Professional accountants offer various services to their clients, the provision of assurance services being one of them. Assurance can be provided on the fair presentation of the financial statements − in essence attesting to the accuracy and compliance of these financial statements within the defined parameters of reasonable assurance by auditors. The auditor may also provide limited assurance or may report on factual findings or perform a compilation engagement. These myriad services are provided under the banner of a broader corporate governance system.
In terms of most corporate governance codes, the governing body of an organisation is required to ensure that different types of assurance services are deployed to ensure an effective control environment, essentially assuring the integrity of financial statements and other data, as well as assuring the reliability of an organisation’s external reports. The governing body will rely on the external audit of the financial statements in combination with different types of assurances to form part of a combined assurance model of the entity.
According to the International Auditing and Assurance Standards Board (IAASB), an ‘assurance engagement’ means ‘an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria’.
The term ‘degree of confidence’ alludes to the fact that the auditor, through the assurance function, instils trust in the entity’s reporting. The combined assurance model consolidates this degree of confidence by integrating audit assurance with other assurance services and functions. The audit committee, as a sub-committee of the governing body, is the committee designated with the responsibility for setting the nature, scope and extent of assurance provided for reports and external opinions.
Through the audit committees, active monitoring of the different combined assurance functions and the quality and integrity of the assurance services obtained can be reinforced, thereby instilling an effective internal control and reporting function within an organisation. The audit committee, as a committee constituted by independent non-executive directors, should assess the output of the entity’s combined assurance with objectivity and professional scepticism, thereby reinforcing the confidence in the integrity of the information, in the reports and ultimately in the control environment of the entity.
This is in line with King IV, which indicates that a combined assurance model optimises all assurance services and functions so that combined these enable an effective control environment. An effective control environment forms the basis of the integrity of the entity’s data and reports, those that are used for the organisation’s internal decision-making.
This effective control environment will be instilled through the concept that the combined assurance model addresses the organisation’s significant risks and other material issues. This risk assessment should be assessed and managed at the operational, compliance and reporting level. Organisations should establish risk-based criteria for dealing with control failures on a consistent and strategically aligned basis to ensure organisational objectives and goals are achieved. Combined assurance will encompass an entity’s internal control and internal management systems, internal audit functions and independent external assurance function.
The difficulty arises from the demand of the users of an entity’s different reports for assurance in those reports. The ‘degree of confidence’, as stated above, is a common expectation by users. Other assurance services will be encountered when dealing with the information in an entity’s annual, financial, and integrated report, and reports other than the annual financial statements.
Stakeholders are expecting companies to ensure the accuracy and reliability of disclosures found in their integrated or sustainability reports. This demand is further enhanced when dealing with listed, large, or public interest entities.
It is not surprising that the Global Reporting Initiative (GRI 2016) and the International Integrated Reporting Council (IIRC 2013) recommend the use of external assurance services to strengthen the reliability and quality of sustainability and integrated reports respectively. There is, however, no single standard or set of professional guidelines which identify an integrated or sustainability report in its entirety as the subject matter of an assurance engagement. As a result, companies – in consultation with their external assurance providers − will select different parts of their integrated or sustainability report for testing.
It is clear from this that the combined assurance model requires a collaboration between the governing body and the applicable assurance provider. It is not a function that can be simply outsourced by those within the entity charged with governance to a third-party provider. This collaboration should reinforce good corporate governance and strengthen an entity’s control environment, thus reinforcing the concept that trust and accountability in the accounting profession can only be achieved through a coordinated approach between business and their professional accountant service providers.
