New York, New York 10017 USA
This publication was prepared by the International Federation of Accountants (IFAC). Its mission is to serve the public interest, strengthen the worldwide accountancy profession and contribute to the development of strong international economies by establishing and promoting adherence to high quality professional standards, furthering the international convergence of such standards and speaking out on public interest issues where the profession’s expertise is most relevant.
This publication may be downloaded free-of-charge from the IFAC website http://www.ifac.org. The approved text is published in the English language.
IFAC welcomes any comments you may have regarding this handbook. Comments may be sent to the address above or emailed to IAASBpubs@ifac.org.
Copyright © April 2010 by the International Federation of Accountants (IFAC). All rights reserved. Permission is granted to make copies of this work provided that such copies are for use in academic classrooms or for personal use and are not sold or disseminated and provided that each copy bears the following credit line: “Copyright © April 2010 by the International Federation of Accountants (IFAC). All rights reserved. Used with permission of IFAC. Contact permissions@ifac.org for permission to reproduce, store, or transmit this document.” Otherwise, written permission from IFAC is required to reproduce, store, or transmit, or to make other similar uses of, this document, except as permitted by law. Contact permissions@ifac.org.
The International Auditing Practice Statements (IAPSs) contained in this handbook have not been revised to reflect changes resulting from the IAASB’s Clarity project. The IAASB is presently undertaking a project to consider whether there is a need to amend the status of the IAPSs. More information on this project can be obtained at http://www.ifac.org/IAASB/index.php.
AU
International Framework for Assurance Engagements ... 3
AUDITS AND REVIEWS OF HISTORICAL FINANCIAL INFORMATION
1000–1100 International Auditing Practice Statements (IAPSs)
1000 Inter-Bank Confirmation Procedures ... 27 1004 The Relationship Between Banking Supervisors and Banks’
External Auditors ... 34 1006 Audits of the Financial Statements of Banks ... 58 1010 The Consideration of Environmental Matters in the
Audit of Financial Statements ... 150 1012 Auditing Derivative Financial Instruments ... 176 1013 Electronic Commerce—Effect on the Audit of
Financial Statements ... 217
2000–2699 International Standards on Review Engagements (ISREs)
2400 Engagements to Review Financial Statements
(Previously ISA 910) ... 230 2410 Review of Interim Financial Information
Performed by the Independent Auditor of the Entity ... 249
ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION
3000–3699 International Standards on Assurance Engagements (ISAEs)
3000–3399 APPLICABLE TO ALL ASSURANCE ENGAGEMENTS 3000 Assurance Engagements Other than Audits or Reviews of
PART II
3400–3699 SUBJECT SPECIFIC STANDARDS
3400 The Examination of Prospective Financial Information
(Previously ISA 810) ... 311 3402 Assurance Reports on Controls at a Service Organization ... 321
RELATED SERVICES
4000–4699 International Standards on Related Services (ISRSs)
4400 Engagements to Perform Agreed-Upon Procedures Regarding Financial Information
(Previously ISA 920) ... 370 4410 Engagements to Compile Financial Information
FRAM
EW
O
R
K
ASSURANCE ENGAGEMENTS
(Effective for assurance reports issued on or after January 1, 2005)
CONTENTS
Paragraph Introduction ... 1–6 Definition and Objective of an Assurance Engagement ... 7–11 Scope of the Framework ... 12–16 Engagement Acceptance ... 17–19 Elements of an Assurance Engagement ... 20–60 Inappropriate Use of the Practitioner’s Name ... 61 Appendix: Differences Between Reasonable Assurance Engagements
Introduction
1. This Framework defines and describes the elements and objectives of an assurance engagement, and identifies engagements to which International Standards on Auditing (ISAs), International Standards on Review Engagements (ISREs) and International Standards on Assurance Engagements (ISAEs) apply. It provides a frame of reference for:
(a) Professional accountants in public practice (“practitioners”) when performing assurance engagements. Professional accountants in the public sector refer to the Public Sector Perspective at the end of the Framework. Professional accountants who are neither in public practice nor in the public sector are encouraged to consider the Framework when performing assurance engagements;1
(b) Others involved with assurance engagements, including the intended users of an assurance report and the responsible party; and
(c) The International Auditing and Assurance Standards Board (IAASB) in its development of ISAs, ISREs and ISAEs.
2. This Framework does not itself establish standards or provide procedural requirements for the performance of assurance engagements. ISAs, ISREs and ISAEs contain basic principles, essential procedures and related guidance, consistent with the concepts in this Framework, for the performance of assurance engagements. The relationship between the Framework and the ISAs, ISREs and ISAEs is illustrated in the “Structure of Pronouncements Issued by the IAASB” section of the Handbook of International Auditing, Assurance, and Ethics Pronouncements.
3. The following is an overview of this Framework:
• Introduction: This Framework deals with assurance engagements performed by practitioners. It provides a frame of reference for practitioners and others involved with assurance engagements, such as those engaging a practitioner (the “engaging party”).
• Definition and objective of an assurance engagement: This section defines assurance engagements and identifies the objectives of the two types of assurance engagement a practitioner is permitted to perform.
1
If a professional accountant not in public practice, for example an internal auditor, applies this
FRAM
EW
O
R
K
• Scope of the Framework: This section distinguishes assurance engagements from other engagements, such as consulting engagements.
• Engagement acceptance: This section sets out characteristics that must be exhibited before a practitioner can accept an assurance engagement.
• Elements of an assurance engagement: This section identifies and discusses five elements assurance engagements performed by practitioners exhibit: a three party relationship, a subject matter, criteria, evidence and an assurance report. It explains important distinctions between reasonable assurance engagements and limited assurance engagements (also outlined in the Appendix). This section also discusses, for example, the significant variation in the subject matters of assurance engagements, the required characteristics of suitable criteria, the role of risk and materiality in assurance engagements, and how conclusions are expressed in each of the two types of assurance engagement.
