discuss assurance services provided with respect to behaviour, such as compliance with laws and regulations

click to edit

click to edit

click to edit

Corporate governance assurance

click to edit

click to edit

click to edit

Compliance engagements

In a compliance engagement, the assurance practitioner provides a conclusion stating whether subject matter information has been prepared in accordance with applicable law or regulations.

There are two main forms of compliance auditing—the difference between them is related to whether the auditing mandate requires the auditor to:

• express an opinion on whether an entity has complied with specific requirements, such as legislation, regulations or directives; or
• report instances of non-compliance with relevant requirements observed during the course of discharging other audit responsibilities (usually will report on an exceptions basis)

objective

When conducting a compliance engagement, the objectives of the assurance practitioner are to obtain assurance about whether the entity has complied in all material respects with these requirements; and to communicate through a written assurance report that expresses either a reasonable or limited assurance conclusion

standard

stralia has recently revised one of its Standards on Assurance Engagements, ASAE 3100

Compliance assurance engagements can be either attestation engagements or direct engagements. The differences between these are that:

In an attestation engagement on compliance,


the evaluation on compliance is conducted
by a responsible party, (usually the entity, or representatives of the entity), and presented
in a Statement which addresses whether the compliance requirements have been met.
The objective of the assurance practitioner is to obtain reasonable or limited assurance
about whether the Statement is free from material misstatement, (although the assurance
practitioner’s conclusion may be expressed in terms of whether the compliance requirements
have been met);

In a direct engagement on compliance,


the evaluation on compliance is conducted by the
assurance practitioner and presented in the assurance conclusion, therefore, no Statement
is prepared by the responsible party. The objective of the assurance practitioner is to obtain
reasonable or limited assurance about whether the compliance requirements have been met
(ASAE 3100, para. 16). MODULE 7

public or private sector?

public

usually discussed in relation to public sector auditing. The reason for this is that governments and other public sector entities usually operate in accordance with legislation that sets out directions, conditions and limitations over the source, allocation and use of public resources.

Hence, compliance engagements are an integral part of their accountability process.

private sector

Overall, there is great variety in the types of compliance engagements conducted, including:


• compliance with corporate governance policies


• veracity of management statements regarding impartiality


• carbon statements for emission trading


• corporate disclosure audits that:


–– assess the scope of system design


–– review the reliability of systems from which information is collated


–– assess compliance with current laws, regulations and industry best practice

Opinion

Where an engagement is conducted to express an opinion on compliance with specified requirements, the auditor must clearly determine the scope of the engagement. This is done by:


• identifying the entity, or part thereof, being reported on


• specifying the legislation or other regulations that form the criteria against which compliance is being reported.

Where instances of non-compliance with the requirements are discovered, a modified auditor’s report will be issued.

Materiality

The assurance practitioner is required to consider materiality, consistent with the consideration of materiality as required by ASAE 3000 when determining the nature, timing and extent


of procedures (ASAE 3100, para. 31).

Materiality is considered at

the planning stage; when determining the nature, timing and extent of evidence-gathering procedures

and when evaluating the effects of identified accumulated deficiencies in the compliance framework or identified issues of non-compliance with the framework

Both quantitative and qualitative factors are considered, including

he relative magnitude of detected or suspected instances of non‑compliance

the nature and extent of the effect of these factors on the evaluation of compliance with the compliance requirements

the nature of the matters of non-compliance (whether they are one-off or systematic)

USA

Australia

ASX

CLERP 9

US Sarbanes–Oxley Act

The ASX Corporate Governance Council (2014) publication incorporates the following eight essential corporate governance principles: FBIEDRSR


  1. Lay solid foundations for management and oversight …
    
  2. Structure the board to add value …
    
  3. Act ethically and responsibly …
    
  4. Safeguard integrity in corporate reporting …
    
  5. Make timely and balanced disclosure …
    
  6. Respect the rights of shareholders …
    
  7. Recognise and manage risk …
    
  8. Remunerate fairly and responsibly.
    

governance guidelines, Corporate Governance Principles and Recommendations (ASX Corporate Governance Council 2014).

The heightened demand for increased reporting of corporate governance practices provides a market opportunity for the profession.

This may be in the form of:MAG


• a general purpose assurance report to the public—giving assurance about the fair presentation of the corporate governance disclosures
• a special purpose assurance report to the directors, which provides them with increased assurance that they have properly fulfilled their disclosure responsibilities
• assurance reports on the information provided by management to directors for directors’ meetings. Directors base their decisions on this information and their decisions affect their own reputations as well as their legal liability. Consequently, directors may wish to have an assurance report about the relevance, reliability and completeness of the information provided to them at board meetings.

Assurance

For each of these principles, the ASX has a set of recommendations on how to achieve best practice.

Reporting

It also provides guidelines on what information should be included in the corporate governance section of an annual report and what material should otherwise be made publicly available (e.g. on the entity’s website under the corporate governance section).

Companies are either required to report against these issues in their annual reports or explain why they have not done so (the ‘comply or explain’ principle).

The ASX Corporate Governance Council (2014) recommendations can be used as criteria for providing corporate governance assurance.

The assurance could be provided for

the contents of the corporate governance disclosures or

on the systems that generate the disclosures.

Evidence

could be relatively straightforward (e.g. the first principle to ‘lay solid foundations for management and oversight’).

However, for other principles, such as ‘structure the board to add value’, assurance would be much more judgmental.

similar guidelines exist in most countries