PwC Comments on Proposed ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

  • Print-friendly version
PwC comment letter (IFAC) 09/15/2011 by Global accounting consulting services

PwC global network of firms believes that the proposed standard provides a strong basis for the performance of all assurance engagements and will facilitate consistent high quality engagements, capable of being supplemented by clearly tailored topic-specific ISAEs as required, in response to the needs of users. PwC global network also believes that the revisions to the requirements and application material to better articulate the defining characteristics of a limited assurance engagement, together with the principles and differences between attestation and direct engagements, are useful.

Comment letter


For the attention of Mr James Gunn
Technical Director
International Auditing and Assurance Standards Board
545 Fifth Avenue, 14th Floor
New York, New York, 10017
USA

1 September 2011

Dear Sir

IAASB exposure draft – International Standard on Assurance Engagements (ISAE) 3000 (revised), ‘Assurance engagements other than audits or reviews of historical financial information’

We1 appreciate the opportunity to comment on the IAASB’s proposed International Standard on Assurance Engagements (ISAE) 3000 (Revised), ‘Assurance Engagements Other Than Audits or Reviews of Historical Financial Information’.

Overall comments

We support the proposed revision of the ISAE. The extant ISAE has been in effect since 2005. Since that time, we have found that the demand for assurance services and the nature of subject matter over which users are seeking assurance has evolved. We therefore agree that it is timely and appropriate for the IAASB to review the extant standard and clarify the principles and concepts underpinning the provision of assurance engagements in light of the experience gained in applying it in practice.

In our opinion, the proposed standard provides a strong basis for the performance of all assurance engagements and will facilitate consistent high quality engagements, capable of being supplemented by clearly tailored topic-specific ISAEs as required, in response to the needs of users.

We believe that the revisions to the requirements and application material to better articulate the defining characteristics of a limited assurance engagement, together with the principles and differences between attestation and direct engagements, are useful. Generally, we believe that they will serve to enhance understanding amongst practitioners of the nature and scope of individual reasonable or limited assurance engagements and the extent of the work effort necessary to convey the appropriate conclusion in the specific circumstances.

We also support the proposed amendments to the International Framework for Assurance Engagements in order to align it with the proposed revisions to ISAE 3000. But we particularly welcome the inclusion in ISAE 3000 (Revised) of material in the extant Framework that is necessary to allow ISAE 3000 (Revised) to be understood without reference to the Framework. In our experience, practitioners may focus on the Standard and, consequently, may not always look to the Framework, even though the Framework was vital to a proper understanding of some of the requirements in the extant ISAE 3000.

Sufficient and appropriate evidence

Consistent with our comments on the exposure drafts of ISRE 2400 (Revised), ‘Engagements to review historical financial statements’ and ISAE 3410, ‘Assurance engagements on greenhouse gas statements’, we question whether it is necessary to refer to the 'sufficiency and appropriateness' of evidence obtained in the context of a limited assurance engagement. We believe it is more important to focus on an assessment of whether the results of the procedures performed, and evidence obtained, are such that the practitioner is able to conclude whether the subject matter information is likely to be materially misstated than to create undue focus on the 'quantity' of evidence that might be needed in support of that conclusion.

However, we recognise that the standard needs to address both reasonable and limited assurance engagements and that the concept of 'sufficient appropriate evidence' is important in the context of a reasonable assurance engagement. We believe, however, that a solution can be found that achieves both aims by removin. references to 'sufficient appropriate evidence' in the requirements but retains the use of this term in the application material, with appropriate additional application material that explains more directly the considerations when performing a limited assurance engagement. We believe this would address our concern of requirements inadvertently implying that there is a specific, definable threshold in all limited assurance engagements, while also providing useful context for practitioners on the extent of evidence that is necessary in limited and reasonable assurance engagements, respectively.

Our detailed comments in response to the specific questions raised in the exposure draft are set out below. We have also provided some specific suggestions for the Board to consider in the appendix to this letter. We also outline in the appendix further suggested conforming amendments to the Assurance Framework arising from our comments on ISAE 3000 (Revised). We encourage the IAASB to address these comments in finalising proposed ISAE 3000 (Revised) and the Framework.

Request for specific comments

1. Do respondents believe that the nature and extent of requirements in proposed ISAE 3000 would enable consistent high quality assurance engagements while being sufficiently flexible given the broad range of engagements to which proposed ISAE 3000 will apply?

We believe the overall level of requirements to be appropriate. The changes, particularly with respect to limited assurance engagements, should help promote consistency in practice. Given the increasingly diverse range of subject matter on which users are seeking to obtain assurance, we believe an appropriate balance has been struck in the nature and extent of the requirements considered to be relevant to all assurance engagements while recognising that there will also be a need to build specific tailored requirements in future subject matter-specific ISAEs. In addition, many of the requirements deal with 'engagement management' issues. As many of these engagements are new or developing, considerations relating to engagement acceptance and the pre-conditions for an assurance engagement are particularly important and the new requirements are helpful in this regard.

2. With respect to levels of assurance:

a. Does proposed ISAE 3000 properly define, and explain the difference between, reasonable assurance engagements and limited assurance engagements?

We broadly support the definitions and characteristics of reasonable and limited assurance described in the exposure draft. In relation to limited assurance, we have proposed some minor wording amendments in the appendix that, in our view, make the distinction between the two sharper.

We support the narrative definition that conveys the form of the practitioner’s conclusion and believe this will be more effective in helping users understand the difference between each type of engagement compared to the former 'positive' and 'negative' terms applied to the conclusion.

b. Are the requirements and other material in proposed ISAE 3000 appropriate to both reasonable assurance engagements and limited assurance engagements?

The standard appropriately highlights those requirements where the practitioner’s work effort is different, depending on the level of assurance being obtained, and is entirely consistent with the proposals in the exposure draft of ISRE 2400 (Revised). Other requirements that have been deemed applicable to both types of engagement are considered to be appropriate.

c. Should the proposed ISAE 3000 require, for limited assurance, the practitioner to obtain an understanding of internal control over the preparation of the subject matter information when relevant to the underlying subject matter and other engagement circumstances?

The extent of understanding of internal control that is necessary in a limited assurance engagement is, in our experience, dependent on the underlying subject matter. We believe there is a minimum level of understanding of the control environment and information system that is necessary to sufficiently understand how the subject matter information has been prepared. For some engagements it may also be necessary to understand certain control activities relating to, for example, processing of subject matter data, to enable an informed assessment of where material misstatements in the subject matter information are likely to arise. However, in other engagements, for example, a review engagement in which the practitioner’s procedures comprise primarily inquiries of management and analytical procedures, this may be less relevant. In all cases, we do not believe it is ordinarily necessary to evaluate other aspects of the entity’s internal control, such as the risk assessment process or monitoring of controls, in a limited assurance engagement.

3. With respect to attestation and direct engagements:

a. Do respondents agree with the proposed changes in terminology from 'assurance-based engagements' to 'attestation engagements' as well as those from 'direct-reporting engagements' to 'direct engagements'?

