Re: Proposed Statement on Standards for Attestation Engagements, Attestation Standards: Clarification and Recodification
Size: px
Start display at page:

Download "Re: Proposed Statement on Standards for Attestation Engagements, Attestation Standards: Clarification and Recodification"

Transcription

1 Deloitte & Touche LLP Ten Westport Road PO Box 820 Wilton, CT Tel: Fax: Ms. Sherry Hazel American Institute of Certified Public Accountants 1211 Avenue of the Americas New York, NY Re: Proposed Statement on Standards for Attestation Engagements, Attestation Standards: Clarification and Recodification Dear Ms. Hazel: We appreciate the opportunity to comment on the proposed Statement on Standards for Attestation Engagements, Attestation Standards: Clarification and Recodification (the proposed SSAE ). We are supportive of the clarification of the existing attestation standards through the development of the proposed SSAE and believe that the drafting of the proposed SSAE has generally been completed in accordance with the clarity conventions and criteria adopted by the Auditing Standards Board (the ASB or the Board ). We have responded to questions posed in the explanatory memorandum and provided overall comments on the proposed SSAE, as well as commented on each chapter. In our recommendations for specific changes, additions are noted in bold underline and deletions in double strike-through. Responses to Questions Posed in the Explanatory Memorandum 1. Does the revised structure facilitate understanding and implementing the standards? We believe the general concept of the revised structure facilitates understanding and implementing the standards as it relates to examinations and reviews. However, we believe that the requirements and guidance for agreed-upon procedures engagements (including subject matter specific requirements and guidance) should be presented in a single separate stand-alone chapter within the SSAE and should not be included as presented in the proposed re-structuring as part of chapter 1. This approach would enable a greater number of requirements and application guidance related to examinations and reviews to be included in chapter 1, Concepts Common to All Attestation Engagements. If the ASB decides to keep agreed-upon requirements and guidance together with examination and review requirements and guidance, in our comments on chapter 1, we have identified certain requirements and application guidance that we believe are not applicable to agreed-upon procedures engagements and so have recommended amending these paragraphs to indicate that the requirement or application guidance is applicable to only examination and review engagements.

2 Page 2 of Are the objectives of the practitioner in each of the chapters appropriate? We believe the objectives as drafted are appropriate. 3. Are the substantive and language changes to extant AT sections 20, 50, 101, and 201 made by the exposure draft appropriate? We believe the substantive and language changes to extant AT sections 20, 50, 101 and 201 are generally appropriate. We acknowledge that the mandate of the project was to apply the clarity conventions to the AT standards rather than to substantially revise the standards, and included in this process was consideration of conformity, in certain circumstances, to the requirements and application guidance of other standards including: The AICPA s clarified auditing standards ( AU-Cs ) International Standard on Assurance Engagements ( ISAE ) 3000, Assurance Engagements Other than Audits or Reviews of Historical Financial Information (proposed at the time the proposed SSAE was exposed and now finalized by the International Auditing and Assurance Standards Board) ISAE 3410, Assurance Engagements on Greenhouse Gas Statements We believe that generally the Board has included within the proposed SSAE the appropriate extent of requirements and application guidance from the AU-Cs; however, we encourage the Board to consider whether there are additional requirements and guidance in the AU-Cs, final ISAE 3000 and ISAE 3410 that should also be considered for inclusion in the proposed SSAE, specifically in the areas described by the bullets that follow and in our comments by paragraph below: Fraud, Laws, and Regulations We believe further consideration is needed for the requirements related to fraud, laws, and regulations for an examination engagement in order to determine whether incorporation of additional requirements and application guidance, as would be reasonable and applicable for an attestation engagement, into the proposed SSAE is appropriate. Specific standards for consideration include: o o AU-C Section 240, Consideration of Fraud in a Financial Statement Audit AU-C Section 250, Consideration of Laws and Regulations in a Financial Statement Audit. Obtaining an Understanding of Internal Control We believe further consideration is needed for requirements and application guidance related to obtaining an understanding of internal control as it relates to examination and review engagements. We recommend considering the requirements and application guidance of International Standard on Assurance Engagements ( ISAE ) 3410, Assurance Engagements on Greenhouse Gas Statements, paragraphs 25L and 25R, and incorporating such requirements and application guidance as would be reasonable and applicable for an attestation engagement. 4. Are there considerations for less complex entities and governmental entities that should be addressed in the exposure draft? While there is only limited guidance with respect to smaller, less complex entities and governmental entities, we do not believe any additional specific guidance for these types of entities is necessary.

