NEPAL FRAMEWORK FOR ASSURANCE …...2 For assurance engagements regarding historical financial...

Framework 41 Framework 42

NEPAL FRAMEWORK FOR

ASSURANCE ENGAGEMENTS

( Revised and Effective from 01 Shrawan 2008 Correspondingto 16 July 2008)

CONTENTS

Paragraph

Introduction ..................................................... 1-6

Definition and Objective of an AssuranceEngagement ..................................................... 7-11

Scope of the Framework ................................. 12-16

Engagement Acceptance ................................. 17-19

Elements of an Assurance Engagement .......... 20-60

Inappropriate Use of the Practitioner’s Name 61

Compliance with International Frame Workfor Assurance Engagement ............................. 62

Effective Date ................................................. 63

Appendix: Differences between ReasonableAssurance Engagements

And Limited Assurance Engagements

AMEWOR


Introduction

1. This Framework defines and describes the elements andobjectives of an assurance engagement, and identifiesengagements to which Nepal Standards on Auditing(NSAs), Nepal Standards on Review Engagements(NSREs) and Nepal Standards on AssuranceEngagements (NSAEs) apply. It provides a frame ofreference for:

(a) Professional accountants in public practice(“practitioners”) when performing assuranceengagements. Professional accountants in thepublic sector refer to the Public SectorPerspective at the end of the Framework.Professional accountants who are neither inpublic practice nor in the public sector areencouraged to consider the Framework whenperforming assurance engagements;1

b) Others involved with assurance engagements,including the intended users of an assurancereport and the responsible party; and

(c) Auditing Standards Board (AuSB) in itsdevelopment of NSAs, NSREs and NSAEs.

1 If a professional accountant not in public practice, for example an internalauditor, applies this Framework, and (a) this Framework, the NSAs, NSREsor the NSAEs are referred to in the professional accountant’s report; and (b)the professional accountant or other members of the assurance team and,when applicable, the professional accountant’s employer, are not independentof the entity in respect of which the assurance engagement is beingperformed, the lack of independence and the nature of the relationship(s) withthe entity are prominently disclosed in the professional accountant’s report.Also, that report does not include the word “independent” in its title, and thepurpose and users of the report are restricted.

2. This Framework does not itself establish standards orprovide procedural requirements for the performance ofassurance engagements. NSAs, NSREs and NSAEscontain basic principles, essential procedures and relatedguidance, consistent with the concepts in thisFramework, for the performance of assuranceengagements.

3. The following is an overview of this Framework:

• Introduction: This Framework deals withassurance engagements performed bypractitioners. It provides a frame of reference forpractitioners and others involved with assuranceengagements, such as those engaging apractitioner (the “engaging party”).

• Definition and objective of an assuranceengagement: This section defines assuranceengagements and identifies the objectives of thetwo types of assurance engagement a practitioneris permitted to perform. This Framework callsthese two types reasonable assuranceengagements and limited assuranceengagements.2

• Scope of the Framework: This sectiondistinguishes assurance engagements from otherengagements, such as consulting engagements.

2 For assurance engagements regarding historical financial information inparticular, reasonable assurance engagements are called audits, and limitedassurance engagements are called reviews.


• Engagement acceptance: This section sets outcharacteristics that must be exhibited before apractitioner can accept an assurance engagement.

• Elements of an assurance engagement: Thissection identifies and discusses five elementsassurance engagements performed bypractitioners exhibit: a three party relationship, asubject matter, criteria, evidence and anassurance report. It explains importantdistinctions between reasonable assuranceengagements and limited assurance engagements(also outlined in the Appendix). This section alsodiscusses, for example, the significant variationin the subject matters of assurance engagements,the required characteristics of suitable criteria,the role of risk and materiality in assuranceengagements, and how conclusions are expressedin each of the two types of assuranceengagement.

• Inappropriate use of the practitioner’s name:This section discusses implications of apractitioner’s association with a subject matter.

Ethical Principles and Quality Control Standards

4. In addition to this Framework and NSAs, NSREs andNSAEs, practitioners who perform assuranceengagements are governed by:

(a) The Institute of Chartered Accountants of Nepal(ICAN) Code of Ethics for Professional

Accountants (the Code), which establishesfundamental ethical principles for professionalaccountants; and

(b) Nepal Standards on Quality Control (NSQCs),which establish standards and provide guidanceon a firm’s system of quality control.3

5. Part A of the Code sets out the fundamental ethicalprinciples that all professional accountants are requiredto observe, including:

(a) Integrity;

(b) Objectivity;

(c) Professional competence and due care;

(d) Confidentiality; and

(e) Professional behavior.

6. Part B of the Code, which applies only to professionalaccountants in public practice (“practitioners”), includesa conceptual approach to independence that takes intoaccount, for each assurance engagement, threats toindependence, accepted safeguards and the publicinterest. It requires firms and members of assuranceteams to identify and evaluate circumstances andrelationships that create threats to independence and totake appropriate action to eliminate these threats or toreduce them to an acceptable level by the application ofsafeguards.

3 NSQC 1, “Quality Control for Firms that Perform Audits and Reviews ofHistorical Financial Information, and Other Assurance and Related ServicesEngagements” had not been issued when this Framework was approved, butis expected to be issued before the effective date of this framework.