• Inappropriate use of the practitioner’s name: This section discusses implications of a practitioner’s association with a subject matter.
Ethical Principles and Quality Control Standards
4. In addition to this Framework and ISAs, ISREs and ISAEs, practitioners who perform assurance engagements are governed by:
(a) The IFAC Code of Ethics for Professional Accountants (the Code), which establishes fundamental ethical principles for professional accountants; and
(b) International Standards on Quality Control (ISQCs), which establish standards and provide guidance on a firm’s system of quality control.3 5. Part A of the Code sets out the fundamental ethical principles that all
professional accountants are required to observe, including: (a) Integrity;
(b) Objectivity;
(c) Professional competence and due care; (d) Confidentiality; and
2
For assurance engagements regarding historical financial information in particular, reasonable assurance engagements are called audits, and limited assurance engagements are called reviews.
3
(e) Professional behavior.
6. Part B of the Code, which applies only to professional accountants in public practice (“practitioners”), includes a conceptual approach to independence that takes into account, for each assurance engagement, threats to independence, accepted safeguards and the public interest. It requires firms and members of assurance teams to identify and evaluate circumstances and relationships that create threats to independence and to take appropriate action to eliminate these threats or to reduce them to an acceptable level by the application of safeguards.
Definition and Objective of an Assurance Engagement
7. “Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.
8. The outcome of the evaluation or measurement of a subject matter is the information that results from applying the criteria to the subject matter. For example:
• The recognition, measurement, presentation and disclosure represented in the financial statements (outcome) result from applying a financial reporting framework for recognition, measurement, presentation and disclosure, such as International Financial Reporting Standards, (criteria) to an entity’s financial position, financial performance and cash flows (subject matter).
• An assertion about the effectiveness of internal control (outcome) results from applying a framework for evaluating the effectiveness of internal control, such as COSO4 or CoCo,5 (criteria) to internal control, a process (subject matter).
In the remainder of this Framework, the term “subject matter information” will be used to mean the outcome of the evaluation or measurement of a subject matter. It is the subject matter information about which the practitioner gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance report.
9. Subject matter information can fail to be properly expressed in the context of the subject matter and the criteria, and can therefore be misstated, potentially to a material extent. This occurs when the subject matter information does not
4
“Internal Control – Integrated Framework,” The Committee of Sponsoring Organizations of the
Treadway Commission.
5
“Guidance on Assessing Control – The CoCo Principles,” Criteria of Control Board, The Canadian
FRAM
EW
O
R
K
of (or present fairly, in all material respects) its financial position, financial performance and cash flows in accordance with International Financial Reporting Standards, or when an entity’s assertion that its internal control is effective is not fairly stated, in all material respects, based on COSO or CoCo. 10. In some assurance engagements, the evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter information is in the form of an assertion by the responsible party that is made available to the intended users. These engagements are called “assertion-based engagements.” In other assurance engagements, the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users. The subject matter information is provided to the intended users in the assurance report. These engagements are called “direct reporting engagements.”
11. Under this Framework, there are two types of assurance engagement a practitioner is permitted to perform: a reasonable assurance engagement and a limited assurance engagement. The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement6 as the basis for a positive form of expression of the practitioner’s conclusion. The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
Scope of the Framework
12. Not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that do not meet the above definition (and therefore are not covered by this Framework) include:
• Engagements covered by International Standards for Related Services, such as agreed-upon procedures engagements and compilations of financial or other information.
• The preparation of tax returns where no conclusion conveying assurance is expressed.
6
Engagement circumstances include the terms of the engagement, including whether it is a reasonable
• Consulting (or advisory) engagements,7 such as management and tax
consulting.
13. An assurance engagement may be part of a larger engagement, for example, when a business acquisition consulting engagement includes a requirement to convey assurance regarding historical or prospective financial information. In such circumstances, this Framework is relevant only to the assurance portion of the engagement.
14. The following engagements, which may meet the definition in paragraph 7, need not be performed in accordance with this Framework:
(a) Engagements to testify in legal proceedings regarding accounting, auditing, taxation or other matters; and
(b) Engagements that include professional opinions, views or wording from which a user may derive some assurance, if all of the following apply:
(i) Those opinions, views or wording are merely incidental to the overall engagement;
(ii) Any written report issued is expressly restricted for use by only the intended users specified in the report;
(iii) Under a written understanding with the specified intended users, the engagement is not intended to be an assurance engagement; and
(iv) The engagement is not represented as an assurance engagement in the professional accountant’s report.
Reports on Non-Assurance Engagements
15. A practitioner reporting on an engagement that is not an assurance engagement within the scope of this Framework, clearly distinguishes that report from an assurance report. So as not to confuse users, a report that is not an assurance report avoids, for example:
• Implying compliance with this Framework, ISAs, ISREs or ISAEs.
• Inappropriately using the words “assurance,” “audit” or “review.”
7
Consulting engagements employ a professional accountant’s technical skills, education, observations,
FRAM
EW
O
R
K
users about the outcome of the evaluation or measurement of a subject matter against criteria.
16. The practitioner and the responsible party may agree to apply the principles of this Framework to an engagement when there are no intended users other than the responsible party but where all other requirements of the ISAs, ISREs or ISAEs are met. In such cases, the practitioner’s report includes a statement restricting the use of the report to the responsible party.
Engagement Acceptance
17. A practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge of the engagement circumstances indicates that:
(a) Relevant ethical requirements, such as independence and professional competence will be satisfied; and
(b) The engagement exhibits all of the following characteristics: (i) The subject matter is appropriate;
(ii) The criteria to be used are suitable and are available to the intended users;
(iii) The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion;
(iv) The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a limited assurance engagement, is to be contained in a written report; and (v) The practitioner is satisfied that there is a rational purpose for
the engagement. If there is a significant limitation on the scope of the practitioner’s work (see paragraph 55), it may be unlikely that the engagement has a rational purpose. Also, a practitioner may believe the engaging party intends to associate the practitioner’s name with the subject matter in an inappropriate manner (see paragraph 61).