3 Page 3 of 38 Overall Comments Consistency of terms We believe that the use of the following terms is not consistent throughout the proposed SSAE and we recommend consist use of these terms. In the Extant AT 101, when discussing the assertion as described in the practitioner s report, the phrase the assertion is fairly stated, in all material respects, based on the criteria is generally used. We noted instances (e.g., 1.10[b][i], 1.10[b][ii], 2.3[b], 2.A2[c], 3.3[b][ii], 3.43[f][ii], and 4.20) where this complete phrase was not used and other places where based on the criteria was used. We believe the phraseology should be consistent throughout the document where appropriate and recommend using the following language the assertion is fairly stated in all material respects based on the criteria. We noted instances where the term subject matter is used without the term assertion. We recommend reviewing these instances and determining if the language should be subject matter or assertion We noted inconsistent use of the term evidence throughout the chapters of the proposed SSAE. In chapter 1, Common Concepts to All Attestation Engagements, chapter 2, Examination Engagements, and chapter 4, Agreed-Upon Procedures Engagements, it is referred to as evidence and in chapter 3, Review Engagements, it is referred to as review evidence to be consistent with the Statements on Standards for Accounting and Review Services. We believe that each chapter should either reference to type of evidence (e.g., examination evidence in chapter 2, review evidence in chapter 3, and agreed-upon procedures evidence in chapter 4) or the generic term evidence should be used consistently throughout the proposed SSAE. We noted inconsistent use of term report throughout the proposed SSAE. We found instances of report, practitioner s report, examination report, practitioner s examination report, review report, and practitioner s review report. We recommend using a consistent approach to refer to report throughout the proposed SSAE (for example, practitioner s report ). Consistency of references and format We noted an inconsistency throughout the proposed SSAE relating to the presentation of paragraph references. In some cases, brackets are used (e.g., paragraph 1.10[c]) and in other cases parentheses are used (e.g., paragraph 2.42(b)). We recommend using a consistent style for paragraph references. We also noted inconsistencies throughout the proposed SSAE in presenting an example. We recommend using a consistent style for presenting examples such as (for example,.). Chapter 1 Comments Paragraph 1.10 We believe the following definition needs to be included within chapter 1 of the proposed SSAE, given that these terms are used throughout the proposed SSAE and appear to have a defined meaning: Engagement documentation. The record of procedures performed, relevant evidence obtained, and conclusions the practitioner reached or the practitioner s findings (terms such as working papers or workpapers are also sometimes used).

4 Page 4 of 38 Internal Auditors. A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity s governance, risk management, and internal control processes. Paragraphs 1.10 and 1.35 We believe that the requirement in paragraph 1.35 related to assembling the engagement file should be a defined term, given that there is a history of use and understanding of this term by practitioners. Therefore, we recommend that a new definition for documentation completion date be included in paragraph 1.10 and that conforming changes be made to paragraphs New definition: Documentation completion date. The date on which the practitioner has assembled for retention a complete and final set of documentation in the engagement file. Paragraph 1.35: After the documentation completion date assembly of the final engagement file has been completed, the practitioner should not delete or discard documentation of any nature before the end of its retention period. (Ref: par. 1.A55) Paragraphs 1.10 [b] and 1.A9 We believe that the definitions for examination engagement and review engagements include text that is more descriptive and explanatory in nature (versus definitional), and results in difficulty in understanding the definition. We recommend moving the statements regarding engagement risk to paragraph 1.A9, as they are more explanatory in nature and better suited to application guidance. [Note that we have made conforming changes for our preceding comment regarding consistent use of the term the assertion is fairly stated in all material respects.] Paragraph 1.10[b]: Attestation engagement. An examination, review, or agreed-upon procedures engagement performed under the attestation standards related to subject matter or an assertion that is the responsibility of another party. The following are the three types of attestation engagements: a. Examination engagement. An attestation engagement in which the practitioner reduces attestation risk to an acceptably low level in the circumstances of the engagement as the basis for the practitioner s opinion. In an examination engagement, the practitioner obtains reasonable assurance, which is a high, but not absolute, level of assurance, by obtaining sufficient appropriate evidence about the measurement or evaluation of subject matter against criteria. The goal of the practitioner is to obtain sufficient appropriate evidence in order to express an opinion about whether the subject matter is in conformity with the criteria or the assertion is fairly stated, in all material respects. b. Review engagement. An attestation engagement in which attestation risk is greater than it is in an examination engagement. The goal of the practitioner in a review engagement is to obtains limited assurance by obtaining sufficient appropriate review evidence by performing limited procedures in order to express a conclusion about whether any material modifications should be made to (1) the subject matter in order for it be in conformity with the criteria or (2) the assertion in order for it to be fairly stated in all material respects. Because the practitioner obtains limited assurance in a review engagement, the types of procedures performed are less extensive than they are in an examination engagement and generally are limited to inquiries and analytical procedures. Paragraph 1.A9: In an examination engagement, the practitioner reduces attestation risk to

