PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS

Focus Notes
Introduction

This Framework provides a reference for:

a. Professional accountants in public practice (“practitioners”) when performing
assurance engagements.
b. Others involved with assurance engagements, including the intended users of an
assurance report and the responsible party; and
c. The International Auditing and Assurance Standards board in its development of
ISA’s, ISREs and ISAEs and, consequently, the Auditing Standards and Practices
Council in its adoption of said standards for application in the Philippines.

Ethical Principles and Quality Control Standards

In addition to this Framework and PSAs, PSREs and PSAEs, practitioners who perform
assurance engagements are governed by:
a. the Code of Ethics for Professional Accountants in the Philippines (the Philippine
Code), which is adopted from the IFAC Code of Ethics for Professional Accountants,
which establishes fundamental ethical principles for professional accountants; and
b. Philippine Standards on Quality Control (PSQCs), which are adopted from the
International Standards on Quality Control, which establish standards and provide
guidance on a firm’s system of quality control.

Part A of the Code sets out the fundamental ethical principles that all professional accountants
are required to observe, including:
(a) Integrity;
(b) Objectivity;
(c) Professional competence and due care;
(d) Confidentiality; and
(e) Professional behavior.

Part B of the Code, which applies only to professional accountants in public practice
(“practitioners”), includes a conceptual approach to independence that takes into account, for
each assurance engagement, threats to independence, accepted safeguards and the public
interest. It requires firms and members of assurance teams to identify and evaluate
circumstances and relationships that create threats to independence and to take appropriate
action to eliminate these threats or to reduce them to an acceptable level by the application of
safeguards.

Definition and Objective of an Assurance Engagement

“Assurance engagement” means an engagement in which a practitioner expresses a conclusion

designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria.

Subject matter information can fail to be properly expressed in the context of the subject matter
and the criteria, and can therefore be misstated, potentially to a material extent. This occurs
when the subject matter information does not properly reflect the application of the criteria to the
subject matter.

In some assurance engagements, the evaluation or measurement of the subject matter is

performed by the responsible party, and the subject matter information is in the form of an
assertion by the responsible party that is made available to the intended users. These
engagements are called “assertion-based engagements.” In other assurance engagements, the
practitioner either directly performs the evaluation or measurement of the subject matter, or
obtains a representation from the responsible party that has performed the evaluation or
measurement that is not available to the intended users. The subject matter information is
provided to the intended users in the assurance report. These engagements are called “direct
reporting engagements.”

Under this Framework, there are two types of assurance engagement a practitioner is permitted
to perform: a reasonable assurance engagement and a limited assurance engagement. The
objective of a reasonable assurance engagement is a reduction in assurance engagement risk
to an acceptably low level in the circumstances of the engagement as the basis for a positive
form of expression of the practitioner’s conclusion. The objective of a limited assurance
engagement is a reduction in assurance engagement risk to a level that is acceptable in the
circumstances of the engagement, but where that risk is greater than for a reasonable
assurance engagement, as the basis for a negative form of expression of the practitioner’s
conclusion.

Scope of the Framework

Not all engagements performed by practitioners are assurance engagements. Other frequently
performed engagements that do not meet the above definition (and therefore are not covered by
this Framework) include:

• Engagements covered by Philippine Standards for Related Services, such as agreed-

upon procedures engagements and compilations of financial or other information.

• The preparation of tax returns where no conclusion conveying assurance is expressed.

• Consulting (or advisory) engagements, such as management and tax consulting.

The following engagements, need not be performed in accordance with this Framework:
(a) Engagements to testify in legal proceedings regarding accounting, auditing, taxation
or other matters; and
(b) Engagements that include professional opinions, views or wording from which a user
may derive some assurance, if all of the following apply:
i. Those opinions, views or wording are merely incidental to the overall
engagement;
i. Any written report issued is expressly restricted for use by only the
intended users specified in the report;
ii. Under a written understanding with the specified intended users, the
engagement is not intended to be an assurance engagement; and
iii. The engagement is not represented as an assurance engagement in the
professional accountant’s report.

