PwC global network of firms believes that the proposed standard provides a strong basis for the performance of all assurance engagements and will facilitate consistent high quality engagements, capable of being supplemented by clearly tailored topic-specific ISAEs as required, in response to the needs of users. PwC global network also believes that the revisions to the requirements and application material to better articulate the defining characteristics of a limited assurance engagement, together with the principles and differences between attestation and direct engagements, are useful.
For the attention of Mr James Gunn
International Auditing and Assurance Standards Board
545 Fifth Avenue, 14th Floor
New York, New York, 10017
1 September 2011
IAASB exposure draft – International Standard on Assurance Engagements (ISAE) 3000 (revised), ‘Assurance engagements other than audits or reviews of historical financial information’
We1 appreciate the opportunity to comment on the IAASB’s proposed International Standard on Assurance Engagements (ISAE) 3000 (Revised), ‘Assurance Engagements Other Than Audits or Reviews of Historical Financial Information’.
We support the proposed revision of the ISAE. The extant ISAE has been in effect since 2005. Since that time, we have found that the demand for assurance services and the nature of subject matter over which users are seeking assurance has evolved. We therefore agree that it is timely and appropriate for the IAASB to review the extant standard and clarify the principles and concepts underpinning the provision of assurance engagements in light of the experience gained in applying it in practice.
In our opinion, the proposed standard provides a strong basis for the performance of all assurance engagements and will facilitate consistent high quality engagements, capable of being supplemented by clearly tailored topic-specific ISAEs as required, in response to the needs of users.
We believe that the revisions to the requirements and application material to better articulate the defining characteristics of a limited assurance engagement, together with the principles and differences between attestation and direct engagements, are useful. Generally, we believe that they will serve to enhance understanding amongst practitioners of the nature and scope of individual reasonable or limited assurance engagements and the extent of the work effort necessary to convey the appropriate conclusion in the specific circumstances.
We also support the proposed amendments to the International Framework for Assurance Engagements in order to align it with the proposed revisions to ISAE 3000. But we particularly welcome the inclusion in ISAE 3000 (Revised) of material in the extant Framework that is necessary to allow ISAE 3000 (Revised) to be understood without reference to the Framework. In our experience, practitioners may focus on the Standard and, consequently, may not always look to the Framework, even though the Framework was vital to a proper understanding of some of the requirements in the extant ISAE 3000.
Sufficient and appropriate evidence
Consistent with our comments on the exposure drafts of ISRE 2400 (Revised), ‘Engagements to review historical financial statements’ and ISAE 3410, ‘Assurance engagements on greenhouse gas statements’, we question whether it is necessary to refer to the 'sufficiency and appropriateness' of evidence obtained in the context of a limited assurance engagement. We believe it is more important to focus on an assessment of whether the results of the procedures performed, and evidence obtained, are such that the practitioner is able to conclude whether the subject matter information is likely to be materially misstated than to create undue focus on the 'quantity' of evidence that might be needed in support of that conclusion.
However, we recognise that the standard needs to address both reasonable and limited assurance engagements and that the concept of 'sufficient appropriate evidence' is important in the context of a reasonable assurance engagement. We believe, however, that a solution can be found that achieves both aims by removin. references to 'sufficient appropriate evidence' in the requirements but retains the use of this term in the application material, with appropriate additional application material that explains more directly the considerations when performing a limited assurance engagement. We believe this would address our concern of requirements inadvertently implying that there is a specific, definable threshold in all limited assurance engagements, while also providing useful context for practitioners on the extent of evidence that is necessary in limited and reasonable assurance engagements, respectively.
Our detailed comments in response to the specific questions raised in the exposure draft are set out below. We have also provided some specific suggestions for the Board to consider in the appendix to this letter. We also outline in the appendix further suggested conforming amendments to the Assurance Framework arising from our comments on ISAE 3000 (Revised). We encourage the IAASB to address these comments in finalising proposed ISAE 3000 (Revised) and the Framework.
Request for specific comments
1. Do respondents believe that the nature and extent of requirements in proposed ISAE 3000 would enable consistent high quality assurance engagements while being sufficiently flexible given the broad range of engagements to which proposed ISAE 3000 will apply?
We believe the overall level of requirements to be appropriate. The changes, particularly with respect to limited assurance engagements, should help promote consistency in practice. Given the increasingly diverse range of subject matter on which users are seeking to obtain assurance, we believe an appropriate balance has been struck in the nature and extent of the requirements considered to be relevant to all assurance engagements while recognising that there will also be a need to build specific tailored requirements in future subject matter-specific ISAEs. In addition, many of the requirements deal with 'engagement management' issues. As many of these engagements are new or developing, considerations relating to engagement acceptance and the pre-conditions for an assurance engagement are particularly important and the new requirements are helpful in this regard.
2. With respect to levels of assurance:
We broadly support the definitions and characteristics of reasonable and limited assurance described in the exposure draft. In relation to limited assurance, we have proposed some minor wording amendments in the appendix that, in our view, make the distinction between the two sharper.
We support the narrative definition that conveys the form of the practitioner’s conclusion and believe this will be more effective in helping users understand the difference between each type of engagement compared to the former 'positive' and 'negative' terms applied to the conclusion.
