How to Communicate Assurance? Beijing, 2015.

Contents What is an assurance engagement? How to communicate assurance? Why is the analytical form of communicating assurance important in Compliance Auditing?

What is an Assurance Engagement? According to the IFAC, an assurance engagement is: “an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.” (IFAC/ International Framework for Assurance Engagements)

What is an Assurance Engagement? According to SAI Canada, an accountability relationship is a prerequisite for an assurance engagement: “(…)  An assurance engagement is an engagement (…) where, pursuant to an accountability relationship between two or more parties, a practitioner is engaged to issue a written communication expressing a conclusion concerning a subject matter for which the accountable party is responsible.” (CPA/ GENERAL ASSURANCE AND AUDITING - SECTION 5025/ Standards for assurance engagements other than audits of financial statements and other historical financial information) – SAI Canada

What is an Assurance Engagement? CPA/ GENERAL ASSURANCE AND AUDITING - SECTION 5025. Standards for assurance engagements other than audits of financial statements and other historical financial information – SAI Canada.

How to Communicate Assurance? How to increase the level of confidence of the intended users concerning the subject matter? It depends largely on: who are those users? what interests do they have?

How to Communicate Assurance? Financial audits are performed to reach a specific and professionalized public, whose interest is to know whether the financial statements present a true and fair view of the financial position of an entity. That is, if there is no material misstatement. Therefore, the role of the auditor is highly concentrated in giving an standardized opinion, responding directly to this issue, considering the agreed level of assurance.

How to Communicate Assurance? On the other hand, in many compliance and performance audits, the intended users are diverse and non professionalized: civil society, citizens, businesses companies, media, judiciary, legislative, etc. Often the auditor does not know all the possible users of his work.

How to Communicate Assurance? Thus, by having to reach a diverse range of people who mostly do not know the jargon of the audit branch, often the auditor can only increase the intended users’ level of confidence by clearly reporting on the elements of the audit findings and on the evidence that supports the audit conclusions.

How to Communicate Assurance? That is why ISSAI 100 states that: 32. “Depending on the audit and the users’ needs, assurance can be communicated in two ways: Through opinions and conclusions which explicitly convey the level of assurance. This applies to all attestation engagements and certain direct reporting engagements. In other forms. In some direct reporting engagements the auditor does not give an explicit statement of assurance on the subject matter. In such cases the auditor provides the users with the necessary degree of confidence by explicitly explaining how findings, criteria and conclusions were developed in a balanced and reasoned manner, and why the combinations of findings and criteria result in a certain overall conclusion or recommendation”.

How to Communicate Assurance? And ISSAI 400 states that: 15. (…) “The audit report may be either long- or short-form, and conclusions may be expressed in various ways: as a single clear written statement of opinion on compliance or as a more elaborate answer to specific audit questions.”

How to Communicate Assurance? ISSAI 400 also states that: 59. (…) “Reporting may vary between brief standardized opinions and various forms of conclusions, presented in short or long form. (…) The conclusion may take the form of a clear written statement of opinion on compliance, often in addition to the opinion on the financial statements. It may also be expressed as a more elaborate answer to specific audit questions. While an opinion is common in attestation engagements, the answering of specific audit questions is more often used in direct reporting engagements. (…)”

Why is the analytical form of communicating assurance important in CA? Depending on the subject matter, the use of a standardized opinion to convey the level of assurance does not add value to the users and can bring more confusion than clarification; In highly regulated public administrations, there is a wide range of possible instances of non-compliance that has different values for society. So, it is heavily subjective to define materiality threshold based on findings of different relevance that cannot be summarized in a simple measure such as money.

Why is the analytical form of communicating assurance important in CA? Even without a standardized opinion, it is mandatory to conclude against audit objectives in all audits; We do not know international practice on how to implement standardized opinion on standalone CA direct reporting engagement; We cannot be sure about how difficult it will be to establish materiality for a wide range of different instances of non-compliances taken altogether; We cannot be sure about how useful this sort of opinion will be to different kinds of intended users;

Why is the analytical form of communicating assurance important in CA? We understand that it is not recommended to regulate by an international standard a practice that is not recognized by many SAIs who perform direct reporting in standalone CA; Ignoring ISSAI 100/32 second bullet combined with ISSAI 400/15 and 59 discriminates against SAIs that adopts an acceptable option based on ISSAI 100 and outcast those SAIs as non-compliant with level 4, in clear contradiction with INTOSAI´s principle of inclusion.

Survey on Assurance in Performance and Compliance Audit The SAI has conducted CA? (you can check more than one item) () No () Yes, as standalone audits. () Yes, combined with financial auditing () Yes, combined with performance auditing

Survey on Assurance in Performance and Compliance Audit

Survey on Assurance in Performance and Compliance Audit All public-sector audits have the same basic elements. Audits can be categorized as two different types of audit engagement: a) In attestation engagements the responsible party measures the subject matter against the criteria and presents the subject matter information, on which the auditor then gathers sufficient and appropriate audit evidence to provide a reasonable basis for expressing a conclusion. b) In direct reporting engagements it is the auditor who measures or evaluates the subject matter against the criteria. The auditor selects the subject matter and criteria, taking into consideration risk and materiality. The outcome of measuring the subject matter against the criteria is presented in the audit report in the form of findings, conclusions, recommendations or an opinion (ISSAI 100/29). About the practice in your SAI, if you conduct CA (you can check more than one item): () we conduct CA as attestation engagements () we conduct CA as direct reporting engagements

Survey on Assurance in Performance and Compliance Audit

Survey on Assurance in Performance and Compliance Audit Depending on the audit and the users’ needs, assurance can be communicated in two ways: a) Through standardized opinions which explicitly convey the level of assurance, eg, indicating whether, in the auditor's opinion, the subject matter is or is not compliant in all material respects, with the criteria; or if has come to the auditor’s attention to cause the auditor to believe that the subject matter is not in compliance with the applicable criteria b) Through explaining how findings, criteria and conclusions were developed in a balanced and reasoned manner, and why the combinations of findings and criteria result in a certain overall conclusion or recommendation (ISSAI 100/32-33).  

Survey on Assurance in Performance and Compliance Audit  About the practice in your SAI, if you conduct CA (you can check more than one item): () we communicate assurance through standardized opinions when CA is an attestation engagement () we communicate assurance through standardized opinions when CA is a direct reporting engagement () we communicate assurance through explaining how findings, criteria and conclusions were developed, when CA is an attestation engagement () we communicate assurance through explaining how findings, criteria and conclusions were developed, when CA is a direct reporting engagement

Survey on Assurance in Performance and Compliance Audit

Proposal 1 To include in the ISSAI 4000 a paragraph based on the ISSAI 400/15 to allow auditors to express conclusions in an analytic way . To include the following text just before the last paragraph of the section “Objective of Compliance Audit” in ISSAI 4000: Considering the needs of intended users, conclusions may be expressed in various ways: as a single clear written statement of opinion on compliance or as a more elaborate answer to specific audit questions. (ISSAI 400/15)

Proposal 2 To include the following, in the section “Reporting” of ISSAI 4000, as the first paragraph of the explanation of the session’s second requirement: The auditor´s conclusion may take the form of a clear written statement of opinion on compliance or may be expressed as a more elaborate answer to specific audit questions. While an opinion is common in attestation engagements, the answering of specific audit questions is more often used in direct reporting engagements. (ISSAI 400/59)

Thank you very much!