We support the adoption of the terms 'attestation engagements' and 'direct engagements' on the basis that these are appropriately defined in the standard. The terms also help distinguish the engagements more clearly, as both forms of engagement are 'assurance based'.

b. Does proposed ISAE 3000 properly define, and explain the difference between, direct engagements and attestation engagements?

We believe the proposed standard sufficiently articulates the concept of a direct engagement—although also recognise that in some territories this is a concept that is not widely recognised, particularly outside of the public sector. In particular, we are aware that some question the independence of the practitioner in a direct engagement. Further education of both practitioners and users may be necessary. We suggest that consideration be given to whether further explanatory material could be developed to better explain why the practitioner is considered independent of the subject matter information when it is the practitioner that prepares that information. Such guidance could help abate the ongoing debate on this matter.

c. Are the objectives, requirements and other material in the proposed ISAE 3000 appropriate to both direct engagements and attestation engagements? In particular:
i. In a direct engagement when the practitioner’s conclusion is the subject matter information, do respondents believe that the practitioner’s objective in paragraph 6(a) (that is, to obtain either reasonable assurance or limited assurance about whether the subject matter information is free of material misstatement) is appropriate in light of the definition of a misstatement (see paragraph 8(n))?
ii. In some direct engagements the practitioner may select or develop the applicable criteria. Do respondents believe the requirements and guidance in proposed ISAE 3000 appropriately address such circumstances?

We are aware that some argue that in a direct engagement, where the practitioner measures or evaluates the subject matter against the criteria and the practitioner’s conclusion forms the subject matter information, a misstatement in that subject matter information is an 'assurance failure', that is, a failure (in a reasonable assurance engagement) of the practitioner to detect a material misstatement. We support the IAASB’s assessment that in both direct and attestation engagements, the outcome of the measurement or evaluation of the subject matter against the criteria can be wrong and as such, regardless of who performs that measurement or evaluation, the primary consideration is that of the users’ perception – in both cases the subject matter information is misstated. Therefore, we believe the definition of misstatement is appropriate and applies equally to both types of engagement.

We believe there is adequate guidance on what constitutes acceptable criteria regardless of whether these are determined by a third party or by the practitioner. Specifically, the guidance that the practitioner considers discussing the choice of criteria with the appropriate party(ies) is important. We do, however, suggest that the application material should address the need for the practitioner to have sufficient knowledge of, and competence in relation to, the subject matter to enable them to develop and/or select appropriate criteria in those circumstances.

4. With respect to describing the practitioner’s procedures in the assurance report:

a. Is the requirement to include a summary of the work performed as the basis for the practitioner’s conclusion appropriate?

We support the requirement to include a summary of the work performed as the basis for the practitioner’s conclusion. For a limited assurance engagement we believe this should be of a summarised nature that is sufficient to convey an appropriate understanding of the nature and extent of procedures without resulting in an extensive list that is unwieldy and appears overly standardised. Furthermore, an appropriate description of the primary procedures performed will prove more effective than an extensive list of procedures not performed. However, in providing a description of procedures performed, it is important that the description does not appear to resemble a list of agreed-upon procedures as this will blur the distinction with assurance procedures.

b. Is the requirement, in the case of limited assurance engagements, to state that the practitioner’s procedures are more limited than for a reasonable assurance engagement and consequently they do not enable the practitioner to obtain the assurance necessary to become aware of all significant matters that might be identified in a reasonable assurance engagement, appropriate?

We support the inclusion of language that makes clear that the extent of procedures performed in a limited assurance engagement is less than for a reasonable assurance engagement, as this is a key statement in conveying to users the nature of such an engagement. We are aware that some also hold the view that providing a list of procedures in a limited assurance report, but making no such similar disclosure (ordinarily) in a reasonable assurance report, risks creating a perception that a higher level of assurance is being provided than in a reasonable assurance engagement. We believe that the risk of the level of assurance being misinterpreted is low. The inclusion of the additional explanatory language, which describes the nature and reduced extent of procedures in the limited assurance report, is, in our opinion, sufficiently clear to mitigate this risk. We have suggested some minor amendments to the proposed wording in the appendix to this letter, which we believe make this statement clearer.

c. Should further requirements or guidance be included regarding the level of detail needed for the summary of the practitioner’s procedures in a limited assurance engagement?

We do not believe that any additional guidance is necessary in relation to the level of detail needed for the summary of the practitioner’s procedures. Given the diverse nature of engagements that may be undertaken, we believe it is appropriate to apply principles, as described in our response to point (a), to this disclosure and allow practitioners judgement in determining what is likely to be most ‘meaningful’ to users. We believe these principles are broadly reflected in the application material. However, we have proposed some minor amendments in the appendix to this letter that we believe would reinforce those points.

5. Do respondents believe that the form of the practitioner’s conclusion in a limited assurance engagement (that is, 'based on the procedures performed, nothing has come to the practitioner’s attention to cause the practitioner to believe the subject matter information is materially misstated') communicates adequately the assurance obtained by the practitioner?

This form of conclusion is, in our opinion, the most appropriate for this type of engagement. This wording, when included in the assurance report alongside the other statements required of the practitioner, including, in particular, those described in question 4 above, adequately places the level of assurance in context and is therefore considered appropriate. Please refer to the appendix to this letter for our further comments on specific elements of the content of the practitioner’s report.

6. With respect to those applying the standard:

a. Do respondents agree with the approach taken in proposed ISAE 3000 regarding application of the standard by competent practitioners other than professional accountants in public practice?
b. Do respondents agree with proposed definition of 'practitioner'?

Recognising the broad subject matter on which assurance may be sought by users we have no objection to the proposals relating to, and definition of, the ‘practitioner’. We believe the requirements are sufficiently robust such that only appropriate individuals that are subject to requirements equivalent to those imposed on professional accountants in public practice, as describe in the introductory material to the standard, are able to undertake an engagement in accordance with the standard.

Other comments

We note from the explanatory memorandum that the IAASB considered guidance in relation to circumstances when a reasonable assurance engagement addresses subject matter information that encompasses both historical financial information and other information and the related question of whether such an engagement should be conducted under ISAE 3000 or ISA 805. We support the IAASB’s conclusion that it is appropriate to allow the flexibility for this determination to be subject to the practitioner’s professional judgment in light of individual engagement circumstances. However, we believe it would be helpful to raise awareness of this scenario, which we have seen in practice, by explaining this in the standard and to explicitly state that the decision of which standard is the most appropriate to apply is based on the practitioner’s judgement in the specific engagement circumstances.

Effective date

We consider the proposed effective date to be acceptable, on the assumption that the IAASB continues its normal practice of permitting early adoption.

We would be happy to discuss our views further with you. If you have any questions regarding this letter, please contact Deian Tecwyn (+44 207 212 3695) or Jamie Shannon (+44 141 355 4225).

Yours faithfully,

PricewaterhouseCoopers LLP


1Following extensive consultation with members of the PwC network of firms, this response summarises the views of member firms who commented on this Exposure Draft. 'PwC' refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.


Appendix

We encourage the IAASB to address the following matters in finalising proposed ISAE 3000 (Revised).