The standard appropriately highlights those requirements where the practitioner’s work effort is different, depending on the level of assurance being obtained, and is entirely consistent with the proposals in the exposure draft of ISRE 2400 (Revised). Other requirements that have been deemed applicable to both types of engagement are considered to be appropriate.
The extent of understanding of internal control that is necessary in a limited assurance engagement is, in our experience, dependent on the underlying subject matter. We believe there is a minimum level of understanding of the control environment and information system that is necessary to sufficiently understand how the subject matter information has been prepared. For some engagements it may also be necessary to understand certain control activities relating to, for example, processing of subject matter data, to enable an informed assessment of where material misstatements in the subject matter information are likely to arise. However, in other engagements, for example, a review engagement in which the practitioner’s procedures comprise primarily inquiries of management and analytical procedures, this may be less relevant. In all cases, we do not believe it is ordinarily necessary to evaluate other aspects of the entity’s internal control, such as the risk assessment process or monitoring of controls, in a limited assurance engagement.
3. With respect to attestation and direct engagements:
We support the adoption of the terms 'attestation engagements' and 'direct engagements' on the basis that these are appropriately defined in the standard. The terms also help distinguish the engagements more clearly, as both forms of engagement are 'assurance based'.
We believe the proposed standard sufficiently articulates the concept of a direct engagement—although also recognise that in some territories this is a concept that is not widely recognised, particularly outside of the public sector. In particular, we are aware that some question the independence of the practitioner in a direct engagement. Further education of both practitioners and users may be necessary. We suggest that consideration be given to whether further explanatory material could be developed to better explain why the practitioner is considered independent of the subject matter information when it is the practitioner that prepares that information. Such guidance could help abate the ongoing debate on this matter.
We are aware that some argue that in a direct engagement, where the practitioner measures or evaluates the subject matter against the criteria and the practitioner’s conclusion forms the subject matter information, a misstatement in that subject matter information is an 'assurance failure', that is, a failure (in a reasonable assurance engagement) of the practitioner to detect a material misstatement. We support the IAASB’s assessment that in both direct and attestation engagements, the outcome of the measurement or evaluation of the subject matter against the criteria can be wrong and as such, regardless of who performs that measurement or evaluation, the primary consideration is that of the users’ perception – in both cases the subject matter information is misstated. Therefore, we believe the definition of misstatement is appropriate and applies equally to both types of engagement.
We believe there is adequate guidance on what constitutes acceptable criteria regardless of whether these are determined by a third party or by the practitioner. Specifically, the guidance that the practitioner considers discussing the choice of criteria with the appropriate party(ies) is important. We do, however, suggest that the application material should address the need for the practitioner to have sufficient knowledge of, and competence in relation to, the subject matter to enable them to develop and/or select appropriate criteria in those circumstances.
4. With respect to describing the practitioner’s procedures in the assurance report:
We support the requirement to include a summary of the work performed as the basis for the practitioner’s conclusion. For a limited assurance engagement we believe this should be of a summarised nature that is sufficient to convey an appropriate understanding of the nature and extent of procedures without resulting in an extensive list that is unwieldy and appears overly standardised. Furthermore, an appropriate description of the primary procedures performed will prove more effective than an extensive list of procedures not performed. However, in providing a description of procedures performed, it is important that the description does not appear to resemble a list of agreed-upon procedures as this will blur the distinction with assurance procedures.
We support the inclusion of language that makes clear that the extent of procedures performed in a limited assurance engagement is less than for a reasonable assurance engagement, as this is a key statement in conveying to users the nature of such an engagement. We are aware that some also hold the view that providing a list of procedures in a limited assurance report, but making no such similar disclosure (ordinarily) in a reasonable assurance report, risks creating a perception that a higher level of assurance is being provided than in a reasonable assurance engagement. We believe that the risk of the level of assurance being misinterpreted is low. The inclusion of the additional explanatory language, which describes the nature and reduced extent of procedures in the limited assurance report, is, in our opinion, sufficiently clear to mitigate this risk. We have suggested some minor amendments to the proposed wording in the appendix to this letter, which we believe make this statement clearer.
We do not believe that any additional guidance is necessary in relation to the level of detail needed for the summary of the practitioner’s procedures. Given the diverse nature of engagements that may be undertaken, we believe it is appropriate to apply principles, as described in our response to point (a), to this disclosure and allow practitioners judgement in determining what is likely to be most ‘meaningful’ to users. We believe these principles are broadly reflected in the application material. However, we have proposed some minor amendments in the appendix to this letter that we believe would reinforce those points.
5. Do respondents believe that the form of the practitioner’s conclusion in a limited assurance engagement (that is, 'based on the procedures performed, nothing has come to the practitioner’s attention to cause the practitioner to believe the subject matter information is materially misstated') communicates adequately the assurance obtained by the practitioner?
This form of conclusion is, in our opinion, the most appropriate for this type of engagement. This wording, when included in the assurance report alongside the other statements required of the practitioner, including, in particular, those described in question 4 above, adequately places the level of assurance in context and is therefore considered appropriate. Please refer to the appendix to this letter for our further comments on specific elements of the content of the practitioner’s report.
6. With respect to those applying the standard:
Recognising the broad subject matter on which assurance may be sought by users we have no objection to the proposals relating to, and definition of, the ‘practitioner’. We believe the requirements are sufficiently robust such that only appropriate individuals that are subject to requirements equivalent to those imposed on professional accountants in public practice, as describe in the introductory material to the standard, are able to undertake an engagement in accordance with the standard.