5 Page 5 of 38 an acceptably low level in the circumstances of the engagement as the basis for the practitioner s opinion. Reducing attestation risk to zero is not contemplated in an examination engagement, and, therefore, reasonable assurance is less than absolute assurance as a result of factors such as the following: The use of selective testing The inherent limitations of internal control The fact that much of the evidence available to the practitioner is persuasive rather than conclusive The use of professional judgment in gathering and evaluating evidence and forming conclusions based on that evidence In some cases, the characteristics of the subject matter when evaluated or measured against the applicable criteria In a review engagement, attestation risk is greater than it is in an examination engagement. Because the practitioner obtains limited assurance in a review engagement, the types of procedures performed are less extensive than they are in an examination engagement and generally are limited to inquiries and analytical procedures. (Ref: par. 1.10[c]) Paragraph 1.10 [e] We recommend adding application guidance to the requirement in paragraph 1.10[e]indicating that engagement circumstances may change over time and the consideration of engagement circumstances is a continual and iterative process throughout the engagement, as shown below. New application guidance paragraph: Engagement circumstances may change over time; the consideration of engagement circumstances is a continual and iterative process throughout the engagement. Paragraph 1.10 [i] We believe that application guidance (as well as an example, if determined necessary), is needed for the term other information as its intended meaning is unclear. Also, we recommend making the wording that relates only to examination and review engagements a separate paragraph to help clarify that it does not relate to agreed-upon procedures engagements, as illustrated below. Paragraph 1.10[i]: Evidence. Information used by the practitioner in arriving at the opinion, conclusion, or findings on which the practitioner s attestation report is based. Evidence includes both information contained in relevant information systems, if any, and other information. New Paragraph: For purposes of examination and review engagements: i. Sufficiency of evidence is the measure of the quantity of evidence. The quantity of the evidence needed is affected by the risks of material misstatement and also by the quality of such evidence. ii. Appropriateness of evidence is the measure of the quality of evidence; that is, its relevance and its reliability in providing support for the practitioner s opinions or conclusions. Paragraphs 1.A4 and 1.A9 We recommend moving paragraph 1.A4 after 1.A9 so the application guidance relating to attestation risk

6 Page 6 of 38 starts with guidance about what attestation risk is before guidance is provided about what attestation risk is not. Paragraph 1.A8 We believe that the explanation provided in paragraph 1.A8 as to why attestation risk is not applicable to an agreed-upon procedures engagement is not consistent with the definition of attestation risk and does not reflect the appropriate reasoning behind why attestation risk is not applicable to an agreed-upon procedures engagement. We recommend providing an explanation that is consistent with the definition of attestation risk, as follows: Paragraph 1.A8: Attestation risk is not applicable to an agreed-upon procedures engagement because in such engagements the practitioner performs specific procedures (the design of which is the responsibility of the specified parties) on subject matter or an assertion and reports the findings without providing an opinion or a conclusion design of the procedures is the responsibility of the specified parties, whereas the application of the procedures is the responsibility of the practitioner. (Ref: par. 1.10[c]) Paragraph 1.15 We recommend adding language to paragraph 1.15 to clarify that the practitioner should have an understanding of the entire text of a chapter as it relates to the engagement being performed, as follows: Paragraph 1.15: The practitioner should have an understanding of the entire text of a chapter of the attestation standards that is relevant to the engagement being performed, including its application and other explanatory material, to understand its objectives and to apply its requirements properly. (Ref: par. 1.A14-1.A19) Paragraphs 1.18 and 1.A21 We believe that additional guidance is needed to clarify the expectation of the practitioner in circumstances where the practitioner attaches an appropriately worded separate report (e.g., it is unclear as to if it would be allowable for the practitioner to sign the inappropriate report or if it would be necessary to add additional language in the report to reference the attached report). Paragraph 1.19 We noted a paragraph reference was missing from paragraph 1.19, as follows: Paragraph 1.19: The attestation standards use the following two categories of professional requirements, identified by specific terms, to describe the degree of responsibility it imposes on practitioners: Unconditional requirements. The practitioner must comply with an unconditional requirement in all cases in which such requirement is relevant. The attestation standards use the word must to indicate an unconditional requirement. Presumptively mandatory requirements. The practitioner must comply with a presumptively mandatory requirement in all cases in which such a requirement is relevant except in rare circumstances discussed in paragraphs 1.20 and The attestation standards use the word should to indicate a presumptively mandatory requirement.