Specific ISAs, ISREs or ISAEs may include additional requirements that need to be satisfied prior to accepting an engagement.
18. When a potential engagement cannot be accepted as an assurance engagement because it does not exhibit all the characteristics in the previous paragraph, the engaging party may be able to identify a different engagement that will meet the needs of intended users. For example:
(i) The engaging party can identify an aspect of the original subject matter for which those criteria are suitable, and the practitioner could perform an assurance engagement with respect to that aspect as a subject matter in its own right. In such cases, the assurance report makes it clear that it does not relate to the original subject matter in its entirety; or
(ii) Alternative criteria suitable for the original subject matter can be selected or developed.
(b) The engaging party may request an engagement that is not an assurance engagement, such as a consulting or an agreed-upon procedures engagement.
19. Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable justification. A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of the engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner does not disregard evidence that was obtained prior to the change.
Elements of an Assurance Engagement
20. The following elements of an assurance engagement are discussed in this section:
(a) A three party relationship involving a practitioner, a responsible party, and intended users;
(b) An appropriate subject matter; (c) Suitable criteria;
(d) Sufficient appropriate evidence; and
(e) A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement.
Three Party Relationship
21. Assurance engagements involve three separate parties: a practitioner, a responsible party and intended users.
FRAM
EW
O
R
K
may engage a practitioner to perform an assurance engagement on a particular aspect of the entity’s activities that is the immediate responsibility of a lower level of management (the responsible party), but for which senior management is ultimately responsible.
Practitioner
23. The term “practitioner” as used in this Framework is broader than the term “auditor” as used in ISAs and ISREs, which relates only to practitioners performing audit or review engagements with respect to historical financial information.
24. A practitioner may be requested to perform assurance engagements on a wide range of subject matters. Some subject matters may require specialized skills and knowledge beyond those ordinarily possessed by an individual practitioner. As noted in paragraph 17 (a), a practitioner does not accept an engagement if preliminary knowledge of the engagement circumstances indicates that ethical requirements regarding professional competence will not be satisfied. In some cases this requirement can be satisfied by the practitioner using the work of persons from other professional disciplines, referred to as experts. In such cases, the practitioner is satisfied that those persons carrying out the engagement collectively possess the requisite skills and knowledge, and that the practitioner has an adequate level of involvement in the engagement and understanding of the work for which any expert is used. Responsible Party
25. The responsible party is the person (or persons) who:
(a) In a direct reporting engagement, is responsible for the subject matter; or
26. The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures the subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users. In a direct reporting engagement, the practitioner may not be able to obtain such a representation when the engaging party is different from the responsible party.
Intended Users
27. The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report. The responsible party can be one of the intended users, but not the only one.
28. Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. The practitioner may not be able to identify all those who will read the assurance report, particularly where there is a large number of people who have access to it. In such cases, particularly where possible readers are likely to have a broad range of interests in the subject matter, intended users may be limited to major stakeholders with significant and common interests. Intended users may be identified in different ways, for example, by agreement between the practitioner and the responsible party or engaging party, or by law.
29. Whenever practical, intended users or their representatives are involved with the practitioner and the responsible party (and the engaging party if different) in determining the requirements of the engagement. Regardless of the involvement of others however, and unlike an agreed-upon procedures engagement (which involves reporting findings based upon the procedures, rather than a conclusion):
(a) The practitioner is responsible for determining the nature, timing and extent of procedures; and
(b) The practitioner is required to pursue any matter the practitioner becomes aware of that leads the practitioner to question whether a material modification should be made to the subject matter information.
FRAM
EW
O
R
K
engagement can take many forms, such as:
• Financial performance or conditions (for example, historical or prospective financial position, financial performance and cash flows) for which the subject matter information may be the recognition, measurement, presentation and disclosure represented in financial statements.
• Non-financial performance or conditions (for example, performance of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness.
• Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document.
• Systems and processes (for example, an entity’s internal control or IT system) for which the subject matter information may be an assertion about effectiveness.
• Behavior (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness.
32. Subject matters have different characteristics, including the degree to which information about them is qualitative versus quantitative, objective versus subjective, historical versus prospective, and relates to a point in time or covers a period. Such characteristics affect the:
(a) Precision with which the subject matter can be evaluated or measured against criteria; and
(b) The persuasiveness of available evidence.
The assurance report notes characteristics of particular relevance to the intended users.
33. An appropriate subject matter is:
(a) Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and
Criteria
34. Criteria are the benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for presentation and disclosure. Criteria can be formal, for example in the preparation of financial statements, the criteria may be International Financial Reporting Standards or International Public Sector Accounting Standards; when reporting on internal control, the criteria may be an established internal control framework or individual control objectives specifically designed for the engagement; and when reporting on compliance, the criteria may be the applicable law, regulation or contract. Examples of less formal criteria are an internally developed code of conduct or an agreed level of performance (such as the number of times a particular committee is expected to meet in a year).
35. Suitable criteria are required for reasonably consistent evaluation or measurement of a subject matter within the context of professional judgment. Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Suitable criteria are context-sensitive, that is, relevant to the engagement circumstances. Even for the same subject matter there can be different criteria. For example, one responsible party might select the number of customer complaints resolved to the acknowledged satisfaction of the customer for the subject matter of customer satisfaction; another responsible party might select the number of repeat purchases in the three months following the initial purchase.
36. Suitable criteria exhibit the following characteristics:
(a) Relevance: relevant criteria contribute to conclusions that assist decision-making by the intended users.
