Inherent Limitations of the Engagement

259

Due to the inherent limitations of any internal control and compliance framework it is possible that, even if controls are suitably designed and operating effectively, the control objectives may not be achieved and that fraud, errors, or non-compliance with Prudential Requirements may occur and not be detected. As the systems, procedures and controls to ensure compliance with Prudential Requirements are part of the ADI’s operations, it is possible that either the inherent limitations of the internal control structure, or weaknesses in it, may impact on the effective operation of the ADI’s specific control procedures.

260

Further, due to the nature of assurance engagement procedures and other inherent limitations of a these engagements, there is a possibility that a properly planned and executed engagement may not detect all errors or omissions in ADI Reporting Forms, deficiencies and/or deviations in controls, or instances of non-compliance with Prudential Requirements.

261

As explained in ASAE 3000, a limited assurance engagement is substantially less in scope than a reasonable assurance engagement. In a reasonable assurance engagement, as the auditor’s objective is to provide a high, but not absolute, level of assurance, the auditor uses more extensive audit procedures than in a limited assurance engagement. A limited assurance engagement therefore does not provide all the evidence required in a reasonable assurance engagement and, consequently, the level of assurance provided is less than that given in a reasonable assurance engagement.

262

The appointed auditor performs procedures appropriate to provide limited assurance in relation to internal controls existing at the date of the engagement, and whether those controls have operated as documented throughout the financial year. Projections of any evaluation of internal control procedures or compliance measures to future periods are subject to the risk that control procedures may become inadequate because of changes in conditions after the auditor’s annual prudential assurance report is signed, or that the degree of compliance may deteriorate. Furthermore, assurance engagement procedures on accounting records and data relied on for reporting and compliance are not performed continuously throughout the period and procedures performed are undertaken on a test basis only.

263

Consequently, there are inherent limitations on the level of assurance that can be provided.