7 Page 7 of 38 Paragraphs 1.21and 1.A23 We believe that as paragraph 1.21 requires the practitioner to consider applicable interpretive publication, the identification of interpretive publications should be made available to the practitioner; otherwise, we believe there is a risk that the practitioner will not identify all the applicable interpretive publications. We recommend that a complete list of interpretive publications be made available on the AICPA s website (and not in the proposed SSAE), so that it may be updated and revised in a timely manner, and a reference to the website be included in the proposed SSAE. In addition, we noted that the appendix, AICPA Guides and Statements of Position, referenced in paragraph 1.A23 is not included in this proposed SSAE. Paragraph 1.23 We recommend adding a footnote to paragraph 1.23 to reference paragraphs of QC section 10 to provide guidance as to examples of appropriate procedures the engagement partner may consider for the acceptance and continuance of an attestation engagement. Paragraph 1.24 We believe the last sentence of the paragraph seems to repeat the information provided earlier in the paragraph, and we therefore recommend it as follows: Paragraph 1.24: The practitioner must be independent when performing an attestation engagement in accordance with the attestation standards unless the practitioner is required by law or regulation to accept the engagement and report on the subject matter or assertion. When the practitioner is not independent but is required by law or regulation to report on the subject matter or an assertion, the practitioner should disclaim an opinion and should specifically state that the practitioner is not independent. The practitioner is neither required to provide, nor precluded from providing, the reasons for the lack of independence; however, if the practitioner chooses to provide the reasons for the lack of independence, the practitioner should include all the reasons therefor. A practitioner who is not independent is precluded from issuing a report under the attestation standards, unless required to by law or regulation. (Ref: par. 1.A27) Paragraph 1.A34 We believe that the example provided in paragraph 1.A34 is not applicable for agreed-upon procedures engagements, as the practitioner would not be required to evaluate the appropriateness of the subject matter as it relates to the needs of the intended users; in an agreed-upon procedures engagement, this is the specified parties responsibility. We recommend adding language to indicate that this example relates only to an examination or review engagement, as shown below. Paragraph 1.A34: In some cases, the attestation engagement may relate to only one part of a broader subject matter. For example, in the case of an examination or review engagement, the practitioner may be engaged to report on one aspect of an entity s contribution to sustainable development, such as the programs run by the entity that have positive environmental outcomes, and may be aware that the entity is not reporting on more significant programs with less favorable outcomes. In such cases, in determining whether the examination or review engagement exhibits the characteristic of having an appropriate subject matter, it may be appropriate for the practitioner to consider whether information about the aspect on which the practitioner is asked to report is likely to meet the information needs of intended users. (Ref: par. 1.25[b][i])

8 Page 8 of 38 Paragraphs 1.25[b][ii]and 1.A35 We believe that paragraph 1.A35 provides essential explanatory material to the requirement in paragraph 1.25[b][ii] and therefore needs to be moved to paragraph 1.25[b][ii] as illustrated below. Paragraph 1.25[b][ii]: The criteria to be applied in the preparation and evaluation of the subject matter or assertion are suitable and will be available to the intended users. Suitable criteria exhibits all of the following characteristics: Relevance. Criteria are relevant to the subject matter. Objectivity. Criteria are free from bias. Measurability. Criteria permit reasonably consistent measurements, qualitative or quantitative, of subject matter. Completeness. Criteria are sufficiently complete so that those relevant factors that would alter an opinion, conclusion, or findings about subject matter are not omitted. (Ref: par. 1.A35-1.A45) Paragraph 1.A35: Suitable criteria exhibit all of the following characteristics: Relevance. Criteria are relevant to the subject matter. Objectivity. Criteria are free from bias. Measurability. Criteria permit reasonably consistent measurements, qualitative or quantitative, of subject matter. Completeness. Criteria are sufficiently complete so that those relevant factors that would alter an opinion, conclusion, or findings about subject matter are not omitted. The relative importance of each suitable criteria characteristic to a particular engagement is a matter of professional judgment. (Ref: par. 1.25[b][ii]) Paragraphs 1.A41 and 1.A45 We believe that additional language or an example for the term designated representative is needed as its intended meaning is unclear. We also recommend deleting paragraph 1.A45 and incorporating the reference to chapters 2 and 3 with respect to restricting the use of the report into paragraph 1.A41, as follows: Paragraph 1.A41: Some criteria may be appropriate for only a limited number of parties who either participated in their establishment or can be presumed to have an adequate understanding of the criteria (in these circumstances refer to paragraph 2.52[i][i] for examination engagements and paragraph 3.43[h][i] for review engagements). For instance, criteria set forth in a lease agreement for override payments may be appropriate only for reporting to the parties to the agreement because of the likelihood that such criteria would be misunderstood or misinterpreted by parties other than those who have specifically agreed to the criteria. Such criteria can be agreed upon directly by the parties or through a designated representative. (Ref: par. 1.25[b][ii]) Paragraph 1.25[b][iii] We noted that an example was included within paragraph 1.25[b][iii] which represents application

