1 May 2024

The XRB recently announced a draft standard to be used where Service Performance Information (SPI) is included in a Review Engagement. This is a welcome move, as practitioners have been largely left to their own devices in these cases, with a little help from EG Au9.

The exposure draft was released in April 2024. The close-off date for submissions is 17 July 2024. What are the main points of the ED?

Objectives

Paragraph 7 states that:

“The objectives of the assurance practitioner are to:
(a) obtain limited assurance, primarily by performing enquiry, analytical procedures, and, as the assurance practitioner considers necessary in the circumstances, other procedures, about whether anything has come to their attention that the service performance information individually or collectively is not free from material misstatement, and
(b) express a limited assurance conclusion in a written report.

This is standard for Review Engagements, so enquiry and analytical review are the go-to procedures – and further work only if we are not satisfied that all is well. So nothing new here.

Letters, reports, and documentation

The terms of engagement will need to be updated to include reference to the standard, as will the review report. The practitioner will need to obtain an understanding of and document:

(a) The applicable financial reporting framework relevant to the service performance information.
(b) The process, including the rationale and logic the entity undertook to determine what elements/aspects of service performance, performance measures and/or descriptions, and measurement bases or evaluation methods and, if applicable, judgements to report.
(c) The process the entity undertook to identify the intended users of the service performance information and the level of engagement with the intended users.
(d) The measurement bases or evaluation methods used by the entity to assess the performance measures and/or descriptions and how these are made available to intended users.
(e) Changes to the elements/aspects of service performance, performance measures and/or descriptions, and the measurement bases or evaluation methods used to report its service performance compared to prior year, planned, forecast or prospective information.
(f) Where the entity intends to report its service performance information.
(para 18)

This is a bit more than what was suggested by EG Au9 but is probably necessary, and will be familiar work for those auditing SPI.

Internal Controls

The practitioner must also obtain an understanding of the internal controls over the preparation of the SPI. (para 19) This feels a bit onerous and was not part of EG Au9, however under ISRE (NZ) 2400, NZ 46.1 the practitioner is required to understand “Internal control, as it relates to the preparation of the financial statements.” So the treatment is consistent with the existing Review Engagement standard, which requires the practitioner to briefly document the controls.

Review Approach

In common with the new NZ AS1 (revised) for auditing SPI, the draft instructs the practitioner to “develop a review plan with a single review approach to concurrently cover the service performance information and the financial statements.” This is sensible.

It also follows the “Appropriate and Meaningful” language of NZ AS1 (revised). (para 24) The difference is that paragraph 24 requires the assurance practitioner to “consider” the factors rather than to “evaluate” the factors as required by the auditing standard. The Consultation Document explains that this wording implies enquiry rather than more detailed work.

The requirement to assess materiality for SPI is also similar to the audit standard. (para 25-29)

In terms of the actual work required, paragraph 30 says:

The assurance practitioner shall use the understanding obtained in paragraphs 16-19, to identify areas in the service performance information where material misstatements are likely to arise and thereby provide a basis for designing procedures to address those areas.

Without mentioning the word, this is about assessing risk and responding to that risk appropriately. This consists of using analytical review and enquiry to address all material or potentially material SPI. (para 31) As with audit work, the analytical testing includes linking SPI with the financial information. (para 33)

This begs the question: Would not all SPI, if it was “appropriate and meaningful” be material? Why would the client be reporting trivial information? And if they were for some reason for doing so, can we exclude this part of the SPI based on materiality?

Testing Controls?

We must also “consider whether the data relevant to service performance information from the entity’s information system and records are adequate for the purpose of performing the analytical procedures.” (para 32)

The problem with testing SPI from an audit perspective is that it is often unable to be tested only substantively, but is dependent on the systems that record it to produce reliable results. Systems testing is beyond the scope of a Review Engagement, so what does the standard propose if we conclude that the entity’s information system and records are not adequate for the purpose of performing the analytical procedures? Might the “additional procedures” required by paragraph 34 include testing the system to see if the results are reliable? This will need to be something at practitioners make a judgment call over, and is probably (hopefully) rare.

Conclusion

Overall the drafters of the proposed new standard have followed the tone set by NZ AS1 (revised) very closely. The difference is that the level of assurance is reduced somewhat. But in practice, for smaller entities in particular, the level of work required as compared to an audit may not be reduced that much.

If you wish to make a submission head over to the XRB and share your thoughts.