Definition and Objective of an Assurance Engagement

7. “Assurance engagement” means an engagement in whicha practitioner expresses a conclusion designed toenhance the degree of confidence of the intended usersother than the responsible party about the outcome of theevaluation or measurement of a subject matter againstcriteria.

8. The outcome of the evaluation or measurement of asubject matter is the information that results fromapplying the criteria to the subject matter. For example:

• The recognition, measurement, presentation anddisclosure represented in the financial statements(outcome) result from applying a financialreporting framework for recognition,measurement, presentation and disclosure, suchas Nepal Accounting Standards, (criteria) to anentity’s financial position, financial performanceand cash flows (subject matter).

• An assertion about the effectiveness of internalcontrol (outcome) results from applying aframework for evaluating the effectiveness ofinternal control, such as applicable law,regulations or generally accepted practices 4 ,(criteria) to internal control, a process (subjectmatter).

4 “Internal Control – Integrated Framework” The Committee ofSponsoring Organisations of the Treadway Commission. “Guidance onAssessing Control – The CoCo Principles” Criteria of Control Board,The Canadian Institute of Chartered Accountants.

In the remainder of this Framework, the term “subjectmatter information” will be used to mean the outcome ofthe evaluation or measurement of a subject matter. It isthe subject matter information about which thepractitioner gathers sufficient appropriate evidence toprovide a reasonable basis for expressing a conclusion inan assurance report.

9. Subject matter information can fail to be properlyexpressed in the context of the subject matter and thecriteria, and can therefore be misstated, potentially to amaterial extent. This occurs when the subject matterinformation does not properly reflect the application ofthe criteria to the subject matter, for example, when anentity’s financial statements do not give a true and fairview of (or present fairly, in all material respects) itsfinancial position, financial performance and cash flowsin accordance with Nepal Accounting Standards, orwhen an entity’s assertion that its internal control iseffective is not fairly stated, in all material respects, asreferred to in paragraph 47.

10. In some assurance engagements, the evaluation ormeasurement of the subject matter is performed by theresponsible party, and the subject matter information isin the form of an assertion by the responsible party thatis made available to the intended users. Theseengagements are called “assertion-based engagements.”In other assurance engagements, the practitioner eitherdirectly performs the evaluation or measurement of thesubject matter, or obtains a representation from theresponsible party that has performed the evaluation ormeasurement that is not available to the intended users.


The subject matter information is provided to theintended users in the assurance report. Theseengagements are called “direct reporting engagements.”

11. Under this Framework, there are two types of assuranceengagement a practitioner is permitted to perform: areasonable assurance engagement and a limitedassurance engagement. The objective of a reasonableassurance engagement is a reduction in assuranceengagement risk to an acceptably low level in thecircumstances of the engagement 5 as the basis for apositive form of expression of the practitioner’sconclusion. The objective of a limited assuranceengagement is a reduction in assurance engagement riskto a level that is acceptable in the circumstances of theengagement, but where that risk is greater than for areasonable assurance engagement, as the basis for anegative form of expression of the practitioner’sconclusion.

Scope of the Framework

12. Not all engagements performed by practitioners areassurance engagements. Other frequently performedengagements that do not meet the above definition (andtherefore are not covered by this Framework) include:

5 Engagement circumstances include the terms of the engagement, includingwhether it is a reasonable assurance engagement or a limited assuranceengagement, the characteristics of the subject matter, the criteria to be used,the needs of the intended users, relevant characteristics of the responsibleparty and its environment, and other matters, for example events,transactions, conditions and practices, that may have a significant effect onthe engagement.

• Engagements covered by Nepal Standards forRelated Services, such as agreed-upon proceduresengagements and compilations of financial orother information.

• The preparation of tax returns where noconclusion conveying assurance is expressed.

• Consulting (or advisory) engagements,6 such asmanagement and tax consulting.

13. An assurance engagement may be part of a largerengagement, for example, when a business acquisitionconsulting engagement includes a requirement to conveyassurance regarding historical or prospective financialinformation. In such circumstances, this Framework isrelevant only to the assurance portion of the engagement.

14. The following engagements, which may meet thedefinition in paragraph 7, need not be performed inaccordance with this Framework:

6 Consulting engagements employ a professional accountant’s technicalskills, education, observations, experiences, and knowledge of the consultingprocess. The consulting process is an analytical process that typicallyinvolves some combination of activities relating to: objective-setting, fact-finding, definition of problems or opportunities, evaluation of alternatives,development of recommendations including actions, communication ofresults, and sometimes implementation and follow-up. Reports (if issued) aregenerally written in a narrative (or “long form”) style. Generally the workperformed is only for the use and benefit of the client. The nature and scopeof work is determined by agreement between the professional accountant andthe client. Any service that meets the definition of an assurance engagementis not a consulting engagement but an assurance engagement.


(a) Engagements to testify in legal proceedingsregarding accounting, auditing, taxation or othermatters; and

(b) Engagements that include professional opinions,views or wording from which a user may derivesome assurance, if all of the following apply:

(i) Those opinions, views or wording aremerely incidental to the overallengagement;

(ii) Any written report issued is expresslyrestricted for use by only the intendedusers specified in the report;

(iii) Under a written understanding with thespecified intended users, the engagementis not intended to be an assuranceengagement; and

(iv) The engagement is not represented as anassurance engagement in the professionalaccountant’s report.

