 of ISRE 2400 (Revised) is clearer and may help to better articulate the aim of requirements 26 and 62. We recommend the following revised wording:

'In some cases, laws or regulations of the relevant jurisdiction prescribe the layout or wording of the assurance report. In these circumstances, tIn some cases when the review is performed pursuant to applicable law or regulation of a jurisdiction, the relevant law or regulation may prescribe the layout or wording of the practitioner’s report in a form or in terms that are significantly different from the requirements of this ISAE. In these circumstances:

(a) The practitioner’s report shall refer to this ISAE and any subject matter specific ISAE only if the report complies with the requirements of paragraph 60; and

(b) The practitioner shall evaluate:

(ai. Whether intended users might misunderstand the assurance obtained from the engagement; and

(bii) If so, whether additional explanation in the assurance report can mitigate possible misunderstanding.

If the practitioner concludes……. '

We also believe that inclusion of application material, which may be based on paragraphs A54 and A142 of ISRE 2400 (Revised), tailored accordingly, may further help illustrate this point.

With the exception of ISRE 2400 (Revised) paragraph 24 (a)(ii), which deals with the assignment of the team (dealt with separately in ISAE 3000 (Revised) paragraph 28), we believe all other clauses in ISRE 2400 (Revised) paragraph 24 and ISAE 3000 (Revised) paragraph 29 have the same intended aim and should therefore use the same language to achieve consistency across these standards.

1. We recommend the following change to the introductory sentence:
   'The engagement partner shall take responsibility for the overall qualityon of the engagement. '
2. We suggest that part (a) apply the language used in ISRE 2400 (Revised) paragraph 24 (a)(i).
3. We commented in our response letter to the exposure draft of ISRE 2400 (Revised) that the remainder of the requirement in that standard be aligned with the language used in paragraph 29 in the exposure draft of ISAE 3000 (Revised).

We further recommend that paragraph A30 of ISRE 2400 (Revised) would be appropriate application material to be linked from this paragraph, in setting the overall context of the engagement partner’s responsibilities. We recommend this follow the additional application material that we have suggested in our comment on paragraph 2 above.

We suggest the first sentence in ISRE 2400 (Revised) paragraph 26 be added, as follows:

'An effective system of quality control for a firm includes a monitoring process designed to provide the firm with reasonable assurance that the firm’s policies and procedures relating to the system of quality control are relevant, adequate and operate effectively. '

We suggest the following additional wording:

'The practitioner shall plan and perform an engagement with professional scepticismrecognizing that circumstances may exist that cause the subject matter information to be materially misstated. '

We support the IAASB in not including a requirement that explicitly calls for the practitioner to revise materiality as the assurance engagement progresses. However, we believe there may be benefit in including an application material paragraph to this requirement that explains that this may be appropriate depending on the circumstances. We suggest the following wording:

'The practitioner’s determination of materiality for the assurance engagement may need to be revised during the engagement as a result of:

• A change in the circumstances that occurred during the engagement;
• New information; or
• A change in the practitioner’s understanding of the subject matter as a result of performing additional procedures for the review when warranted. '

We suggest that this requirement be more explicit in its aim and suggest the following wording:

'Based on the practitioner’s understanding (see paragraph 37)and consideration ofthe practitioner shall identify areasof the subject matter information where material misstatements are likely to arise, anddetermine the nature, timing and extent of procedures to be performed toaddress those areas and obtain a level of assurance that is meaningful to the intended users. '

Consistent with our comments in response to the exposure draft of ISRE 2400 (Revised), we suggest that, to avoid misinterpretation of the term ‘likely’ in the above context, it would be appropriate to provide application material that explains what this term means in the context of the practitioner’s assessment. For example, the practitioner’s assessment is based on consideration of the inherent risk of areas of the subject matter information, for example , complexity, in combination with any entity specific information that comes to his/her attention during obtaining an understanding of the subject matter and the environment in which the entity operates. It is the practitioner’s judgement, having considered the balance of this information, that drives the determination of those areas of the subject matter information where material misstatements are considered ‘likely’ to arise, and is primarily based on the practitioner’s intuition rather than an evaluation of the results of detailed procedures.

