Classify assurance needs, engagement options, stakeholder requirements, and non-assurance services.
Assurance needs begin with users and decisions. A lender, shareholder, funder, regulator, board, donor, or management team may need different levels of credibility over different subject matter. Not every useful professional service is an assurance engagement.
The practical task is to identify the user’s decision, the subject matter, the criteria, the assurance level needed, and whether a non-assurance service would better fit the facts.
This lesson focuses on how to:
Start with the user’s decision rather than the engagement label. The same entity may need different services for different users.
| User or stakeholder | Typical need | Engagement implication |
|---|---|---|
| Lender or creditor | Confidence in financial information, covenants, forecasts, or collateral. | Audit, review, agreed procedures, specified report, or forecast-related work depending on requirement. |
| Shareholder or owner | Accountability for management performance and stewardship. | Financial statement assurance or targeted assurance over key measures. |
| Board or audit committee | Independent insight on risk, controls, reporting, or compliance. | Assurance, internal audit project, control review, or advisory work depending on independence. |
| Regulator or funder | Compliance with rules, grant terms, or service requirements. | Assurance over compliance, special report, or agreed procedures if specified. |
| Management | Improvement advice, credibility, transaction support, or process help. | May be non-assurance if no independent conclusion is needed. |
| Donor or public stakeholder | Trust in restricted funds, outcomes, or program reporting. | Assurance over financial or non-financial subject matter when criteria are suitable. |
A case may include more than one user. For example, management may want advice on improving controls, while the funder wants independent assurance that restricted funds were used according to an agreement. Those are different needs and may require different services or safeguards.
Not every engagement that adds value provides assurance. The key distinction is whether the practitioner expresses an independent conclusion designed to enhance user confidence.
| Service type | Assurance? | Why it matters |
|---|---|---|
| Audit or review of financial statements | Yes. | Practitioner expresses a conclusion over financial statements. |
| Other assurance over compliance, controls, or performance information | Yes when criteria and evidence support a conclusion. | Subject matter may be non-financial but still assurance. |
| Compilation | No. | Information is compiled without an assurance conclusion. |
| Agreed-upon procedures | Usually no assurance conclusion. | Practitioner reports procedures and findings; users draw conclusions. |
| Consulting or advisory | No. | Practitioner recommends or assists rather than providing independent assurance. |
| Tax preparation or planning | No. | Service helps management comply or plan; it does not provide an assurance conclusion. |
This distinction affects independence, report wording, evidence work, engagement terms, and user expectations. A service can be useful and still be inappropriate if users need an assurance conclusion.
Choose the engagement that matches the facts. If a case asks for a recommendation, the stronger response explains why the recommended engagement fits and why alternatives are less suitable.
| Criterion | Question |
|---|---|
| User decision | Who will use the report, and what decision will it support? |
| Subject matter | What information, process, control, compliance matter, or performance claim is being evaluated? |
| Criteria | Are there suitable criteria against which to evaluate the subject matter? |
| Assurance level | Is reasonable assurance, limited assurance, factual procedures, or advice needed? |
| Independence | Can the practitioner remain objective and independent where required? |
| Timing and cost | Does the engagement type fit the deadline, resources, and user requirement? |
| Distribution | Is the report for broad users, specified users, management, or governance? |
If suitable criteria are not available, an assurance engagement may not be appropriate. The practitioner may need to help management develop criteria, recommend a non-assurance service, or restrict the work to agreed procedures.
Stakeholders often need a plain-language explanation of what the engagement will and will not do. This is especially important when users confuse assurance with a guarantee.
| Step | Stakeholder-friendly explanation |
|---|---|
| Objective | State what information or subject matter will be evaluated. |
| Criteria | Explain the standard, rule, benchmark, policy, or framework used. |
| Evidence | Explain the type of work needed to support a conclusion. |
| Limitations | Clarify that assurance is not a guarantee and may not cover every issue. |
| Report | Explain the conclusion, distribution, and any restrictions on use. |
For example, if a board requests assurance over cybersecurity controls, the practitioner should clarify the exact controls, period, criteria, assurance level, evidence work, report distribution, and exclusions. Without that clarity, the users may expect broader coverage than the engagement can provide.
| Step | Question | Output |
|---|---|---|
| 1. User | Who needs confidence, and what decision will they make? | User and decision. |
| 2. Subject matter | What needs to be evaluated? | Financial, compliance, control, performance, or other subject matter. |
| 3. Criteria | Are suitable criteria available? | Evaluation basis. |
| 4. Service type | Is assurance required, or is a non-assurance service more appropriate? | Engagement recommendation. |
| 5. Communication | What should be explained to stakeholders? | Process, limitations, and report use. |
Use this framework when a case gives a stakeholder memo, board request, lender requirement, grant agreement, regulator request, or management service request.
| Pitfall | Correction |
|---|---|
| Recommending an audit for every credibility problem. | Match the engagement to user need, criteria, assurance level, and cost. |
| Ignoring suitable criteria. | Assurance requires a basis for evaluation. |
| Treating management preference as external assurance need. | Identify whether users require independent assurance or management wants advisory help. |
| Confusing agreed procedures with assurance. | Explain who draws the conclusion and what the practitioner reports. |
| Omitting report use. | State whether the report is for broad users or specified users. |