For the purposes of this Standard on Assurance Engagements, the following terms have the meanings attributed below:
Attestation engagement on compliance―A reasonable or limited assurance engagement in which a party other than the assurance practitioner, being the responsible party or evaluator evaluates compliance with the compliance requirements. The outcome of that evaluation is provided in a Statement, which may either be available to the intended users or may be presented by the assurance practitioner in the assurance report. In an attestation engagement on compliance, the assurance practitioner’s conclusion addresses whether the Statement is free from material misstatement. The assurance practitioner’s conclusion may be phrased in terms of: (Ref: Para. 4(d), A4)
- The compliance outcome and the criteria; or
- A Statement made by the appropriate party.
Compliance activity (subject matter or underlying subject matter)―The activity that is undertaken to meet the compliance requirement(s).
Compliance engagement–An assurance engagement in which an assurance practitioner expresses a conclusion after evaluating an entity’s compliance with the compliance requirements.
Compliance framework–A framework adopted by the entity, which is designed to ensure that the entity achieves compliance, and includes governance structures, programs, processes, systems, controls and procedures.
Compliance outcome (subject matter information)―The outcome of the evaluation of the underlying subject matter (compliance activity) against the compliance requirements, using the criteria. The compliance outcome is the Statement of the responsible party or evaluator in an attestation engagement on compliance, or the assurance practitioner’s conclusion in a direct engagement on compliance, providing the outcome of their evaluation.
Compliance requirement(s)―The requirements established in law, regulations, other statutory requirements (e.g. ASIC Class Orders and Regulatory Guides and APRA Prudential Standards), contractual arrangements, ministerial directives, industry or professional obligations or internally via entity policies, procedures and frameworks. (Ref: Appendix 1)
Direct engagement on compliance―A reasonable or limited assurance engagement in which the assurance practitioner evaluates whether the compliance requirements have been met. The compliance outcome of the assurance practitioner’s evaluation (the subject matter information) is expressed in the assurance practitioner’s conclusion.
Engaging party―The party(ies) that engages the assurance practitioner to perform the assurance engagement.
Entity―The legal entity, economic entity, or the identifiable portion of a legal or economic entity, or combination of legal or other entities or portions of those entities (for example, a joint venture) to which the compliance requirements relate.
Evaluator―The party(ies) who evaluates the underlying subject matter (compliance activities) against the criteria. The evaluator possesses expertise in the underlying subject matter.
Firm―A sole assurance practitioner, partnership or corporation or other entity of individual assurance practitioners. “Firm” should be read as referring to its public sector equivalents where relevant.
Intended users―The individual(s) or organisation(s), or group(s) thereof that the assurance practitioner expects will use the assurance report. In some cases, there may be intended users other than those to whom the assurance report is addressed.
Internal audit function―A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control processes.
Limited assurance engagement―An assurance engagement in which the assurance practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for expressing a conclusion in a form that conveys whether, based on the procedures performed and evidence obtained, a matter(s) has come to the assurance practitioner’s attention to cause the assurance practitioner to believe the compliance requirements have not been met, in all material respects. The nature, timing and extent of procedures performed in a limited assurance engagement is limited compared with that necessary in a reasonable assurance engagement but is planned to obtain a level of assurance that is, in the assurance practitioner’s professional judgement, meaningful. To be meaningful, the level of assurance obtained by the assurance practitioner is likely to enhance the intended users’ confidence about the compliance outcome to a degree that is clearly more than inconsequential.
Long-form report―Assurance report including other information and explanations that are intended to meet the information needs of users but not to affect the assurance practitioner’s conclusion. In addition to the matters required to be contained in the assurance practitioner’s report, as set out in paragraph 56, long-form reports may describe in detail matters such as:
- the terms of the engagement;
- the criteria being used and the specific compliance activities designed to meet each compliance requirement;
- descriptions of the procedures that were performed;
- findings relating to the procedures that were performed or particular aspects of the engagement;
- details of the qualifications and experience of the assurance practitioner and others involved with the engagement;
- disclosure of materiality levels; or
The assurance practitioner may find it helpful to consider the significance of providing such information to meet the needs of the intended users. As required by paragraph 57, additional information is clearly separated from the assurance practitioner’s conclusion and worded in such a manner as to make it clear that it is not intended to alter or detract from that conclusion.
Material in the context of a compliance engagement―
- in relation to potential (for risk assessment purposes) or detected (for evaluation purposes) matter(s) of non-compliance – instance(s) of non-compliance that are significant, individually or collectively, in the context of the entity’s compliance with compliance requirements, and that might influence relevant decisions of intended users or affect the assurance practitioner’s conclusion; and/or
- in relation to the compliance framework and controls – instance(s) of deficiency that are significant in the context of the entity’s control environment and that may raise the compliance engagement risk sufficiently to affect the assurance practitioner’s conclusion.
Misstatement―For attestation engagements on compliance, a difference between the Statement and the assurance practitioner’s evaluation of compliance with the compliance requirements. Misstatements can be intentional or unintentional, qualitative or quantitative, and include omissions.
Non‑compliance―For both attestation and direct engagements on compliance, a failure to meet a compliance requirement in whole or in part.
Professional judgement―The application of relevant training, knowledge and experience, within the context provided by assurance and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the engagement.
Professional scepticism―An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement or non‑compliance, and a critical assessment of evidence.
Reasonable assurance engagement―An assurance engagement in which the assurance practitioner reduces engagement risk to an acceptably low level in the circumstances of the engagement as the basis for the assurance practitioner’s conclusion. The assurance practitioner’s conclusion is expressed in a form that conveys the assurance practitioner’s opinion on the outcome of the evaluation of the compliance activities against compliance requirements.
Representation―Statement by the responsible party, either oral or written, provided to the assurance practitioner to confirm certain matters or to support other evidence. A representation is additional to but may be provided in combination with the responsible party’s or evaluator’s Statement provided in an attestation engagement, as set out in paragraph 16(a).
Responsible party―The party(ies) responsible for the underlying subject matter, being the compliance activity(ies) in a compliance engagement.
Statement―The outcome in writing of the responsible party or evaluator’s evaluation of compliance with the compliance requirements, provided to the assurance practitioner in an attestation engagement. A Statement is the subject matter information in an attestation engagement on compliance.