Paragraph Comment
Paras 8, 9 & A20

We believe it may benefit users’ understanding to group the definitions of the various parties to the engagement together under a new definition – 'Appropriate party(ies)', in particular given the use of this term throughout the standard. The content of paragraph 9 can then be included to accompany this definition. We suggest the following:

'Appropriate party(ies):

  1. Engaging party – The party(ies) that engages……. .
  2. Measurer or evaluator – The party(ies) who measures or evaluates……
  3. Responsible party – The party(ies) responsible for the underlying…….

For the purposes of this ISAE and other ISAEs, references to 'appropriate party(ies)' should be read hereafter as 'the responsible party, the measurer or evaluator, or the engaging party, as appropriate. '

Para 8 (a)

We suggest it is appropriate to include, as application material to this definition, the content from the Assurance Framework that describes engagements that are not an assurance engagement (paragraphs 19-21 in the proposed revised Framework), as we believe this is a common area of misunderstanding. This is also consistent with the premise that ISAE 3000 should contain all guidance necessary for a practitioner to understand and conduct an assurance engagement without the need to separately refer to the Framework. We recommend the following additional material:

'Not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that are not consistent with the description in paragraph 8(a) (and therefore are not covered by this standard) include:

  • Engagements covered by International Standards for Related Services (ISRS), such as agreed-upon procedures engagements and compilations of financial or other information.
  • The preparation of tax returns where no conclusion conveying assurance is expressed.
  • Consulting (or advisory) engagements1, such as management and tax consulting.

An assurance engagement may be part of a larger engagement, for example, when a business acquisition consulting engagement includes a requirement to convey assurance regarding historical or prospective financial information. In such circumstances, this standard is relevant only to the assurance portion of the engagement.

The following engagements, which may be consistent with the description in paragraph 8(a), are not considered assurance engagements in terms of this standard:

  1. Engagements to testify in legal proceedings regarding accounting, auditing, taxation or other matters; and
  2. Engagements that include professional opinions, views or wording from which a user may derive some assurance, if all of the following apply:
    1. Those opinions, views or wording are merely incidental to the overall engagement;
    2. Any written report issued is expressly restricted for use by only the intended users specified in the report;
    3. Under a written understanding with the specified intended users, the engagement is not intended to be an assurance engagement; and
    4. The engagement is not represented as an assurance engagement in the professional accountant’s report. '

We also recommend the following minor wording amendment to the definition of limited assurance (consistent with the language adopted in ISAE 3410):

'Limited assurance engagement―An assurance engagement in which the practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement. The practitioner’s conclusion is expressed in a form that conveys that, based on the procedures performedand evidence obtained, nothing has come to the practitioner’s attention to cause the practitioner to believe the subject matter information is materially misstated. The setnature of procedures performed in a limited assurance engagement isdifferent from, and their extent less than,limited compared with that necessary in a reasonable assurance engagement, however are but is planned to obtain a level of assurance that is, in the practitioner’s professional judgment, meaningful to the intended users. The limited assurance report communicates thelimited nature lesser extent of the assurance obtained. '

Para 8 (i)

For the reasons set out in the main body of this letter, we recommend that the content describing the sufficiency and appropriateness of evidence be deleted. This is better located in the application material related to the requirements dealing with evidence. We also recommend a minor wording amendment as shown:

'Evidence―Informationused obtained by the practitioner in arriving at the practitioner’s conclusion…. '

Para 8 (q)

The second sentence describing the role of the practitioner in a direct engagement is repetitive of paragraph 8 (b) and is equally not part of the definition of 'practitioner'. We believe this should be deleted.

Para 11

We recommend additional wording as follows:

'The practitioner shall not represent compliance with this or any other ISAE unless the practitioner has complied with the requirements of this ISAE and any othersubject matter-specific ISAE relevant to the engagement. '

Para 15

We believe this paragraph is repetitive of paragraph 7. We suggest that the content of this paragraph would be better located as application material to paragraph 7. We further recommend that the application material included in ISRE 2400 (Revised) paragraphs A12-A14 may be appropriate to incorporate into such application material, tailored accordingly. We have included further recommendations at the end of this appendix to align the standard with the exposure draft of ISRE 2400 (Revised) where, in our opinion, matters have been better dealt with in that standard.

Para 16

As several requirements refer to complying with 'relevant ethical requirements' we recommend that the heading under which this paragraph resides be amended to state'Relevant Ethical Requirements'. Alternatively the approach adopted in ISRE 2400 (Revised) may be applied with a formal definition of the term provided. This requirement could then be simplified.

Para 20 (a)

We suggest that the need for the appropriate parties to understand their relevant roles and responsibilities needs to be made explicit in the requirement. We propose the following alternative wording:

'The appropriate parties understand their respective roles and responsibilities and that these are suitable in the circumstances. '

Para 20 (b)(iii)

We suggest additional wording as shown (consistent with the related application material):

'The practitioner will have access to therecords and evidence needed to support the practitioner’s conclusion. '

Paras 20 (b)(v) & A53

We believe that the requirement to assess whether there is a rational purpose for the engagement should be incorporated into requirement 18. In our opinion this should be the first consideration preceding the other elements identified in requirement 18, rather than the last item in paragraph 20. Note this is also consistent with the treatment in the exposure draft of ISRE 2400 (Revised). We propose a new paragraph 18 (a) as follows:

'The practitioner shall accept or continue an assurance engagement only when:

  1. The practitioner is able to identify the purpose for the engagement and the intended users of the subject matter information, and is satisfied that there is a rational purpose for the engagement including, in the case of a limited assurance engagement, that a meaningful level of assurance can be obtained. '

Refer also to our comment on paragraph A53 in respect of application material related to a ‘rational purpose’.

Paras 26 & 62

We believe that there may be actual, or at best perceived, conflict between the statements in requirements 26 and 62 with respect to referencing the fact of the engagement being conducted in accordance with ISAEs. The former states (including a referencing error corrected in our quote) that:

'An engagement conducted in accordance with such laws or regulations does not comply with ISAEs. Accordingly, the practitioner shall not include any reference within the assurance report to the engagement having been conducted in accordance with ISAE 3000 or any other ISAE(s). (See also paragraph 612)'

While, the latter states:

'If the practitioner is required by laws or regulations to use a specific layout or wording of the assurance report, the assurance report shall refer to this or other ISAEs only if the assurance report includes, at a minimum, each of the elements identified in paragraph 60. '

Similar to the ISAs, this seems to be saying that compliance with the performance requirements in the ISAE is necessary to assert compliance with the ISAE, but that reporting requirements might vary as long as a minimum set of elements is present. It might be useful to clarify this point to avoid the possible perception of inconsistency, or even contradictory, requirements.

Please refer also to our recommendation in respect of consistency with the exposure draft of ISRE 2400 (Revised) which we believe would address this issue.

Para 28

This requirement is clearly drafted as a responsibility of the engagement partner. As such, we believe this needs to follow the heading'Responsibilities of the Engagement Partner'. Refer also to our related comment on paragraph 29 in the section titled 'Recommended changes to align the standard with the exposure draft of ISRE 2400 (Revised)'.

