This guide applies to all officials (e.g., finance teams) in Commonwealth entities when using the terms audit or assurance in relation to independent external services requested by the Australian Government that would ordinarily be carried out by ‘assurance professionals’. The external services would be carried out within frameworks issued by the Australian Auditing and Assurance Standards Board (AUASB) and the Accounting Professional and Ethical Standards Board (APESB).
- Policy: Government requirements for audit and assurance should be expressed with reference to professional standard-setting frameworks, such as auditing standards issued by the AUASB and ethical standards issued by the APESB.
- Purpose: to provide guidance on the use of the terms audit and assurance and to clarify their meanings to assist in guiding Commonwealth entities about the correct circumstances of their use. As audit and assurance may be used in common language these terms are susceptible to use in describing engagements that do not align with the professional standard-setting frameworks that govern such services, which can lead to complications when oversight processes are discussed publicly.
- The AUASB is the chief body concerned with ensuring high quality audit and assurance standards. The terminology used by the AUASB is identified and explained in this Guide.
- Framework for Assurance Engagements (AUASB)
- ASA 210 Agreeing the Terms of Audit Engagements (AUASB)
- ASRE 2400 Review of a Financial Report Performed by an Assurance Practitioner Who Is Not the Auditor of the Entity (AUASB)
- ASAE 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information (AUASB)
- ASRS 4400 Agreed-Upon Procedures Engagements to Report Factual Findings (AUASB)
- APES 110 Code of Ethics for Professional Accountants (APESB)
Professional accounting bodies
- CPA Australia
- Chartered Accountants Australia and New Zealand
- Institute of Public Accountants (IPA)
- Government requirements for audit and assurance need to be expressed within the professional standard-setting frameworks, such as auditing standards issued by the AUASB and relevant ethical standards issued by the APESB. It is important for entities to determine the service they are seeking and describe it correctly.
- The terms audit and assurance have specific meanings under Australian audit and assurance standards and indicate that certain processes and procedures have been carried out. As audit and assurance may be used in common language, these terms are susceptible to use in describing engagements that do not align with the professional standard-setting frameworks that govern such services, which in turn can lead to misleading information being communicated to users.
- An assurance engagement is concerned with obtaining sufficient appropriate evidence to enhance confidence of users other than management about the measurement or evaluation of a subject matter against criteria.
- An audit engagement is one type of an assurance engagement and involves reducing engagement risk to an acceptably low level in the circumstances necessary for the assurance practitioner’s conclusion.
- The AUASB is concerned with ensuring high quality audit and assurance standards. The terminology used by the AUASB is identified and explained in this guide. This guide excludes engagements such as internal audits, energy or environmental audits, quality systems audits, etc.
Part 1 – Summary
- While the words audit and assurance are commonly used words, in professional auditing and assurance standards they have strict definitions and audit professionals are bound by standards and ethical requirements. Using the wrong terminology to describe a process could lead to a difference in expectations between entities and stakeholders.
- Where an independent external services are required that would ordinarily be performed by an audit or assurance professional, entities need to ensure that the description and scope of the requirement accurately reflects the services required and is consistent with standards and ethical requirements. Effective initial communication with experts (for example, the professional accounting bodies or AUASB) is encouraged to ensure that expectations are met and to avoid the possibility of misleading users.
Part 2 – Policy
- The terms audit and assurance have specific meanings under audit and assurance standards and indicate that certain processes and procedures have been carried out. Unless these terms are used carefully, misleading information could be communicated to users.
- This Guide is only concerned with assurance engagements that would ordinarily be carried out by assurance professionals within the frameworks issued by the AUASB and APESB. These frameworks are legally enforceable in certain circumstances (e.g., Corporations Act) and their standards are mandatory for members of professional accounting bodies for carrying out audits and reviews.
- It is important for entities to first determine the service they are seeking and describe it as such.
Part 3 – What do entities need to do?
- When seeking professional services to undertake an assignment, entities need to consider the objective of the assignment, the level of assurance required and whether this would be achieved through an audit, a review or something else (for example, an agreed-upon procedures engagement). Appropriate professional advice may also be obtained as part of the procurement process.