Reports on Non-assurance Engagements

A practitioner reporting on an engagement that is not an assurance engagement within the

scope of this Framework, clearly distinguishes that report from an assurance report. So as not
to confuse users, a report that is not an assurance report avoids, for example:
• Implying compliance with this Framework, PSAs, PSREs or PSAEs.
• Inappropriately using the words “assurance,” “audit” or “review.”
• Including a statement that could reasonably be mistaken for a conclusion designed to
enhance the degree of confidence of intended users about the outcome of the evaluation
or measurement of a subject matter against criteria.

Engagement Acceptance

Having accepted an assurance engagement, a practitioner may not change that engagement to
a non-assurance engagement, or from a reasonable assurance engagement to a limited
assurance engagement without reasonable justification.
A change in circumstances that affects the intended users’ requirements, or a misunderstanding
concerning the nature of the engagement, ordinarily will justify a request for a change in the
engagement. If such a change is made, the practitioner does not disregard evidence that was
obtained prior to the change.
Elements of an Assurance Engagements
1. Three Party Relationship

Practitioner
- a practitioner may be requested to perform assurance engagements on a wide range of
subject matters.
- a practitioner does not accept an engagement if preliminary knowledge of the
engagement circumstances indicates that ethical requirements regarding professional
competence will not be satisfied.

Responsible Party
The responsible party is the person (or persons) who:

(a) In a direct reporting engagement, is responsible for the subject matter; or

(b) In an assertion-based engagement, is responsible for the subject matter information

(the assertion), and may be responsible or the subject matter. The responsible party
may or may not be the party who engages the practitioner (the engaging party).

Intended Users
- the intended users are the person, persons or class of persons for whom the
practitioner prepares the assurance report. The responsible party can be one of the
intended users, but not the only one.

2. Subject Matter

The subject matter, and subject matter information, of an assurance engagement can take
many forms, such as:
• Financial performance or conditions (for example, historical or prospective financial
position, financial performance and cash flows) for which the subject matter information may be
the recognition, measurement, presentation and disclosure represented in financial statements.

• Non-financial performance or conditions (for example, performance of an entity) for

which the subject matter information may be key indicators of efficiency and effectiveness.

• Physical characteristics (for example, capacity of a facility) for which the subject matter
information may be a specifications document.

• Systems and processes (for example, an entity’s internal control or IT system) for
which the subject matter information may be an assertion about effectiveness.

• Behavior (for example, corporate governance, compliance with regulation, human

resource practices) for which the subject matter information maybe a statement of compliance
or a statement of effectiveness.

An appropriate subject matter is:

(a) Identifiable, and capable of consistent evaluation or measurement against the
identified criteria; and
(b) Such that the information about it can be subjected to procedures for gathering
sufficient appropriate evidence to support a reasonable assurance or limited assurance
conclusion, as appropriate.

3. Criteria

Criteria are the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure. Suitable criteria are required for
reasonably consistent evaluation or measurement of a subject matter within the context of
professional judgment.
Suitable criteria exhibit the following characteristics:
a. Relevance: relevant criteria contribute to conclusions that assist decision-making
by the intended users.
 b. Completeness: criteria are sufficiently complete when relevant factors that could
affect the conclusions in the context of the engagement circumstances are not
omitted. Complete criteria include, where relevant, benchmarks for presentation
and disclosure.
c. Reliability: reliable criteria allow reasonably consistent evaluation or
measurement of the subject matter including, where relevant, presentation and
disclosure, when used in similar circumstances by similarly qualified
practitioners.
d. Neutrality: neutral criteria contribute to conclusions that are free from bias.
e. Understandability: understandable criteria contribute to conclusions that are
clear, comprehensive, and not subject to significantly different interpretations.
The evaluation or measurement of a subject matter on the basis of the
practitioner’s own expectations, judgments and individual experience would not
constitute suitable criteria.

Criteria need to be available to the intended users to allow them to understand how the subject
matter has been evaluated or measured. Criteria are made available to the intended users in
one or more of the following ways:
a. Publicly.
b. Through inclusion in a clear manner in the presentation of the subject matter
information.
c. Through inclusion in a clear manner in the assurance report.
d. By general understanding, for example the criterion for measuring time in hours
and minutes.