We note from the explanatory memorandum that the IAASB considered guidance in relation to circumstances when a reasonable assurance engagement addresses subject matter information that encompasses both historical financial information and other information and the related question of whether such an engagement should be conducted under ISAE 3000 or ISA 805. We support the IAASB’s conclusion that it is appropriate to allow the flexibility for this determination to be subject to the practitioner’s professional judgment in light of individual engagement circumstances. However, we believe it would be helpful to raise awareness of this scenario, which we have seen in practice, by explaining this in the standard and to explicitly state that the decision of which standard is the most appropriate to apply is based on the practitioner’s judgement in the specific engagement circumstances.
We consider the proposed effective date to be acceptable, on the assumption that the IAASB continues its normal practice of permitting early adoption.
We would be happy to discuss our views further with you. If you have any questions regarding this letter, please contact Deian Tecwyn (+44 207 212 3695) or Jamie Shannon (+44 141 355 4225).
1Following extensive consultation with members of the PwC network of firms, this response summarises the views of member firms who commented on this Exposure Draft. 'PwC' refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
We encourage the IAASB to address the following matters in finalising proposed ISAE 3000 (Revised).
|Paras 8, 9 & A20||
We believe it may benefit users’ understanding to group the definitions of the various parties to the engagement together under a new definition – 'Appropriate party(ies)', in particular given the use of this term throughout the standard. The content of paragraph 9 can then be included to accompany this definition. We suggest the following:
For the purposes of this ISAE and other ISAEs, references to 'appropriate party(ies)' should be read hereafter as 'the responsible party, the measurer or evaluator, or the engaging party, as appropriate. '
|Para 8 (a)||
We suggest it is appropriate to include, as application material to this definition, the content from the Assurance Framework that describes engagements that are not an assurance engagement (paragraphs 19-21 in the proposed revised Framework), as we believe this is a common area of misunderstanding. This is also consistent with the premise that ISAE 3000 should contain all guidance necessary for a practitioner to understand and conduct an assurance engagement without the need to separately refer to the Framework. We recommend the following additional material:
'Not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that are not consistent with the description in paragraph 8(a) (and therefore are not covered by this standard) include:
An assurance engagement may be part of a larger engagement, for example, when a business acquisition consulting engagement includes a requirement to convey assurance regarding historical or prospective financial information. In such circumstances, this standard is relevant only to the assurance portion of the engagement.
The following engagements, which may be consistent with the description in paragraph 8(a), are not considered assurance engagements in terms of this standard:
We also recommend the following minor wording amendment to the definition of limited assurance (consistent with the language adopted in ISAE 3410):
'Limited assurance engagement―An assurance engagement in which the practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement. The practitioner’s conclusion is expressed in a form that conveys that, based on the procedures performedand evidence obtained, nothing has come to the practitioner’s attention to cause the practitioner to believe the subject matter information is materially misstated. The setnature of procedures performed in a limited assurance engagement isdifferent from, and their extent less than,
|Para 8 (i)||
For the reasons set out in the main body of this letter, we recommend that the content describing the sufficiency and appropriateness of evidence be deleted. This is better located in the application material related to the requirements dealing with evidence. We also recommend a minor wording amendment as shown:
|Para 8 (q)||
The second sentence describing the role of the practitioner in a direct engagement is repetitive of paragraph 8 (b) and is equally not part of the definition of 'practitioner'. We believe this should be deleted.
We recommend additional wording as follows:
'The practitioner shall not represent compliance with this or any other ISAE unless the practitioner has complied with the requirements of this ISAE and any othersubject matter-specific ISAE relevant to the engagement. '
We believe this paragraph is repetitive of paragraph 7. We suggest that the content of this paragraph would be better located as application material to paragraph 7. We further recommend that the application material included in ISRE 2400 (Revised) paragraphs A12-A14 may be appropriate to incorporate into such application material, tailored accordingly. We have included further recommendations at the end of this appendix to align the standard with the exposure draft of ISRE 2400 (Revised) where, in our opinion, matters have been better dealt with in that standard.
As several requirements refer to complying with 'relevant ethical requirements' we recommend that the heading under which this paragraph resides be amended to state'Relevant Ethical Requirements'. Alternatively the approach adopted in ISRE 2400 (Revised) may be applied with a formal definition of the term provided. This requirement could then be simplified.
|Para 20 (a)||
We suggest that the need for the appropriate parties to understand their relevant roles and responsibilities needs to be made explicit in the requirement. We propose the following alternative wording:
'The appropriate parties understand their respective roles and responsibilities and that these are suitable in the circumstances. '
|Para 20 (b)(iii)||
We suggest additional wording as shown (consistent with the related application material):
'The practitioner will have access to therecords and evidence needed to support the practitioner’s conclusion. '
|Paras 20 (b)(v) & A53||
We believe that the requirement to assess whether there is a rational purpose for the engagement should be incorporated into requirement 18. In our opinion this should be the first consideration preceding the other elements identified in requirement 18, rather than the last item in paragraph 20. Note this is also consistent with the treatment in the exposure draft of ISRE 2400 (Revised). We propose a new paragraph 18 (a) as follows:
'The practitioner shall accept or continue an assurance engagement only when:
Refer also to our comment on paragraph A53 in respect of application material related to a ‘rational purpose’.
