Chapter SIX: Audit principles and Practice II (2020)

CHAPTER SIX: Assurance Engagements and Other Services

6.1 Types of assurance engagements

An assurance service is an independent professional service that improves the quality of
information for decision makers. Such services are valued because the assurance provider is
independent and perceived as being unbiased with respect to the information examined.
Individuals who are responsible for making business decisions seek assurance services to help
improve the reliability and relevance of the information used as the basis for their decisions.

Attestation service
One category of assurance services provided by CPAs is attestation services. An attestation
service is a type of assurance service in which the CPA firm issues a report about the reliability
of an assertion that is made by another party. Attestation services fall into five categories:
1. Audit of historical financial statements
2. Audit of internal control over financial reporting
3. Review of historical financial statements
4. Attestation services on information technology
5. Other attestation services that may be applied to a broad range of subject matter
1. Audit of Historical Financial Statements
In an audit of historical financial statements, management asserts that the statements are fairly
stated in accordance with applicable international accounting standards. An audit of these
statements is a form of attestation service in which the auditor issues a written report expressing
an opinion about whether the financial statements are fairly stated in accordance with the
applicable accounting standards. These audits are the most common assurance service provided
by CPA firms.
2. Audit of Internal Control over Financial Reporting
For an audit of internal control over financial reporting, management asserts that internal
controls have been developed and implemented following well established criteria. Auditors
attest the effectiveness of internal control over financial reporting.

1
Chapter SIX: Audit principles and Practice II (2020)

3. Review of Historical Financial Statements

For a review of historical financial statements, management asserts that the statements are fairly
stated in accordance with accounting standards, the same as for audits. The CPA provides a
lower level of assurance for reviews of financial statements compared to a high level for audits,
therefore less evidence is needed. A review is often adequate to meet financial state ment users’
needs. It can be provided by the CPA firm at a much lower fee than an audit because less
evidence is needed.
4. Attestation Services on Information Technology
For attestations on information technology, management makes various assertions about the
reliability and security of electronic information. Many business functions, such as ordering and
making payments, are conducted over the Internet or directly between computers using
electronic data interchange (EDI). As transactions and information are shared online and in real
time, businesspeople demand even greater assurances about information, transactions, and the
security protecting them.
5. Other Attestation Services
CPAs provide numerous other attestation services. Many of these services are natural extensions
of the audit of historical financial statements, as users seek independent assurances about other
types of information. In each case, the organization being audited must provide an assertion
before the CPA can provide the attestation.

Other Assurance Services

Most of the other assurance services that CPAs provide do not meet the definition of attestation
services, but the CPA must still be independent and must provide assurance about information
used by decision makers. These assurance services differ from attestation services in that the
CPA is not required to issue a written report, and the assurance does not have to be about the
reliability of another party’s assertion about compliance with specified criteria. These other
assurance service engagements focus on improving the quality of information for decision
makers, just like attestation services. For example, a CPA might provide assurances on a

company’s use of personal data provided by customers.

2
Chapter SIX: Audit principles and Practice II (2020)

6.2 Compilations and reviews of financial statements

Many nonpublic companies have their financial statements reviewed or compiled by a CPA, instead of
having them audited. A company’s management may believe that an audit is unnecessary because no
bank or regulatory agency requires one and management sees no need for audited statements for
internal use. Instead, the company may engage the CPA to assist in the preparation of financial
statements, either for internal use or to provide to creditors or lenders under loan agreements.
Depending on the size of the loan, a lender may require compiled or reviewed financial statements,
rather than an audit. A review provides limited assurance on the financial statements, whereas a
compilation provides no expressed assurance. The standards for compilations and reviews of financial
statements, called Statements on Standards for Accounting and Review Services (SSARS), are issued by
the Accounting and Review Services Committee of the AICPA. This committee has authority equivalent
to the Auditing Standards Board for services involving unaudited financial statements of nonpublic
companies. Because the assurance provided by compilations and reviews is considerably below that of
audits, less evidence is required for these services and they can be provided at a lower fee than an
audit. The amount of evidence and assurance needed for each engagement is not defined by the
profession and there - fore depends on the accountant’s judgment. Because review and compilation
services provide less assurance than audits, the accountant should establish an understanding with the
client about the services to be provided through a written engagement letter. The understanding
should include a description of the objectives of the engagement, management’s responsibilities, the
accountant’s responsibilities, the type and limitations of the service to be provided, and a description of
the compilation or review report expected to be issued.
A review service (SSARS review) engagement allows the accountant to express limited assurance that
the financial statements are in accordance with applicable accounting standards, including appro priate
informative disclosures, or other comprehensive basis of accounting (OCBOA), such as the cash basis of
accounting. CPAs must be independent of the client for review service engagements.
A compilation service engagement is defined in SSARS as one in which accountants prepare financial
statements and present them to a client or third party without providing any CPA assurance about
those statements. Many CPA firms prepare monthly, quarterly, or annual financial statements for their
clients. These statements are usually for internal use by management, although they may also be

