In a compliance engagement, the assurance practitioner provides a conclusion stating whether subject matter information has been prepared in accordance with applicable law or regulations.

• express an opinion on whether an entity has complied with specific requirements, such as legislation, regulations or directives; or
• report instances of non-compliance with relevant requirements observed during the course of discharging other audit responsibilities (usually will report on an exceptions basis)

When conducting a compliance engagement, the objectives of the assurance practitioner are to obtain assurance about whether the entity has complied in all material respects with these requirements; and to communicate through a written assurance report that expresses either a reasonable or limited assurance conclusion

stralia has recently revised one of its Standards on Assurance Engagements, ASAE 3100

In an attestation engagement on compliance,

the evaluation on compliance is conducted
by a responsible party, (usually the entity, or representatives of the entity), and presented
in a Statement which addresses whether the compliance requirements have been met.
The objective of the assurance practitioner is to obtain reasonable or limited assurance
about whether the Statement is free from material misstatement, (although the assurance
practitioner’s conclusion may be expressed in terms of whether the compliance requirements
have been met);

In a direct engagement on compliance,

the evaluation on compliance is conducted by the
assurance practitioner and presented in the assurance conclusion, therefore, no Statement
is prepared by the responsible party. The objective of the assurance practitioner is to obtain
reasonable or limited assurance about whether the compliance requirements have been met
(ASAE 3100, para. 16). MODULE 7

Hence, compliance engagements are an integral part of their accountability process.

Overall, there is great variety in the types of compliance engagements conducted, including:

• compliance with corporate governance policies

• veracity of management statements regarding impartiality

• carbon statements for emission trading

• corporate disclosure audits that:

–– assess the scope of system design

–– review the reliability of systems from which information is collated

–– assess compliance with current laws, regulations and industry best practice

Where an engagement is conducted to express an opinion on compliance with specified requirements, the auditor must clearly determine the scope of the engagement. This is done by:

• identifying the entity, or part thereof, being reported on

• specifying the legislation or other regulations that form the criteria against which compliance is being reported.

Where instances of non-compliance with the requirements are discovered, a modified auditor’s report will be issued.

The assurance practitioner is required to consider materiality, consistent with the consideration of materiality as required by ASAE 3000 when determining the nature, timing and extent

of procedures (ASAE 3100, para. 31).

the planning stage; when determining the nature, timing and extent of evidence-gathering procedures

and when evaluating the effects of identified accumulated deficiencies in the compliance framework or identified issues of non-compliance with the framework

he relative magnitude of detected or suspected instances of non‑compliance

the nature and extent of the effect of these factors on the evaluation of compliance with the compliance requirements

the nature of the matters of non-compliance (whether they are one-off or systematic)