Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass attestation services but are broader Attestation, a portion of assurance services, are restricted to examination, review or agreed-upon procedures engagements Assurance services go beyond attestation, may involve analyzing data or putting them in a form to facilitate decision making 20-2 Relationship Between Assurance and Attestation 20-3 Demand for Assurance Services Reduce information risk for outside parties and enable the company to contract at more favorable terms Information technology has significantly changed expectations of information users New services being developed Continuous auditing Assurance on system reliability Performed in accordance with Statement on Standards for Attestation Services 20-4 Selected Characteristics of Assurance Services 20-5 Subject Matter Historical or prospective performance or condition Physical characteristics Historical events Analyses Systems or processes Behavior 20-6 Assertion Declaration about whether the subject matter is presented in accordance with certain criteria. Practitioners generally must obtain appropriate assertion about subject matter Report can be on either The assertion about the subject matter or The subject matter itself 20-7 Criteria Suitable Objective Permit reasonable consistent measurements Complete Relevant Available Publicly available Presented in a summary, the assertion or the practitioners’ report 20-8 Relationships Among Terms Used in Attestation Engagements 20-9 Attestation Risk Risk that practitioners will unknowingly fail to appropriately modify their report on subject matter that is materially misstated Consists of Inherent risk Control risk Detection risk Materiality Difficult because subject matter may not be financial Determine likely needs of intended users 20-10 Types of Attestation Engagements Examinations Highest level of assurance Attestation risk at low level Reviews Limited or negative assurance Attestation risk at moderate level Agreed-upon procedures Restricted use reports 20-11 Examination Report 20-12 Review Report on Subject Matter 20-13 Assurance on Internal Control over Financial Reporting Presented in Chapters 7 and 18. Public companies—Performed as a part of the integrated audit covering financial statements and internal control. Nonpublic Companies—Have the option of having a similar integrated audit. 20-14 Prospective Financial Statements Financial Information about the entity’s expected financial position, results of operations and cash flows Financial Forecasts Projection Expected results, given one or more hypothetical assumptions CPAs engaged to examine or perform agreed-upon procedures but no review 20-15 Examinations of Prospective Financial Statements Practitioners gather evidence relating to the client’s procedures for preparation of the statements Evaluate the underlying assumptions Obtain a written representation letter from the client Evaluate whether statements are in conformity with AICPA guidelines 20-16 Reporting on Prospective Financial Statements Report on subject matter States whether the statements are presented in conformity with AICPA guidelines Whether underlying assumptions provide a reasonable basis for the statements Does not vouch for the achievability of the forecast or projection 20-17 Compliance Types 1. Attesting to an entity’s compliance with specified requirements of laws, regulations, rules, contracts, or grants. 2. Attesting to the effectiveness of an entity’s internal control over compliance with specified requirements. 20-18 Management’s Discussion and Analysis Management required to provide narrative explanation of financial results as part of 10-K and 10-Q Practitioner may examine or review Objective to provide assurance on (1) the presentation includes, in all material respects, the required elements of the rules and regulations adopted by the SEC; (2) the historical financial amounts included in the presentation have been accurately derived, in all material respects, from the entity’s financial statements; and (3) the underlying information, determinations, estimates, and assumptions of the entity provide a reasonable basis for the disclosures contained in the presentation. 20-19 Trust Services Intended to address user and preparer needs regarding issues of security, availability, processing integrity, online privacy and confidentiality within e-commerce and other systems System consists of Infrastructure Software People Procedures Data 20-20 Trust Services The practitioner (1) performs procedures to determine that management’s description of the system is fairly stated and (2) obtains evidence that the controls over the system are designed and operating effectively to meet the Trust Services Principles and Criteria—the suitable criteria required for an attest engagement 20-21 Principles and Criteria Principles 1. Security 2. Availability 3. Processing Integrity 4. Confidentiality 5. Privacy Criteria for each principle 1. Policies 2. Communications 3. Procedures 4. Monitoring 20-22 Types of Trust Services Engagements Examination or agreed-upon procedures WebTrust • Assurance on electronic commerce systems SysTrust • Assurance on any system 20-23 WebTrust: Reporting on Trust Services Designed to incorporate a seal management process Seal (logo) included on a client’s website as electronic representation of the report Engagement must be updated at least annually to use the seal Initial reporting period must be at least 2 months Competition BBBOnLine program TRUSTe Service Organization Control (SOC) Reports SOC 1: Restricted use reports on controls at a service organization relevant to a user entity’s internal control over financial reporting (presented earlier in Chapter 7). SOC 2: Restricted use reports on controls at a service organization related to security, availability, processing integrity, confidentiality, and/or privacy. SOC 3: General use SysTrust reports related to security, availability, processing integrity, 20-25 ElderCare/PrimePlus Services GOAL: help seniors face financial and other challenges that come with aging Financial For elders: Estate & tax planning, investment planning, budgeting, bookkeeping, protecting from predators, serving as power-of-attorney Nonfinancial Coordinating healthcare and legal services Provide monitoring and assurance to family members of quality of care, financial issues, etc. Target market Older clients of CPA and their children Other professionals that deal with older adults XBRL eXtensible Business Reporting Language is an international information format designed for business information. Accounting profession is in process of developing guidance for CPAs to provide assurance on XBRL-Related Documents. 20-27 Additional Future Assurance Services Committees working on: Health care performance measurement This service provides assurance about the effectiveness of health care services provided by health maintenance organizations, hospitals, doctors, and other providers. Continuous auditing provides assurance using a series of reports provided simultaneously or shortly after the related information is released. 20-28