Para 43

We believe this requirement should refer to 'identified' misstatements in the first instance:

'The practitioner shall accumulateuncorrected misstatements identified during the engagement other than those that are clearly trivial. '

We also suggest that the approach adopted in the exposure draft of ISAE 3410 follows a more logical flow to the assessment of misstatements that is , identify, communicate and request correction, and evaluation of the effect of uncorrected misstatements. We believe the principles in requirements 48 to 54 of ISAE 3410 are appropriate for all assurance engagements and therefore encourage the IAASB to consider whether these should be reflected in ISAE 3000. As a minimum we believe this section of requirements should address identification, accumulation, communication and correction of misstatements. See our related comment on paragraph 56 (b) that deals with evaluating uncorrected misstatements.

Paras 44 & A100-A105

Consistent with our previous comments, we recommend that the requirement does not directly refer to 'sufficient appropriate evidence', as we believe this term is not appropriate in the context of a limited assurance engagement. We believe that the use of this term can remain in the application material on the basis that additional clarification and context is provided in respect of how this term is interpreted in a limited assurance engagement. We therefore recommend the following change to the requirement and the associated application material, as shown:

Para 44 –'The practitioner shall evaluate thesufficiency and appropriateness of the evidence obtained in the context of the engagement…. . '

Para A105 –'Whether sufficient appropriate evidence has been obtained on which to base the practitioner’s conclusion is a matter of professional judgment.In the context of a limited assurance engagement, the sufficiency and appropriateness of evidence relates to whether the evidence obtained adequately addresses areas of the subject matter information where material misstatements are likely to arise and whether the nature, timing and extent of procedures performed is sufficient to obtain a level of assurance that is meaningful to the intended users. '

Para 48

We question whether the wording of the requirement is sufficiently clear. We suggest an application material paragraph may be useful to further explain what characteristics 'about' the measurement or evaluation of the underlying subject matter against the applicable criteria the practitioner may obtain from the measurer or evaluator.

Para 56 (a)

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficiency and appropriateness':

'The practitioner shall form a conclusion about whether the reported outcome of the measurement or evaluation of the underlying subject matter is free from material misstatement. In forming that conclusion, the practitioner shall consider:

  1. The practitioner’s conclusion in paragraph 44 regarding thesufficiency and appropriateness evaluation ofthe evidence obtained;
Paras 56 (b) and A99 Please refer to our suggestion on paragraph 43 above. Consistent with that view, we do not believe paragraph A99 adds any useful explanation to the two related requirements.
Paras 57 & A136

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient appropriate evidence':

Para 57 -'If the practitioner is unable to obtainsufficient appropriate evidencethat provides a basis for forming a conclusion, a scope limitation exists and the practitioner shall express a qualified conclusion, disclaim a conclusion, or withdraw from the engagement, where withdrawal is possible under applicable laws or regulations, as appropriate.

Para A136 –'An inability to perform a specific procedure does not constitute a scope limitation if the practitioner is able to obtainsufficient appropriate auditevidence by performing alternative procedures. '

Para 60 (c)

We believe it is important to highlight the rationale for the identification or description of the subject matter information, or subject matter, to provide context for the practitioner’s assessment of the disclosure by the appropriate party(ies). We propose the following amended wording:

'The assurance report shall include at a minimum the following basic elements:

  1. An identification or description of the subject matter information and, when appropriate, the underlying subject matterthat is sufficiently comprehensive to enable the intended users to understand the nature and scope of the assurance. In the case of a direct engagement, this may be reflected in the description of the findings and basis for the practitioner’s conclusion in the assurance report. When the practitioner’s conclusion is worded in terms of a statement made by the measurer or evaluator, that statement shall be appended to the assurance report, reproduced in the assurance report or referenced therein to a source that is available to the intended users. '
Para 60 (k)

Please refer to our comments in response to question 4. We also recommend the following revised wording for the second sentence:

'In a limited assurance engagement the summary of the work performed shall state that the practitioner’s procedures aremore limited less than for a reasonable assurance engagement……'

Para 60 (l)(i)

We believe the use of the term 'where appropriate' is ambiguous. We suggest this bullet of the requirement be redrafted as follows and, in addition, be re-located to be the final bullet (note this bullet should also cross refer to paragraph A156 and not A158):

'Where appropriate, When the practitioner deems it necessary, the conclusion shall inform the intended users of the context in which the practitioner’s conclusion is to be read. (Ref: Para. A1586)'

Para 67

We suggest that this requirement could be presented more clearly, as follows:

'In those cases where the practitioner’s unqualified is expressing a conclusionwould be that is worded in terms of a statement made by the measurer or evaluator, and that statement has identified and properly described that the subject matter information is materially misstated, the practitioner shall either:

  1. Express a qualified or adverse conclusion worded in terms of the underlying subject matter and the criteria(that is, conclude that the subject matter information is materially misstated consistent with the statement made by the measurer or evaluator); or
  2. If specifically required by the terms of the engagement to word the conclusion in terms ofthe statement made by the measurer or evaluator, express an unqualified conclusionon that statement but emphasize the mattergiving rise to the material misstatement of the subject matter information by specifically referring to it in the assurance report. '

Refer also to our comment on paragraphs 64 and 65 in the second part of this appendix.

Para A1

We believe the title of this paragraph creates the impression that the content is incorrectly located in the wider context of the engagement that is , it feels strange to be referring to the practitioner’s conclusion as the first application guidance paragraph. We suggest the revised title and wording shown below would place this paragraph more in context. We have also suggested additional guidance to address engagements that may involve reporting only a single conclusion but that also contain multiple elements.

'The Practitioner’s Conclusion Multiple Element Engagements

Where the subject matter information is made up of a number ofaspects elements and the practitioner has been engaged to report on each of those elements, separate conclusions may be providedon each aspect.For example, an entity may report on matters relating to sustainability and emissions in one document and request the practitioner to report separately on each of those elements.While not all such conclusions need to relate to the same level of assurance, each conclusion is expressed in the form that is appropriate to either a reasonable assurance engagement or a limited assurance engagement.When engaged to report a single reasonable assurance conclusion on subject matter information that comprises multiple elements, for example net greenhouse gas emissions, and a limited level of assurance can only be obtained on one or more material elements, it is not appropriate to express an overall reasonable assurance conclusion on the subject matter information.'

Para A2

We recommend the following minor wording change in the second sentence:

'In a limited assurance engagement, the practitioner performs a set of procedureswhose nature is different from, and their extent less than,that is limited compared with that necessary in a reasonable assurance engagement…. . '

We also suggest the following amendment to the second bullet point to reiterate that it is the practitioner, and not the engaging party, that has sole responsibility for determining the nature, timing and extent of procedures:

'Instructions or other indications from the engaging party about the nature of the assurance the engaging party is seeking the practitioner to obtain. For example, the terms of the engagement may stipulate particular procedures that the engaging partyconsiders necessary believes responds to the needs of the intended users or particular aspects of the subject matter information the engaging party would like the practitioner to focus procedures on(Ref: Para A17). '

Lastly, we suggest it may be helpful to include the following material, which has been adapted from paragraphs 2 and 4 of ISA 320 and is relevant to providing the practitione. context for determining what is 'meaningful to the intended users':

'In determining what is meaningful t. the intended users, it is reasonable for the practitioner to assume that users:

  1. Have a reasonable knowledge of the entity and its activities and of the subject matter, and a willingness to study the subject matter information with reasonable diligence;
  2. Understand that the subject matter information is prepared, presented, and the practitioner’s work conducted, to levels of materiality; and
  3. Recognize the uncertainties inherent in the measurement of amounts based on the use of estimates, judgment and the consideration of future events.