9 Page 9 of 38 guidance rather than a requirement. We recommend deleting this example, as illustrated below as it is already included in paragraph 1.A46. Paragraph 1.25[b][iii]: The practitioner will have access to the evidence needed to arrive at the practitioner s opinion, conclusion, or findings, including (1) access to all information of which the responsible party is aware that is relevant to the measurement, evaluation, or disclosure of the subject matter such as records and documentation; (2) access to additional information that the practitioner may request from the responsible party for the purpose of the engagement; and (3) unrestricted access to persons within the appropriate party(ies) from whom the practitioner determines it necessary to obtain evidence. (Ref: par. 1.A46-1.A47) Paragraph 1.A46 We recommend clarifying the meaning of complete the engagement by conforming the wording to paragraph 1.25(b)(iii), as shown below. Paragraph 1.A46: The nature of the relationship between the responsible party and, if different, the engaging party may affect the practitioner s ability to access records, documentation, and other information the practitioner may require as evidence to arrive at the practitioner s opinion, conclusion, or findings complete the engagement. The nature of that relationship may therefore be a relevant consideration when determining whether or not to accept the engagement. (Ref: par. 1.25[b][iii]) Paragraph 1.A47 We believe that the application guidance contained in paragraph 1.A47 is only applicable to examination and review engagements. Based on the definition of evidence in paragraph 1.10[i], sufficiency is the measure of the quantity of evidence and appropriateness is the measure of quality of evidence; both of which are applicable only to examination and review engagements; therefore, paragraph 1.A47, which relates to quality and quality of evidence, is not applicable to agreed-upon procedures engagements and we recommend the following changes. Paragraph 1.A47: For examination and review engagements, tthe quantity or quality of available evidence is affected by both of the following: a. The characteristics of the subject matter (Ffor example, less objective evidence might be expected when the subject matter is future oriented rather than historical.) b. Other circumstances, such as when evidence that could reasonably be expected to exist is not available because of, for example, the timing of the practitioner s appointment, an entity s document retention policy, in adequate information systems, or a restriction imposed by the responsible party. (Ref: par. 1.25[b][iii]) Paragraph 1.28 We believe that it is not clear whether all three bullet items listed in paragraph 1.28 are applicable in all cases or if the practitioner determines that the matter is resolved (as noted in bullet a) the remaining bullets are not necessary. We recommend adding language to clarify whether the bullet points are

10 Page 10 of 38 dependent on each other, as illustrated below. [Note that the proposed language assumes that if the matter was resolved then the communication of the matter in the attestation report would not be necessary.] Paragraph 1.28: If it is discovered after the engagement has been accepted that one or more of the preconditions for an attestation engagement is not present, the practitioner should discuss the matter with the appropriate party(ies) and should determine a. whether the matter can be resolved; b. whether it is appropriate to continue with the engagement; and c. if the matter cannot be resolved but it is still appropriate to continue with the engagement, whether, and if so how, to communicate the matter in the attestation report. Paragraph 1.29 We believe that additional application guidance is needed to clarify the options the practitioner has when a change is made to the terms of the engagement when no reasonable justification for doing so exists (other than not agreeing to the change). In addition, we believe additional application guidance is needed to clarify what the practitioner would do with the evidence that was obtained prior to such change, if such evidence is no longer necessary to support the new engagement (for example, would the practitioner report such evidence in the attestation report, particularly if it contradicts evidence gathered for the new engagement?). We recommend the following changes related to these two recommendations (based on consideration of AU-C 210, Terms of Engagement). New application guidance paragraph: If the practitioner and the responsible party or, if different, the engaging party, are unable to agree to a change of the terms of the engagement and the practitioner is not permitted to continue the original engagement, the practitioner may withdraw from the engagement when possible under applicable law or regulation. New application paragraph: If the practitioner concludes that reasonable justification to change the terms of the engagement exists, the work performed to the date of change may be relevant to the changed engagement; however, the work required to be performed and the practitioner s report to be issued would be those appropriate to the revised engagement. In order to avoid confusing the reader, the practitioner s report on the other service would not include reference to the following: The original engagement Any procedures that may have been performed in the original engagement, except when the engagement is changed to an engagement to undertake agreed-upon procedures and, thus, reference to the procedures performed is a normal part of the practitioner s report. Paragraph 1.A48 We believe that additional application guidance is needed in paragraph 1.A48 to provide examples of circumstances that may not be considered reasonable justification for requesting a change in the engagement (for example, whether it would be reasonable to request a change in engagement if the practitioner was going to issue a qualified report) (proposed addition is based on paragraph.a37 of AU-C 210, Terms of Engagement). Paragraph 1.A48: A change in circumstances that affects the requirements of the responsible party or, if different, the engaging party, or a misunderstanding concerning the nature of the engagement originally requested, may be considered reasonable justification for requesting a change in the

11 Page 11 of 38 engagement, (for example, from an attestation engagement to a consulting engagement or from an examination engagement to a review engagement). A change may not be considered reasonable if it appears that the change relates to information that is incorrect, incomplete or otherwise unsatisfactory. An example might be where the practitioner is engaged to perform an examination engagement but is unable to obtain sufficient appropriate evidence regarding the subject matter and the entity asks for the examination engagement to be changed to a review engagement to avoid a qualified opinion or a disclaimer of opinion. (Ref: par. 1.29) Paragraph 1.30 We believe that paragraph 1.30 should align with the requirements in paragraph.16 of AU-C 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards. We also believe that additional guidance is needed to clarify matters the engagement partner may consider when evaluating the engagement team s competence and capabilities, similar to the guidance in paragraph A.10 of AU-C 220. Therefore, we recommend adding a new application guidance paragraph and structural changes to the paragraph, as illustrated below. Paragraph 1.30: The engagement partner should be satisfied that the engagement team and any practitioner s external specialists, collectively, have the appropriate competence and capabilities to a. be satisfied that the engagement team has a sufficient understanding of the subject matter. (Ref: par. 1.A49) b. be satisfied that the engagement team and any practitioner s external specialists collectively have the appropriate competence and capabilities to i. a. perform the engagement in accordance with professional standards and applicable legal and regulatory requirements and ii. b. enable an attestation report that is appropriate in the circumstances to be issued. New application guidance paragraph: When considering the appropriate competence and capabilities expected of the engagement team as a whole, the engagement partner may take into consideration such matters as the engagement team s understanding of, and practical experience with, engagements of a similar nature and complexity through appropriate training and participation. understanding of professional standards and applicable legal and regulatory requirements. technical expertise, including expertise with relevant IT and specialized areas relevant to the subject matter. knowledge of relevant industries in which the entity operates. ability to apply professional judgment. understanding of the firm s quality control policies and procedures. Paragraphs 1.32 and 1.A53 We believe that the requirement and related application guidance contained in paragraphs 1.32 and 1.A53 are only applicable to examination and review engagements. Given the limited nature of an agreed-upon procedures engagement, we do not believe it is appropriate to require that the practitioner have broad responsibility for communicating matters that are not directly related to the engagement that is being performed. Additionally, we believe that the requirements within paragraphs 4.30 and related application