|Paras 26 & 62||
We believe that there may be actual, or at best perceived, conflict between the statements in requirements 26 and 62 with respect to referencing the fact of the engagement being conducted in accordance with ISAEs. The former states (including a referencing error corrected in our quote) that:
'An engagement conducted in accordance with such laws or regulations does not comply with ISAEs. Accordingly, the practitioner shall not include any reference within the assurance report to the engagement having been conducted in accordance with ISAE 3000 or any other ISAE(s). (See also paragraph 6
While, the latter states:
'If the practitioner is required by laws or regulations to use a specific layout or wording of the assurance report, the assurance report shall refer to this or other ISAEs only if the assurance report includes, at a minimum, each of the elements identified in paragraph 60. '
Similar to the ISAs, this seems to be saying that compliance with the performance requirements in the ISAE is necessary to assert compliance with the ISAE, but that reporting requirements might vary as long as a minimum set of elements is present. It might be useful to clarify this point to avoid the possible perception of inconsistency, or even contradictory, requirements.
Please refer also to our recommendation in respect of consistency with the exposure draft of ISRE 2400 (Revised) which we believe would address this issue.
This requirement is clearly drafted as a responsibility of the engagement partner. As such, we believe this needs to follow the heading'Responsibilities of the Engagement Partner'. Refer also to our related comment on paragraph 29 in the section titled 'Recommended changes to align the standard with the exposure draft of ISRE 2400 (Revised)'.
We believe this requirement should refer to 'identified' misstatements in the first instance:
'The practitioner shall accumulate
We also suggest that the approach adopted in the exposure draft of ISAE 3410 follows a more logical flow to the assessment of misstatements that is , identify, communicate and request correction, and evaluation of the effect of uncorrected misstatements. We believe the principles in requirements 48 to 54 of ISAE 3410 are appropriate for all assurance engagements and therefore encourage the IAASB to consider whether these should be reflected in ISAE 3000. As a minimum we believe this section of requirements should address identification, accumulation, communication and correction of misstatements. See our related comment on paragraph 56 (b) that deals with evaluating uncorrected misstatements.
|Paras 44 & A100-A105||
Consistent with our previous comments, we recommend that the requirement does not directly refer to 'sufficient appropriate evidence', as we believe this term is not appropriate in the context of a limited assurance engagement. We believe that the use of this term can remain in the application material on the basis that additional clarification and context is provided in respect of how this term is interpreted in a limited assurance engagement. We therefore recommend the following change to the requirement and the associated application material, as shown:
Para 44 –'The practitioner shall evaluate the
Para A105 –'Whether sufficient appropriate evidence has been obtained on which to base the practitioner’s conclusion is a matter of professional judgment.In the context of a limited assurance engagement, the sufficiency and appropriateness of evidence relates to whether the evidence obtained adequately addresses areas of the subject matter information where material misstatements are likely to arise and whether the nature, timing and extent of procedures performed is sufficient to obtain a level of assurance that is meaningful to the intended users. '
We question whether the wording of the requirement is sufficiently clear. We suggest an application material paragraph may be useful to further explain what characteristics 'about' the measurement or evaluation of the underlying subject matter against the applicable criteria the practitioner may obtain from the measurer or evaluator.
|Para 56 (a)||
Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficiency and appropriateness':
'The practitioner shall form a conclusion about whether the reported outcome of the measurement or evaluation of the underlying subject matter is free from material misstatement. In forming that conclusion, the practitioner shall consider:
|Paras 56 (b) and A99||Please refer to our suggestion on paragraph 43 above. Consistent with that view, we do not believe paragraph A99 adds any useful explanation to the two related requirements.|
|Paras 57 & A136||
Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient appropriate evidence':
Para 57 -'If the practitioner is unable to obtain
Para A136 –'An inability to perform a specific procedure does not constitute a scope limitation if the practitioner is able to obtain
|Para 60 (c)||
We believe it is important to highlight the rationale for the identification or description of the subject matter information, or subject matter, to provide context for the practitioner’s assessment of the disclosure by the appropriate party(ies). We propose the following amended wording:
'The assurance report shall include at a minimum the following basic elements:
|Para 60 (k)||
Please refer to our comments in response to question 4. We also recommend the following revised wording for the second sentence:
'In a limited assurance engagement the summary of the work performed shall state that the practitioner’s procedures are
|Para 60 (l)(i)||
We believe the use of the term 'where appropriate' is ambiguous. We suggest this bullet of the requirement be redrafted as follows and, in addition, be re-located to be the final bullet (note this bullet should also cross refer to paragraph A156 and not A158):
We suggest that this requirement could be presented more clearly, as follows:
'In those cases where the practitioner
Refer also to our comment on paragraphs 64 and 65 in the second part of this appendix.
We believe the title of this paragraph creates the impression that the content is incorrectly located in the wider context of the engagement that is , it feels strange to be referring to the practitioner’s conclusion as the first application guidance paragraph. We suggest the revised title and wording shown below would place this paragraph more in context. We have also suggested additional guidance to address engagements that may involve reporting only a single conclusion but that also contain multiple elements.