In addition, the practitioner considers the common information needs of intended users as a group. The possible effect of misstatements on specific individual users, whose needs may vary, is not considered. '

Para A3

We suggest the following amended wording for the third sentence:

'The role of the practitioner in an attestation engagement is to obtainsufficient appropriate evidencethat provides a basis for formingin order to express a conclusion about whether the subject matter information, as prepared by the measurer or evaluator, is free from material misstatement. '

Para A5

Consistent with the previous comment we recommend the following changes:

'In addition to measuring or evaluating the underlying subject matter, the practitioner in a direct engagement also applies assurance skills and techniques to obtainsufficient appropriate evidence in order toexpress form a conclusion about whether the subject matter information is materially misstated. '

Para A6 (b)

We recommend deleting 'sufficient appropriate' from the second sentence as shown:

'It is this obtaining ofsufficient appropriate evidence that distinguishes a direct engagement from a mere compilation. '

Para A17

We recommend the following change, which is consistent with the proposed change in the Assurance Framework:

'Regardless of the involvement of others however, and unlike an agreed-upon procedures engagement (which involves reportingfactual findings based upon the procedures, rather than a conclusion):…'

Para A21

We suggest that the guidance in paragraph A21 is of sufficient importance in setting the context of the application of the standard that it should be incorporated directly into paragraph 4.

Para A33

We suggest that this is moved to the end of the application material on preconditions for an assurance engagement, as it is presented as a specific industry example and should follow the explanation of the underlying principles.

Para A37 (b)

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient and appropriate':

'Such that the information about it can be subjected to procedures for obtainingsufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate. '

Para A47

We suggest that the language in this paragraph be made consistent with paragraph A10 to avoid inconsistent interpretations of its intended authority, as shown:

'If criteria are specifically designed for the purpose of preparing the subject matter information in the particular circumstances of the engagement, they are not suitable if they result in subject matter information or an assurance report that is misleading to the intended users. Itis desirable may be appropriate in such cases for the intended users or the engaging party to acknowledge that specifically developed criteria are suitable for the intended users’ purposes. The absence of such an acknowledgement may affect what is to be done to assess the suitability of the applicable criteria, and the information provided about the criteria in the assurance report. '

Para A53

Please refer to our comment on paragraph 20 (b)(v). In addition, we question whether the final three bullets in this paragraph are related to the engagement having a rational purpose.

The fifth bullet deals with limitations on scope – we suggest that this needs to be explained in the context of whether the scope of the engagement would be meaningful to users as opposed to limitations on the scope of the practitioner’s work being imposed. We believe that the language used in paragraph 16 (a) of the exposure draft of ISAE 3410 provides an appropriate basis for developing more appropriate wording.

The sixth and final bullets deal with risks or difficulties in achieving the objectives of the engagement. This is separate from the assessment of whether there is a rational purpose. We suggest that this content be relocated, for example as part of acceptance and continuance considerations.

Para A68

Consistent with our previous comments, we recommend the following amendment to remove reference to 'sufficient and appropriate' in the first sentence:

'In a direct engagement, the practitioner both measures or evaluates the underlying subject matter and obtainssufficient appropriate evidence about that measurement or evaluation. '

Para A75

In the third bullet we suggest the following alternative wording:

'Evaluating whethersufficient appropriate evidencethat provides a basis for forming a conclusion has been obtained, and whether more needs to be done to achieve the overall objectives of ISAE 3000 and any relevant subject matter-specific ISAE. '

Para A86 (& A42 (b))

We do not believe it is appropriate to extend consideration of materiality to ‘relevant decisions’ of users as opposed to ‘economic decisions’. We do not believe there is a sufficient framework or approach that would guide the practitioner’s judgements in interpreting what the ‘decisions’ of users may be. Applying the materiality concept to more complex qualitative disclosures, such as may be included in some assurance engagements, for example, GHG statements, is difficult. Without further guidance, and without the benefit of established benchmarks, practitioners are likely to struggle with this.

Para A110

Refer to our comment on paragraph 2 in the second part of this appendix. If the additional application guidance on reliance on a firms quality control systems is added, based on our recommendation, then much of this application material can be deleted and a reference to that application guidance added to a shorter paragraph explaining its application in the context of a practitioner’s expert.

Para A124

We recommend that two additional bullets be added, as follows:

  • 'That known or suspected fraud and actual or possible non-compliance with laws and regulations, for which the effects may affect the subject matter information, have been disclosed to the practitioner; and
  • That significant events that have occurred subsequent to the measurement date and through to the date of the practitioner’s report, that may require adjustment to, or disclosure in, the subject matter information have been disclosed to the practitioner. '

We also suggest it may be helpful to include, at the end of this paragraph, a cross reference back to the application material dealing with written representations in relation to access to information (paragraphs A51-A52).

Para A137

Consistent with our previous comments we suggest the following alternative wording for the first sentence:

'Thesetnature of procedures performed in a limited assurance engagement is, by definition,limited compared with different from, and their extent less than,that necessary in a reasonable assurance engagement. '

We also suggest it may be helpful to cross refer to this application material from paragraph 20 (b)(iii).

Para A155

We believe that the paragraph is not sufficiently clear and suggest the following clarification to make explicit the intended wording to be applied:

'In a direct engagement, the practitioner’s conclusion is always worded in terms of the underlying subject matter and the criteria, that is, the first example shown in paragraph A154 above. '

Para A166

We are concerned that this paragraph gives undue focus to fraud matters and does not address other common matters that should be communicated to the appropriate party(ies). We propose the following amended wording:

'Matters that may be appropriate to communicate with the responsible party, the measurer or evaluator, the engaging party or others include fraud or suspected fraud,matters involving non-compliance with laws and regulations that are other than clearly inconsequential, significant difficulties, if any, encountered during the engagement,and in the case of an attestation engagement,perceivedbias in the preparation of the subject matter information. '

Paras A170 – A175

We note that ISAE 3402 and ISAE 3410 include requirements relating to documentation principles and the final assembly of the engagement file that use identical text to the content included in these application material paragraphs. We believe such requirements, in compliance with ISQC1, are applicable to all assurance based engagements that will be performed in accordance with ISAE 3000 (Revised) and are of sufficient importance that they should have appropriate authority. As such, we find it inconsistent that these be treated as application material in the principles based standard but then repeated as replica requirements in subject matter-specific ISAEs.

