Other Attestation and Accounting Services

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Assurance Services




Independent professional services that “improve the
quality of information, or its context, for decision makers”
Assurance service encompass attestation services but
are broader
Attestation, a portion of assurance services, are
restricted to examination, review or agreed-upon
procedures engagements
Assurance services go beyond attestation, may involve
analyzing data or putting them in a form to facilitate
decision making
20-2
Relationship Between Assurance and
Attestation
20-3
Demand for Assurance Services

Reduce information risk for outside parties and
enable the company to contract at more
favorable terms
 Information technology has significantly changed
expectations of information users
 New services being developed
 Continuous auditing
 Assurance on system reliability
 Performed in accordance with Statement on
Standards for Attestation Services
20-4
Selected Characteristics of Assurance Services
20-5
Subject Matter
 Historical
or prospective performance or
condition
 Physical characteristics
 Historical events
 Analyses
 Systems or processes
 Behavior
20-6
Assertion
 Declaration
about whether the subject
matter is presented in accordance with
certain criteria.
 Practitioners generally must obtain
appropriate assertion about subject matter
 Report can be on either


The assertion about the subject matter or
The subject matter itself
20-7
Criteria

Suitable





Objective
Permit reasonable consistent measurements
Complete
Relevant
Available


Publicly available
Presented in a summary, the assertion or the
practitioners’ report
20-8
Relationships Among Terms Used in
Attestation Engagements
20-9
Attestation Risk



Risk that practitioners will unknowingly fail to
appropriately modify their report on subject matter that is
materially misstated
Consists of
 Inherent risk
 Control risk
 Detection risk
Materiality
 Difficult because subject matter may not be financial
 Determine likely needs of intended users
20-10
Types of Attestation Engagements
 Examinations


Highest level of assurance
Attestation risk at low level
 Reviews


Limited or negative assurance
Attestation risk at moderate level
 Agreed-upon

procedures
Restricted use reports
20-11
Examination Report
20-12
Review Report on Subject Matter
20-13
Assurance on Internal Control over
Financial Reporting

Presented in Chapters 7 and 18.
 Public companies—Performed as a part of the
integrated audit covering financial statements
and internal control.
 Nonpublic Companies—Have the option of
having a similar integrated audit.
20-14
Prospective Financial Statements
 Financial

Information about the entity’s expected
financial position, results of operations and
cash flows
 Financial

Forecasts
Projection
Expected results, given one or more
hypothetical assumptions
 CPAs
engaged to examine or perform
agreed-upon procedures but no review
20-15
Examinations of Prospective
Financial Statements
 Practitioners
gather evidence relating to
the client’s procedures for preparation of
the statements
 Evaluate the underlying assumptions
 Obtain a written representation letter from
the client
 Evaluate whether statements are in
conformity with AICPA guidelines
20-16
Reporting on Prospective Financial
Statements
 Report
on subject matter
 States whether the statements are
presented in conformity with AICPA
guidelines
 Whether underlying assumptions provide a
reasonable basis for the statements
 Does not vouch for the achievability of the
forecast or projection
20-17
Compliance
 Types
1. Attesting to an entity’s compliance with
specified requirements of laws, regulations,
rules, contracts, or grants.
2. Attesting to the effectiveness of an entity’s
internal control over compliance with
specified requirements.
20-18
Management’s Discussion and Analysis



Management required to provide narrative explanation of
financial results as part of 10-K and 10-Q
Practitioner may examine or review
Objective to provide assurance on
(1) the presentation includes, in all material respects, the required
elements of the rules and regulations adopted by the SEC;
(2) the historical financial amounts included in the presentation have
been accurately derived, in all material respects, from the entity’s
financial statements; and
(3) the underlying information, determinations, estimates, and
assumptions of the entity provide a reasonable basis for the
disclosures contained in the presentation.
20-19
Trust Services


Intended to address user and preparer needs regarding
issues of security, availability, processing integrity, online
privacy and confidentiality within e-commerce and other
systems
System consists of
 Infrastructure
 Software
 People
 Procedures
 Data
20-20
Trust Services
The practitioner
(1) performs procedures to determine that
management’s description of the system is fairly stated
and
(2) obtains evidence that the controls over the system
are designed and operating effectively to meet the Trust
Services Principles and Criteria—the suitable criteria
required for an attest engagement
20-21
Principles and Criteria
Principles
1. Security
2. Availability
3. Processing Integrity
4. Confidentiality
5. Privacy
Criteria for each principle
1. Policies
2. Communications
3. Procedures
4. Monitoring
20-22
Types of Trust Services Engagements
 Examination


or agreed-upon procedures
WebTrust
• Assurance on electronic commerce
systems
SysTrust
• Assurance on any system
20-23
WebTrust: Reporting on Trust Services


Designed to incorporate a seal management process
 Seal (logo) included on a client’s website as
electronic representation of the report
 Engagement must be updated at least annually to use
the seal
 Initial reporting period must be at least 2 months
Competition
 BBBOnLine program
 TRUSTe
Service Organization Control (SOC)
Reports



SOC 1: Restricted use reports on controls at a service
organization relevant to a user entity’s internal control
over financial reporting (presented earlier in Chapter 7).
SOC 2: Restricted use reports on controls at a service
organization related to security, availability, processing
integrity, confidentiality, and/or privacy.
SOC 3: General use SysTrust reports related to security,
availability, processing integrity,
20-25
ElderCare/PrimePlus Services
GOAL: help seniors face financial and other challenges that come with
aging
 Financial

For elders: Estate & tax planning, investment planning,
budgeting, bookkeeping, protecting from predators, serving as
power-of-attorney
 Nonfinancial

Coordinating healthcare and legal services

Provide monitoring and assurance to family members of quality
of care, financial issues, etc.
 Target market

Older clients of CPA and their children

Other professionals that deal with older adults
XBRL
 eXtensible
Business Reporting Language
is an international information format
designed for business information.
 Accounting profession is in process of
developing guidance for CPAs to provide
assurance on XBRL-Related Documents.
20-27
Additional Future Assurance Services
Committees working on:
 Health care performance measurement
This service provides assurance about the
effectiveness of health care services provided by
health maintenance organizations, hospitals,
doctors, and other providers.
 Continuous auditing
provides assurance using a series of reports
provided simultaneously or shortly after the
related information is released.
20-28