What is a Practitioner (in Assurance)?
ISAE 3000.12(r) defines the practitioner as the professional responsible for performing an assurance engagement. Unlike the ISA framework, which uses "auditor" exclusively for audits of historical financial statements, ISAE 3000 uses "practitioner" to cover any assurance engagement — financial or non-financial, reasonable or limited.
The practitioner is personally responsible for the conclusion issued in the assurance report (ISAE 3000.33). This responsibility cannot be delegated, even when the practitioner uses the work of a practitioner's expert (ISAE 3000.52) or other practitioners within the engagement team.
ISAE 3000.34 requires compliance with ethical requirements, including independence. This is not inherited from the audit — it must be evaluated separately for each assurance engagement. ISAE 3000.24(a) adds a competence precondition: the practitioner must have the skills and knowledge appropriate to the subject matter. For non-financial assurance (sustainability, IT controls, compliance), this may require subject-matter expertise beyond traditional financial audit skills.
Key Points
- "Practitioner" is the ISAE 3000 equivalent of "auditor" — broader in scope, covering any assurance engagement.
- Personal responsibility for the conclusion cannot be delegated (ISAE 3000.33).
- Independence must be evaluated per engagement, not assumed from the audit relationship (ISAE 3000.34).
- Competence is a precondition — the practitioner must have subject-matter-appropriate skills (ISAE 3000.24(a)).
Why it matters in practice
Firms frequently omit the independence evaluation on non-audit assurance engagements, assuming "we're independent because we do the audit." Independence under ISAE 3000 must be assessed separately — threats that do not exist for the financial statement audit may exist for the assurance engagement, and vice versa. The file needs a documented evaluation for each engagement.
Competence assessments are often generic rather than engagement-specific, especially for non-financial subject matters. A practitioner qualified to audit financial statements is not automatically competent to provide assurance on greenhouse gas emissions or IT general controls. The file must show how competence was assessed and, where gaps exist, how they were addressed — whether through training, use of a practitioner's expert, or declining the engagement.
Key standard references
- ISAE 3000.12(r): Definition of the practitioner in an assurance engagement.
- ISAE 3000.33: The practitioner's responsibility for the assurance conclusion.
- ISAE 3000.34: Ethical requirements including independence.
- ISAE 3000.24(a): Competence as a precondition for acceptance.
Related terms
Frequently asked questions
Is a practitioner the same as an auditor?
Not exactly. 'Auditor' is the ISA framework term for audits of historical financial statements. 'Practitioner' is the ISAE 3000 term covering any assurance engagement (financial or non-financial). Reports use different titles: 'Independent Auditor's Report' vs 'Independent Practitioner's Report.'
Does the practitioner need to be independent?
Yes. ISAE 3000.34 requires compliance with ethical requirements including independence. The practitioner must evaluate threats to independence before accepting the engagement, documented separately for each assurance engagement — even if the firm also performs the audit.