We, therefore, recommend that paragraphs A170 and A171 are elevated to requirements (using the language included in the exposure draft of ISAE 3410 (paragraphs 62 – 64, tailored as necessary to refer to the 'appropriate party(ies)')) and that paragraphs A172, A174 and A175 also be elevated to requirements (based on the form of language included in paragraphs 66 and 67 of ISAE 3410).

We also recommended in our response letter to the exposure draft of ISAE 3410 that the equivalent requirements in that standard, and in ISAE 3402, be removed via conforming amendments to this standard. However, we understand that it may be considered appropriate to reflect these requirements also in subject matter-specific ISAEs due to their overall importance. We have no objection to limited repetition but believe that the authority should be consistent for the reasons outlined above.

Furthermore, we request the IAASB to consider whether the requirement in ISAE 3410 relating to documentation of matters arising after the date of the assurance report (paragraph 65) equally should be reflected in ISAE 3000, as this again would be considered to be a generic requirement applicable to all assurance engagements.

ISAE 3000 Appendix

We support the narrative description of the roles and responsibilities of the relevant parties to an assurance engagement. We recommend one minor amendment to point 2 (d) as follows:

'The practitioner obtainssufficient appropriate evidencethat provides a basis forin order to expressing a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the measurement or evaluation of the underlying subject matter against criteria. '

We do, however, feel that the diagram does not articulate as effectively as it could the relationships described in the narrative, in particular, the relationship of the practitioner to the assurance report and the differing role of the practitioner in an attestation versus a direct engagement. We urge the IAASB to consider whether revisions can be made to the diagram to convey more effectively to readers these relationships. Alternatively, we suggest that the diagram could be split into two simpler tables that might be more effective in contrasting the differences in responsibilities under each type of engagement.

Recommended changes to align the standard with the exposure draft of ISRE 2400 (revised)

We believe the following matters, that are common to both standards, have been addressed more appropriately, or have used clearer language, in the exposure draft of ISRE 2400 (Revised) and recommend that ISAE 3000 (Revised) be amended to be consistent.

 

Para 2

We suggest that some additional application material that places into context how the engagement team may rely on the firm’s quality control systems is appropriate. We, therefore, recommend that paragraphs A6-A8 from IRSE 2400 (Revised) be added immediately following paragraph A59. Refer also to our related comments on paragraph 29.

Para 8

We suggest the following introduction to this paragraph, consistent with ISRE 2400 (Revised):

'The Handbook’s Glossary of Terms (the Glossary) includes the terms defined in this ISAE, and also includes descriptions of other terms found in this ISAE, to assist in common and consistent interpretation and translation. '

Para 17

We suggest that the application material in ISRE 2400 (Revised) paragraphs A31, A32 and A34 - A35 would be appropriate application material for this requirement and acts as an overarching introduction to the application material on acceptance and continuance (preceding current paragraph A33).

Para 21

In conjunction with our comment on paragraph 26 below, in relation to the deleted final sentence, we suggest this paragraph be amended, as follows:

'If the preconditions for an assurance engagement are not present, the practitioner shall discuss the matter with the engaging party. If changes cannot be made to meet the preconditions, the practitioner shall not accept the engagement as an assurance engagement unless required by laws or regulations to do so. However, an engagement conducted under such circumstances does not comply with ISAEs.Accordingly, the practitioner shall not include any reference within the assurance report to the engagement having been conducted in accordance with ISAE 3000 or any other ISAE(s). '

Paras 23 & A54

We suggest additional wording for the first sentence as follows:

'The practitioner shall agree the terms of the engagement with the engaging party, prior to performing the engagement. '

While acknowledging the statement in paragraph A54 that the form and content of the engagement letter may vary with the engagement circumstances, we believe it would be appropriate to include guidance that set out matters that the engagement letter would ordinarily be expected to address. This may draw on the content of ISRE 2400 (Revised) paragraphs 35, A55 and A56, tailored accordingly.

Para 24

We recommend the inclusion of application material consistent with paragraph A60 of ISRE 2400 (Revised).

Paras 25 & A56

We recommend that the additional application guidance given in ISRE 2400 (Revised) paragraphs A61 and A63, tailored accordingly, be included in relation to this requirement.

We further recommend that an additional requirement be included, immediatel. following paragraph 25, based on paragraph 39 of ISRE 2400 (Revised), as follows:

'If the terms of engagement are changed during the course of the engagement, the practitioner and the engaging party shall agree on and record the new terms of the engagement in an engagement letter or other suitable form of written agreement. '

Para 26

Further to our comments in the first section of this appendix and paragraph 21 above, we believe that the order and flow of the requirements could be improved. We recommend that paragraph 26 be moved to follow paragraph 22.

We also suggest that the structure of paragraph 33 of ISRE 2400 (Revised) is clearer and may help to better articulate the aim of requirements 26 and 62. We recommend the following revised wording:

'In some cases, laws or regulations of the relevant jurisdiction prescribe the layout or wording of the assurance report. In these circumstances, tIn some cases when the review is performed pursuant to applicable law or regulation of a jurisdiction, the relevant law or regulation may prescribe the layout or wording of the practitioner’s report in a form or in terms that are significantly different from the requirements of this ISAE. In these circumstances:

(a) The practitioner’s report shall refer to this ISAE and any subject matter specific ISAE only if the report complies with the requirements of paragraph 60; and

(b) The practitioner shall evaluate:

(ai. Whether intended users might misunderstand the assurance obtained from the engagement; and

(bii) If so, whether additional explanation in the assurance report can mitigate possible misunderstanding.

If the practitioner concludes……. '

We also believe that inclusion of application material, which may be based on paragraphs A54 and A142 of ISRE 2400 (Revised), tailored accordingly, may further help illustrate this point.

Para 29

With the exception of ISRE 2400 (Revised) paragraph 24 (a)(ii), which deals with the assignment of the team (dealt with separately in ISAE 3000 (Revised) paragraph 28), we believe all other clauses in ISRE 2400 (Revised) paragraph 24 and ISAE 3000 (Revised) paragraph 29 have the same intended aim and should therefore use the same language to achieve consistency across these standards.

  1. We recommend the following change to the introductory sentence:
    'The engagement partner shall take responsibility for the overall qualityon of the engagement. '
  2. We suggest that part (a) apply the language used in ISRE 2400 (Revised) paragraph 24 (a)(i).
  3. We commented in our response letter to the exposure draft of ISRE 2400 (Revised) that the remainder of the requirement in that standard be aligned with the language used in paragraph 29 in the exposure draft of ISAE 3000 (Revised).

We further recommend that paragraph A30 of ISRE 2400 (Revised) would be appropriate application material to be linked from this paragraph, in setting the overall context of the engagement partner’s responsibilities. We recommend this follow the additional application material that we have suggested in our comment on paragraph 2 above.