3
Chapter SIX: Audit principles and Practice II (2020)

provided to external users. The CPA is not required to be independent to perform a compilation and
the financial statements can be issued without additional disclosures such as footnotes. When
accountants submit financial statements and expect them to be used by a third party, they are required
to, at least, issue a compilation report that accompanies the statements. It is not permissible for the
accountant to prepare and present financial statements to a client that plans to provide them to
external users without, at a minimum, having satisfied the requirements for a compilation
engagement, including the issuance of a compilation report. When the accountant does not expect the
financial statements to be used by a third party, the CPA does not have to issue a compilation report, as
long as the CPA documents in the engagement letter with the client an understanding regarding the
services to be performed and a restriction that the financial statements are for management’s use only.

6.3 Interim financial statements

The country’s responsible body requires that quarterly financial statements be reviewed by the
company’s external auditor prior to the company’s final report. For instance, SEC requires a footnote in
the annual audited financial statements disclosing quarterly sales, gross profit, income, and earnings
per share.
Typically, the footnote in the annual statements is labeled unaudited. At a minimum, the CPA firm must
perform review procedures of the footnote information. Because the same CPA firm does both the
annual audit and the public company interim financial statement review, they are referred to as
auditors, not accountants for the interim review. a public company interim review includes five
requirements for review service engagements. The auditor must: (1) obtain knowledge of the
accounting principles of the client’s industry, (2) obtain knowledge of the client, (3) make inquiries of
management, (4) perform analytical procedures, and (5) obtain a letter of representation.
Ordinarily, auditors perform no tests of the accounting records, independent confirmations, or physical
examinations. However, the two types of reviews differ in several areas. Below are the key differences:
• Because an annual audit is also performed for the public company client, the auditor must obtain
sufficient information about the client’s internal control for both annual and interim financial
information.
• Similarly, because the client is audited annually, the auditor’s knowledge of the results of these audit
procedures is used in considering the scope and results of the inquiries and analytical procedures for
the review.

4
Chapter SIX: Audit principles and Practice II (2020)

• Under SSARS, the auditor makes inquiries about actions taken at directors’ and stock holders’
meetings; for a public company, the auditor reads the minutes of those meetings.
• The auditor must also obtain evidence that the interim financial information agrees or reconciles with
the accounting records for a public company interim review. For example, the auditor might compare
the interim financial information to the general ledger.
A public company interim review is performed following standards of the PCAOB and the review report
makes no reference to SSARS.

Example of a Report for Interim Financial Statements for a Public Company:

Report of Independent Registered Public Accounting Firm
We have reviewed the consolidated balance sheet of Rainer Company and consolidated
subsidiaries as of September 30, 2011, and the related statements of earnings, retained earnings,
and cash flows for the three-month and nine-month periods then ended. These financial statements
are the responsibility of the company’s management.
We conducted our review in accordance with the standards of the Public Company Accounting
Oversight Board (United States). A review of interim financial information consists principally of
applying analytical procedures and making inquiries of persons responsible for financial and
accounting matters. It is substantially less in scope than an audit conducted in accordance with the
standards of the Public Company Accounting Oversight Board, the objective of which is the
expression of an opinion regarding the financial statements taken as a whole. Accordingly, we do not
express such an opinion.
Based on our review, we are not aware of any material modifications that should be made to
the accompanying interim financial statements for them to be in conformity with accounting
principles generally accepted in the United States of America.

6.4 Agreed-upon procedures

In an agreed-upon procedures engagement, all procedures the CPA will perform are agreed upon by
the CPA, the responsible party making the assertions, and the specific persons who are the intended
users of the CPA’s report. The degree of assurance included in such a report varies with the specific
procedures agreed to and performed. Accordingly, such reports are limited in their distribution to only
the involved parties, who know the procedures the CPA will perform and the level of assurance

5
Chapter SIX: Audit principles and Practice II (2020)

resulting from them. The report should include a statement of what procedures management and the
CPA agreed to and what the CPA found in performing the procedures.