(b) Completeness: criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure.
(c) Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the subject matter including, where relevant, presentation and disclosure, when used in similar circumstances by similarly qualified practitioners.
(d) Neutrality: neutral criteria contribute to conclusions that are free from bias.
FRAM
37. The practitioner assesses the suitability of criteria for a particular engagement by considering whether they reflect the above characteristics. The relative importance of each characteristic to a particular engagement is a matter of judgment. Criteria can either be established or specifically developed. Established criteria are those embodied in laws or regulations, or issued by authorized or recognized bodies of experts that follow a transparent due process. Specifically developed criteria are those designed for the purpose of the engagement. Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement.
38. Criteria need to be available to the intended users to allow them to understand how the subject matter has been evaluated or measured. Criteria are made available to the intended users in one or more of the following ways:
(a) Publicly.
(b) Through inclusion in a clear manner in the presentation of the subject matter information.
(c) Through inclusion in a clear manner in the assurance report.
(d) By general understanding, for example the criterion for measuring time in hours and minutes.
Criteria may also be available only to specific intended users, for example the terms of a contract, or criteria issued by an industry association that are available only to those in the industry. When identified criteria are available only to specific intended users, or are relevant only to a specific purpose, use of the assurance report is restricted to those users or for that purpose.8
Evidence
39. The practitioner plans and performs an assurance engagement with an attitude of professional skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material misstatement. The practitioner considers materiality, assurance engagement risk, and the quantity and quality of available evidence when planning and performing the
8
While an assurance report may be restricted whenever it is intended only for specified intended users or
engagement, in particular when determining the nature, timing and extent of evidence-gathering procedures.
Professional Skepticism
40. The practitioner plans and performs an assurance engagement with an attitude of professional skepticism recognizing that circumstances may exist that cause the subject matter information to be materially misstated. An attitude of professional skepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. For example, an attitude of professional skepticism is necessary throughout the engagement process for the practitioner to reduce the risk of overlooking suspicious circumstances, of over generalizing when drawing conclusions from observations, and of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and evaluating the results thereof.
41. An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected to be an expert in such authentication. However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies, facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and maintenance where relevant.
Sufficiency and Appropriateness of Evidence
42. Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of evidence; that is, its relevance and its reliability. The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality, the less may be required). Accordingly, the sufficiency and appropriateness of evidence are interrelated. However, merely obtaining more evidence may not compensate for its poor quality.
43. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of evidence can be made; however, such generalizations are subject to important exceptions. Even when evidence is obtained from sources external to the entity, circumstances may exist that could affect the reliability of the information obtained. For example, evidence obtained from an independent external source may not be reliable if the source is not knowledgeable. While recognizing that exceptions may exist, the following generalizations about the reliability of evidence may be useful:
FRAM
EW
O
R
K
• Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable than evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
• Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of what was discussed).
• Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.
44. The practitioner ordinarily obtains more assurance from consistent evidence obtained from different sources or of a different nature than from items of evidence considered individually. In addition, obtaining evidence from different sources or of a different nature may indicate that an individual item of evidence is not reliable. For example, corroborating information obtained from a source independent of the entity may increase the assurance the practitioner obtains from a representation from the responsible party. Conversely, when evidence obtained from one source is inconsistent with that obtained from another, the practitioner determines what additional evidence-gathering procedures are necessary to resolve the inconsistency.
45. In terms of obtaining sufficient appropriate evidence, it is generally more difficult to obtain assurance about subject matter information covering a period than about subject matter information at a point in time. In addition, conclusions provided on processes ordinarily are limited to the period covered by the engagement; the practitioner provides no conclusion about whether the process will continue to function in the specified manner in the future. 46. The practitioner considers the relationship between the cost of obtaining
evidence and the usefulness of the information obtained. However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence-gathering procedure for which there is no alternative. The practitioner uses professional judgment and exercises professional skepticism in evaluating the quantity and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.
Materiality
the intended users. For example, when the identified criteria allow for variations in the presentation of the subject matter information, the practitioner considers how the adopted presentation might influence the decisions of the intended users. Materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests of the intended users. The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement are matters for the practitioner’s judgment.
Assurance Engagement Risk
48. Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated.9 In a reasonable assurance engagement, the practitioner reduces assurance engagement risk to an acceptably low level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of expression of the practitioner’s conclusion. The level of assurance engagement risk is higher in a limited assurance engagement than in a reasonable assurance engagement because of the different nature, timing or extent of evidence-gathering procedures. However in a limited assurance engagement, the combination of the nature, timing and extent of evidence-gathering procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative form of expression. To be meaningful, the level of assurance obtained by the practitioner is likely to enhance the intended users’ confidence about the subject matter information to a degree that is clearly more than inconsequential.
49. In general, assurance engagement risk can be represented by the following components, although not all of these components will necessarily be present or significant for all assurance engagements:
(a) The risk that the subject matter information is materially misstated, which in turn consists of:
(i) Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls; and
9
(a) This includes the risk, in those direct reporting engagements where the subject matter information
is presented only in the practitioner’s conclusion, that the practitioner inappropriately concludes that the subject matter does, in all material respects, conform with the criteria, for example: “In our opinion, internal control is effective, in all material respects, based on XYZ criteria.”
FRAM
EW
O
R
K
timely basis by related internal controls. When control risk is relevant to the subject matter, some control risk will always exist because of the inherent limitations of the design and operation of internal control; and
(b) Detection risk: the risk that the practitioner will not detect a material misstatement that exists.
The degree to which the practitioner considers each of these components is affected by the engagement circumstances, in particular by the nature of the subject matter and whether a reasonable assurance or a limited assurance engagement is being performed.