We suggest that the structure of the requirement in ISRE 2400 (Revised) is clearer and recommend the following alternative requirement:

'If, in relation to the written representations required under paragraphs 47-49,:

1. The responsible party(ies) does not provide the written representations; or
2. The practitioner concludes that there is cause to doubt the competence, integrity or ethical values of those providing the written representations such that the written representations provided are not reliable, the practitioner shall discuss the matter with the appropriate party(ies), and if the responsible party(ies) continue to refuse to provide required representations,
3. Determine whether a scope limitation exists, and
4. Take appropriate actions, including determining the possible effect on the conclusion in the assurance report in accordance with paragraph 57. '

We believe it would be helpful to explain that a modified conclusion requires to be presented under an appropriate heading. We therefore suggest the following additional language:

'Where the practitioner expresses a modified conclusion, the assurance report shall contain a clear description of the matter(s) giving rise to the modificationin a separate paragraph and us. an appropriate heading for the conclusion paragraph – 'Qualified Conclusion', 'Adverse Conclusion' or 'Disclaimer of Conclusion' as appropriate. '

It appears more logical to us that the requirements dealing with 'unmodified and modified conclusions' (paragraphs 63-67) should immediately follow the content on 'forming the assurance conclusion'. We therefore recommend that these requirements be moved to precede the section on 'preparing the assurance report'.

We suggest the following additional wording:

'In the case of a limited assurance engagement, that, based on the procedures performedand evidence obtained, nothing has come to the attention of the practitioner…. . '

We believe that the content of these requirements could be presented in a manner that more clearly conveys the appropriate form of conclusion to be expressed. We also suggest that it is important to link the requirement in paragraph 64 (b) to the application material in paragraphs A154 – A157 that explains the nature of the practitioner’s conclusion under an attestation and a direct engagement, as this is fundamental to understanding what this requirement is trying to describe. Our recommended wording is as follows:

Para 64 -'The practitioner shall express a modified conclusion when the following circumstances exist and, in the practitioner’s professional judgment, the effect of the matter is or may be material:

1. When a scope limitation exists (see paragraph 57). In such cases, the practitioner shall express a qualified conclusion or a disclaimer of conclusion.
2. When:
   1. The practitioner’s conclusion is worded in terms of a statement made by the measurer or evaluator, and that statement is incorrect, in a material respect; or
   2. The practitioner’s conclusion is worded in terms of the underlying subject matter and the criteria, and the subject matter information is not free from material misstatement. (Ref: Para. A164, A154 – A157–A165)'

In such cases, the practitioner shall express a qualified or adverse conclusion.

Para 65 – We recommend this paragraph is based on the wording that is used in ISRE 2400 (Revised), tailored accordingly, which we believe is clearer:

'Where the practitioner determines that a modified conclusion is necessary in the circumstances:

1. The practitioner shall express:
   1. A qualified conclusion, when the practitioner concludes that the effects of the matter(s) giving rise to the modification are material, but not pervasive to the subject matter information. A qualified conclusion is expressed as being 'except for' the effects, or possible effects, of the matter to which the qualification relates; or
   2. An adverse conclusion, when the effects of the matter(s) giving rise to the modification are both material and pervasive to the subject matter information; or
2. When the practitioner is unable to obtain evidence as the basis for a conclusion (that is, where a scope limitation exists), the practitioner shall:
   1. Express a qualified conclusion when the practitioner concludes that the possible effects on the subject matter information of undetected misstatements, if any, could be material but not pervasive to the subject matter information; or
   2. Disclaim a conclusion when the practitioner concludes that the possible effects of undetected misstatements, if any, could be both material and pervasive to the subject matter information. '

While paragraph 65 describes how a qualified conclusion is to be expressed, we also suggest that some form of guidance is necessary to explain the general form of wording to be applied when expressing an adverse conclusion or disclaiming a conclusion. We support the decision not to provide any illustrative reports. However, in doing so we believe it is necessary to articulate in the application guidance how an adverse or disclaimer of conclusion is ordinarily expressed.

We suggest that paragraph A67 in ISRE 2400 (Revised) be added as further application material to this paragraph.

We note that this application material describes the content of the standard and its relevant authority. We question whether some, or all, of this content should be presented in the introductory material of the standard to give this greater prominence and to ensure readers understand the construct of the standard.

We also suggest that paragraphs 9-11 in the exposure draft of ISRE 2400 (Revised) are written in plainer language and could directly replace paragraphs A23 and A25, tailored accordingly.

We recommend that this paragraph be moved to be application material to paragraph 8.

