A comprehensive list of standards and guidance covering external assurance engagements. Find out which standards apply for engagements by subject area, as well as information on individual standards and the practical application of guidance to assurance engagements.
Please note:
All of the IFAC standards referenced below sit beneath and operate within the structures described in the Amended International Framework for Assurance Engagements published by the International Auditing and Assurance Standards Board (IAASB).
Assurance standards
All IAASB standards, including ISAE 3000 (Revised), are available from: ifac.org
| Standard | Title | Notes |
| ISQM 1 |
International Standard on Quality Management, Quality Management for Firms that Perform Audits or Reviews of Financial Statements or Other Assurance or Related Services Engagements |
Deals with a firm’s responsibilities to design, implement, and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements. This ISQM is to be read in conjunction with relevant ethical requirements. Issued by IAASB in December 2020, ISQM 1 replaces ISQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Service Engagements. |
| ISQM (UK) 1 |
International Standard on Quality Management (UK), Quality Management for Firms that Perform Audits or Reviews of Financial Statements or Other Assurance or Related Services Engagements |
Deals with a firm’s responsibilities to design, implement, and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements. This ISQM is to be read in conjunction with relevant ethical requirements. Issued by the FRC in July 2021, ISQM (UK) 1 replaces ISQC (UK) 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Services Engagements. |
| ISQM 2 |
International Standard on Quality Management 2, Engagement Quality Reviews |
Addresses the appointment and eligibility of the engagement quality reviewer (EQR) and the EQR’s responsibilities relating to the performance and documentation of an engagement quality review. This ISQM applies to all engagements for which an engagement quality review is required to be performed in accordance with ISQM 1 and is to be read in conjunction with relevant ethical requirements. Issued by the IAASB in December 2020. |
| ISQM (UK) 2 |
International Standard on Quality Management (UK) 2, Engagement Quality Reviews |
Addresses the appointment and eligibility of the engagement quality reviewer (EQR) and the EQR’s responsibilities relating to the performance and documentation of an engagement quality review. This ISQM applies to all engagements for which an engagement quality review is required in accordance with ISQM (UK) 1 and is to be read in conjunction with relevant ethical requirements. Issued by the FRC in July 2021. |
| ISAE 3000 (Revised) |
Assurance Engagements Other than Audits or Reviews of Historical Financial Information |
Provides requirements and guidance on assurance engagements, other than audit or reviews of historical financial information. It is a principles-based standard that is capable of being applied effectively to a broad range of underlying subject matters and provides a basis for current and future subject-specific ISAEs. |
| ISAE (UK) 3000 |
Assurance Engagements Other than Audits or Reviews of Historical Financial Information |
Provides requirements and guidance on assurance engagements, other than audit or reviews of historical financial information. It is a principles-based standard that is capable of being applied effectively to a broad range of underlying subject matters and provides a basis for current and future subject-specific ISAEs. Issued by the FRC in July 2020. |
| ISAE 3400 (Previously ISA 810) |
The Examination of Prospective Financial Information |
Establishes standards and provides guidance on engagements to examine and report on prospective financial information including examination procedures for best-estimate and hypothetical assumptions. |
| ISAE 3402 |
Assurance Reports on Controls at a Service Organization |
For practitioners engaged to give an assurance report on internal controls at service organisations. The scope of assurance reporting covers internal controls over the service the service organisation provides that are relevant to user entities’ internal control over their financial reporting. ISAE 3402 expands on how ISAE 3000 (Revised) is to be applied in a reasonable assurance engagement to report on controls at a service organisation. |
| ISAE 3410 |
Assurance Engagements on Greenhouse Gas Statements |
Deals with assurance engagements to report on an entity’s greenhouse gas statement. Assurance engagements envisaged may cover a GHG statement and other information, for example, when the practitioner is engaged to report on a sustainability report of which a GHG statement is only one part. ISAE 3410 expands on how ISAE 3000 (Revised) is to be applied in an assurance engagement to report on an entity’s GHG statement. The IAASB has also provided an overview of the standard available on its website. |
| ISAE 3420 |
Assurance Engagements to Report on the Compilation of Pro Forma Financial Information Included in a Prospectus |