12 Page 12 of 38 guidance paragraphs of 4.A31 4.A32 allow and provide for sufficient communication by the practitioner for those matters that are related to the agreed-upon procedures engagement. We recommend the following changes to paragraphs 1.32 and 1.A53 to make these paragraphs specific to examination and review engagements: Paragraph 1.32: For examination and review engagements, tthe practitioner should consider whether, pursuant to the terms of the engagement and other engagement circumstances, any matter has come to the attention of the practitioner that should be communicated to the responsible party, the engaging party, or others. (Ref: par. 1.A53) Paragraph 1.A53: For examination and review engagements, mmatters that may be appropriate to communicate to the responsible party, or if different, the engaging party or others include fraud, or suspected fraud; noncompliance with laws and regulations; deficiencies in internal control; uncorrected errors; or bias in the measurement, evaluation, or disclosure of the subject matter. (Ref: Par. 1.32) Paragraph 1.A60 We recommend making the sentence that is specific to examination and review engagements a separate paragraph and moving the language that it applies to examination and review engagements early in the sentence to clarify that the bullet list is only for examination and review engagements, as shown below. Paragraph 1.A60: Professional judgment is essential to the proper conduct of an attestation engagement. This is because interpretation of relevant ethical requirements and relevant chapters and the informed decisions required throughout the engagement cannot be made without the application of relevant knowledge and experience to the facts and circumstances. New Paragraph: In particular, for examination and review engagements, professional judgment is necessary regarding decisions about the following matters in examination and review engagements: Materiality and attestation risk The nature, timing, and extent of procedures used to meet the requirements of relevant chapters and gather evidence Evaluating whether sufficient appropriate evidence for the service being provided has been obtained and whether more needs to be done to achieve the objectives of this chapter and any relevant subject-matter specific chapters and thereby the overall objectives of the practitioner The evaluation of the responsible party s judgments in applying the criteria The drawing of conclusions based on the evidence obtained; for example, assessing the reasonableness of the evaluation or measurement of subject matter or an assertion. (Ref: par. 1.42) Paragraph 1.A64 We believe that paragraph 1.A64 is repetitive with other content in the proposed SSAE. The first sentence is covered by paragraph 1.42 which states that the practitioner should exercise professional judgment in planning and performing an attestation engagement, and the second sentence is addressed in chapters 2 and 3; therefore, inclusion in paragraph 1.A64 does not provide any additional application guidance. We recommend deleting this paragraph.

13 Page 13 of 38 Chapter 2 Comments Paragraph 2.3 We believe that the term criteria in paragraph 2.3[a] should be suitable criteria to be consistent with the description used in the paragraphs referenced. We also recommend adding a reference to paragraph 1.A10 in paragraph 2.3[a] to provide a reference to the guidance on the definition of criteria. [Note we have also included a change with respect to the language suggested in a preceding comment that the assertion is fairly stated in all material respects.] Paragraph 2.3: In conducting an examination engagement, the objectives of the practitioner are to a. obtain reasonable assurance about whether the subject matter as measured or evaluated against the suitable criteria is free from material misstatement; (Ref: par. 1.A10, 1.25 [b][ii] and par. 1.A35) b. express an opinion in a written report about whether the subject matter is in conformity with the criteria, or whether the assertion is fairly stated, in all material respects; and c. communicate further as required by relevant chapters of the attestation standards. Paragraph 2.A1 We recommend replacing contract with other suitable form of written agreement to be consistent with the language used in paragraph 2.5, as follows: Paragraph 2.A1: It is in the interests of both the engaging party and the practitioner to document the agreed-upon terms of the engagement before the commencement of the engagement to help avoid misunderstandings. The form and content of the engagement letter or other suitable form of written agreement contract will vary with the engagement circumstances. (Ref: par. 2.5) Paragraph 2.A2 We recommend using consistent language with paragraph 2.5 to refer to the written agreement. In addition, we recommend adding language to the responsibilities of the practitioner listed in paragraph 2.A2 in order to enhance the readability and improve the clarity of the items that may be added to the engagement letter, as shown below. [Note we have also included a change with respect to the language suggested in a preceding comment that the assertion is fairly stated in all material respects.] Paragraph 2.A2: A practitioner may further describe the responsibilities of the practitioner by adding the following items to the engagement letter or other suitable form of written agreement: a. A statement that the engagement will be conducted in accordance Complying with the attestation standards b. A statement that an examination is designed to obtain Obtaining reasonable assurance about whether the subject matter as measured or evaluated against criteria is free from material misstatement c. A statement that the objective of an examination is an expression of Expressing an opinion in a written report about whether the subject matter is in conformity with, or based on, the applicable criteria or whether the assertion is fairly stated in all material respects. (Ref: par. 2.6[b])