4. Evidence

The practitioner plans and performs an assurance engagement with an attitude of

professional skepticism to obtain sufficient appropriate evidence about whether the subject
matter information is free of material misstatement. An attitude of professional skepticism
means the practitioner makes a critical assessment, with a questioning mind, of the validity of
evidence obtained and is alert to evidence that contradicts or brings into question the reliability
of documents or representations by the responsible party.
In terms of obtaining sufficient appropriate evidence, it is generally more difficult to
obtain assurance about subject matter information covering a period than about subject matter
information at a point in time. The practitioner considers the relationship between the cost of
obtaining evidence and the usefulness of the information obtained. However, the matter of
difficulty or expense involved is not in itself a valid basis for omitting an evidence gathering
procedure for which there is no alternative. The practitioner uses professional judgment and
exercises professional skepticism evaluating the quantity and quality of evidence, and thus its
sufficiency and appropriateness, to support the assurance report.

Materiality
Materiality is relevant when the practitioner determines the nature, timing and extent of
evidence-gathering procedures, and when assessing whether the subject matter information is
free of misstatement.

Assurance Engagement Risk

Assurance engagement risk is the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
In general, assurance engagement risk can be represented by the following components,
although not all of these components will necessarily be present or significant for all assurance
engagements:
a. The risk that the subject matter information is materially misstated, which in turn
consists of:
i. Inherent risk: the susceptibility of the subject matter information to a
material misstatement, assuming that there are no related controls; and
ii. Control risk: the risk that a material misstatement that could occur will not
be prevented, or detected and corrected, on a timely basis by related
internal controls. When control risk is relevant to the subject matter, some
control risk will always exist because of the inherent limitations of the
design and operation of internal control; and
 b. Detection risk: the risk that the practitioner will not detect a material misstatement
that exists.

Nature, Timing, and Extent of Evidence-Gathering Procedures

The exact nature, timing and extent of evidence-gathering procedures will vary from one
engagement to the next. In theory, infinite variations in evidence-gathering procedures are
possible. In practice, however, these are difficult to communicate clearly and unambiguously.
“Reasonable assurance” is a concept relating to accumulating evidence necessary for
the practitioner to conclude in relation to the subject matter information taken as a whole. To be
in a position to express a conclusion in the positive form required in a reasonable assurance
engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part
of an iterative, systematic engagement process involving:
a. Obtaining an understanding of the subject matter and other engagement
circumstances which, depending on the subject matter, includes obtaining an
understanding of internal control;
b. Based on that understanding, assessing the risks that the subject matter
information may be materially misstated;
c. Responding to assessed risks, including developing overall responses, and
determining the nature, timing and extent of further procedures;
d. Performing further procedures clearly linked to the identified risks, using a
combination of inspection, observation, confirmation, recalculation, re-
performance, analytical procedures and inquiry. Such further procedures involve
substantive procedures including, where applicable, obtaining corroborating
information from sources independent of the responsible party, and depending
on the nature of the subject matter, tests of the operating effectiveness of
controls; and
e. Evaluating the sufficiency and appropriateness of evidence.

“Reasonable assurance” is less than absolute assurance. Reducing assurance

engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as
the following:
 The use of selective testing.
 The inherent limitations of internal control.
 The fact that much of the evidence available to the practitioner is persuasive rather than
conclusive.
 The use of judgment in gathering and evaluating evidence and forming conclusions
based on that evidence.

Quantity and Quality of Available Evidence

The quantity or quality of available evidence is affected by:
a. The characteristics of the subject matter and subject matter information. For
example, less objective evidence might be expected when information about the
subject matter is future oriented rather than historical; and
b. Circumstances of the engagement other than the characteristics of the subject
matter, when evidence that could reasonably be expected to exist is not available
because of, for example, the timing of the practitioner’s appointment, an entity’s
document retention policy, or a restriction imposed by the responsible party.

5. Assurance Report

In an assertion-based engagement, the practitioner’s conclusion can be worded either:

 In terms of the responsible party’s assertion (for example: “In our opinion the
responsible party’s assertion that internal control is effective, in all material
respects, based on XYZ criteria, is fairly stated”); or
 Directly in terms of the subject matter and the criteria (for example: “In our
opinion internal control is effective, in all material respects, based on XYZ
criteria”). In a direct reporting engagement, the practitioner’s conclusion is
worded directly in terms of the subject matter and the criteria.