Reports on Non-Assurance Engagements

15. A practitioner reporting on an engagement that is not anassurance engagement within the scope of thisFramework, clearly distinguishes that report from anassurance report. So as not to confuse users, a report thatis not an assurance report avoids, for example:

• Implying compliance with this Framework,NSAs, NSREs or NSAEs.

• Inappropriately using the words “assurance,”“audit” or “review.”

• Including a statement that could reasonably bemistaken for a conclusion designed to enhancethe degree of confidence of intended users aboutthe outcome of the evaluation or measurement ofa subject matter against criteria.

16. The practitioner and the responsible party may agree toapply the principles of this Framework to an engagementwhen there are no intended users other than theresponsible party but where all other requirements of theNSAs, NSREs or NSAEs are met. In such cases, thepractitioner’s report includes a statement restricting theuse of the report to the responsible party.

Engagement Acceptance

17. A practitioner accepts an assurance engagement onlywhere the practitioner’s preliminary knowledge of theengagement circumstances indicates that:

(a) Relevant ethical requirements, such asindependence and professional competence willbe satisfied, and

(b) The engagement exhibits all of the followingcharacteristics:

(i) The subject matter is appropriate;

(ii) The criteria to be used are suitable and areavailable to the intended users;


(iii) The practitioner has access to sufficientappropriate evidence to support thepractitioner’s conclusion;

(iv) The practitioner’s conclusion, in the formappropriate to either a reasonableassurance engagement or a limitedassurance engagement, is to be containedin a written report; and

(v) The practitioner is satisfied that there is arational purpose for the engagement. Ifthere is a significant limitation on thescope of the practitioner’s work (seeparagraph 55), it may be unlikely that theengagement has a rational purpose. Also,a practitioner may believe the engagingparty intends to associate thepractitioner’s name with the subjectmatter in an inappropriate manner (seeparagraph 61).

FRAMEWORK

Specific NSAs, NSREs or NSAEs may includeadditional requirements that need to be satisfied prior toaccepting an engagement.

18. When a potential engagement cannot be accepted as anassurance engagement because it does not exhibit all thecharacteristics in the previous paragraph, the engagingparty may be able to identify a different engagement thatwill meet the needs of intended users. For example:

(a) If the original criteria were not suitable, anassurance engagement may still be performed if:

(i) The engaging party can identify an aspectof the original subject matter for whichthose criteria are suitable, and thepractitioner could perform an assuranceengagement with respect to that aspect asa subject matter in its own right. In suchcases, the assurance report makes it clearthat it does not relate to the originalsubject matter in its entirety; or

(ii) Alternative criteria suitable for theoriginal subject matter can be selected ordeveloped.

(b) The engaging party may request an engagementthat is not an assurance engagement, such as aconsulting or an agreed-upon proceduresengagement.

19. Having accepted an assurance engagement, a practitionermay not change that engagement to a non-assuranceengagement, or from a reasonable assurance engagementto a limited assurance engagement without reasonablejustification. A change in circumstances that affects theintended users’ requirements, or a misunderstandingconcerning the nature of the engagement, ordinarily willjustify a request for a change in the engagement. If sucha change is made, the practitioner does not disregardevidence that was obtained prior to the change.


Elements of an Assurance Engagement

20. The following elements of an assurance engagement arediscussed in this section:

(a) A three party relationship involving apractitioner, a responsible party, and intendedusers;

(b) An appropriate subject matter;

(c) Suitable criteria;

(d) Sufficient appropriate evidence; and

(e) A written assurance report in the formappropriate to a reasonable assuranceengagement or a limited assurance engagement.

Three Party Relationship

21. Assurance engagements involve three separate parties: apractitioner, a responsible party and intended users.

22. The responsible party and the intended users may befrom different entities or the same entity. As an exampleof the latter case, in a two-tier board structure, thesupervisory board may seek assurance about informationprovided by the management board of that entity. Therelationship between the responsible party and theintended users needs to be viewed within the context of aspecific engagement and may differ from moretraditionally defined lines of responsibility. For example,an entity’s senior management (an intended user) mayengage a practitioner to perform an assuranceengagement on a particular aspect of the entity’s

activities that is the immediate responsibility of a lowerlevel of management (the responsible party), but forwhich senior management is ultimately responsible.

Practitioner

23. The term “practitioner” as used in this Framework isbroader than the term “auditor” as used in NSAs andNSREs, which relates only to practitioners performingaudit or review engagements with respect to historicalfinancial information.

24. A practitioner may be requested to perform assuranceengagements on a wide range of subject matters. Somesubject matters may require specialised skills andknowledge beyond those ordinarily possessed by anindividual practitioner. As noted in paragraph 17 (a), apractitioner does not accept an engagement ifpreliminary knowledge of the engagement circumstancesindicates that ethical requirements regarding professionalcompetence will not be satisfied. In some cases thisrequirement can be satisfied by the practitioner using thework of persons from other professional disciplines,referred to as experts. In such cases, the practitioner issatisfied that those persons carrying out the engagementcollectively possess the requisite skills and knowledge,and that the practitioner has an adequate level ofinvolvement in the engagement and understanding of thework for which any expert is used.