14 Page 14 of 38 Paragraph 2.A3 We believe that this paragraph may be viewed as contradicting the requirement in paragraph 2.6[c] which states the agreed-upon terms of the engagement should include the responsibilities of the responsible party and the responsibilities of the engaging party, if different. We believe that the use of the phrase the engagement letter or other written agreement regarding the terms of the engagement may include details in paragraph 2.A3 could be interpreted by the use of may that the responsibilities of the responsible party do not need to be included (as such responsibilities could be considered details ). Given the potential confusion that may be caused, we recommend deleting this paragraph. Paragraph 2.A7 We believe that the objectives of the engagement is an example of a main matter that may be considered (as stated in the lead-in to the 2 nd bullet list in this paragraph) and we recommend including this example in paragraph 2.A7, as shown below. We also recommend replacing specialists with the defined term practitioner s specialists. We have also identified various editorial changes that apply to this paragraph, as follows. Paragraph 2.A7: Planning involves the engagement partner and other key members of the engagement team and may involve the practitioner s specialists in developing an overall strategy for the scope, timing, and conduct of the engagement and an engagement plan, consisting of a detailed approach for the nature, timing, and extent of procedures to be performed. Adequate planning helps the practitioner to devote appropriate attention to important areas of the engagement, identify potential problems on a timely basis, and properly organize and manage the engagement in an effective and efficient manner. Adequate planning also assists the practitioner in properly assigning work to engagement team members and facilitates the direction, supervision, and review of their work. Further, it assists, when applicable, the coordination of work performed by other practitioners and practitioner s specialists. The nature and extent of planning activities will vary with the engagement circumstances, (for example, the complexity of the assessment or evaluation of the subject matter and the practitioner s previous experience with it). Examples of the main matters that may be considered include the following: The characteristics of the engagement that define its scope, including the objectives of the engagement, the terms of the engagement, the characteristics of the underlying subject matter, and the applicable criteria The expected timing and the nature of the communications required The results of preliminary engagement activities, such as client acceptance, and, when applicable, whether knowledge gained on other engagements performed by the engagement partner for the appropriate party(ies) is relevant The engagement process, including, possible sources of evidence, and choices among alternative measurement or evaluation methods The practitioner s understanding of the appropriate party(ies) and its (their) environment, including the risks that the subject matter may be materially misstated Identification of intended users and their information needs and consideration of materiality and the components of attestation risk The risk of fraud and whether it is relevant to the engagement The impact of using the internal audit function on the engagement. (Ref: par. 2.9)

15 Page 15 of 38 Paragraph 2.A10 We recommend replacing engagement with the defined term engagement circumstances in paragraph 2.A10, as shown below. Paragraph 2.A10: In smaller or less complex engagements, the entire engagement may be conducted by a very small engagement team, possibly involving the engagement partner (who may be a sole practitioner) working without any other engagement team members. With a smaller team, coordination of, and communication among, team members is easier. Establishing the overall engagement strategy in such cases need not be a complex or time-consuming exercise; it varies according to the size of the entity, complexity of the engagement, and size of the engagement team. For example, when engagements circumstances are similar from year to year, the practitioner may begin to develop an engagement strategy for the next period at the completion of the previous period, based on a review of the working papers noting issues identified in the engagement just completed. The practitioner also may update the strategy in the current period based on discussions with the responsible party. (Ref: par. 2.9) Paragraph 2.12 We recommend that application guidance, including examples, is needed for the term reporting skills and techniques in paragraph 2.12, as its intended meaning is unclear. Alternatively, we recommend deleting this paragraph as the more detailed requirements in the chapter provide sufficient detail about the work of the practitioner in performing an engagement. Paragraph 2.14 We believe that additional context is needed to clarify when the practitioner should consider materiality. We recommend adding language to paragraph 2.14 to conform to the requirement in the ISAE 3000 exposure draft, as illustrated below. Paragraph 2.14: When establishing the overall engagement strategy, the practitioner should consider materiality for the subject matter when: a. Planning and performing the examination engagement, including when determining the nature, timing and extent of procedures; and b. Evaluating whether the subject matter is free from misstatement. (Ref: par. 2.A12 2.A18) Paragraph 2.A14 We believe an example is needed to clarify one of the qualitative factors included in paragraph 2.A14; therefore, we recommend the following change. We have also identified certain editorial changes that apply to this paragraph. Paragraph 2.A14: Qualitative factors may include the following: The interaction between, and relative importance of, various aspects of the subject matter, such as numerous performance indicators The wording chosen with respect to subject matter that is expressed in narrative form (for example, the wording chosen does not omit or distort the information) The characteristics of the presentation adopted for the subject matter when the applicable

