There are many different ways that an external assurance engagement can be adjusted to meet different circumstances. There are also various limits to what can be done, for ethical, technical, or practical reasons. The scope of an assurance engagement will depend to a certain extent on the maturity of governance processes and controls around the relevant business activities.
Familiarity with the breadth of potential assurance engagements and the key components of the assurance framework enables the practitioner to work with the responsible party and the users/recipients of the assurance to design an assurance engagement that meets all party’s needs. (Read more about investigative services.)
Discussion with clients when scoping an assurance engagement is an important process. It should help the practitioner to obtain a sound understanding of the objective of the engagement, the nature of the subject matter, and the requirements of both the client and users. This understanding helps the practitioner plan procedures to gather sufficient and appropriate evidence to come to a conclusion that is useful in the light of the user need.
The practitioner should note that it is possible to obtain assurance on almost any subject matter (or subject matter information) provided that the scope of the assurance engagement is in line with the relevant standards. For example, the method of measuring or evaluating the subject matter is appropriate, criteria are suitable, and sufficient and appropriate evidence exists.
However, an assurance engagement may not always represent the optimal approach from a cost-benefit perspective. Other approaches, such as agreed-upon procedures, may achieve the required outcome with less effort on the part of both management and the practitioner.
To work out what is feasible, three questions should be considered:
Does guidance for this kind of engagement exist?
Some external assurance engagements take place frequently, either because they are required by a regulator or because they address a commonly occurring need. In these cases there may well be existing guidance or reference materials. For example:
In addition, the International Auditing and Assurance Standard Board (IAASB) issues International Standards on Related Services covering non assurance services such as AUPs and compilation engagements. For example, ISAE 3000 (Revised) covers assurance engagements other than audits or reviews of historical financial information, as described in the Amended International Framework for Assurance Engagements (the Framework).
Where a subject-matter specific ISAE is relevant to the subject matter of a particular engagement, that ISAE applies in addition to ISAE 3000 (Revised) . Therefore, subject-matter specific ISAEs supplement, but do not replace ISAE 3000 (Revised) . Subject matter specific standards, include: ISAE 3402 relating to financial internal controls of service organisations and ISAE 3410 relating to greenhouse gas emission statements.
Members of ICAEW should apply ISAE 3000 (Revised) to engagements falling within the scope of the standard, supplementing it with any applicable subject matter specific standard.
The assurance provider should ensure that the client is aware of the standard that they are making use of for the engagement.
Are the five elements of assurance present?
Five elements must be present for an engagement to be considered assurance under the Amended International Framework for Assurance Engagements developed by IAASB. These are:
- A three-party relationship
- An appropriate subject matter
- Suitable criteria
- Sufficient appropriate evidence
- A written assurance report
If any of these elements is missing, it will need to be identified and developed before external assurance can be provided. This could take some time, which may be a reason to consider an alternative solution instead of external assurance.
Is quality control in place?
In addition, ISAE 3000 (Revised) emphasises that quality control should be an integral part of the practitioner firm performing the assurance engagements.
This requires the team and reviewer being subject to Parts A and B of the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA Code) and the practitioner performing the engagement being subject to ISQC 1, or other professional requirements being at least as demanding as ISQC 1.
Business activities
Owners and managers are engaged in activities to fulfil the objectives of the organisation. Management has a responsibility for the design and implementation of appropriate processes. The board of directors or, where applicable, the audit committee, has responsibility for the governance of the organisation.
Within this environment assurance can play a key role in enhancing stakeholder confidence over operations within the scope of the engagement.
ICAEW's assurance resource
This page is part of ICAEW’s online assurance resource, which replaces the Assurance Sourcebook.
Join the Audit & Assurance Faculty
Stay ahead of the rest with our comprehensive package of essential guidance and technical advice.
Buyer's guide to assurance on non-financial information
Find out more about the 'Buyer's guide to assurance on non-financial information' from WBCSD.
Find out more