Where the subject matter information is made up of a number of
We recommend the following minor wording change in the second sentence:
'In a limited assurance engagement, the practitioner performs a set of procedureswhose nature is different from, and their extent less than,
We also suggest the following amendment to the second bullet point to reiterate that it is the practitioner, and not the engaging party, that has sole responsibility for determining the nature, timing and extent of procedures:
'Instructions or other indications from the engaging party about the nature of the assurance the engaging party is seeking the practitioner to obtain. For example, the terms of the engagement may stipulate particular procedures that the engaging party
Lastly, we suggest it may be helpful to include the following material, which has been adapted from paragraphs 2 and 4 of ISA 320 and is relevant to providing the practitione. context for determining what is 'meaningful to the intended users':
'In determining what is meaningful t. the intended users, it is reasonable for the practitioner to assume that users:
In addition, the practitioner considers the common information needs of intended users as a group. The possible effect of misstatements on specific individual users, whose needs may vary, is not considered. '
We suggest the following amended wording for the third sentence:
'The role of the practitioner in an attestation engagement is to obtain
Consistent with the previous comment we recommend the following changes:
'In addition to measuring or evaluating the underlying subject matter, the practitioner in a direct engagement also applies assurance skills and techniques to obtain
|Para A6 (b)||
We recommend deleting 'sufficient appropriate' from the second sentence as shown:
'It is this obtaining of
We recommend the following change, which is consistent with the proposed change in the Assurance Framework:
'Regardless of the involvement of others however, and unlike an agreed-upon procedures engagement (which involves reportingfactual findings based upon the procedures, rather than a conclusion):…'
We suggest that the guidance in paragraph A21 is of sufficient importance in setting the context of the application of the standard that it should be incorporated directly into paragraph 4.
We suggest that this is moved to the end of the application material on preconditions for an assurance engagement, as it is presented as a specific industry example and should follow the explanation of the underlying principles.
|Para A37 (b)||
Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient and appropriate':
'Such that the information about it can be subjected to procedures for obtaining
We suggest that the language in this paragraph be made consistent with paragraph A10 to avoid inconsistent interpretations of its intended authority, as shown:
'If criteria are specifically designed for the purpose of preparing the subject matter information in the particular circumstances of the engagement, they are not suitable if they result in subject matter information or an assurance report that is misleading to the intended users. It
Please refer to our comment on paragraph 20 (b)(v). In addition, we question whether the final three bullets in this paragraph are related to the engagement having a rational purpose.
The fifth bullet deals with limitations on scope – we suggest that this needs to be explained in the context of whether the scope of the engagement would be meaningful to users as opposed to limitations on the scope of the practitioner’s work being imposed. We believe that the language used in paragraph 16 (a) of the exposure draft of ISAE 3410 provides an appropriate basis for developing more appropriate wording.
The sixth and final bullets deal with risks or difficulties in achieving the objectives of the engagement. This is separate from the assessment of whether there is a rational purpose. We suggest that this content be relocated, for example as part of acceptance and continuance considerations.
Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient and appropriate' in the first sentence:
'In a direct engagement, the practitioner both measures or evaluates the underlying subject matter and obtains
In the third bullet we suggest the following alternative wording:
|Para A86 (& A42 (b))||
We do not believe it is appropriate to extend consideration of materiality to ‘relevant decisions’ of users as opposed to ‘economic decisions’. We do not believe there is a sufficient framework or approach that would guide the practitioner’s judgements in interpreting what the ‘decisions’ of users may be. Applying the materiality concept to more complex qualitative disclosures, such as may be included in some assurance engagements, for example, GHG statements, is difficult. Without further guidance, and without the benefit of established benchmarks, practitioners are likely to struggle with this.
Refer to our comment on paragraph 2 in the second part of this appendix. If the additional application guidance on reliance on a firms quality control systems is added, based on our recommendation, then much of this application material can be deleted and a reference to that application guidance added to a shorter paragraph explaining its application in the context of a practitioner’s expert.
We recommend that two additional bullets be added, as follows:
We also suggest it may be helpful to include, at the end of this paragraph, a cross reference back to the application material dealing with written representations in relation to access to information (paragraphs A51-A52).
Consistent with our previous comments we suggest the following alternative wording for the first sentence:
We also suggest it may be helpful to cross refer to this application material from paragraph 20 (b)(iii).
We believe that the paragraph is not sufficiently clear and suggest the following clarification to make explicit the intended wording to be applied:
'In a direct engagement, the practitioner’s conclusion is always worded in terms of the underlying subject matter and the criteria, that is, the first example shown in paragraph A154 above. '
We are concerned that this paragraph gives undue focus to fraud matters and does not address other common matters that should be communicated to the appropriate party(ies). We propose the following amended wording:
'Matters that may be appropriate to communicate with the responsible party, the measurer or evaluator, the engaging party or others include fraud or suspected fraud,matters involving non-compliance with laws and regulations that are other than clearly inconsequential, significant difficulties, if any, encountered during the engagement,and in the case of an attestation engagement,perceivedbias in the preparation of the subject matter information. '
|Paras A170 – A175||
We note that ISAE 3402 and ISAE 3410 include requirements relating to documentation principles and the final assembly of the engagement file that use identical text to the content included in these application material paragraphs. We believe such requirements, in compliance with ISQC1, are applicable to all assurance based engagements that will be performed in accordance with ISAE 3000 (Revised) and are of sufficient importance that they should have appropriate authority. As such, we find it inconsistent that these be treated as application material in the principles based standard but then repeated as replica requirements in subject matter-specific ISAEs.