16 Page 16 of 38 criteria allow for variations in that presentation The nature of a misstatement, (for example, the nature of observed deviations in the operation of a control when the responsible party asserts that the control is effective) Whether a misstatement affects compliance with laws or regulations In the case of periodic reporting on a subject matter, the effect of an adjustment that affects past or current information about the subject matter or is likely to affect future information about the subject matter Whether a misstatement is the result of an intentional act or is unintentional Whether a misstatement is significant with regard to the practitioner s understanding of known previous communications to users, (for example, in relation to the expected outcome of the measurement or evaluation of the subject matter) Whether a misstatement relates to the relationship between the responsible party and, if different, the engaging party or its relationship with other parties. (Ref: par.2.14) Paragraph 2.A16 We recommend making the following clarifying changes, which provides consistency with the terminology generally used throughout the proposed SSAE. Paragraph 2.A16: Professional judgments about materiality are made in light of surrounding circumstances, but they are not affected by the level of assurance type of engagement; that is, for the same intended users, materiality for an examination engagement is the same as it is for a review engagement because materiality is based on the information needs of intended users and not the level of assurance. (Ref: par. 2.14) Paragraph 2.15 We believe that referring to materiality as an amount may be confusing if materiality is qualitative. We recommend replacing amount with materiality as shown below. Paragraph 2.15: The practitioner should revise materiality for the subject matter in the event of becoming aware of information during the engagement that would have caused the practitioner to have initially determined a different materiality amount. Paragraph 2.A23 We believe that the application guidance in paragraph 2.A23 related to testing controls implies that the practitioner does not have to test the controls, but rather the practitioner tests that there are controls that monitor the effectiveness of other controls, which is generally inconsistent with the ability to reduce control risk. We recommend deleting the last sentence, as testing controls that monitor other controls does not generally provide sufficient evidence of the operating effectiveness of controls to reduce control risk. We also recommend replacing internal control effectiveness with the operating effectiveness of controls, as shown below. Paragraph 2.A23: When the subject matter is internal control, the practitioner obtains evidence of the design and operating effectiveness of controls internal control effectiveness through tests of controls. If the responsible party has implemented effective monitoring of internal control, the practitioner may choose to test the monitoring component to reduce the assessment of control risk and the extent of tests of controls needed to achieve an appropriately low level of attestation risk.

17 Page 17 of 38 (Ref: par. 2.21) Paragraph 2.27 We believe that guidance is needed for paragraph 2.27[c] to clarify that the practitioner only tests the operating effectiveness of the controls if the practitioner has determined that controls have been properly designed and implemented. We recommend adding a new application guidance paragraph addressing this point, as follows, which is sourced from AU-C540.A90: New application guidance paragraph: Testing the operating effectiveness of the controls over how management made the accounting estimate may be an appropriate response when management's process has been well-designed, implemented, and maintained. For example When controls exist for the review and approval of the accounting estimates by appropriate levels of management, and When the accounting estimate is derived from the routine processing of data by the entity's accounting system. Paragraph 2.32 We believe that application guidance is needed for paragraph 2.32 similar to the guidance in paragraph A.50 A.51 of AU-C section 500, Audit Evidence, relating to information produced by the entity. We recommend adding the following new application guidance paragraphs: New application guidance paragraph: In order for the practitioner to obtain reliable evidence, information produced by the entity that is used for performing procedures needs to be sufficiently complete and accurate. New application guidance paragraph: Obtaining evidence about the accuracy and completeness of such information may be accomplished concurrently with the actual procedure applied to the information when obtaining such evidence is an integral part of the procedure itself. In other situations, the practitioner may have obtained evidence of the accuracy and completeness of such information by testing controls over the preparation and maintenance of the information. In some situations, however, the practitioner may determine that additional procedures are needed. Paragraph 2.34 We believe that guidance is needed for paragraph 2.34 to address when an internal audit function may be conducted by functions with other titles within an entity. We recommend adding a new application guidance paragraph similar to the guidance in paragraph A2 from the Proposed Statement on Auditing Standards AU-C 610, Using the Work of Internal Auditors, as illustrated below. New application guidance paragraph: Activities similar to those performed by an internal audit function may be conducted by functions with other titles within an entity. Some or all of the activities of an internal audit function may also be outsourced to a third party service provider. Neither the title of the function nor whether it is performed by the entity or a third party service provider are sole determinants of whether or not the practitioner can use the work of internal auditors. Rather it is the nature of the activities, the extent to which the internal audit function s organizational status and relevant policies and procedures support the objectivity of the internal auditors, competence, and systematic and disciplined approach of the function that are relevant. References in this proposed SSAE to the work of the internal

Similar documents
2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback