Skip to main content

Limited assurance vs reasonable assurance

SEBI mandated assurance of BRSR for companies in phases. We help you understand the types of assurances & differences – reasonable assurance & limited assurance.

Where the client and the practitioner establish that an assurance service is being sought, ISAE 3000 (Revised) provides two options; reasonable assurance and limited assurance.

For a reasonable assurance engagement the practitioner needs to reduce the assurance engagement risk (the risk that an inappropriate conclusion is expressed when the information on the subject matter is materially misstated) to an acceptably low level as the basis for a positive form of expression of the practitioner’s conclusion. Such risk is never reduced to nil and therefore, there can never be absolute assurance.

For a limited assurance engagement the practitioner collects less evidence than for a reasonable assurance engagement but sufficient for a negative form of expression of the practitioner’s conclusion. The practitioner achieves this ordinarily by performing different or fewer tests than those required for reasonable assurance or using smaller sample sizes for the tests performed.

The practitioner uses the same risk basis for planning their work and the same levels of materiality in evaluating the outcome of tests for reasonable and limited assurance engagements. Since the extent of evidence collected for a limited assurance engagement may be limited due to the reduced sample sizes and test coverage adopted, the level of risk of material misstatement remaining is potentially higher than in a reasonable assurance engagement. Hence, the practitioner is not in a position to express the same degree of confidence as in a reasonable assurance engagement.

The conclusion in a limited assurance engagement is accordingly framed in a negative sense: “Based on the procedures performed, nothing came to our attention to indicate that the management assertion on XYZ is materially misstated.” In contrast with a reasonable assurance conclusion which would be formed in a positive sense, i.e.: “Based on the procedures performed, in our opinion, the management assertion on XYZ is reasonably stated.”

Practitioners may be familiar with the limited nature of the work performed in relation to a published review opinion for listed company half-year financial statements. The half-year review is an example of a limited assurance engagement that is conducted by the company’s auditor under ISRE 2410.

These reviews are ordinarily based on inquiry of management and analytical procedures. Analytical procedures typically involve the comparison of actual information against the expectations formed based on the prior year and industry average. The limited nature of the work is justified because the practitioner has a base of history with the client’s previous financial statement audit and an understanding of the client’s control environment which generally helps the practitioner to determine the reliability of the information produced by management.

While there are certain parallels between half-year reviews and other limited assurance engagements conducted under ISAE 3000 (Revised), there are also differences.

Half-year review of financial statements

The half-year review is a defined concept in relation to a clearly defined subject matter, i.e. the financial statements, and for which there is an expectation of a strongly defined internal control environment appropriate for the size and complexity of the client, structure through accounting practices, double entry book-keeping and other checks and balances required by company law and regulation.

The company’s auditor will have obtained a sound understanding of these matters and conducted recent tests of controls and substantive procedures as part of the annual audit. This background therefore reduces the need for detailed tests beyond inquiry, analytical review and other procedures of limited nature.

Limited assurance over non-financial information

In contrast, a non-financial limited assurance engagement may tackle a subject matter which is less well defined and for which the control environment is far less mature and robust. For example, the calculation of a company’s carbon footprint may have been performed by an individual and the results collected on a spreadsheet and supported by files of memorandum information.

The subject matter information is unlikely to be extracted from a double entry bookkeeping system, reducing the possibility of obtaining cumulative evidence through directional testing. Moreover the relationships, if any, between the non-financial subject matter and trends in other internal and external information sources may not have been identified. Accordingly, the comfort the practitioner can obtain from analytical review alone may be greatly reduced.

INTERIM REVIEW OF FINANCIAL INFORMATION LIMITED ASSURANCE OVER NON-FINANCIAL INFORMATION
Comfort sought As interim review has become standard practice for some entities, stakeholders expect a consistent level of comfort from review reports. ISAE 3000 (Revised) is intended to allow greater flexibility for the preparer, user and assurance provider to agree what level of comfort is relevant to the purpose of the information. ISAE 3000 (Revised)  limited assurance reports can convey a wider range of levels of comfort.
Nature of applicable standards ISRE 2410 is relatively prescriptive, including details of enquiries to be made, tests to be performed and tests that are not usually necessary. ISAE 3000 (Revised)  is intended to be applicable to a broad range of subject matters and levels of comfort therefore the standard cannot be prescriptive.
Reporting framework/basis of preparation/criteria GAAP is well-established, relatively consistently applied and familiar to the auditor. Basis of preparation may be newly developed, developed in-house by the entity, not may be unlike others encountered by the assurance practitioner.
Information systems A double-entry accounting system, over which the auditor may have already obtained comfort. Likely to integrated with and reconcilable to other information systems within the entity. May be manual and one-sided. May not be integrated with or reconcilable to other information systems within the entity.
Trends and relationships in subject matter information Likely to be well-observed and understood, including relationships with external data sources, allowing persuasive trend analysis and other substantive analytical review. May not have been observed for long or at all, and/or may not be understood. Trend analysis and other substantive analytical review may be unpersuasive or not possible at all.

The concept of limited assurance allows the assurance provider to accept engagements that provide a range of potential levels of comfort to users of the resulting assurance reports. The only restrictions are that limited assurance should deliver a lower level of comfort than reasonable assurance and that the level of comfort provided should be meaningful.

Because a limited assurance report could represent such a range of levels of comfort, it can be much more important for the assurance practitioner to:

  • ensure there is a good shared understanding of the scope of work agreed with the responsible party and/or users;
  • document the scope of work in an appropriate level of detail in the terms of engagement; and
  • describe the work performed in a plain English in the assurance report.
Reference: The Institute of Chartered Accountants in England and Wales (ICAEW)

BRSR, Core BRSR, BRSR Assurance, Reasonable Assurance, Limited Assurance, SEBI