Deals with reasonable assurance engagements undertaken by a practitioner to report on the responsible party’s compilation of pro forma financial information included in a prospectus. The ISAE applies where such reporting is required by securities law or the regulation of the securities exchange in the jurisdiction in which the prospectus is to be issued, or this reporting is generally accepted practice in such jurisdiction. |
| ISRE 2400 (Revised) |
Engagements to Review Historical Financial Statements |
Establishes standards and provide guidance on the practitioner’s professional responsibilities when a practitioner, who is not the auditor of an entity, undertakes an engagement to review financial statements and on the form and content of the report that the practitioner issues in connection with such a review. ICAEW issued technical guidance on performing an assurance review engagement on the financial statements of unaudited companies. See AAF 09/13 (Revised). |
| ISRE 2410 |
Review of Interim Financial Information |
Performed by the Independent Auditor of the Entity Establishes standards and provides guidance on the auditor’s professional responsibilities when the auditor undertakes an engagement to review interim financial information of an audit client, and on the form and content of the report. |
| ISRE (UK) 2410 (Revised) |
Review of Interim Financial Information Performed by the Independent Auditor of the Entity |
Establishes standards and provides guidance on the auditor’s professional responsibilities when the auditor undertakes an engagement to review interim financial information of an audit client, and on the form and content of the report. The FRC revised the review standard in May 2021 to strengthen both the review procedures required on management’s going concern assessment and the reporting requirements in relation to going concern. |
| ISRS 4400 (Revised) |
Agreed-Upon Procedures Engagements |
Deals with the practitioner’s responsibilities when engaged to perform an agreed-upon procedures engagement and the form and content of the report. This ISRS applies to the performance of agreed-upon procedures engagements on financial or non-financial subject matters. Revised by the IAASB in April 2020. |
| ISRS 4410 (Revised) |
Compilation Engagements |
Addresses the practitioner’s responsibilities when engaged to assist management with the preparation and presentation of historical financial information without obtaining any assurance on that information. The ISRS may also be adapted to compilation engagements for financial information other than historical financial information, and to compilation engagements for non-financial information. |
| SSAE 18, AT-C 320 |
Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting |
Issued by AICPA as the US performance and reporting requirements for a service auditor examining controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting. |
| ISSA 5000* |
International Standard on Sustainability Assurance, General Requirements for Sustainability Assurance Engagements |
Serving as a comprehensive, standalone standard suitable for any sustainability assurance engagement (except when the practitioner is providing a separate conclusion on a greenhouse gas statement, in which case ISAE 3410 applies), this standard will apply to sustainability information reported across any sustainability topic and prepared under multiple frameworks. |
*ISSA 5000 remains under development and is expected to be finalised before the end of 2024. The IAASB has provided an overview of the proposed standard on its website.
ICAEW and other guidance
All ICAEW Audit & Assurance Faculty Technical Releases, including AAF 01/06, are available on the technical releases hub page.
| Guidance | Title | Notes |
| AAF 01/20 |
Assurance reports on internal controls of service organisations made available to third parties |
Issued in 2020 and replacing AAF 01/06, this release provides generic guidance to a Service Auditor reporting on specific services performed by the Service Organisation. It is also intended to provide high-level guidance to Senior Management who prepare the report on the Subject Matter and to help User Organisations to understand the scope and type of assurance provided in the Service Auditor’s Report. |
| Identifying and managing certain risks arising from the inclusion of reports from auditors and accountants in prospectuses |
Guidance which addresses safeguards for accountants who prepare reports for inclusion in or with prospectuses and investment circular and for auditors whose audit report is to be included or referred to in a prospectus or other investment circulars. |
|
| Assurance Review Engagements on Historical Financial Statements |
Guidance on performing assurance reviews of financial statements of UK companies that are exempt from statutory audit requirement. AAF 09/13 is consistent with ISRE 2400 (Revised). |
|
| Chartered accountants’ reports on the compilation of financial statements of incorporated entities |
Guidance on the compilation of financial statements of incorporated entity clients ie, prepared in accordance with the Companies Act 2006. Limited Liability Partnerships (LLP) are also included in the scope of this guidance. |