Nature, Timing and Extent of Evidence-gathering Procedures
50. The exact nature, timing and extent of evidence-gathering procedures will vary from one engagement to the next. In theory, infinite variations in evidence-gathering procedures are possible. In practice, however, these are difficult to communicate clearly and unambiguously. The practitioner attempts to communicate them clearly and unambiguously and uses the form appropriate to a reasonable assurance engagement or a limited assurance engagement.10 51. “Reasonable assurance” is a concept relating to accumulating evidence
necessary for the practitioner to conclude in relation to the subject matter information taken as a whole. To be in a position to express a conclusion in the positive form required in a reasonable assurance engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part of an iterative, systematic engagement process involving:
(a) Obtaining an understanding of the subject matter and other engagement circumstances which, depending on the subject matter, includes obtaining an understanding of internal control;
(b) Based on that understanding, assessing the risks that the subject matter information may be materially misstated;
(c) Responding to assessed risks, including developing overall responses, and determining the nature, timing and extent of further procedures; (d) Performing further procedures clearly linked to the identified risks,
using a combination of inspection, observation, confirmation, re-calculation, re-performance, analytical procedures and inquiry. Such
10
Where the subject matter information is made up of a number of aspects, separate conclusions may be
further procedures involve substantive procedures including, where applicable, obtaining corroborating information from sources independent of the responsible party, and depending on the nature of the subject matter, tests of the operating effectiveness of controls; and (e) Evaluating the sufficiency and appropriateness of evidence.
52. “Reasonable assurance” is less than absolute assurance. Reducing assurance engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the following:
• The use of selective testing.
• The inherent limitations of internal control.
• The fact that much of the evidence available to the practitioner is persuasive rather than conclusive.
• The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence.
• In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria.
FRAM
EW
O
R
K
(a) The characteristics of the subject matter and subject matter information. For example, less objective evidence might be expected when information about the subject matter is future oriented rather than historical (see paragraph 32); and
(b) Circumstances of the engagement other than the characteristics of the subject matter, when evidence that could reasonably be expected to exist is not available because of, for example, the timing of the practitioner’s appointment, an entity’s document retention policy, or a restriction imposed by the responsible party.
Ordinarily, available evidence will be persuasive rather than conclusive. 55. An unqualified conclusion is not appropriate for either type of assurance
engagement in the case of a material limitation on the scope of the practitioner’s work, that is, when:
(a) Circumstances prevent the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level; or
(b) The responsible party or the engaging party imposes a restriction that prevents the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level.
Assurance Report
56. The practitioner provides a written report containing a conclusion that conveys the assurance obtained about the subject matter information. ISAs, ISREs and ISAEs establish basic elements for assurance reports. In addition, the practitioner considers other reporting responsibilities, including communicating with those charged with governance when it is appropriate to do so.
57. In an assertion-based engagement, the practitioner’s conclusion can be worded either:
(a) In terms of the responsible party’s assertion (for example: “In our opinion the responsible party’s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated”); or
(b) Directly in terms of the subject matter and the criteria (for example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria”).
58. In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive form, for example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria.” This form of expression conveys “reasonable assurance.” Having performed evidence-gathering procedures of a nature, timing and extent that were reasonable given the characteristics of the subject matter and other relevant engagement circumstances described in the assurance report, the practitioner has obtained sufficient appropriate evidence to reduce assurance engagement risk to an acceptably low level.
59. In a limited assurance engagement, the practitioner expresses the conclusion in the negative form, for example, “Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria.” This form of expression conveys a level of “limited assurance” that is proportional to the level of the practitioner’s evidence-gathering procedures given the characteristics of the subject matter and other engagement circumstances described in the assurance report.
60. A practitioner does not express an unqualified conclusion for either type of assurance engagement when the following circumstances exist and, in the practitioner’s judgment, the effect of the matter is or may be material:
(a) There is a limitation on the scope of the practitioner’s work (see paragraph 55). The practitioner expresses a qualified conclusion or a disclaimer of conclusion depending on how material or pervasive the limitation is. In some cases the practitioner considers withdrawing from the engagement.
(b) In those cases where:
(i) The practitioner’s conclusion is worded in terms of the responsible party’s assertion, and that assertion is not fairly stated, in all material respects; or
(ii) The practitioner’s conclusion is worded directly in terms of the subject matter and the criteria, and the subject matter information is materially misstated,11
the practitioner expresses a qualified or adverse conclusion depending on how material or pervasive the matter is.
11
FRAM
EW
O
R
K
assurance engagement. The practitioner expresses:
(i) A qualified conclusion or adverse conclusion depending on how material or pervasive the matter is, when the unsuitable criteria or inappropriate subject matter is likely to mislead the intended users; or
(ii) A qualified conclusion or a disclaimer of conclusion depending on how material or pervasive the matter is, in other cases. In some cases the practitioner considers withdrawing from the engagement.
Inappropriate Use of the Practitioner’s Name
Public Sector Perspective
FRAM
EW
O
R
K
Differences Between Reasonable Assurance Engagements and
Limited Assurance Engagements
This Appendix outlines the differences between a reasonable assurance engagement and a limited assurance engagement discussed in the Framework (see in particular the referenced paragraphs).
AU
DI
TI
NG
INTER-BANK CONFIRMATION PROCEDURES
(This Statement is effective)
CONTENTS
Paragraph Introduction ... 1–4
The Need for Confirmation ... 5 Use of Confirmation Requests ... 6–9 Preparation and Dispatch of Requests and Receipt of Replies ... 10–12 Content of Confirmation Requests ... 13–20 Appendix: Glossary
International Auditing Practice Statement (IAPS) 1000, “Inter-bank Confirmation Procedures” should be read in the context of the “Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services,” which sets out the application and authority of IAPSs.
