Learning Outcomes
After reading this article, you will be able to explain the purpose and scope of review engagements under ISRE 2400, distinguish limited assurance from reasonable assurance, identify the main procedures used in a review, and interpret the form and implications of a limited assurance review report. You should be able to apply these concepts to typical ACCA exam scenarios and clearly differentiate between audits and reviews.
ACCA Audit and Assurance (AA) Syllabus
For ACCA Audit and Assurance (AA), you are required to understand the distinguishing features and practical application of review engagements providing limited assurance under ISRE 2400. Specifically, you should be able to:
- State the objectives and scope of review engagements, and how they differ from external audits.
- Explain the nature, extent, and limitations of procedures in a review, including enquiries and analytical review.
- Describe the level of assurance provided, the form of the review report, and the key differences in report wording compared to an audit.
- Identify typical use cases for review engagements and assess when a limited assurance engagement is appropriate.
- Recognise the professional responsibilities and limitations associated with providing limited assurance.
Test Your Knowledge
Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.
-
Which procedures are typical in a review engagement under ISRE 2400?
- Extensive tests of controls
- Detailed substantive testing
- Enquiries and analytical procedures
- Full verification of balances
-
What type of assurance does a review engagement provide?
- Absolute
- Reasonable
- Limited
- None
-
How is the conclusion in a review report typically worded for limited assurance?
-
State two circumstances in which a company may choose a review engagement over a full audit.
Introduction
A review engagement under ISRE 2400 provides limited assurance on financial statements or other subject matter, primarily through the use of enquiry and analytical procedures. The assurance practitioner gives a negative assurance conclusion, stating that nothing has come to their attention to suggest the statements are materially misstated. This contrasts with the positive opinion expressed in an external audit, which provides reasonable assurance.
Key Term: review engagement
An assurance engagement where the practitioner performs primarily enquiry and analytical procedures to express a limited assurance conclusion on financial information.
Nature of Limited Assurance
Levels of Assurance
There are two main levels of assurance delivered in assurance engagements:
- Reasonable assurance: Delivers a high but not absolute level of confidence (as in an audit), with procedures including detailed testing and evaluation.
- Limited assurance: Delivers a moderate level of confidence (as in a review), based on less extensive procedures, mainly analytical review and enquiry.
Key Term: limited assurance
A moderate level of confidence achieved by conducting limited procedures, resulting in a negative assurance conclusion that nothing has come to the practitioner's attention indicating material misstatement.
Scope of Work in a Review Engagement
A review is narrower in scope than an audit. The practitioner:
- Obtains an understanding of the business and its environment.
- Performs enquiry of management and others.
- Conducts high-level analytical procedures to identify material inconsistencies or matters requiring further consideration.
- Does not carry out detailed substantive testing or test controls.
Key Term: enquiry
Procedures involving seeking information of knowledgeable persons within the entity, usually management, regarding financial or operational matters relevant to the subject matter.Key Term: analytical procedures
Evaluations of financial information by studying relationships among both financial and non-financial data, often involving comparisons and ratio analysis.
Objectives and Reporting
The objective of a review under ISRE 2400 is to enable the practitioner to conclude whether, based on the procedures performed, anything has come to their attention that causes them to believe that the financial statements are not prepared, in all material respects, in accordance with the applicable financial reporting framework.
This conclusion is "negatively" worded. It does not state that the practitioner is confident no misstatements exist—only that they have not found evidence to the contrary.
Key Term: negative assurance
A form of reporting where the practitioner states that nothing has come to their attention to indicate that the subject matter is materially misstated.
Table: Audit vs Review Engagement
| Aspect | Audit Engagement | Review Engagement |
|---|---|---|
| Level of assurance | Reasonable (high) | Limited (moderate) |
| Report wording | Positive opinion | Negative conclusion |
| Typical procedures | Extensive, incl. substantive | Enquiry, analytics only |
| Work over controls | Yes, where relevant | No |
| Cost/disruption | Higher | Lower |
Worked Example 1.1
A private company not required by law to have an audit wishes to reassure lenders about its financial position, but is concerned about the cost of a full audit. It requests a review engagement under ISRE 2400 instead.
Answer:
The practitioner will perform a review, focusing on enquiries of management and analytical review of the financial statements. The review report will offer limited assurance, stating that nothing has come to their attention indicating that the financial statements are not prepared, in all material respects, in accordance with the reporting framework.
Review Procedures
The practitioner applies judgement to determine the nature and extent of enquiries and analytical procedures, but commonly includes:
- Inquiry of management regarding policies, internal controls, and unusual transactions.
- Analytical comparison of current financial information with prior periods, budgets, or industry data.
- Consideration of knowledge of the business and apparent inconsistencies.
- Follow-up of significant or unusual items identified.
No substantive testing is performed unless issues arise prompting further enquiry.
Worked Example 1.2
The review practitioner identifies a sharp drop in gross margin compared to prior periods. What should they do?
Answer:
The practitioner should enquire of management to obtain explanations for the variance and consider whether supporting documentation (e.g., management analysis) is available. If the matter cannot be satisfactorily explained, it may be reported as a limitation or raised as a highlighted point in the review report.
Exam Warning
Be able to distinguish negative from positive assurance wording. Confusing these can cost marks in the exam.
Limitations of Limited Assurance
Limited assurance means lower confidence for users compared to an audit. This results from:
- Restricted scope: Main procedures are limited to enquiry and analytics.
- No detailed testing: Practitioner does not verify source documents or corroborate balances.
- Material misstatements may remain undetected: A review cannot provide a high probability of detecting fraud or errors.
Users should not place the same reliance on a review as on audited financial statements. The practitioner's objective is not to detect all misstatements but to provide moderate assurance.
Key Term: expectation gap
The difference between what users believe assurance provides and what is actually delivered by the engagement.
Reporting: The Limited Assurance Conclusion
The conclusion in a review engagement report takes the form of negative assurance. Typical wording is:
"Based on our review, nothing has come to our attention that causes us to believe the financial statements are not prepared, in all material respects, in accordance with [the applicable financial reporting framework]."
This means:
- If material misstatements had come to the practitioner's attention, these would be reported.
- If no such matters were identified, the negative assurance conclusion is issued.
When a Review Engagement is Appropriate
Companies may select a limited assurance review when:
- A full audit is not required by law or regulation.
- Cost or disruption of a full audit is prohibitive.
- Users, such as lenders or investors, require some assurance beyond management-prepared accounts but do not require full assurance.
- Annual financial statements must be reviewed under contractual arrangements, e.g., for certain bank covenants or subsidiary reporting.
Reviews are not appropriate where significant risks of fraud or material misstatement are identified, or where users require a high level of confidence.
Summary
A review engagement under ISRE 2400 provides limited, moderate assurance through enquiries and analytical procedures. The conclusion is negatively worded and gives less confidence than an audit. Reviews are more cost-effective and less intrusive but do not include detailed testing. The limited nature of work performed means there are inherent limitations, and the user should not expect the same confidence as an audit provides.
Key Point Checklist
This article has covered the following key knowledge points:
- Describe what a review engagement is, and when it is used.
- Distinguish limited assurance from reasonable assurance.
- Outline the scope and procedures typical in a review under ISRE 2400.
- State how the reporting conclusion is worded in a limited assurance report.
- Recognise the inherent limitations of review engagements and the practical implications for users.
Key Terms and Concepts
- review engagement
- limited assurance
- enquiry
- analytical procedures
- negative assurance
- expectation gap