- When proposing new legislation that will specify some form of assurance engagement that would normally be conducted by an assurance professional, entities need to obtain professional advice (for example, consult the AUASB or professional accounting bodies) on the requirements and terminology first to ensure:
- the proposal is consistent with the standards and professional ethical requirements; and
- the correct description (audit/review/other) is used and that the outcome is communicated to the responsible legislative drafter.
- As existing legislation comes up for periodic assessment, entities need to consider any provisions requiring professional examination and undertake the steps set out in paragraph 7 above.
- When drafting documentation in relation to the services provided, including briefs, press releases and speeches, entities need to ensure that the correct terminology is used and that the distinction will be understood.
Part 4 – Guidance
What is an ‘assurance engagement’?
- This is an engagement where the assurance practitioner undertakes a range of processes to reduce the risk associated with using specified information (see ‘Definitions used’ below). The outcome of an assurance engagement is enhanced confidence of users other than management about the measurement or evaluation of a subject matter against criteria. An assurance engagement can be either a reasonable assurance engagement (see ‘Definitions used’ below) or a limited assurance engagement (see ‘Definitions used’ below).
What is an ‘audit engagement’?
- An audit is one type of assurance engagement, known as a ‘reasonable assurance engagement’, which provides a higher degree of confidence than a review (see ‘Audit versus other engagements’ below). The term ‘audit’ is generally used in the context of assurance over financial statements.
- An audit engagement involves objectively obtaining and evaluating evidence in a systematic fashion. The information is assessed against suitable criteria (for example, relevant accounting standards) and the auditor ultimately communicates an opinion to users. It has a strict definition in the accounting context, and involves a particular process, in line with the auditing standards issued by the AUASB.
If an entity requires reasonable assurance, an audit engagement, performed by an audit professional, is suitable.
It is useful to note here that auditors often provide services that are not audit engagements.
Inconsistent use of terms
- Occasionally, the terms audit and assurance are used in a way that is inconsistent between the level of assurance that is needed, the level of assurance that is requested and the level of assurance that is provided. The following two examples illustrate this:
- Some requirements imposed by entities are not encapsulated by the standards of the AUASB or the APESB, and can have a different meaning/interpretation to the intention of those procuring these audit and assurance services. For example, assurance providers are sometimes required to ‘certify’ certain information. This term is not used in auditing standards and if the term audit is used to describe the engagement it undervalues the level of assurance provided, as certification is akin to complete assurance. Conversely, if the engagement is in fact an audit, describing it as a certification may overstate the level of assurance actually provided
- Circumstances have arisen where the term ‘verification’ has been used in connection with engagements that, under the AUASB’s auditing and assurance framework would be regarded as agreed-upon procedures engagements (see ‘Audit versus other engagements’ below). Such engagements result in the practitioner not actually conveying any assurance. The result is potential for a lack of clarity for preparers, practitioners and users of the information.
Audit versus other engagements
- As the preceding sections highlight, the process of conducting an audit is systematic and implies a particular process has been carried out. Professional accountants are bound to comply with standards issued by the AUASB, along with the Professional Code of Conduct. There are many other types of engagements that may be performed by audit professionals, including the provision of expert advice (for example, on taxation, solvency or forensic accounting), but these cannot be referred to as an audit.
- A review, in terms of the audit and assurance framework, is a “limited assurance engagement” (see ‘Definitions used’ below) and in contrast to an audit is not designed to obtain reasonable assurance that the financial report is free from material misstatement. A review is generally used in the context of assurance over financial statements and consists primarily of making enquiries and applying analytical and other review procedures.
A review may bring significant matters affecting the financial report to the assurance practitioner's attention, but it does not provide all of the evidence that would be required in an audit.
- An agreed-upon procedures engagement (see ‘Definitions used’ below) is one where the assurance professional, entity and any related third party, have agreed that certain procedures of an assurance nature will be performed and factual findings reported.
No assurance is provided as a result of an agreed-upon procedures engagement.
- Certain engagements in the public sector will have an acceptable level of risk that is significantly lower than that obtained in an audit.
If an engagement of this nature is needed, the terms audit and assurance must not be used so as to avoid misleading users.
