Learning Outcomes
After reading this article, you will be able to:
- Describe what a review engagement is and when it is used.
- Distinguish in detail the procedures performed in a review (ISRE 2400) from those in an audit (ISA 200).
- Identify the nature, sufficiency, and reliability of evidence in review engagements compared to audits.
- Explain the impact of these differences on the level of assurance and the wording of the assurance report.
ACCA Audit and Assurance (AA) Syllabus
For ACCA Audit and Assurance (AA), you are required to understand the techniques, requirements, and reporting implications of review engagements (ISRE 2400) and be able to compare them decisively to external audits. In particular, you should know:
- The objective, scope, and level of assurance provided by review engagements (ISRE 2400).
- Review engagement procedures: detailed understanding of enquiry and analytical procedures and their limitations.
- Differences in sufficiency and appropriateness of evidence in reviews versus audits.
- The nature and form of reporting in review engagements, including the use of negative assurance.
- Practical implications for clients and users of the differing procedures and evidence.
Test Your Knowledge
Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.
-
Which procedures are typically performed in a review engagement but not in an external audit?
- Enquiry and analytics only
- Substantive tests of details
- Tests of controls
- Inspection of all invoices
-
What does “limited assurance” in a review engagement mean about the evidence obtained, compared to an audit?
- It is equally sufficient
- It is less and relies more on management representations
- It guarantees correctness
- It uses positive assurance
-
In which type of engagement would the report state “Nothing has come to our attention …”?
- Review engagement
- External audit
- Both
- Neither
-
True or False? An external auditor must always perform more detailed procedures than a practitioner conducting a review engagement.
Introduction
Review engagements offer an alternative form of assurance to external audit. Governed by ISRE 2400, reviews are commonly commissioned by entities not subject to statutory audit requirements, or when cost or disruption needs to be minimised. The review engagement’s primary aim is to provide limited assurance, focusing on whether any material misstatements have come to the practitioner’s attention, rather than expressing a high level of confidence.
This article highlights the fundamental differences between review and audit engagements, with a focus on procedures performed and the evidence obtained. You will learn how the lower intensity of a review shapes the degree of assurance provided, and how the reporting reflects this to users.
Key Term: review engagement
An assurance engagement in which a practitioner seeks to obtain sufficient appropriate evidence primarily through enquiry and analytical procedures, enabling a conclusion on the plausibility of the subject matter, in all material respects.
Key Features of Review Engagements
Objective and Scope: ISRE 2400 vs Audit
A review engagement seeks to obtain sufficient appropriate evidence—mainly by making enquiries and applying analytical procedures—so as to enable the practitioner to state whether anything has come to their attention that indicates the financial statements are not prepared, in all material respects, in accordance with the framework.
By comparison, an external audit provides a reasonable (higher) level of assurance by employing a wider range of procedures, including extensive substantive and control testing designed to detect material misstatements.
Key Term: limited assurance
The moderate level of assurance derived from procedures that are less exhaustive than those in an audit, resulting in increased risk that a material misstatement may go undetected.Key Term: reasonable assurance
A high—but not absolute—level of confidence, based on extensive procedures, that the subject matter is free from material misstatement.
Typical Procedures in Review Engagements
Under ISRE 2400, the core procedures are:
- Enquiry: Obtaining information from management and others about the entity’s activities, accounting principles, accounting policies applied, and financial results.
- Analytical procedures: Evaluation of relationships and trends in financial data, analysis of fluctuations, and ratios that may indicate potential misstatement.
- Read minutes: Reviewing relevant minutes of meetings for any issues that may affect the financial statements.
- Consideration of subsequent events: Inquire about events after period-end that may affect the statements.
- Obtain written representations: From management that all material matters have been disclosed.
Crucially, review engagements do not generally include:
- Detailed inspection of supporting documentation,
- Tests of controls,
- External confirmations (unless issues arise requiring further verification),
- Third-party evidence gathering,
- Sampling-based substantive testing.
Worked Example 1.1
A small company ineligible for audit asks an accountancy firm for a review of its annual financial statements. The engagement partner performs the following:
- Interviews the finance manager regarding significant variances and how the main balances were derived.
- Performs ratio analysis comparing gross margin and receivables turnover to the previous year and industry norms.
- Traces journal entries and discusses any unusual reconciling items.
- Requests management representation confirming all relevant information has been provided.
Answer:
All these steps are appropriate for a review (ISRE 2400). No inspection of supporting invoices or third-party confirmations takes place unless material uncertainties or inconsistencies are found that require further clarification.
