CPAs have increasingly been asked to perform a variety of audit-like services, known as attest services, for different purposes. In an attestation engagement, the CPA reports on the reliability of information or an assertion made by another party.
The attestation standards define three levels of engagements and related forms of conclusions:
3. Agreed-upon procedures
An example is when a bank requests a CPA to report in writing whether an audit client has adhered to all requirements of a loan agreement.
The AICPA has issued 11 attestation standards that are stated in sufficiently general terms to enable CPAs to apply them to any attestation engagement, including new types of engagements that may arise.
To provide additional guidance for doing attestation engagements, the Auditing Standards Board of the AICPA issues Statements on Standards for Attestation Engagements (SSAE). These are normally called attestation standards. The Auditing Standards Board attempts to distinguish between issues that should be addressed by auditing standards and those that should be addressed by attestation standards, even though both are attestations. In general, auditing standards apply to attestations that deal with providing assurance on historical financial statements, including one or more parts of those statements. These may include audits of financial statements prepared in accordance with accounting standards or some other comprehensive basis of accounting, audits of only a balance sheet, and audits of individual accounts.
All other forms of attestation are addressed in the attestation standards (an exception is reviews of historical financial statements of a nonpublic entity, which are addressed in SSARS and were discussed earlier in the chapter). Attestation standards are established by the Auditing Standards Board following the same process used for auditing standards.
In addition, compilation engagements are defined for prospective financial statements.
An examination results in a positive conclusion, which is expressed by the CPA in the form of an opinion. In this type of report, the CPA makes a direct statement about whether the presentation of the assertions, taken as a whole, conforms to the applicable criteria. A report on an examination is unrestricted as to distribution by the client after it is issued. This means that a client can distribute the information widely, including to prospective investors, and for sales and marketing purposes.
n a review, the CPA provides a moderate level of assurance that is expressed by the CPA in the form of a negative assurance conclusion. For a negative assurance report, the CPA’s report states whether any information came to the CPA’s attention to indicate that the assertions are not presented in all material respects in conformity with the applicable criteria. A review report is also unrestricted in its distribution. Review engagements are prohibited for most services where specified attestation standards have been issued, such as prospective financial statements, because of the difficulty of setting standards for the limited assurance provided by reviews.
In an agreed-upon procedures engagement, all procedures the CPA will perform are agreed upon by the CPA, the responsible party making the assertions, and the specific persons who are the intended users of the CPA’s report. The degree of assurance included in such a report varies with the specific procedures agreed to and performed. Accordingly, such reports are limited in their distribution to only the involved parties, who know the procedures the CPA will perform and the level of assurance resulting from them. The report should include a statement of what procedures management and the CPA agreed to and what the CPA found in performing the procedures.