Review Engagements under ISRE 2400 (Revised): Scope, Objectives and Key Differences from a Statutory Audit
- 1 day ago
- 4 min read
Following the introduction of the new audit exemption framework under Legal Notice 139 of 2025, many small undertakings in Malta are reassessing their statutory reporting obligations. While certain entities may now qualify for exemption from a full statutory audit, some still require a level of independent assurance over their financial statements. In this context, review engagements under ISRE 2400 (Revised) are increasingly being considered as an alternative to a full audit. However, while both services provide independent assurance on financial statements, the level of assurance, scope of work and overall outcome differ significantly.
This article outlines the scope and objectives of a review engagement under International Standard on Review Engagements (ISRE) 2400 (Revised), and explains how it differs from a statutory audit conducted in accordance with International Standards on Auditing (ISAs).
What is a review engagement?
A review engagement is an assurance engagement in which an independent practitioner provides limited assurance on historical financial statements. Unlike a statutory audit, which provides reasonable (high) assurance, a review engagement results in a negative assurance conclusion, expressed as:
“Nothing has come to our attention that causes us to believe that the financial statements are not prepared, in all material respects, in accordance with the applicable financial reporting framework.”
In practical terms, a review engagement does not involve detailed verification of transactions, testing of internal controls, or third-party confirmations in the way a statutory audit does. The practitioner primarily performs enquiries and analytical procedures designed to identify whether anything appears materially misstated. As a result, the level of assurance obtained is significantly lower than that of a full audit.
Objective and Scope of a Review Engagement under ISRE 2400 (Revised)
The objective of a review engagement is to enable the practitioner to conclude whether, based on the procedures performed, anything has come to their attention that indicates the financial statements may be materially misstated.
A review engagement typically includes
Planning the Review Engagement
Gain an understanding of the entity’s business and its environment and identify areas where material misstatements are likely to arise.
Enquiring of management about nature of entity, significant transactions, accounting estimates and policies.
Determine and apply materiality level by considering both quantitative threshold and qualitative factors that guide the nature and extent of appropriate review procedures.
Performing the Review Procedures
Perform Analytical Procedures (e.g., trend, ratio analysis, comparison with budgets and forecasts or industry benchmarks) to identify unexpected relationships or fluctuations.
Make additional enquiries to management focusing on understanding the reasons behind significant account balances, unusual transactions, or trends that deviate from prior periods or expectations.
Carry out limited additional procedures whenever potential material misstatements are detected to address them such as inspecting documentation or reconciling certain balances.
Completing the Review Procedures
Assess whether the evidence and analytical results obtained provide a basis for the limited assurance conclusion.
Obtain written representations from management that all material matters have been disclosed.
Issue a written report expressing negative assurance (stating that nothing has come to the practitioner’s attention indicating material misstatement), or modified wording if issues were identified.
Communicate significant matters arising during the engagement that require management’s attention
Key Differences: Review Engagements vs Statutory Audit
The table below explains the key differences between the two engagements:
Feature | Review Engagement (ISRE 2400 Revised) | Full Statutory Audit (ISAs) |
Level of Assurance | Limited assurance | Reasonable (high) assurance |
Assurance Wording | “Nothing has come to our attention…” | “In our opinion…” |
Nature of Procedures | Management enquiries, analytical procedures, limited verification | Detailed substantive testing and control evaluation |
Internal Control Testing | Not tested in depth | Evaluated and tested |
Third Party Confirmations | Generally not obtained | Frequently obtained |
Detection Risk | Higher risk that misstatements remain undetected | Lower (though not absolute) risk |
Regulatory Acceptance | Limited acceptance | Widely accepted by banks, investors, regulators and legal officials. |
Limitations of the Review Engagement
While a review engagement may involve lower cost and reduced disruption compared to a statutory audit, it is important to understand its inherent limitations. As outlined in the above table, the engagement is not designed to detect fraud to the same extent as an audit and there is a greater risk that material misstatements may remain undetected.
For entities with complex transactions, regulatory oversight, financing arrangements or group reporting requirements, a review engagement may not provide sufficient assurance.
A review engagement may be suitable where there are no regulatory or licensing requirements for an audit, there are no bank covenants requiring audited financial statements, stakeholders do not require full audit assurance, and the entity has relatively straightforward operations.
Important Considerations
Entities sometimes opt for a review engagement due to reduced cost. However, if in the future the entity becomes subject to a statutory audit requirement, the first-year audit may involve additional procedures. This is because audit standards require the auditor to obtain sufficient appropriate audit evidence regarding opening balances, evaluate comparative figures and reassess prior period accounting treatments. Therefore, where prior years were subject only to review engagements, additional retrospective procedures may be necessary. Consequently, the first-year statutory audit following one or more review engagements may involve increased time and cost compared to a recurring audit engagement.
For this reason, the decision between a review and an audit should be made strategically, not solely on cost considerations. When selecting the appropriate assurance engagement, entities should consider:
Regulatory requirements;
Financing and investor expectations;
Growth plans and future funding needs;
Group reporting obligations;
Risk profile and complexity of operations.
At Quazar, we assist clients in assessing which assurance framework best aligns with their statutory obligations and long-term objectives, ensuring transparency, compliance and informed decision-making.
Article by Panachai Inthakul.
Contact us to find out more.