This International Auditing Practice Statement was prepared and approved jointly by the International Auditing Practices Committee of the International Federation of Accountants and the Committee on Banking Regulations and Supervisory Practices of the Group of Ten major industrialized countries and Switzerland in November 1983 for publication in February 1984.
Introduction
1. The purpose of this International Auditing Practice Statement (IAPS) is to provide assistance on inter-bank confirmation procedures to the external independent auditor and also to bank management, such as internal auditors or inspectors. The guidance contained in this IAPS should contribute to the effectiveness of inter-bank confirmation procedures and to the efficiency of processing replies.
2. An important audit step in the examination of bank financial statements and related information is to request direct confirmation from other banks of both balances and other amounts which appear in the balance sheet and other information which may not be shown on the face of the balance sheet but which may be disclosed in the notes to the accounts. Off balance sheet items requiring confirmation include, such items as guarantees, forward purchase and sale commitments, repurchase options, and offset arrangements. This type of audit evidence is valuable because it comes directly from an independent source and, therefore, provides greater assurance of reliability than that obtained solely from the bank’s own records.
3. The auditor, in seeking to obtain inter-bank confirmations, may encounter difficulties in relation to language, terminology, consistent interpretation and scope of matters covered by the reply. Frequently, these difficulties result from the use of different kinds of confirmation requests or misunderstandings about what they are intended to cover.
4. Audit procedures may differ from country to country, and consequently local practices will have relevance to the way in which inter-bank confirmation procedures are applied. While this IAPS does not purport to describe a comprehensive set of audit procedures, nevertheless, it does emphasize some important steps which should be followed in the use of a confirmation request.
The Need for Confirmation
5. An essential feature of management control over business relations, with individuals or groups of financial institutions, is the ability to obtain confirmation of transactions with those institutions and of the resulting positions. The requirement for bank confirmation arises from the need of the bank’s management and its auditors to confirm the financial and business relationships between the following:
• The bank and other banks within the same country.
• The bank and other banks in different countries.
• The bank and its non-bank customers.
AU
DI
TI
NG
and offset agreements.
Use of Confirmation Requests
6. The guidance set out in the following paragraphs is designed to assist banks and their auditors to obtain independent confirmation of financial and business relationships within other banks. However, there may be occasions on which the approach described within this IAPS may also be appropriate to confirmation procedures between the bank and its non-bank customers. The procedures described are not relevant to the routine inter-bank confirmation procedures which are carried out in respect to the day to day commercial transactions conducted between banks.
7. The auditor should decide from which bank or banks to request confirmation, have regard to such matters as size of balances, volume of activity, degree of reliance on internal controls, and materiality within the context of the financial statements. Tests of particular activities of the bank may be structured in different ways and confirmation requests may, therefore, be limited solely to inquiries about those activities. Requests for confirmation of individual transactions may either form part of the test of a bank’s system of internal control or be a means of verifying balances appearing in a bank’s financial statements at a particular date. Therefore, confirmation requests should be designed to meet the particular purpose for which they are required.
8. The auditor should determine which of the following approaches is the most appropriate in seeking confirmation of balances or other information from another bank:
• Listing balances and other information, and requesting confirmation of their accuracy and completeness.
• Requesting details of balances and other information, which can then be compared with the requesting bank’s records.
In determining which of the above approaches is the most appropriate, the auditor should weigh the quality of audit evidence he requires in the particular circumstances against the practicality of obtaining a reply from the confirming bank.
Preparation and Dispatch of Requests and Receipt of Replies
10. The auditor should determine the appropriate location to which the confirmation request should be sent, for example a department, such as internal audit, inspection and other specialist department, which may be designated by the confirming bank as responsible for replying to confirmation requests. It may be appropriate, therefore, to direct confirmation requests to the head office of the bank (in which such departments are often located) rather than to the location where balances and other relevant information are held. In other situations, the appropriate location may be the local branch of the confirming bank.
11. Whenever possible, the confirmation request should be prepared in the language of the confirming bank or in the language normally used for business purposes. 12. Control over the content and dispatch of confirmation requests is the
responsibility of the auditor. However, it will be necessary for the request to be authorized by the requesting bank. Replies should be returned directly to the auditor and to facilitate such a reply, a pre-addressed envelope should be enclosed with the request.
Content of Confirmation Requests
13. The form and content of a confirmation request letter will depend on the purpose for which it is required, on local practices and on the requesting bank’s account procedures, for example, whether or not it makes extensive use of electronic data processing.
14. The confirmation request should be prepared in a clear and concise manner to ensure ready comprehension by the confirming bank.
15. Not all information for which confirmation is usually sought will be required at the same time. Accordingly, request letters may be sent at various times during the year dealing with particular aspects of the inter-bank relationship.
16. The most commonly requested information is in respect of balances due to or from the requesting bank on current, deposit, loan and other accounts. The request letter should provide the account description, number and the type of currency for the account. It may also be advisable to request information about nil balances on correspondent accounts, and correspondent accounts which were closed in the twelve months prior to the chosen confirmation date. The requesting bank may ask for confirmation not only of the balances on accounts but also, where it may be helpful, other information, such as the maturity and interest terms, unused facilities, lines of credit/standby facilities, any offset or other rights or encumbrances, and details of any collateral given or received. 17. An important part of banking business relates to the control of those
AU
DI
TI
NG
sought both of the contingent liabilities of the requesting bank to the confirming bank and of the confirming bank to the requesting bank. The details supplied or requested should describe the nature of the contingent liabilities together with their currency and amount.
18. Confirmation of asset repurchase and resale agreements and options outstanding at the relevant date should also be sought. Such confirmation should describe the asset covered by the agreement, the date the transaction was contracted, its maturity date, and the terms on which it was completed.