- Furthermore, it is important to distinguish between the service provider and the service being provided.
The fact that an audit firm is providing a service does not necessarily mean that an audit or assurance procedure is being performed.
- Appendix 2 contains a list of engagement types and sample report wording.
Independence and ethics
- Independence is an essential part of the audit process. Independence adds credibility to external assurance services, though using an external provider in itself does not ensure independence will be upheld.
- Independence is crucial to ensuring the ethical standards of objectivity and integrity are maintained by the auditor. In auditing, this encompasses both of the following:
- Independence of Mind:
“The state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgement, thereby allowing an individual to act with integrity and exercise objectivity and professional scepticism” (Paragraph 290.6 of APES 110 Code of Ethics for Professional Accountants).
- Independence in Appearance:
“The avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude, weighing all the specific facts and circumstances, that a Firm’s, or a member of the Audit or Assurance Team’s, integrity, objectivity or professional scepticism has been compromised” (Paragraph 290.6 of APES 110 Code of Ethics for Professional Accountants).
- Ethical standards are crucial to ensure the integrity of the audit process and APES 110 provides further detail on the following five principles of professional ethics:
Professional Competence and Due Care
 In this Guide, “certify” means stating that something is correct.
Part 5 – Definitions used
- An agreed-upon procedures engagement involves the performance of procedures of an assurance nature from which no conclusion or opinion is expressed by the assurance practitioner and no assurance is provided to intended users. Instead only factual findings obtained as a result of the procedures performed are reported (Paragraph 4 of ASRS 4400 Agreed-Upon Procedures Engagements to Report Factual Findings). (with added emphasis)
- An assurance engagement is an engagement in which an assurance practitioner aims to obtain sufficient appropriate evidence to express a conclusion designed to enhance the degree of confidence of the intended users, other than the responsible party, about the outcome of the evaluation or measurement of a subject matter against criteria (Paragraph 10 of Framework for Assurance Engagements). (with added emphasis)
- A limited assurance engagement is an assurance engagement where the assurance practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement as the basis for expressing a conclusion in a form that conveys whether, based on the procedures performed and evidence obtained, a matter(s) has come to the assurance practitioner’s attention to cause the assurance practitioner to believe the subject matter information is materially misstated (Paragraph 15 of Framework for Assurance Engagements). A limited assurance engagement is commonly referred to as a review in the context of financial statements. (with added emphasis)
- A reasonable assurance engagement is an assurance engagement where the assurance practitioner reduces engagement risk to an acceptably low level in the circumstances of the assurance engagement as the basis for the assurance practitioner’s conclusion (Paragraph 14 of Framework for Assurance Engagements). A reasonable assurance engagement is commonly referred to as an audit in the context of financial statements. (with added emphasis)
Appendix 1 – Hierarchy and example report wording
Example of wording included within the service provider’s report
“I certify that […]”
“In our opinion, the financial report presents fairly, in all material respects, [(or) gives a true and fair view of] the financial position of [name of entity] as at [date], and of its financial performance and its cash flows for the year then ended on that date, in accordance with [applicable financial reporting framework].”
“Based on our review, nothing has come to our attention that causes us to believe that these financial statements do not present fairly, in all material respects, [(or) do not give a true and fair view of] the financial position of [name of entity] as at [date], and of its financial performance and cash flows for the year then ended on that date, in accordance with [applicable financial reporting framework].”
“We have performed the procedures agreed with you and [name of any intended users party to the terms of engagement] to report factual findings for the purpose of assisting you [and [name of other intended users or class of intended users]] in assessing, in combination with other information obtained by you, the accuracy of [item] as at [date]. The procedures performed are detailed in the terms of the engagement of [date] and described below [(or if appropriate) set forth in the attached schedules] with respect to [item] of [name of entity] as of [date].
[Management/Those Charged with Governance and any intended users party to the terms of engagement] are responsible for the adequacy or otherwise of the procedures agreed to be performed by us. You and [name of other intended users or class of intended users] are responsible for determining whether the factual findings provided by us, in combination with any other information obtained, provide a reasonable basis for any conclusions which you or other intended users wish to draw on the subject matter.”
Presentation of factual findings as agreed (no assurance)