We, therefore, recommend that paragraphs A170 and A171 are elevated to requirements (using the language included in the exposure draft of ISAE 3410 (paragraphs 62 – 64, tailored as necessary to refer to the 'appropriate party(ies)')) and that paragraphs A172, A174 and A175 also be elevated to requirements (based on the form of language included in paragraphs 66 and 67 of ISAE 3410).
We also recommended in our response letter to the exposure draft of ISAE 3410 that the equivalent requirements in that standard, and in ISAE 3402, be removed via conforming amendments to this standard. However, we understand that it may be considered appropriate to reflect these requirements also in subject matter-specific ISAEs due to their overall importance. We have no objection to limited repetition but believe that the authority should be consistent for the reasons outlined above.
Furthermore, we request the IAASB to consider whether the requirement in ISAE 3410 relating to documentation of matters arising after the date of the assurance report (paragraph 65) equally should be reflected in ISAE 3000, as this again would be considered to be a generic requirement applicable to all assurance engagements.
|ISAE 3000 Appendix||
We support the narrative description of the roles and responsibilities of the relevant parties to an assurance engagement. We recommend one minor amendment to point 2 (d) as follows:
'The practitioner obtains
We do, however, feel that the diagram does not articulate as effectively as it could the relationships described in the narrative, in particular, the relationship of the practitioner to the assurance report and the differing role of the practitioner in an attestation versus a direct engagement. We urge the IAASB to consider whether revisions can be made to the diagram to convey more effectively to readers these relationships. Alternatively, we suggest that the diagram could be split into two simpler tables that might be more effective in contrasting the differences in responsibilities under each type of engagement.
Recommended changes to align the standard with the exposure draft of ISRE 2400 (revised)
We believe the following matters, that are common to both standards, have been addressed more appropriately, or have used clearer language, in the exposure draft of ISRE 2400 (Revised) and recommend that ISAE 3000 (Revised) be amended to be consistent.
We suggest that some additional application material that places into context how the engagement team may rely on the firm’s quality control systems is appropriate. We, therefore, recommend that paragraphs A6-A8 from IRSE 2400 (Revised) be added immediately following paragraph A59. Refer also to our related comments on paragraph 29.
We suggest the following introduction to this paragraph, consistent with ISRE 2400 (Revised):
'The Handbook’s Glossary of Terms (the Glossary) includes the terms defined in this ISAE, and also includes descriptions of other terms found in this ISAE, to assist in common and consistent interpretation and translation. '
We suggest that the application material in ISRE 2400 (Revised) paragraphs A31, A32 and A34 - A35 would be appropriate application material for this requirement and acts as an overarching introduction to the application material on acceptance and continuance (preceding current paragraph A33).
In conjunction with our comment on paragraph 26 below, in relation to the deleted final sentence, we suggest this paragraph be amended, as follows:
'If the preconditions for an assurance engagement are not present, the practitioner shall discuss the matter with the engaging party. If changes cannot be made to meet the preconditions, the practitioner shall not accept the engagement as an assurance engagement unless required by laws or regulations to do so. However, an engagement conducted under such circumstances does not comply with ISAEs.
|Paras 23 & A54||
We suggest additional wording for the first sentence as follows:
'The practitioner shall agree the terms of the engagement with the engaging party, prior to performing the engagement. '
While acknowledging the statement in paragraph A54 that the form and content of the engagement letter may vary with the engagement circumstances, we believe it would be appropriate to include guidance that set out matters that the engagement letter would ordinarily be expected to address. This may draw on the content of ISRE 2400 (Revised) paragraphs 35, A55 and A56, tailored accordingly.
We recommend the inclusion of application material consistent with paragraph A60 of ISRE 2400 (Revised).
|Paras 25 & A56||
We recommend that the additional application guidance given in ISRE 2400 (Revised) paragraphs A61 and A63, tailored accordingly, be included in relation to this requirement.
We further recommend that an additional requirement be included, immediatel. following paragraph 25, based on paragraph 39 of ISRE 2400 (Revised), as follows:
'If the terms of engagement are changed during the course of the engagement, the practitioner and the engaging party shall agree on and record the new terms of the engagement in an engagement letter or other suitable form of written agreement. '
Further to our comments in the first section of this appendix and paragraph 21 above, we believe that the order and flow of the requirements could be improved. We recommend that paragraph 26 be moved to follow paragraph 22.
We also suggest that the structure of paragraph 33 of ISRE 2400 (Revised) is clearer and may help to better articulate the aim of requirements 26 and 62. We recommend the following revised wording:
(a) The practitioner’s report shall refer to this ISAE and any subject matter specific ISAE only if the report complies with the requirements of paragraph 60; and
(b) The practitioner shall evaluate:
If the practitioner concludes……. '
We also believe that inclusion of application material, which may be based on paragraphs A54 and A142 of ISRE 2400 (Revised), tailored accordingly, may further help illustrate this point.