We suggest the following additional wording to explain that ISQC 1 requires more than simply compliance with ethical requirements:

'ISQC 1 deals with the firm’s responsibilities to establish and maintain its system of quality control for assurance engagements. It sets out the responsibilities of the firm for establishing policies and procedures designed to provide it with reasonable assurance that: (i)the firm and its personnel comply with relevant ethical requirements, including those pertaining to independence, applicable legal and regulatory requirements, and (ii) that reports issued by the firm are appropriate in the circumstances. Compliance with ISQC 1 requires, among other things, that the firm establish and maintain a system of quality control that includes policies and procedures addressing each of the following elements, and that it documents its policies and procedures and communicates them to the firm’s personnel…. '

We recommend an additional bullet as follows:

'Conditions that may indicate possible fraud. '

We suggest the following amended wording for the second bullet:

'Over generalizing when drawing conclusions fromobservations evidence obtained. '

We recommend that the following sentence and bullets (amended as shown) from ISRE 2440 (Revised) paragraph A27 be appended to this paragraph as shown:

'The practitioner will be guided by such matters as the following:

• Knowledge acquired from engagements carried out for theentity’s financial statements in prior periods, where applicable.
• The practitioner’s understanding of the business including understanding of theaccounting measurement principles and practices of the industry in which the entity operates, and of the entity’saccounting systems.
• The extent to which particular items in thefinancial statements subject matter information are affected by management judgment. '

We suggest that the following additional wording be appended to this paragraph, consistent with its use in ISRE 2400 (Revised):

'The practitioner’s judgment about the nature, timing and extent of additional procedures that are needed is guided by information obtained from the practitioner’s evaluation of the results of the procedures already performed, and the practitioner’s updated understanding obtained in the course of the engagement. '

We recommend that these paragraphs be replaced with the content currently in Appendix 2, as modified in accordance with our recommendation relating to the use of the term 'sufficient appropriate evidence' above. We question the necessity of appendix 2 and believe this can be deleted.

The concept of 'engagement risk' is often misunderstood. We suggest it would be helpful to include a reference from these paragraphs to paragraphs 70-74 that define and explain this term.

We suggest this sentence be amended as follows:

'The roles and responsibilities of the responsible party, the measurer or evaluator, or and the engaging party, as appropriate, are suitable in the circumstances. '

Refer to our comment on ISAE 3000 (Revised) paragraph 20 (b)(iii).

We do not believe this paragraph is sufficiently clear. We propose the following amended wording:

'If a competent practitioner other than a professional accountant in public practice chooses to represent compliance with an Assurance Standard, it is important to recognize that those Standards include requirements that reflect the premise in the paragraph 5 regarding theneed to comply with IESBA Code and ISQC 1, or other professional requirements, or requirements in laws or regulations that are at least as demanding. '

We recommend the following change to place the content on practitioner’s experts into appropriate context:

'In addition, tThe engagement team needs to be able to be sufficiently involved in the work of theany practitioner’s expert, and to obtain the evidence necessary to conclude whether the work of that expert is adequate for the practitioner’s purposes. '

We question the statement that, in an attestation engagement, the responsible party is also always responsible for the subject matter information. We could conceive circumstances when a separate measurer or evaluator is responsible. We note that ISAE 3000 (Revised) paragraph A124 discusses the responsible party acknowledging, in an attestation engagement, responsibility for the subject matter but not the subject matter information.

We recommend that this content be moved to follow paragraph 79. We believe it is appropriate to discuss the concepts of materiality and nature, timing and extent of procedures before the sufficiency and appropriateness of evidence.

We suggest the following change:

'A combination of procedures is typically used to obtain either reasonable assurance or limited assurance, as appropriate. '

We believe reference to 'consideration of risks of material misstatement' is not appropriate in the context of a limited assurance engagement. Refer to our comment on ISAE 3000 (Revised) paragraph 42 (a) where we recommend alternative wording.

For a proper understanding of the purpose of 'additional procedures' we believe this paragraph should include the full text of the underlying requirement that it describes. We propose the following change:

'Designing and performing additional procedures, as appropriate, if the practitioner becomes aware of a matter that causes the practitioner to believe the subject matter information may be materially misstatedsufficient to conclude that the matter causes the subject matter information to be materially misstated or is not likely to. '

We believe this paragraph is more explicit, in requiring a modified conclusion when the criteria are found to be unsuitable or underlying subject matter not appropriate, than the equivalent requirement in ISAE 3000 (Revised) (paragraph 22) that deals with the practitioner’s actions when one or more preconditions for an engagement is not present after the engagement has been accepted. ISAE 3000 (Revised) requires the practitioner to determine whether the matter can be resolved, whether it is appropriate to continue and whether, and if so how, to communicate the matter in the assurance report. We suggest that this may be perceived as inconsistent and ask the Board to clarify the appropriate actions in either ISAE 3000 or the Framework.

Refer to our comment on the appendix to ISAE 3000.