Attestation Services 2
Attestation Services 2
Attestation Services 2
• Non-attestation Service
• These assurance services differ from attestation services in that the CPA is not required to
issue a written report, and the assurance does not have to be about the reliability of another
party’s assertion about compliance with specified criteria
EXAMPLES
• Controls over and risks related to investments, including policies related to derivatives
• Mystery shopping
• Non-assurance Services
• CPA firms perform numerous other services that generally fall outside the scope of assurance
services. Three specific examples are:
TYPES
• Operational Audit
• Compliance Audit
Financial statements (the information being verified) are stated in accordance with specified
criteria.
Types of Auditors
• Certified public accounting firms – responsible for auditing the published historical financial
statements of all publicly traded companies, most other reasonably large companies, and
many smaller companies and noncommercial organizations. They are often called external
auditors or independent auditors to distinguish them from internal auditors.
• Government auditors
• Internal auditors
“the promulgation of auditing standards, practices and procedures which shall be generally
accepted by the accounting profession in the Philippines.”
• Direct reporting engagements – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the responsible party that
has performed the evaluation or measurement that is not available to the intended users. The
subject matter information is provided to the intended users in the assurance report.
• A three party relationship involving a practitioner, a responsible party, and intended users;
• Suitable criteria;
3 Party Relationship
• Assurance engagements involve three separate parties: a practitioner, a responsible party and
intended users.
• The responsible party and the intended users may be from different entities or the same entity.
• The term “practitioner” as used in this Framework is broader than the term “auditor” as used
in PSAs and PSREs, which relates only to practitioners performing audit or review engagements with
respect to historical financial information.
Subject Matter
• Physical characteristics
• Such that the information about it can be subjected to procedures for gathering
sufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion,
as appropriate.
Criteria are the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure.
• Completeness – relevant factors that could affect the conclusions in the context of the
engagement circumstances are not omitted.
• Understandability – contribute to conclusions that are clear, comprehensive, and not subject
to significantly different interpretations.
• Materiality is relevant when the practitioner determines the nature, timing and extent of
evidence-gathering procedures, and when assessing whether the subject matter information is
free of misstatement. When considering materiality, the practitioner understands and assesses
what factors might influence the decisions of the intended users.
• Assurance engagement risk is the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
• The risk that the subject matter information is materially misstated, which in turn consists of:
• Inherent risk: the susceptibility of the subject matter information to a material misstatement,
assuming that there are no related controls; and can arise from the entity’s objectives, the nature
of its operations/industry, the regulatory environment in which it operates, and its size and
complexity.
• Control risk: the risk that a material misstatement that could occur will not be prevented, or
detected and corrected, on a timely basis by related internal controls.
• Specific to the initiation, processing, or recording of a particular transaction. These are often
called business process, activity-level, or transaction controls.
Detection risk: the risk that the practitioner will not detect a material misstatement that exists.
• Audit procedures are then developed to reduce audit risk to an acceptably low level.
This includes consideration of the potential risk of:
• In a limited assurance engagement, the practitioner expresses the conclusion in the negative
form (“Based on our work described in this report, nothing has come to our attention that causes
us to believe that internal control is not effective, in all material respects, based on XYZ criteria”).
• In terms of the responsible party’s assertion (“In our opinion the responsible party’s assertion
that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated”); or
• Directly in terms of the subject matter and the criteria (“In our opinion internal control
is effective, in all material respects, based on XYZ criteria”).
– The criteria to be used are suitable and are available to the intended users;
– The practitioner has access to sufficient appropriate evidence to support the practitioner’s
conclusion;
The engaging party may request an engagement that is not an assurance engagement, such as a
consulting or an agreed-upon procedures engagement.
If the original criteria were not suitable, an assurance engagement may still be performed if:
• The engaging party can identify an aspect of the original subject matter for which those
criteria are suitable, and the practitioner could perform an assurance engagement with respect to
that aspect as a subject matter in its own right. In such cases, the assurance report makes it clear
that it does not relate to the original subject matter in its entirety; or
• Alternative criteria suitable for the original subject matter can be selected or developed.
• The engaging party may request an engagement that is not an assurance engagement, such
as a consulting or an agreed-upon procedures engagement.
• The auditor's opinion enhances the credibility of financial statements by providing a high, but
not absolute, level of assurance. Absolute assurance in auditing is not attainable as a result of such
factors as the:
• the inherent limitations of any accounting and internal control systems and
• the fact that most of the evidence available to the auditor is persuasive, rather than conclusive,
in nature.
• The objective of a review of financial statements is to enable an auditor to state whether, on
the basis of procedures which do not provide all the evidence that would be required in an audit,
anything has come to the auditor's attention that causes the auditor to believe that the financial
statements are not prepared, in all material respects, in accordance with an identified financial
reporting framework.