Responsible Party

25. The responsible party is the person (or persons) who:


(a) In a direct reporting engagement, is responsiblefor the subject matter; or

(b) In an assertion-based engagement, is responsiblefor the subject matter information (the assertion),and may be responsible for the subject matter. Anexample of when the responsible party isresponsible for both the subject matterinformation and the subject matter, is when anentity engages a practitioner to perform anassurance engagement regarding a report it hasprepared about its own sustainability practices.An example of when the responsible party isresponsible for the subject matter information butnot the subject matter, is when a governmentorganisation engages a practitioner to perform anassurance engagement regarding a report about aprivate company’s sustainability practices thatthe organisation has prepared and is to distributeto intended users.

The responsible party may or may not be the party whoengages the practitioner (the engaging party).

26. The responsible party ordinarily provides the practitionerwith a written representation that evaluates or measuresthe subject matter against the identified criteria, whetheror not it is to be made available as an assertion to theintended users. In a direct reporting engagement, thepractitioner may not be able to obtain such arepresentation when the engaging party is different fromthe responsible party.

Intended Users

27. The intended users are the person, persons or class ofpersons for whom the practitioner prepares the assurancereport. The responsible party can be one of the intendedusers, but not the only one.

28. Whenever practical, the assurance report is addressed toall the intended users, but in some cases there may beother intended users. The practitioner may not be able toidentify all those who will read the assurance report,particularly where there is a large number of people whohave access to it. In such cases, particularly wherepossible readers are likely to have a broad range ofinterests in the subject matter, intended users may belimited to major stakeholders with significant andcommon interests. Intended users may be identified indifferent ways, for example, by agreement between thepractitioner and the responsible party or engaging party,or by law.

29. Whenever practical, intended users or theirrepresentatives are involved with the practitioner and theresponsible party (and the engaging party if different) indetermining the requirements of the engagement.Regardless of the involvement of others however, andunlike an agreed-upon procedures engagement (whichinvolves reporting findings based upon the procedures,rather than a conclusion):

(a) The practitioner is responsible for determiningthe nature, timing and extent of procedures; and

(b) The practitioner is required to pursue any matterthe practitioner becomes aware of that leads the


practitioner to question whether a materialmodification should be made to the subjectmatter information.

30. In some cases, intended users (for example, bankers andregulators) impose a requirement on, or request theresponsible party (or the engaging party if different) toarrange for, an assurance engagement to be performedfor a specific purpose. When engagements are designedfor specified intended users or a specific purpose, thepractitioner considers including a restriction in theassurance report that limits its use to those users or thatpurpose.

Subject Matter

31. The subject matter, and subject matter information, of anassurance engagement can take many forms, such as:

• Financial performance or conditions (forexample, historical or prospective financialposition, financial performance and cash flows)for which the subject matter information may bethe recognition, measurement, presentation anddisclosure represented in financial statements.

• Non-financial performance or conditions (forexample, performance of an entity) for which thesubject matter information may be key indicatorsof efficiency and effectiveness.

• Physical characteristics (for example, capacity ofa facility) for which the subject matterinformation may be a specifications document.

• Systems and processes (for example, an entity’sinternal control or IT system) for which thesubject matter information may be an assertionabout effectiveness.

• Behavior (for example, corporate governance,compliance with regulation, human resourcepractices) for which the subject matterinformation may be a statement of compliance ora statement of effectiveness.

32. Subject matters have different characteristics, includingthe degree to which information about them is qualitativeversus quantitative, objective versus subjective,historical versus prospective, and relates to a point intime or covers a period. Such characteristics affect the:

(a) Precision with which the subject matter can beevaluated or measured against criteria; and

(b) The persuasiveness of available evidence.

The assurance report notes characteristics of particularrelevance to the intended users.

33. An appropriate subject matter is:

(a) Identifiable, and capable of consistent evaluationor measurement against the identified criteria;and

(b) Such that the information about it can besubjected to procedures for gathering sufficientappropriate evidence to support a reasonableassurance or limited assurance conclusion, asappropriate.


Criteria

34. Criteria are the benchmarks used to evaluate or measurethe subject matter including, where relevant, benchmarksfor presentation and disclosure. Criteria can be formal,for example in the preparation of financial statements,the criteria may be Nepal Accounting Standards; whenreporting on internal control, the criteria may be anestablished internal control framework or individualcontrol objectives specifically designed for theengagement; and when reporting on compliance, thecriteria may be the applicable law, regulation or contract.Examples of less formal criteria are an internallydeveloped code of conduct or an agreed level ofperformance (such as the number of times a particularcommittee is expected to meet in a year).

35. Suitable criteria are required for reasonably consistentevaluation or measurement of a subject matter within thecontext of professional judgement. Without the frame ofreference provided by suitable criteria, any conclusion isopen to individual interpretation and misunderstanding.Suitable criteria are context-sensitive, that is, relevant tothe engagement circumstances. Even for the samesubject matter there can be different criteria. Forexample, one responsible party might select the numberof customer complaints resolved to the acknowledgedsatisfaction of the customer for the subject matter ofcustomer satisfaction; another responsible party mightselect the number of repeat purchases in the three monthsfollowing the initial purchase.

36. Suitable criteria exhibit the following characteristics:

(a) Relevance: relevant criteria contribute toconclusions that assist decision-making by theintended users.