|
| Chartered accountants’ reports on the compilation of historical financial information of unincorporated entities |
Guidance on compilation of historical financial information of unincorporated entity clients for general or specific purposes. |
|
| Providing Assurance on Client Assets to the Financial Conduct Authority |
Establishes requirements and provides guidance for CASS auditors reporting to the FCA in accordance with its Supervision Manual rules in respect of engagements that involve evaluating and reporting on a regulated firm’s compliance with the FCA’s Client Asset rules and other rules relevant to the holding of client assets. Issued by the FRC in 2015 and revised in November 2019. |
|
| SIR 1000 |
Investment Reporting Standards Applicable to all Engagements in Connection with an Investment Circular |
Contains basic principles and essential procedures with which a reporting accountant is required to comply in the conduct of all engagements in connection with an investment circular prepared for issue in connection with a securities transaction governed wholly or in part by the laws and regulations of the UK. Issued by the FRC in March 2020. |
| SIR 2000 |
Investment Reporting Standards Applicable to Public Reporting Engagements on Historical Financial Information |
Contains specific additional Investment Reporting Standards with which a reporting accountant is required to comply in the conduct of an engagement involving the examination of historical financial information which is intended to give a true and fair view, for the purposes of the relevant investment circular, included within an investment circular prepared for issue in connection with a securities transaction governed wholly or in part by the laws and regulations of the UK. Issued by the FRC in March 2020. |
| SIR 3000 | Investment Reporting Standards Applicable to Public Reporting Engagements on Profit Forecasts |
Contains specific additional Investment Reporting Standards with which a reporting accountant is required to comply in the conduct of an engagement involving the examination of Profit Forecasts and/or Profit Estimates published by a securities exchange offeror or the offeree company. Issued by the FRC in March 2020. |
| SIR 4000 | Investment Reporting Standards Applicable to Public Reporting Engagements on Pro forma Financial Information |
Contains specific additional Investment Reporting Standards with which a reporting accountant is required to comply in the conduct of an engagement to report on pro forma financial information, which is included within an investment circular prepared for issue in connection with a securities transaction governed wholly or in part by the laws and regulations of the UK. Issued by the FRC in March 2020. |
| SIR 5000 |
Investment Reporting Standards Applicable to Public Reporting Engagements on Financial Information Reconciliations under the Listing Rules |
Contains specific additional Investment Reporting Standards with which a reporting accountant is required to comply in the conduct of an engagement to report on financial information reconciliations under the Listing Rules, which are included within an investment circular prepared for issue in connection with a securities transaction governed wholly or in part by the laws and regulations of the UK. Issued by the FRC in March 2020. |
| SIR 6000 |
Investment Reporting Standards Applicable to Public Reporting Engagements on Quantified Financial Benefits Statements |
Contains specific additional Investment Reporting Standards with which a reporting accountant is required to comply in the conduct of an engagement involving the examination of Quantified Financial Benefits Statements published by a securities exchange offeror or the offeree company. Issued by the FRC in March 2020. |
| SOC 1, 2, 3, Cybersecurity, Supply Chain |
SSAE 18 is typically complemented by the Service Organization Control (SOC) Reporting Framework (SOC 1, 2, 3). SOC 1-3 are developed to provide a reporting framework for service organisations on their internal control over financial reporting (SOC 1), for IT related controls concerning, for example, cloud computing, managed service, data centres (SOC 2) and web trust (SOC 3). SOC 1-3 are also issued by the AICPA. The cybersecurity attestation reporting framework (SOC for Cybersecurity) was released in April 2017 followed by the SOC for Supply Chain in March 2020. Access restricted to AICPA members only. |
|
| Amended International Framework for Assurance Engagements |
Published by IAASB in 2004, the framework sets out high-level principles applicable to various types of assurance services and might help to address some of these issues. But the practical application of this guidance still needs thorough testing. |
|
Further resources
Join the Audit & Assurance Faculty
Stay ahead of the rest with our comprehensive package of essential guidance and technical advice.
Changelog Anchor
-
Update History
- 25 Jul 2024 (12: 00 AM BST)
- Changelog created
- 29 Jul 2024 (12: 00 AM BST)
- Page fully reviewed and updated with new standards, guidance and links. Old standards, guidance and links removed.