Assurance Training: 0.1 Intro to Assurance - In the Beginning...

Intro to Assurance - the Meaning of Assurance, Life, and Everything

What is an Assurer? What is an assurance? This is fairly easy at one level: An Assurer is someone who does an assurance, and an assurance is something done by an Assurer :)

At the end of this lesson, you should know what these terms really mean, without being circular! You will be able to describe the meaning of reliable statement and where the sense of assurance comes from.


Assurers do stuff... which relate to


The more particular style of an Assurer's work is to make a reliable statement as we've captured in that famous acronym CARS.

A statement is something that we can take as an opinion over a fact. As the fact might be miss-seen (or misheard) and as the opinion might be flawed or biased, there is plenty of room for error. Let's examine some possibilities by means of example:

Within today's context, a statement always has a fact at the heart of it, and also has someone making that statement. However, we recognise that the statement over the fact and the fact itself might differ.

Reliable Statements

In our world of wanting certainty and reliability in an otherwise chaotic world, our goal becomes one of reducing that difference. That is, we want to bring the opinion in the statement closer to the fact, hopeful so close that the result is good.

We call this the "Reliable Statement." Reliable doesn't mean certain, then, by definition. Indeed, if we look philosophically at the above, we can see that no statement can ever capture a fact at a 100% perfect level. Whatever perfect means, we aren't going to get there.

Therefore, knowing that Reliable does not mean certain, we need a definition. Luckily, the CCA gives us a definition of reliable in its related words for RELIANCE:

In our context, the claim(s) bound within a certificate are the statement. So, we can extract a definition:

Which is great for the ontologists! But what about us more humble people, the ones out at the coalface, the ones taking on this risk and liability? What does reasonable mean? What is a risk and what is a liability?

As we can see, definitions have a way of simply kicking the problem off to some other set of words which also need definitions, and before long we discover our first words are used to define our Nth words... Alice goes down the rabbit hole!

For the ordinary folk, we cut through the academic storm of words, and ask: what happens when it goes wrong? Let's say someone stuffed up, and those risks and liabilities exploded in our faces. We don't know what they are, but they sure hurt. So

In CAcert, we already know the answer to that question, and it should come as no surprise that the answer is:

Hence, another way of describing reliable is to say that it is something you can ask an Arbitrator to rule on. Thus, a reliable statement is one that can be backstopped by the Arbitrator. And now we can finally see why the sense of CARS absolutely requires a special signal: we need to state to the world that this statement is made, knowing the Arbitrator will rule on the facts of it.

Then, a CAcert Assurer is someone in our community who makes reliable statements, and the process of assurance is the process of making reliable statements.

The Audit World and Assurance Services

Let's look a little more broadly to see if this makes sense. There is one other big user of the word, assurance, which is the audit industry. Let's then compare their definition [1] as a sanity check on our definition.

To do that, we need to build outwards from their original term audit. An audit is (or results in) an opinion made by an Auditor over a financial report, where the opinion and subject matter are more or less fixed: the financial report presented by the organisation is a true and proper rendition of the facts of the organisation's financial transactions.

A couple of things to take note of:

  1. they are over a financial report. The strongest definition of the word audit is (only) over a financial report! All other uses of the word are weaker, and potentially wrong [2].

  2. an audit may be relied upon by the public, and the courts will typically back that reliance up. This is to say that the audit is actually something more powerful than a typical contract; it's status is at a higher level, arguably the highest level of all.

However, Auditors and especially Audit firms do many other things than opine (utter their opinion) over financial reports. They do more things along essentially two different axes, for the context of today's discussion:

Firstly, Auditors are requested ([3]) to do more informal opinions over financial reports. For this purpose, the audit industry has developed the term "review" for something that involves the techniques of the audit, but does not follow the strict rigour. A review is typically used for quarterly reports rather than the annual audit demanded by (e.g.,) the stock exchange. Further along this axis is also the compilation which is the collecting of the information by an auditor, but without any opinion at all. A compilation has to be accurate, but it doesn't have to be tested. These different qualities are referred to as "levels of assurance."

Secondly, Auditors are requested to do work over other subjects than financial statements. That is, they may be requested to analyse logistic chains, or information bases, or even election results for Oscars or lotteries. Although this work is nothing to do with the financial statements of a company, there is some benefit in using the same techniques and rigour. For this, the audit industry has seized on the term assurance services.

We can then see then that Assurance as it is defined by the Audit trade is the wider business conducted by the Auditors at some agreed level, with some expectation that care is taken and the result is good. Hence, the word Assurance can be applied to any work done by the Auditor, with some expectation that an audit practitioner is passing on their good vibes to the work. The expression is a broad one of quality and of the subject. On the plus side, we can say:

We can see that the Audit industry then defines assurance more in terms of the person [4]. As well as independence and professionalism, an assurance service can be expected to include [5]:

In contrast, on the minus side, the word Assurance does not necessarily include some things:

Footnotes & References

  1. See enotes, and wikipedia.

  2. You might be wondering whether the so-called audit over CAcert is really an audit at all; it's not. More properly placed using the terminology of the audit industry, it is a service conducted under the general label of "Assurance Services." However we cannot state that more formally because then we run into other issues of definition.

  3. This language can be seen both ways. Auditors aren't innocent of selling additional services, and as the relationship between the Auditor and the Client is rarely audited, we cannot ever know who requests what of whom.
  4. Also see SSAE No. 10, Attest Engagements, AT Section 101, AICPA Professional Standards. However note that AICPA prefers to define these terms in Auditor's language, not for the wider public.

  5. enotes, op cit.

Our view

Hence, we can see that our definition of Assurer is quite close to the Audit industry's use of the term. Our Assurers are expected to be professional and independent. They make statements over information (AP1.1) and improve the context (WoT). The statements are relied upon by the those who need to make decisions (our Community).

There are some differences! Our levels of quality are very different; it takes years to become a CPA, and it takes a few days to become an Assurer. Also different is our subject matter, which is typically simpler: our statements over someone's Name are more close to a public notary's statement than an assurance engagement over financial transactions. Further, our term "reliable statement" might be closer to their term "assurance services" and our term "assurance" might be seen as just a single use in contrast to their many "assurance services".

Other than these questions of degree and scope, the conceptual meanings of the word can be taken to be comparable and aligned.

Our Definitions

Statements are opinions made over facts, and our (CAcert's) Reliable Statements are:

  1. Statements,
  2. Typically made by the Assurer, to the entire Community, under the label of CARS,
  3. usable within a decision that gives risks and liabilities (RELIANCE, from CCA),
  4. with the ultimate backstop for those decisions, risks and liabilities in the hands of the Arbitrator.

Note that the Assurer isn't the only one who makes reliable statements; the CA makes a reliable statement in the certificate, which is a reliable statement that the CA constructs by relying on many reliable statements made by many Assurers.

Therefore, we can now define our Assurer as someone:

  1. who makes reliable statements,
  2. is a member of our community,
  3. is expected to be independent and professional in the making of the statements,
    • by means of some training and testing, a.k.a., CATS Assurer Challenge), and
  4. who accepts ultimate backstop for quality control in making reliable statements is the Arbitrator.

And, an Assurance is a quite narrow thing:

  1. A reliable statement,
  2. made to the strict definition of the Assurance Policy,


You can test your understanding of these concepts by asking:

  1. What are the characteristics / definition of an Assurer?
  2. What is a Statement in this context?
    • A statement is a (what?) made on a (which?)
  3. What are the characteristics of a Reliable Statement?

For extra understanding of one other world, these are advanced topics:

  1. Assurance services from the audit industry are done to what 4 characteristics?
  2. The thing done by the CAcert Auditor is what? An audit? A review? An assurance service?

Assurance/Training/Intro (last edited 2011-01-31 12:16:13 by SunTzuMelange)