(b) Completeness: criteria are sufficiently completewhen relevant factors that could affect theconclusions in the context of the engagementcircumstances are not omitted. Complete criteriainclude, where relevant, benchmarks forpresentation and disclosure.

(c) Reliability: reliable criteria allow reasonablyconsistent evaluation or measurement of thesubject matter including, where relevant,presentation and disclosure, when used in similarcircumstances by similarly qualifiedpractitioners.

(d) Neutrality: neutral criteria contribute toconclusions that are free from bias.

(e) Understandability: understandable criteriacontribute to conclusions that are clear,comprehensive, and not subject to significantlydifferent interpretations.

The evaluation or measurement of a subject matter onthe basis of the practitioner’s own expectations,judgements and individual experience would notconstitute suitable criteria.

37. The practitioner assesses the suitability of criteria for aparticular engagement by considering whether theyreflect the above characteristics. The relative importanceof each characteristic to a particular engagement is a


matter of judgement. Criteria can either be established orspecifically developed. Established criteria are thoseembodied in laws or regulations, or issued by authorisedor recognised bodies of experts that follow a transparentdue process. Specifically developed criteria are thosedesigned for the purpose of the engagement. Whethercriteria are established or specifically developed affectsthe work that the practitioner carries out to assess theirsuitability for a particular engagement.

38. Criteria need to be available to the intended users toallow them to understand how the subject matter hasbeen evaluated or measured. Criteria are made availableto the intended users in one or more of the followingways:

(a) Publicly.

(b) Through inclusion in a clear manner in thepresentation of the subject matter information.

(c) Through inclusion in a clear manner in theassurance report.

(d) By general understanding, for example thecriterion for measuring time in hours andminutes.

Criteria may also be available only to specific intendedusers, for example the terms of a contract, or criteriaissued by an industry association that are available onlyto those in the industry. When identified criteria areavailable only to specific intended users, or are relevant

only to a specific purpose, use of the assurance report isrestricted to those users or for that purpose.7

Evidence

39. The practitioner plans and performs an assuranceengagement with an attitude of professional skepticismto obtain sufficient appropriate evidence about whetherthe subject matter information is free of materialmisstatement. The practitioner considers materiality,assurance engagement risk, and the quantity and qualityof available evidence when planning and performing theengagement, in particular when determining the nature,timing and extent of evidence-gathering procedures.

Professional Skepticism

40. The practitioner plans and performs an assuranceengagement with an attitude of professional skepticismrecognising that circumstances may exist that cause thesubject matter information to be materially misstated. Anattitude of professional skepticism means the practitionermakes a critical assessment, with a questioning mind, ofthe validity of evidence obtained and is alert to evidencethat contradicts or brings into question the reliability ofdocuments or representations by the responsible party.For example, an attitude of professional skepticism is

7 While an assurance report may be restricted whenever it is intended onlyfor specified intended users or for a specific purpose, the absence of arestriction regarding a particular reader or purpose, does not itself indicatethat a legal responsibility is owed by the practitioner in relation to that readeror for that purpose. Whether a legal responsibility is owed will depend on thecircumstances of each case and the relevant jurisdiction.


necessary throughout the engagement process for thepractitioner to reduce the risk of overlooking suspiciouscircumstances, of over generalising when drawingconclusions from observations, and of using faultyassumptions in determining the nature, timing and extentof evidence gathering procedures and evaluating theresults thereof.

41. An assurance engagement rarely involves theauthentication of documentation, nor is the practitionertrained as or expected to be an expert in suchauthentication. However, the practitioner considers thereliability of the information to be used as evidence, forexample photocopies, facsimiles, filmed, digitised orother electronic documents, including consideration ofcontrols over their preparation and maintenance whererelevant.

Sufficiency and Appropriateness of Evidence

42. Sufficiency is the measure of the quantity of evidence.Appropriateness is the measure of the quality ofevidence; that is, its relevance and its reliability. Thequantity of evidence needed is affected by the risk of thesubject matter information being materially misstated(the greater the risk, the more evidence is likely to berequired) and also by the quality of such evidence (thehigher the quality, the less may be required).Accordingly, the sufficiency and appropriateness ofevidence are interrelated. However, merely obtainingmore evidence may not compensate for its poor quality.

43. The reliability of evidence is influenced by its source andby its nature, and is dependent on the individualcircumstances under which it is obtained.Generalisations about the reliability of various kinds ofevidence can be made; however, such generalisations aresubject to important exceptions. Even when evidence isobtained from sources external to the entity,circumstances may exist that could affect the reliabilityof the information obtained. For example, evidenceobtained from an independent external source may not bereliable if the source is not knowledgeable. Whilerecognising that exceptions may exist, the followinggeneralisations about the reliability of evidence may beuseful:

• Evidence is more reliable when it is obtainedfrom independent sources outside the entity.

• Evidence that is generated internally is morereliable when the related controls are effective.

• Evidence obtained directly by the practitioner(for example, observation of the application of acontrol) is more reliable than evidence obtainedindirectly or by inference (for example, enquiryabout the application of a control).

• Evidence is more reliable when it exists indocumentary form, whether paper, electronic, orother media (for example, a contemporaneouslywritten record of a meeting is more reliable thana subsequent oral representation of what wasdiscussed).


• Evidence provided by original documents is morereliable than evidence provided by photocopies orfacsimiles.

44. The practitioner ordinarily obtains more assurance fromconsistent evidence obtained from different sources or ofa different nature than from items of evidence consideredindividually. In addition, obtaining evidence fromdifferent sources or of a different nature may indicatethat an individual item of evidence is not reliable. Forexample, corroborating information obtained from asource independent of the entity may increase theassurance the practitioner obtains from a representationfrom the responsible party. Conversely, when evidenceobtained from one source is inconsistent with thatobtained from another, the practitioner determines whatadditional evidence-gathering procedures are necessaryto resolve the inconsistency.

45. In terms of obtaining sufficient appropriate evidence, itis generally more difficult to obtain assurance aboutsubject matter information covering a period than aboutsubject matter information at a point in time. In addition,conclusions provided on processes ordinarily are limitedto the period covered by the engagement; the practitionerprovides no conclusion about whether the process willcontinue to function in the specified manner in thefuture.

46. The practitioner considers the relationship between thecost of obtaining evidence and the usefulness of theinformation obtained. However, the matter of difficultyor expense involved is not in itself a valid basis foromitting an evidence-gathering procedure for which

there is no alternative. The practitioner uses professionaljudgement and exercises professional skepticism inevaluating the quantity and quality of evidence, and thusits sufficiency and appropriateness, to support theassurance report.

Materiality

47. Materiality is relevant when the practitioner determinesthe nature, timing and extent of evidence-gatheringprocedures, and when assessing whether the subjectmatter information is free of misstatement. Whenconsidering materiality, the practitioner understands andassesses what factors might influence the decisions of theintended users. For example, when the identified criteriaallow for variations in the presentation of the subjectmatter information, the practitioner considers how theadopted presentation might influence the decisions of theintended users. Materiality is considered in the context ofquantitative and qualitative factors, such as relativemagnitude, the nature and extent of the effect of thesefactors on the evaluation or measurement of the subjectmatter, and the interests of the intended users. Theassessment of materiality and the relative importance ofquantitative and qualitative factors in a particularengagement are matters for the practitioner’s judgement.

Assurance Engagement Risk

48. Assurance engagement risk is the risk that thepractitioner expresses an inappropriate conclusion when


the subject matter information is materially misstated.8 Ina reasonable assurance engagement, the practitionerreduces assurance engagement risk to an acceptably lowlevel in the circumstances of the engagement to obtainreasonable assurance as the basis for a positive form ofexpression of the practitioner’s conclusion. The level ofassurance engagement risk is higher in a limitedassurance engagement than in a reasonable assuranceengagement because of the different nature, timing orextent of evidence-gathering procedures. However in alimited assurance engagement, the combination of thenature, timing and extent of evidence gatheringprocedures is at least sufficient for the practitioner toobtain a meaningful level of assurance as the basis for anegative form of expression. To be meaningful, the levelof assurance obtained by the practitioner is likely toenhance the intended users’ confidence about the subjectmatter information to a degree that is clearly more thaninconsequential.

49. In general, assurance engagement risk can be representedby the following components, although not all of thesecomponents will necessarily be present or significant forall assurance engagements:

8 (a) This includes the risk, in those direct reporting engagements where thesubject matter information is presented only in the practitioner’s conclusion,that the practitioner inappropriately concludes that the subject matter does, inall material respects, conform with the criteria, for example: “In our opinion,internal control is effective, in all material respects, based on XYZ criteria.”(b) In addition to assurance engagement risk, the practitioner is exposed tothe risk of expressing an inappropriate conclusion when the subject matterinformation is not materially misstated, and risks through loss from litigation,adverse publicity, or other events arising in connection with a subject matterreported on. These risks are not part of assurance engagement risk.

(a) The risk that the subject matter information ismaterially misstated, which in turn consists of:

(i) Inherent risk: the susceptibility of thesubject matter information to a materialmisstatement, assuming that there are norelated controls; and

(ii) Control risk: the risk that a materialmisstatement that could occur will not beprevented, or detected and corrected, on atimely basis by related internal controls.When control risk is relevant to thesubject matter, some control risk willalways exist because of the inherentlimitations of the design and operation ofinternal control; and

(b) Detection risk: the risk that the practitioner willnot detect a material misstatement that exists.

The degree to which the practitioner considers each ofthese components is affected by the engagementcircumstances, in particular by the nature of the subjectmatter and whether a reasonable assurance or a limitedassurance engagement is being performed.

Nature, Timing and Extent of Evidence-gathering Procedures

50. The exact nature, timing and extent of evidence-gathering procedures will vary from one engagement tothe next. In theory, infinite variations in evidence-gathering procedures are possible. In practice, however,these are difficult to communicate clearly and


unambiguously. The practitioner attempts tocommunicate them clearly and unambiguously and usesthe form appropriate to a reasonable assuranceengagement or a limited assurance engagement.9

51. “Reasonable assurance” is a concept relating toaccumulating evidence necessary for the practitioner toconclude in relation to the subject matter informationtaken as a whole. To be in a position to express aconclusion in the positive form required in a reasonableassurance engagement, it is necessary for the practitionerto obtain sufficient appropriate evidence as part of aniterative, systematic engagement process involving:

(a) Obtaining an understanding of the subject matterand other engagement circumstanceswhich, depending on the subject matter, includesobtaining an understanding of internalcontrol;

(b) Based on that understanding, assessing the risksthat the subject matter information may bematerially misstated;

(c) Responding to assessed risks, includingdeveloping overall responses, and determiningthe nature, timing and extent of furtherprocedures;

9 Where the subject matter information is made up of a number of aspects,separate conclusions may be provided on each aspect. While not all suchconclusions need to relate to the same level of evidence gathering procedures,each conclusion is expressed in the form that is appropriate to either areasonable assurance or a limited assurance engagement.

(d) Performing further procedures clearly linked tothe identified risks, using a combination ofinspection, observation, confirmation,recalculation, re-performance, analyticalprocedures and enquiry. Such further proceduresinvolve substantive procedures including, whereapplicable, obtaining corroborating informationfrom sources independent of the responsibleparty, and depending on the nature of the subjectmatter, tests of the operating effectiveness ofcontrols; and

(e) Evaluating the sufficiency and appropriateness ofevidence.

52. “Reasonable assurance” is less than absolute assurance.Reducing assurance engagement risk to zero is veryrarely attainable or cost beneficial as a result of factorssuch as the following:

• The use of selective testing.

• The inherent limitations of internal control.

• The fact that much of the evidence available tothe practitioner is persuasive rather thanconclusive.

• The use of judgement in gathering and evaluatingevidence and forming conclusions based on thatevidence.

• In some cases, the characteristics of the subjectmatter when evaluated or measured against theidentified criteria.


53. Both reasonable assurance and limited assuranceengagements require the application of assurance skillsand techniques and the gathering of sufficientappropriate evidence as part of an iterative, systematicengagement process that includes obtaining anunderstanding of the subject matter and otherengagement circumstances. The nature, timing andextent of procedures for gathering sufficient appropriateevidence in a limited assurance engagement are,however, deliberately limited relative to a reasonableassurance engagement. For some subject matters, theremay be specific pronouncements to provide guidance onprocedures for gathering sufficient appropriate evidencefor a limited assurance engagement. For example, NSRE2400, “Engagements to Review Financial Statements”establishes that sufficient appropriate evidence forreviews of financial statements is obtained primarilythrough analytical procedures and enquiries. In theabsence of a relevant pronouncement, the procedures forgathering sufficient appropriate evidence will vary withthe circumstances of the engagement, in particular, thesubject matter, and the needs of the intended users andthe engaging party, including relevant time and costconstraints. For both reasonable assurance and limitedassurance engagements, if the practitioner becomesaware of a matter that leads the practitioner to questionwhether a material modification should be made to thesubject matter information, the practitioner pursues thematter by performing other procedures sufficient toenable the practitioner to report.

Quantity and Quality of Available Evidence

54. The quantity or quality of available evidence is affectedby:

(a) The characteristics of the subject matter andsubject matter information. For example, lessobjective evidence might be expected wheninformation about the subject matter is futureoriented rather than historical (see paragraph 32);and

(b) Circumstances of the engagement other than thecharacteristics of the subject matter, whenevidence that could reasonably be expected toexist is not available because of, for example, thetiming of the practitioner’s appointment, anentity’s document retention policy, or arestriction imposed by the responsible party.

Ordinarily, available evidence will be persuasive ratherthan conclusive.

55. An unqualified conclusion is not appropriate for eithertype of assurance engagement in the case of a materiallimitation on the scope of the practitioner’s work, that is,when:

(a) Circumstances prevent the practitioner fromobtaining evidence required to reduce assuranceengagement risk to the appropriate level; or

(b) The responsible party or the engaging partyimposes a restriction that prevents the practitionerfrom obtaining evidence required to reduceassurance engagement risk to the appropriatelevel.


Assurance Report

56. The practitioner provides a written report containing aconclusion that conveys the assurance obtained about thesubject matter information. NSAs, NSREs and NSAEsestablish basic elements for assurance reports. Inaddition, the practitioner considers other reportingresponsibilities, including communicating with thosecharged with governance when it is appropriate to do so.

57. In an assertion-based engagement, the practitioner’sconclusion can be worded either:

(a) In terms of the responsible party’s assertion (forexample: “In our opinion the responsible party’sassertion that internal control is effective, in allmaterial respects, based on XYZ criteria, is fairlystated”); or

(b) Directly in terms of the subject matter and thecriteria (for example: “In our opinion internalcontrol is effective, in all material respects, basedon XYZ criteria”).

In a direct reporting engagement, the practitioner’sconclusion is worded directly in terms of the subjectmatter and the criteria.

58. In a reasonable assurance engagement, the practitionerexpresses the conclusion in the positive form, forexample: “In our opinion internal control is effective, inall material respects, based on XYZ criteria.” This formof expression conveys “reasonable assurance.” Havingperformed evidence-gathering procedures of a nature,

timing and extent that were reasonable given thecharacteristics of the subject matter and other relevantengagement circumstances described in the assurancereport, the practitioner has obtained sufficientappropriate evidence to reduce assurance engagementrisk to an acceptably low level.

59. In a limited assurance engagement, the practitionerexpresses the conclusion in the negative form, forexample, “Based on our work described in this report,nothing has come to our attention that causes us tobelieve that internal control is not effective, in allmaterial respects, based on XYZ criteria.” This form ofexpression conveys a level of “limited assurance” that isproportional to the level of the practitioner’s evidence-gathering procedures given the characteristics of thesubject matter and other engagement circumstancesdescribed in the assurance report.

60. A practitioner does not express an unqualifiedconclusion for either type of assurance engagement whenthe following circumstances exist and, in thepractitioner’s judgement, the effect of the matter is ormay be material:

(a) There is a limitation on the scope of thepractitioner’s work (see paragraph 55). Thepractitioner expresses a qualified conclusion or adisclaimer of conclusion depending on howmaterial or pervasive the limitation is. In somecases the practitioner considers withdrawing fromthe engagement.

(b) In those cases where:


(i) The practitioner’s conclusion is worded interms of the responsible party’s assertion,and that assertion is not fairly stated, in allmaterial respects; or

(ii) The practitioner’s conclusion is wordeddirectly in terms of the subject matter andthe criteria, and the subject matterinformation is materially misstated,10 thepractitioner expresses a qualified oradverse conclusion depending on howmaterial or pervasive the matter is.

(c) When it is discovered after the engagement hasbeen accepted, that the criteria are unsuitable orthe subject matter is not appropriate for anassurance engagement. The practitionerexpresses:

(i) A qualified conclusion or adverseconclusion depending on how material orpervasive the matter is, when theunsuitable criteria or inappropriate subjectmatter is likely to mislead the intendedusers; or

(ii) A qualified conclusion or a disclaimer ofconclusion depending on how material or

10 In those direct reporting engagements where the subject matter informationis presented only in the practitioner’s conclusion, and the practitionerconcludes that the subject matter does not, in all material respects, conformwith the criteria, for example: “In our opinion, except for […], internalcontrol is effective, in all material respects, based on XYZ criteria,” such aconclusion would also be considered to be qualified (or adverse asappropriate).

pervasive the matter is, in other cases. Insome cases the practitioner considerswithdrawing from the engagement.

In some cases the practitioner considerswithdrawing from the engagement.

Inappropriate Use of the Practitioner’s Name

61. A practitioner is associated with a subject matter whenthe practitioner reports on information about that subjectmatter or consents to the use of the practitioner’s name ina professional connection with that subject matter. If thepractitioner is not associated in this manner, third partiescan assume no responsibility of the practitioner. If thepractitioner learns that a party is inappropriately usingthe practitioner’s name in association with a subjectmatter, the practitioner requires the party to cease doingso. The practitioner also considers what other steps maybe needed, such as informing any known third partyusers of the inappropriate use of the practitioner’s nameor seeking legal advice.

Compliance with International Framework for AssuranceEngagements

62. Compliance with this Nepal Framework for AssuranceEngagements ensures compliance in all material respectswith International Framework for AssuranceEngagements.


Effective Date

63. This Nepal Framework for Assurance Engagementsbecomes operative for the audit commencing on or after01 Shrawan 2064 corresponding to 17 July 2007. Earlierapplication is encouraged.

64.

Public Sector Perspective

1. This Framework is relevant to all professionalaccountants in the public sector who are independent ofthe entity for which they perform assuranceengagements. Where professional accountants in thepublic sector are not independent of the entity for whichthey perform an assurance engagement, the guidance infootnote 1 should be adopted.

Appendix

Differences Between Reasonable Assurance Engagementsand Limited Assurance Engagements

This Appendix outlines the differences between a reasonableassurance engagement and a limited assurance engagementdiscussed in the Framework (see in particular the referencedparagraphs).

Type ofengagement

Objective Evidence-gatheringprocedures

The assurancereport

Reasonable

assurance

engagement

A reduction inassurance

engagement riskto an acceptablylow level in thecircumstancesof theengagement, asthe basis for apositive form of

expression ofthepractitioner’sconclusion

(Paragraph 11)

Sufficientappropriateevidence isobtained as part ofa systematicengagementprocess thatincludes:

• Obtaining anunderstanding ofthe engagementcircumstances;

• Assessing risks;

• Responding toassessed risks;

• Performing

Description ofthe engagementcircumstances,and a positiveform of

expression ofthe conclusion(Paragraph 58)


further proceduresusing acombination ofinspection,observation,confirmation,recalculation,reperformance,analyticalprocedures andenquiry. Suchfurther proceduresinvolve substantiveprocedures,including , whereapplicable,obtainingcorroboratinginformation, anddepending on thenature of thesubject matter,

tests of theoperatingeffectiveness ofcontrols; and

• Evaluating theevidence obtained(Paragraphs 51 and52)

Limited

assurance

engagement

A reduction inassurance

engagement riskto a level that is

Sufficientappropriateevidence isobtained as part of

Description ofthe engagementcircumstances,and a negative

acceptable in thecircumstancesof theengagement butwhere that riskis greater thanfor a reasonable

assuranceengagement, asthe basis for anegative form ofexpression ofthepractitioner’sconclusion

(Paragraph 11)

a systematic

engagementprocess thatincludes obtainingan understandingof the

subject matter andother engagementcircumstances, butin

which proceduresare deliberatelylimited relative to areasonable

assuranceengagement(Paragraph 53)

form of

expression ofthe conclusion(Paragraph 59)

NEPAL FRAMEWORK FOR ASSURANCE …...2 For assurance engagements regarding historical financial...

Documents

Transcript of NEPAL FRAMEWORK FOR ASSURANCE …...2 For assurance engagements regarding historical financial...