Para 31

We suggest the first sentence in ISRE 2400 (Revised) paragraph 26 be added, as follows:

'An effective system of quality control for a firm includes a monitoring process designed to provide the firm with reasonable assurance that the firm’s policies and procedures relating to the system of quality control are relevant, adequate and operate effectively. '

Para 33

We suggest the following additional wording:

'The practitioner shall plan and perform an engagement with professional scepticismrecognizing that circumstances may exist that cause the subject matter information to be materially misstated. '

Para 36

We support the IAASB in not including a requirement that explicitly calls for the practitioner to revise materiality as the assurance engagement progresses. However, we believe there may be benefit in including an application material paragraph to this requirement that explains that this may be appropriate depending on the circumstances. We suggest the following wording:

'The practitioner’s determination of materiality for the assurance engagement may need to be revised during the engagement as a result of:

  • A change in the circumstances that occurred during the engagement;
  • New information; or
  • A change in the practitioner’s understanding of the subject matter as a result of performing additional procedures for the review when warranted. '
Para 42 (a)

We suggest that this requirement be more explicit in its aim and suggest the following wording:

'Based on the practitioner’s understanding (see paragraph 37)and consideration ofthe practitioner shall identify areasof the subject matter information where material misstatements are likely to arise, anddetermine the nature, timing and extent of procedures to be performed toaddress those areas and obtain a level of assurance that is meaningful to the intended users. '

Consistent with our comments in response to the exposure draft of ISRE 2400 (Revised), we suggest that, to avoid misinterpretation of the term ‘likely’ in the above context, it would be appropriate to provide application material that explains what this term means in the context of the practitioner’s assessment. For example, the practitioner’s assessment is based on consideration of the inherent risk of areas of the subject matter information, for example , complexity, in combination with any entity specific information that comes to his/her attention during obtaining an understanding of the subject matter and the environment in which the entity operates. It is the practitioner’s judgement, having considered the balance of this information, that drives the determination of those areas of the subject matter information where material misstatements are considered ‘likely’ to arise, and is primarily based on the practitioner’s intuition rather than an evaluation of the results of detailed procedures.

Para 52

We suggest that the structure of the requirement in ISRE 2400 (Revised) is clearer and recommend the following alternative requirement:

'If, in relation to the written representations required under paragraphs 47-49,:

  1. The responsible party(ies) does not provide the written representations; or
  2. The practitioner concludes that there is cause to doubt the competence, integrity or ethical values of those providing the written representations such that the written representations provided are not reliable, the practitioner shall discuss the matter with the appropriate party(ies), and if the responsible party(ies) continue to refuse to provide required representations,
  3. Determine whether a scope limitation exists, and
  4. Take appropriate actions, including determining the possible effect on the conclusion in the assurance report in accordance with paragraph 57. '
Para 60 (l)(iv)

We believe it would be helpful to explain that a modified conclusion requires to be presented under an appropriate heading. We therefore suggest the following additional language:

'Where the practitioner expresses a modified conclusion, the assurance report shall contain a clear description of the matter(s) giving rise to the modificationin a separate paragraph and us. an appropriate heading for the conclusion paragraph – 'Qualified Conclusion', 'Adverse Conclusion' or 'Disclaimer of Conclusion' as appropriate. '

Paras 63 – 67

It appears more logical to us that the requirements dealing with 'unmodified and modified conclusions' (paragraphs 63-67) should immediately follow the content on 'forming the assurance conclusion'. We therefore recommend that these requirements be moved to precede the section on 'preparing the assurance report'.

Para 63 (b)

We suggest the following additional wording:

'In the case of a limited assurance engagement, that, based on the procedures performedand evidence obtained, nothing has come to the attention of the practitioner…. . '

Paras 64, 65 & A164 – A165

We believe that the content of these requirements could be presented in a manner that more clearly conveys the appropriate form of conclusion to be expressed. We also suggest that it is important to link the requirement in paragraph 64 (b) to the application material in paragraphs A154 – A157 that explains the nature of the practitioner’s conclusion under an attestation and a direct engagement, as this is fundamental to understanding what this requirement is trying to describe. Our recommended wording is as follows:

Para 64 -'The practitioner shall express a modified conclusion when the following circumstances exist and, in the practitioner’s professional judgment, the effect of the matter is or may be material:

  1. When a scope limitation exists (see paragraph 57). In such cases, the practitioner shall express a qualified conclusion or a disclaimer of conclusion.
  2. When:
    1. The practitioner’s conclusion is worded in terms of a statement made by the measurer or evaluator, and that statement is incorrect, in a material respect; or
    2. The practitioner’s conclusion is worded in terms of the underlying subject matter and the criteria, and the subject matter information is not free from material misstatement. (Ref: Para. A164, A154 – A157–A165)'

In such cases, the practitioner shall express a qualified or adverse conclusion.

Para 65 – We recommend this paragraph is based on the wording that is used in ISRE 2400 (Revised), tailored accordingly, which we believe is clearer:

'Where the practitioner determines that a modified conclusion is necessary in the circumstances:

  1. The practitioner shall express:
    1. A qualified conclusion, when the practitioner concludes that the effects of the matter(s) giving rise to the modification are material, but not pervasive to the subject matter information. A qualified conclusion is expressed as being 'except for' the effects, or possible effects, of the matter to which the qualification relates; or
    2. An adverse conclusion, when the effects of the matter(s) giving rise to the modification are both material and pervasive to the subject matter information; or
  2. When the practitioner is unable to obtain evidence as the basis for a conclusion (that is, where a scope limitation exists), the practitioner shall:
    1. Express a qualified conclusion when the practitioner concludes that the possible effects on the subject matter information of undetected misstatements, if any, could be material but not pervasive to the subject matter information; or
    2. Disclaim a conclusion when the practitioner concludes that the possible effects of undetected misstatements, if any, could be both material and pervasive to the subject matter information. '

While paragraph 65 describes how a qualified conclusion is to be expressed, we also suggest that some form of guidance is necessary to explain the general form of wording to be applied when expressing an adverse conclusion or disclaiming a conclusion. We support the decision not to provide any illustrative reports. However, in doing so we believe it is necessary to articulate in the application guidance how an adverse or disclaimer of conclusion is ordinarily expressed.

Para 68

We suggest that paragraph A67 in ISRE 2400 (Revised) be added as further application material to this paragraph.

Paras A23- A26

We note that this application material describes the content of the standard and its relevant authority. We question whether some, or all, of this content should be presented in the introductory material of the standard to give this greater prominence and to ensure readers understand the construct of the standard.

We also suggest that paragraphs 9-11 in the exposure draft of ISRE 2400 (Revised) are written in plainer language and could directly replace paragraphs A23 and A25, tailored accordingly.

Para A27

We recommend that this paragraph be moved to be application material to paragraph 8.

