Management responsibility [1]
Management, who may also be owners, are responsible for running the business. Accordingly, they are responsible for the subject matter on which an assurance conclusion is sought.
Before entering into an assurance engagement, owners and management need to be confident in positively asserting that the business is meeting the relevant objectives, is compliant with relevant contractual and other legal and regulatory obligations, its operational and/or reporting processes are designed appropriately and operated effectively, and its data being complete and accurate.
If management themselves are unsure of whether the subject matter is meeting its objectives or unable to support it with evidence, there is little point in engaging to provide a formal assurance opinion.
There may instead be an opportunity to provide internal assurance, advice and recommendations to management. In an assurance engagement, it is usual for the responsible party, normally management, to measure the subject matter and report on the outcome of the measurement in the form of subject matter information. This is known as an attestation engagement.
In other cases, ie where management does not measure the subject matter and prepare the subject matter information themselves, the practitioner gives a conclusion directly on the subject; this is known as a direct engagement.
[1] "Management" may refer to senior management, executive management, the board of directors, or in certain cases, those charged with governance, depending on the context. Here the term is used to refer to those with responsibility for the subject matter.
Four stages of management responsibilities [2]
Practitioners need to identify a series of basic concepts for how owners or management together with those charged with governance operate and control the business or organisation. The concepts set out below may be more formalised and better documented within larger organisations.
Within small or medium sized businesses and other organisations these concepts may be established as an integral part of the intentions and actions of the owners and managers but may not be systematically documented.
[2] Here "management" will normally refer to the executive management and/or the board of directors as appropriate.
These concepts are:
- Leading and establishing the tone at the top.
- Establishing strategy and aligning objectives.
- Implementing processes, policies and procedures.
- Utilising information flows to monitor the performance of the business or operations.
The way that owners and management run the business affects the nature of the assurance engagement, as different owners and management may have different ideas to what aspect of their business should be looked at by a practitioner, what should be used as criteria, to whom the report should be addressed, and what evidence may be available.
The degree of monitoring management as evidenced through documentation also affects the nature and scope of assurance engagement. The relationship between the four management concepts/activities and the focus of different assurance engagements is summarised in the table below.
|
Aspect of subject matter | ||||
---|---|---|---|---|---|
Management activity |
Fair description |
Suitability of design |
Operating effectiveness |
Data and/or outcome |
Comprehensive report |
Tone at the top |
✔ |
|
|
|
✔ |
Establishing strategy and objectives |
✔ |
✔ |
|
|
✔ |
Process and control implementation |
✔ |
✔ |
✔ |
|
✔ |
Monitoring the process and control effectiveness |
✔ |
✔ |
✔ |
✔ |
✔ |
This table seeks to demonstrate characteristics of assurance engagements that focus on different management activities.
Leadership and tone at the top of the organisation, or key elements of this may best be approached through the practitioner providing an opinion on the fairness of a description of what the management has set out to do thus far. This is because, in the early days, the design suitability and the operating effectiveness of the arrangements may not withstand external scrutiny due to its pervasive and wide ranging ramifications within the organisation.
As strategy and relevant objectives are better developed, the arrangement may become sufficiently formalised and enable assurance reporting over the design suitability of the arrangements in place.
Process implementation and monitoring lends itself to assurance over operating effectiveness. An assurance engagement may then focus on either the operating effectiveness of the processes or the data and outcomes measured against criteria as part of monitoring by management. At this stage, the entire arrangement enables management to report comprehensively on its activities for the benefit of the intended users, which may be the subject matter information for the assurance engagement.
The different management activities and related focuses of assurance engagements can be regarded as a potential progression such that more comprehensive assurance is provided as the management and governance of the entity increases in sophistication over time.
From the practitioner’s point of view, the main factors affecting the practitioner’s approach to an assurance engagement will be further defined by a number of factors, in particular the needs of the users:
ICAEW's assurance resource
This page is part of ICAEW’s online assurance resource, which replaces the Assurance Sourcebook.
Join the Audit & Assurance Faculty
Stay ahead of the rest with our comprehensive package of essential guidance and technical advice.
Buyer's guide to assurance on non-financial information
Find out more about the 'Buyer's guide to assurance on non-financial information' from WBCSD.
Find out more