With the exception of ISRE 2400 (Revised) paragraph 24 (a)(ii), which deals with the assignment of the team (dealt with separately in ISAE 3000 (Revised) paragraph 28), we believe all other clauses in ISRE 2400 (Revised) paragraph 24 and ISAE 3000 (Revised) paragraph 29 have the same intended aim and should therefore use the same language to achieve consistency across these standards.
We further recommend that paragraph A30 of ISRE 2400 (Revised) would be appropriate application material to be linked from this paragraph, in setting the overall context of the engagement partner’s responsibilities. We recommend this follow the additional application material that we have suggested in our comment on paragraph 2 above.
We suggest the first sentence in ISRE 2400 (Revised) paragraph 26 be added, as follows:
'An effective system of quality control for a firm includes a monitoring process designed to provide the firm with reasonable assurance that the firm’s policies and procedures relating to the system of quality control are relevant, adequate and operate effectively. '
We suggest the following additional wording:
'The practitioner shall plan and perform an engagement with professional scepticismrecognizing that circumstances may exist that cause the subject matter information to be materially misstated. '
We support the IAASB in not including a requirement that explicitly calls for the practitioner to revise materiality as the assurance engagement progresses. However, we believe there may be benefit in including an application material paragraph to this requirement that explains that this may be appropriate depending on the circumstances. We suggest the following wording:
'The practitioner’s determination of materiality for the assurance engagement may need to be revised during the engagement as a result of:
|Para 42 (a)||
We suggest that this requirement be more explicit in its aim and suggest the following wording:
'Based on the practitioner’s understanding (see paragraph 37)
Consistent with our comments in response to the exposure draft of ISRE 2400 (Revised), we suggest that, to avoid misinterpretation of the term ‘likely’ in the above context, it would be appropriate to provide application material that explains what this term means in the context of the practitioner’s assessment. For example, the practitioner’s assessment is based on consideration of the inherent risk of areas of the subject matter information, for example , complexity, in combination with any entity specific information that comes to his/her attention during obtaining an understanding of the subject matter and the environment in which the entity operates. It is the practitioner’s judgement, having considered the balance of this information, that drives the determination of those areas of the subject matter information where material misstatements are considered ‘likely’ to arise, and is primarily based on the practitioner’s intuition rather than an evaluation of the results of detailed procedures.
We suggest that the structure of the requirement in ISRE 2400 (Revised) is clearer and recommend the following alternative requirement:
'If, in relation to the written representations required under paragraphs 47-49,:
|Para 60 (l)(iv)||
We believe it would be helpful to explain that a modified conclusion requires to be presented under an appropriate heading. We therefore suggest the following additional language:
'Where the practitioner expresses a modified conclusion, the assurance report shall contain a clear description of the matter(s) giving rise to the modificationin a separate paragraph and us. an appropriate heading for the conclusion paragraph – 'Qualified Conclusion', 'Adverse Conclusion' or 'Disclaimer of Conclusion' as appropriate. '
|Paras 63 – 67||
It appears more logical to us that the requirements dealing with 'unmodified and modified conclusions' (paragraphs 63-67) should immediately follow the content on 'forming the assurance conclusion'. We therefore recommend that these requirements be moved to precede the section on 'preparing the assurance report'.
|Para 63 (b)||
We suggest the following additional wording:
'In the case of a limited assurance engagement, that, based on the procedures performedand evidence obtained, nothing has come to the attention of the practitioner…. . '
|Paras 64, 65 & A164 – A165||
We believe that the content of these requirements could be presented in a manner that more clearly conveys the appropriate form of conclusion to be expressed. We also suggest that it is important to link the requirement in paragraph 64 (b) to the application material in paragraphs A154 – A157 that explains the nature of the practitioner’s conclusion under an attestation and a direct engagement, as this is fundamental to understanding what this requirement is trying to describe. Our recommended wording is as follows:
Para 64 -'The practitioner shall express a modified conclusion when the following circumstances exist and, in the practitioner’s professional judgment, the effect of the matter is or may be material:
Para 65 – We recommend this paragraph is based on the wording that is used in ISRE 2400 (Revised), tailored accordingly, which we believe is clearer:
'Where the practitioner determines that a modified conclusion is necessary in the circumstances:
While paragraph 65 describes how a qualified conclusion is to be expressed, we also suggest that some form of guidance is necessary to explain the general form of wording to be applied when expressing an adverse conclusion or disclaiming a conclusion. We support the decision not to provide any illustrative reports. However, in doing so we believe it is necessary to articulate in the application guidance how an adverse or disclaimer of conclusion is ordinarily expressed.
We suggest that paragraph A67 in ISRE 2400 (Revised) be added as further application material to this paragraph.
|Paras A23- A26||
We note that this application material describes the content of the standard and its relevant authority. We question whether some, or all, of this content should be presented in the introductory material of the standard to give this greater prominence and to ensure readers understand the construct of the standard.
We also suggest that paragraphs 9-11 in the exposure draft of ISRE 2400 (Revised) are written in plainer language and could directly replace paragraphs A23 and A25, tailored accordingly.
We recommend that this paragraph be moved to be application material to paragraph 8.