Para A58

We suggest the following additional wording to explain that ISQC 1 requires more than simply compliance with ethical requirements:

'ISQC 1 deals with the firm’s responsibilities to establish and maintain its system of quality control for assurance engagements. It sets out the responsibilities of the firm for establishing policies and procedures designed to provide it with reasonable assurance that: (i)the firm and its personnel comply with relevant ethical requirements, including those pertaining to independence, applicable legal and regulatory requirements, and (ii) that reports issued by the firm are appropriate in the circumstances. Compliance with ISQC 1 requires, among other things, that the firm establish and maintain a system of quality control that includes policies and procedures addressing each of the following elements, and that it documents its policies and procedures and communicates them to the firm’s personnel…. '

Para A70

We recommend an additional bullet as follows:

'Conditions that may indicate possible fraud. '

Para A71

We suggest the following amended wording for the second bullet:

'Over generalizing when drawing conclusions fromobservations evidence obtained. '

Para A77

We recommend that the following sentence and bullets (amended as shown) from ISRE 2440 (Revised) paragraph A27 be appended to this paragraph as shown:

'The practitioner will be guided by such matters as the following:

  • Knowledge acquired from engagements carried out for theentity’s financial statements in prior periods, where applicable.
  • The practitioner’s understanding of the business including understanding of theaccounting measurement principles and practices of the industry in which the entity operates, and of the entity’saccounting systems.
  • The extent to which particular items in thefinancial statements subject matter information are affected by management judgment. '
Para A96

We suggest that the following additional wording be appended to this paragraph, consistent with its use in ISRE 2400 (Revised):

'The practitioner’s judgment about the nature, timing and extent of additional procedures that are needed is guided by information obtained from the practitioner’s evaluation of the results of the procedures already performed, and the practitioner’s updated understanding obtained in the course of the engagement. '

 

Conforming amendments to the Assurance Framework arising from our comments on ISAE 3000 (revised)

Many of our recommended changes to paragraphs in ISAE 3000 (Revised) will apply equally to the equivalent corresponding paragraphs in the revised Assurance Framework. We have identified below, under appropriate categories, the nature of our comments on ISAE 3000 (Revised) and the relevant paragraphs in the Assurance Framework that we recommend are updated to be consistent.
 

  1. Use of the term 'sufficient appropriate evidence' in the context of a limited assurance engagement(ISAE 3000 (Revised) paragraphs: 44, 56(a), 57, A3, A6(b), A37(b), A68, A75, A100-A105). Impacted Assurance Framework paragraphs: 11 (final para. ), 50, 55 (bullet 3), 60-65, 76, 78, Appendix 2 (paras. 1 & 4), Appendix 3 (limited assurance 'procedures' section)).
  2. Describing the procedures in a limited assurance engagement as 'limited' relative to a reasonable assurance engagement(ISAE 3000 (Revised) paragraphs: 8(a), 60(k), A2, A137). Impacted Assurance Framework paragraphs: 18, 78, Appendix 3 (limited assurance 'procedures' and 'the assurance report' sections).
  3. Reference to 'evidence obtained' in the limited assurance conclusion(ISAE 3000 (Revised) paragraphs: 8 (a), 63 (b)). Impacted Assurance Framework paragraphs: 18, 85, Appendix 3 (limited assurance engagement 'reducing engagement risk' and 'the assurance report' sections).
  4. Clarification of guidance on modifications to the assurance conclusion(ISAE 3000 (Revised) paragraphs: 64, 65, 67, A164, A165). Impacted Assurance Framework paragraphs: 88, 89, 90, 92).

Other paragraph specific comments

 

Paras 12-15

We recommend that these paragraphs be replaced with the content currently in Appendix 2, as modified in accordance with our recommendation relating to the use of the term 'sufficient appropriate evidence' above. We question the necessity of appendix 2 and believe this can be deleted.

Paras 17 & 18

The concept of 'engagement risk' is often misunderstood. We suggest it would be helpful to include a reference from these paragraphs to paragraphs 70-74 that define and explain this term.

Para 24 (a)

We suggest this sentence be amended as follows:

'The roles and responsibilities of the responsible party, the measurer or evaluator, or and the engaging party, as appropriate, are suitable in the circumstances. '

Para 24 (b)(iii)

Refer to our comment on ISAE 3000 (Revised) paragraph 20 (b)(iii).

Para 32

We do not believe this paragraph is sufficiently clear. We propose the following amended wording:

'If a competent practitioner other than a professional accountant in public practice chooses to represent compliance with an Assurance Standard, it is important to recognize that those Standards include requirements that reflect the premise in the paragraph 5 regarding theneed to comply with IESBA Code and ISQC 1, or other professional requirements, or requirements in laws or regulations that are at least as demanding. '

Para 33

We recommend the following change to place the content on practitioner’s experts into appropriate context:

'In addition, tThe engagement team needs to be able to be sufficiently involved in the work of theany practitioner’s expert, and to obtain the evidence necessary to conclude whether the work of that expert is adequate for the practitioner’s purposes. '

Para 35

We question the statement that, in an attestation engagement, the responsible party is also always responsible for the subject matter information. We could conceive circumstances when a separate measurer or evaluator is responsible. We note that ISAE 3000 (Revised) paragraph A124 discusses the responsible party acknowledging, in an attestation engagement, responsibility for the subject matter but not the subject matter information.

Paras 60-65

We recommend that this content be moved to follow paragraph 79. We believe it is appropriate to discuss the concepts of materiality and nature, timing and extent of procedures before the sufficiency and appropriateness of evidence.

Para 75

We suggest the following change:

'A combination of procedures is typically used to obtain either reasonable assurance or limited assurance, as appropriate. '

Para 79 (a)

We believe reference to 'consideration of risks of material misstatement' is not appropriate in the context of a limited assurance engagement. Refer to our comment on ISAE 3000 (Revised) paragraph 42 (a) where we recommend alternative wording.

Para 79 (c) and Appendix 3 (limited assurance 'procedures')

For a proper understanding of the purpose of 'additional procedures' we believe this paragraph should include the full text of the underlying requirement that it describes. We propose the following change:

'Designing and performing additional procedures, as appropriate, if the practitioner becomes aware of a matter that causes the practitioner to believe the subject matter information may be materially misstatedsufficient to conclude that the matter causes the subject matter information to be materially misstated or is not likely to. '

Para 91

We believe this paragraph is more explicit, in requiring a modified conclusion when the criteria are found to be unsuitable or underlying subject matter not appropriate, than the equivalent requirement in ISAE 3000 (Revised) (paragraph 22) that deals with the practitioner’s actions when one or more preconditions for an engagement is not present after the engagement has been accepted. ISAE 3000 (Revised) requires the practitioner to determine whether the matter can be resolved, whether it is appropriate to continue and whether, and if so how, to communicate the matter in the assurance report. We suggest that this may be perceived as inconsistent and ask the Board to clarify the appropriate actions in either ISAE 3000 or the Framework.

Appendix 4

Refer to our comment on the appendix to ISAE 3000.

 

1 'Consulting engagements employ a professional accountant’s technical skills, education, observations, experiences, and knowledge of the consulting process. The consulting process is an analytical process that typically involves some combination of activities relating to: objective-setting, fact-finding, definition of problems or opportunities, evaluation of alternatives, development of recommendations including actions, communication of results, and sometimes implementation and follow-up. Reports (if issued) are generally written in a narrative (or 'long form') style. Generally the work performed is only for the use and benefit of the client. The nature and scope of work is determined by agreement between the professional accountant and the client. Any service that meets the definition of an assurance engagement is not a consulting engagement but an assurance engagement. '