19. Another category of information, for which independent confirmation is often requested at a date other than the transaction date, concerns forward currency, bullion, securities and other outstanding contracts. It is well established practice for banks to confirm transactions with other banks as they are made. However, it is the practice for audit purposes to confirm independently a sample of transactions selected from a period of time or to confirm all the unmatured transactions with a counterparty. The request should give details of each contract including its number, the deal date, the maturity or value date, the price at which the deal was transacted and the currency and amount of the contract bought and sold, to and from, the requesting bank.
Appendix
Glossary
This Appendix defines certain terms used in this Statement. The list is not intended to include all terms used in an inter-bank confirmation request. Definitions have been given within a banking context, although usage and legal application may differ.
Collateral
Security given by a borrower to a lender as a pledge for repayment of a loan, rarely given in the case of inter-bank business. Such lenders thus become secured creditors; in the event of default, such creditors are entitled to proceed against collateral in settlement of their claim. Any kind of property may be employed as collateral. Examples of collateral are: real estate, bonds, stocks, notes, acceptances, chattels, bills of lading, warehouse receipts and assigned debts.
Contingent Liabilities
Potential liabilities, which only crystallize upon the fulfillment of or the failure to fulfill certain conditions. They may arise from the sale, transfer, endorsement, or guarantee of negotiable instruments or from other financial transactions. For example, they may result from:
• Re-discount of notes receivable, trade and bank acceptances arising under commercial letters of credit;
• Guarantees given; or
• Letters of support or comfort.
Encumbrance
A claim or lien, such as a mortgage upon real property, which diminishes the owner’s equity in the property.
Offset
The right of a bank, normally evidenced in writing, to take possession of any account balances that a guarantor or debtor may have with it to cover the obligations to the bank of the guarantor, debtor or third party.
Options
AU
DI
TI
NG
notes, securities, or both property at the expiration of a period of time, or the completion of certain conditions, or both.
Safe Custody
A facility offered by banks to their customers to store valuable property for safe keeping.
Line of Credit/Standby Facility
PRACTICE STATEMENT 1004
THE RELATIONSHIP BETWEEN BANKING
SUPERVISORS AND BANKS’ EXTERNAL AUDITORS
(This Statement is effective)
CONTENTS
Paragraph Introduction ... 1–7
The Responsibility of the Bank’s Board of Directors
and Management ... 8–13 The Role of the Bank’s External Auditor ... 14–27 The Role of the Banking Supervisor ... 28–45 The Relationship Between the Banking Supervisor and the
Bank’s External Auditor ... 46–55 Additional Requests for the External Auditor to Contribute
to the Supervisory Process ... 56–67 The Need for a Continuing Dialogue Between Banking
AU
DI
TI
NG
Banking Supervisors and Banks’ External Auditors” should be read in the context of the “Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services,” which sets out the application and authority of IAPSs.
This International Auditing Practice Statement has been prepared in association with the Basel Committee on Banking Supervision∗ (the Basel Committee). It was approved for publication by the International Auditing Practices Committee and by the Basel Committee. It is based on ISAs extant at October 1, 2001.
Banks play a vital role in economic life and the continued strength and stability of the banking system is a matter of general public concern. The separate roles of banking supervisors and external auditors are important in this regard. The growing complexity of banking makes it necessary that there be greater mutual understanding and, where appropriate, more communication between banking supervisors and external auditors. The purpose of this Statement is to provide information and guidance on how the relationship between bank auditors and supervisors can be strengthened to mutual advantage, and it takes into account the Basel Committee’s Core Principles for Effective Banking Supervision. However, as the nature of this relationship varies significantly from country to country the guidance may not be applicable in its entirety to all countries. The International Auditing Practices Committee and the Basel Committee hope, however, that it will provide useful guidance about the respective roles of the banking supervisors and external auditors in the many countries where the links are close or where the relationship is currently under study.
∗
The Basel Committee on Banking Supervision is a committee of banking supervisory authorities which
Introduction
1. Banks play a central role in the economy. They hold the savings of the public, provide a means of payment for goods and services and finance the development of business and trade. To perform these functions securely and efficiently, individual banks must command the confidence of the public and those with whom they do business. The stability of the banking system, both nationally and internationally, has therefore come to be recognized as a matter of general public interest. This public interest is reflected in the way banks in almost all countries, unlike most other commercial enterprises, are subject to prudential supervision by central banks or specific official agencies.
2. Banks’ financial statements are also subject to audit by external auditors. The external auditor conducts the audit in accordance with applicable ethical and auditing standards, including those calling for independence, objectivity, professional competence and due care, and adequate planning and supervision. The auditor’s opinion lends credibility to the financial statements and promotes confidence in the banking system.
3. As the business of banking grows in complexity, both nationally and internationally, the tasks of banking supervisors and external auditors are becoming more and more demanding. In many respects, banking supervisors and external auditors face similar challenges and, increasingly, their roles are being perceived as complementary. Not only do banking supervisors benefit from the results of the auditors’ work, but they may also turn to the external auditor to undertake additional tasks when these tasks contribute to the performance of their supervisory roles. At the same time, external auditors, in carrying out their role, also look to banking supervisors for information that can help in discharging their responsibilities more effectively.
4. The International Auditing Practices Committee and the Basel Committee share the view that greater mutual understanding about the respective roles and responsibilities of banking supervisors and external auditors and, where appropriate, communication between them improves the effectiveness of audits of banks’ financial statements and supervision to the benefit of both disciplines. 5. The roles and responsibilities of a bank’s board of directors1 and management,
the bank’s external auditors, and the banking supervisors in different countries
1
The notions of “board of directors” and “management” are used, not to identify legal constructs, but rather
AU
DI
TI
NG
Rather, it is intended to provide a better understanding of the nature of the roles of bank’s boards of directors and management, external auditors, and banking supervisors, since misconceptions about such roles could lead to inappropriate reliance being placed by one on the work of another. This Statement seeks to remove possible misconceptions and suggests how each might make more effective use of the work performed by the other. The Statement accordingly:
(a) Sets out the primary responsibility of the board of directors and management (paragraphs 8–13);
(b) Examines the essential features of the role of external auditors (paragraphs 14–27);
(c) Examines the essential features of the role of banking supervisors (paragraphs 28–45);
(d) Reviews the relationship between the banking supervisor and the bank’s external auditor (paragraphs 46–55); and
(e) Describes additional ways in which external auditors and the accountancy profession can contribute to the supervisory process (paragraphs 56–70).