We suggest the following additional wording to explain that ISQC 1 requires more than simply compliance with ethical requirements:
'ISQC 1 deals with the firm’s responsibilities to establish and maintain its system of quality control for assurance engagements. It sets out the responsibilities of the firm for establishing policies and procedures designed to provide it with reasonable assurance that: (i)the firm and its personnel comply with relevant ethical requirements, including those pertaining to independence, applicable legal and regulatory requirements, and (ii) that reports issued by the firm are appropriate in the circumstances. Compliance with ISQC 1 requires, among other things, that the firm establish and maintain a system of quality control that includes policies and procedures addressing each of the following elements, and that it documents its policies and procedures and communicates them to the firm’s personnel…. '
We recommend an additional bullet as follows:
'Conditions that may indicate possible fraud. '
We suggest the following amended wording for the second bullet:
'Over generalizing when drawing conclusions from
We recommend that the following sentence and bullets (amended as shown) from ISRE 2440 (Revised) paragraph A27 be appended to this paragraph as shown:
'The practitioner will be guided by such matters as the following:
We suggest that the following additional wording be appended to this paragraph, consistent with its use in ISRE 2400 (Revised):
'The practitioner’s judgment about the nature, timing and extent of additional procedures that are needed is guided by information obtained from the practitioner’s evaluation of the results of the procedures already performed, and the practitioner’s updated understanding obtained in the course of the engagement. '
Conforming amendments to the Assurance Framework arising from our comments on ISAE 3000 (revised)
Many of our recommended changes to paragraphs in ISAE 3000 (Revised) will apply equally to the equivalent corresponding paragraphs in the revised Assurance Framework. We have identified below, under appropriate categories, the nature of our comments on ISAE 3000 (Revised) and the relevant paragraphs in the Assurance Framework that we recommend are updated to be consistent.
Other paragraph specific comments
We recommend that these paragraphs be replaced with the content currently in Appendix 2, as modified in accordance with our recommendation relating to the use of the term 'sufficient appropriate evidence' above. We question the necessity of appendix 2 and believe this can be deleted.
|Paras 17 & 18||
The concept of 'engagement risk' is often misunderstood. We suggest it would be helpful to include a reference from these paragraphs to paragraphs 70-74 that define and explain this term.
|Para 24 (a)||
We suggest this sentence be amended as follows:
'The roles and responsibilities of the responsible party, the measurer or evaluator
|Para 24 (b)(iii)||
Refer to our comment on ISAE 3000 (Revised) paragraph 20 (b)(iii).
We do not believe this paragraph is sufficiently clear. We propose the following amended wording:
'If a competent practitioner other than a professional accountant in public practice chooses to represent compliance with an Assurance Standard, it is important to recognize that those Standards include requirements that reflect the premise in the paragraph 5 regarding theneed to comply with IESBA Code and ISQC 1, or other professional requirements, or requirements in laws or regulations that are at least as demanding. '
We recommend the following change to place the content on practitioner’s experts into appropriate context:
We question the statement that, in an attestation engagement, the responsible party is also always responsible for the subject matter information. We could conceive circumstances when a separate measurer or evaluator is responsible. We note that ISAE 3000 (Revised) paragraph A124 discusses the responsible party acknowledging, in an attestation engagement, responsibility for the subject matter but not the subject matter information.
We recommend that this content be moved to follow paragraph 79. We believe it is appropriate to discuss the concepts of materiality and nature, timing and extent of procedures before the sufficiency and appropriateness of evidence.
We suggest the following change:
'A combination of procedures is typically used to obtain either reasonable assurance or limited assurance, as appropriate. '
|Para 79 (a)||
We believe reference to 'consideration of risks of material misstatement' is not appropriate in the context of a limited assurance engagement. Refer to our comment on ISAE 3000 (Revised) paragraph 42 (a) where we recommend alternative wording.
|Para 79 (c) and Appendix 3 (limited assurance 'procedures')||
For a proper understanding of the purpose of 'additional procedures' we believe this paragraph should include the full text of the underlying requirement that it describes. We propose the following change:
'Designing and performing additional procedures, as appropriate, if the practitioner becomes aware of a matter that causes the practitioner to believe the subject matter information may be materially misstatedsufficient to conclude that the matter causes the subject matter information to be materially misstated or is not likely to. '
We believe this paragraph is more explicit, in requiring a modified conclusion when the criteria are found to be unsuitable or underlying subject matter not appropriate, than the equivalent requirement in ISAE 3000 (Revised) (paragraph 22) that deals with the practitioner’s actions when one or more preconditions for an engagement is not present after the engagement has been accepted. ISAE 3000 (Revised) requires the practitioner to determine whether the matter can be resolved, whether it is appropriate to continue and whether, and if so how, to communicate the matter in the assurance report. We suggest that this may be perceived as inconsistent and ask the Board to clarify the appropriate actions in either ISAE 3000 or the Framework.
Refer to our comment on the appendix to ISAE 3000.
1 'Consulting engagements employ a professional accountant’s technical skills, education, observations, experiences, and knowledge of the consulting process. The consulting process is an analytical process that typically involves some combination of activities relating to: objective-setting, fact-finding, definition of problems or opportunities, evaluation of alternatives, development of recommendations including actions, communication of results, and sometimes implementation and follow-up. Reports (if issued) are generally written in a narrative (or 'long form') style. Generally the work performed is only for the use and benefit of the client. The nature and scope of work is determined by agreement between the professional accountant and the client. Any service that meets the definition of an assurance engagement is not a consulting engagement but an assurance engagement. '