Evidence Differences: Review vs Audit
Nature and Sufficiency of Evidence
In an audit, evidence is both sufficient (in quantity) and appropriate (of high quality), including corroboration from independent sources. Audit evidence comes from a broad range of procedures: inspection, observation, external confirmations, recalculation, reperformance, enquiry and analytics.
In a review, the sufficiency and appropriateness of evidence are less robust. Enquiry and analytics may be persuasive but are often reliant on management’s integrity and the summary documentation provided. Only where issues emerge will the practitioner expand the scope with additional procedures.
Key Term: sufficient appropriate evidence
The measure of quantity and quality of audit or review evidence required to support a conclusion; the threshold is lower for a review than for an audit.
Comparison Table: Audit vs Review Engagements
| Aspect | External Audit (ISA) | Review Engagement (ISRE 2400) |
|---|---|---|
| Level of Assurance | Reasonable (high, not absolute) | Limited (moderate) |
| Nature of Procedures | Detailed substantive testing, controls testing, extensive document inspection, external confirmations | Enquiry and analytical procedures only, with limited or no inspection; external confirmations rarely used |
| Evidence | Sufficient and highly appropriate, with corroboration from independent sources | Primarily management explanations and high-level analytics; lower evidential quality |
| Report Wording | Positive assurance (“In our opinion…”) | Negative assurance (“Nothing has come to our attention…”) |
| Scope Expansion | Required if issues, errors, or unusual items arise | Required only if procedures identify concerns; otherwise, no further work |
Worked Example 1.2
The practitioner reviews cash at bank as part of a review engagement. They:
- Enquire about reconciling items on the bank reconciliation.
- Compare balances to last year’s figures.
- Ask about any significant, unexplained variances.
Answer:
In a review, this may be sufficient if responses are satisfactory. In an audit, external confirmation from the bank and inspection of the reconciliation would also be required for reasonable assurance.
Reporting: Limited vs Reasonable Assurance
The outcome reflects the scope and evidence:
- Review (ISRE 2400): “Based on our review, nothing has come to our attention that causes us to believe the financial statements are not prepared, in all material respects, in accordance with [applicable framework].”
- Audit (ISA): “In our opinion, the financial statements present fairly, in all material respects, in accordance with [applicable framework].”
Key Term: negative assurance
A form of conclusion stating no evidence of material misstatement was found, rather than a positive assertion of completeness and accuracy.
Exam Warning
In exam scenarios, be careful to match the correct report wording to the engagement type: audits use positive assurance, reviews use negative assurance. Do not confuse limited and reasonable assurance or their reporting language.
Limitations of Review Engagements
- Review engagements do not guarantee detection of all material misstatements or fraud.
- Reliance on management’s explanations presents a higher risk if management lacks integrity or understanding.
- Users should be aware a review does not provide the same level of comfort as an audit; lenders, regulators, or investors may require full audits for important decisions.
Worked Example 1.3
You are asked whether a review engagement would meet a lender’s requirement for assurance over year-end receivables balances.
Answer:
Unless the lender accepts limited assurance, a review may not meet the requirement, as it does not include direct confirmation or detailed substantive tests expected in an audit.
Summary
Review engagements under ISRE 2400 provide limited assurance mainly via enquiries and analytical review, with little or no direct inspection of supporting records or external confirmation. The evidence is therefore less comprehensive and persuasive than in an audit, and the report is negatively worded, highlighting the lower comfort level provided.
| Review Engagement (ISRE 2400) | Audit Engagement (ISA) | |
|---|---|---|
| Level of assurance | Limited (moderate) | Reasonable (high) |
| Main procedures | Enquiry, analytical review | Enquiry, analytics, tests of detail, controls testing, confirmations, inspection |
| Evidence basis | Management explanations, high-level data | Corroborative documents, third-party confirmations, observation |
| Report conclusion | Negative: “Nothing has come...” | Positive: “In our opinion...” |
Key Point Checklist
This article has covered the following key knowledge points:
- Define review engagement and explain its objective and permissible procedures under ISRE 2400.
- Distinguish review procedures (enquiry and analytics) from audit procedures (substantive and controls testing).
- Explain sufficiency and appropriateness of evidence in review versus audit.
- Identify the correct report wording for reviews (negative assurance) versus audits (positive assurance).
- State the limitations of review engagements and when a review is insufficient.
- Recognise when a review engagement may need to be expanded if material misstatements are suspected.
Key Terms and Concepts
- review engagement
- limited assurance
- reasonable assurance
- sufficient appropriate evidence
- negative assurance