Auditing a Tier 3 PBE with a Statement of Service Performance (Part 1)

Watch video above for full run through (no sound).


Small charities required to be audited will tend to fall within the Tier 3 Public Benefit entity reporting framework.

These entities will have expenses under $2million. If over $1million they will be required to be audited, and over $500k will need to be reviewed, but of course any entity may opt to be audited.

Most will have a Statement of Service Performance included in the content to be audited, although those that are opting in to audit (under $1million expenditure) may choose to not include an SSP in the scope of the audit.

Features of small charitable entities:
- Lack of division of duties
- “Off the shelf” software
- Potential cash handling risks (cash donations, fundraising etc)
- Income in many cases fairly easy to audit (e.g.grants)
- Related parties’ issues/volunteers
- Blurred lines over payments to volunteers
- Low volume of transactions
- Reliance on approval of transactions by committee

Steps to performing an audit of such an entity:

  1. Select appropriate audit template – Tier 3 PBE (2016 updates)
  2. Check that the entity is actually able to use Tier 3 PBE (page A2)
  3. Identify key personnel (1.7) – these will be reused later (edit from sidebar)
  4. Complete regular checks for independence, continuance, and assigning of staff
  5. Governance checklist may be useful
  6. Create engagement letter and attach draft example audit report
  7. Request items required for audit (A10) – this page may be shared with the client – (suggested that the auditor go through and n/a out anything that is not relevant for the client to address)
  8. Plan testing of Statement of Service Performance and Entity Information (A11)

Statement of Service Performance and Entity Information (A11):

  • This is based on EG Au9 - Guidance on the Audit or Review of the Performance Report of Tier 3 Not- For-Profit Public Benefit Entities (a full standard is being released shortly)
  • Seek to understand the entity at a deeper level than the numbers – what does the entity actual try to do? What does it exist for? (Qualitative rather than quantitative information)
  • This is also helpful for the whole audit – a wider angle view
  • How does the entity measure its achievement of its own goals (service performance)?
  • What controls are there around this to ensure that this information is accurate?
  • How do the decision makers determine that they are getting accurate information on these results?
  • How can we create materiality that is qualitative rather than quantitative (The yardstick is “Will the misstatement be relevant to an assessment of the activities of the entity by a user of the performance report?”)
  • Identify the risks that the SSP information may be materially misstated – flag like other risks
  • Remember outcomes are what the entity seeks to achieve, outputs are what it has achieved
  • Outcomes are relatively easy as they will usually be stated in the trust deed or founding document, outputs will be hardest to measure and to audit
  • A range of tests of outputs is provided:


  • Other tests may be added as appropriate
  • A table is then created, outputs are added, and the tests above are applied
  • The auditor is also asked to assess whether these outputs actually describe what the entity did i.e. is the list of outputs complete?
  • The SSP work is essentially all done on this page, although there are further mentions later in terms of presentation and overall disclosure.

These notes are taken from a series of training sessions currently being developed looking at using Audit Assistant for different kinds of entities.

Continue to Part 2 here...

Have more questions? Submit a request

Subscribe to our mailing list

We have a regular newsletter which includes the latest updates in the audit and assurance space as well as on to our latest work.

Click here to view previous newsletters, enter your email below to subscribe.