6. In September 1997 the Basel Committee published its Core Principles for Effective Banking Supervision, known as the Basel Core Principles. The Basel Core Principles (which are used in country assessments by organizations such as the World Bank and the International Monetary Fund) are intended to serve as a basic reference for an effective supervisory system internationally and in all countries. This Statement has been prepared taking into account the Basel Core Principles.
The Responsibility of the Bank’s Board of Directors and the
Management
8. The primary responsibility for the conduct of the business of a bank is vested in the board of directors and the management appointed by it. This responsibility includes, among other things, ensuring that:
• Those entrusted with banking tasks have sufficient expertise and integrity and that there are experienced staff in key positions;
• Adequate policies, practices and procedures related to the different activities of the bank are established and complied with, including the following:
○ The promotion of high ethical and professional standards. ○ Systems that accurately identify and measure all material risks
and adequately monitor and control these risks.
○ Adequate internal controls, organizational structures and accounting procedures.
○ The evaluation of the quality of assets and their proper recognition and measurement.
○ “Know your customer” rules that prevent the bank being used, intentionally or unintentionally, by criminal elements.
○ The adoption of a suitable control environment, aimed at meeting the bank’s prescribed performance, information and compliance objectives.
○ The testing of compliance and the evaluation of the effectiveness of internal controls by the internal audit function.
• Appropriate management information systems are established;
• The bank has appropriate risk management policies and procedures;
• Statutory and regulatory directives, including directives regarding solvency and liquidity, are observed; and
• The interests not only of the shareholders but also of the depositors and other creditors are adequately protected.
AU
DI
TI
NG
regulation to obtain.
10. In many countries, audit committees have been set up to meet the practical difficulties that may arise in the board of directors fulfilling its task of ensuring the existence and maintenance of an adequate system of internal controls. In addition, such a committee reinforces both the internal control system and the internal audit function. In order to reinforce the audit committee’s effectiveness, the internal and external auditors should be allowed and encouraged to attend the meetings of the audit committee. Regular meetings of the audit committee with the internal and external auditors help enhance the external auditor’s independence and the credibility of the internal auditors, and assist the audit committee to perform its key role on strengthening corporate governance. In some countries, law or regulations prescribe that such meetings must take place. 11. When so required by the board of directors or by applicable law or regulations, management is responsible for the establishment and the effective operation of a permanent internal audit function in a bank appropriate to its size and to the nature of its operations. This function is part of the ongoing monitoring of the system of internal controls because it provides an assessment of the adequacy of, and compliance with, the bank’s established policies and procedures and assurance as to the adequacy, effectiveness and sustainability of the bank’s risk management and control procedures and infrastructure independent of those with day-to-day responsibility for complying with those policies and procedures. In fulfilling its duties and responsibilities, management should take all necessary measures to ensure that there is a continuous and adequate internal audit function.
12. In order to be fully effective, the internal audit function should be independent of the organizational activities it audits or reviews and also should be independent from the every day internal control process. Every activity and every division, subsidiary or other component of the banking organization should fall within the scope of the internal audit function’s review. The professional competence of each internal auditor and of the internal audit function as a whole is essential for the proper performance of that function. Therefore, the internal audit function should be adequately staffed with persons of the appropriate skills and technical competence who are free from operating responsibilities. The internal audit function should regularly report to the board
2
In some countries, branches of overseas banks are only required to provide financial information (including
of directors and management on the performance of the internal control and risk management systems and on the achievement of the internal audit function’s objectives. Management should establish and approve a procedure ensuring the consideration and, if appropriate, the implementation of the internal audit function’s recommendations.
13. The responsibilities of the board of directors and management are in no way diminished by the existence of a system for the supervision of banks by banking supervisors or by a requirement for the bank’s financial statements to be audited by an external auditor.
The Role of the Bank’s External Auditor
14. The objective of an audit of a bank’s financial statements by an external auditor is to enable an independent auditor to express an opinion as to whether the bank’s financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. The financial statements ordinarily will have been prepared according to the financial reporting framework of the country in which the bank has its head office,3 and in accordance with any relevant regulations laid down by regulators in that country. Financial reporting frameworks may differ from country to country, and the financial reporting regime for banks in any given country may be quite different from the regimes for other commercial entities. The auditor’s opinion on the financial statements, therefore, will be expressed in terms of the applicable national framework and regulations. It is possible for financial statements prepared under different frameworks and regulations to differ substantially while still being in accordance with the applicable national requirements. For this reason, ISA 700, “The Auditor’s Report on Financial Statements”4 requires the auditor to identify the country of origin of the financial reporting framework used to prepare the financial statements when that financial reporting framework is not International Accounting Standards. 15. The external auditor’s report is appropriately addressed as required by the
circumstances of the engagement, ordinarily to either the shareholders or the board of directors. However, the report may be available to many other parties, such as depositors, other creditors and supervisors. The auditor’s opinion helps to establish the credibility of the financial statements. The auditor’s opinion, however, should not be interpreted as providing assurance on the future viability of the bank or an opinion as to the efficiency or
3
In some countries, reporting in accordance with internationally accepted accounting standards, such
as those issued or adopted by the International Accounting Standards Board, also is permitted.
4
ISA 700, “The Auditor’s Report on Financial Statements” was withdrawn when ISA 700, “The
