Other Assurance Services
Chapter 24
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 1
Learning Objective 1
Distinguish AICPA attestation
standards from auditing standards
and know the type of engagements
to which they apply.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 2
Attestation Engagements
Attestation
Standards
Types of Attestation
Engagements
Levels of
Service
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 3
Types of Engagements
and Related Reports
Type of
Amount of Level of Form of
Engagement Evidence Assurance Conclusion Distribution
Examination Extensive High
Positive
Review
Significant Moderate Negative
Agreed-upon
procedures Varying
Varying Findings
General
General
Limited
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 4
Learning Objective 2
Understand the nature of
WebTrust assurance services.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 5
WebTrust Services
In a WebTrust assurance services engagement,
a client engages a CPA to provide reasonable
assurance that a company’s Web site complies
with certain WebTrust principles and criteria for
one or more aspects of e-commerce activities.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 6
Seven WebTrust Principles
Principle The entity discloses and maintains
compliance with its:
Privacy Privacy practices to protect a customer’s
personally identifiable information.
Security Security practices to ensure that e-commerce
systems and data are restricted only to
authorized individuals.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 7
Seven WebTrust Principles
Principle
The entity discloses and maintains
compliance with its:
Business
Business practices to ensure that
practices/
e-commerce transactions are processed
Transaction completely, accurately, and in conformity
integrity
with those disclosed practices.
Availability Availability practices to ensure that its
electronic commerce systems and data are
available.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 8
Seven WebTrust Principles
Principle
The entity discloses and maintains
compliance with its:
Confidentiality Confidentiality practices to ensure that
information obtained through e-mail
commerce activities that is designated
as confidential is restricted to authorized
individuals or entities.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
24 - 9
Seven WebTrust Principles
Principle
Nonrepudiation
Customized
The entity discloses and maintains
compliance with its:
Nonrepudiation practices to establish
which parties to e-commerce
transactions are liable.
Specified disclosures, which must
comply with applicable professional
standards and be relevant to
e-commerce activities.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 10
Learning Objective 3
Understand the nature of
SysTrust assurance services.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 11
SysTrust Services
In a SysTrust engagement,
the SysTrust licensed
accountant evaluates a
company’s computer
system using SysTrust
principles and criteria.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 12
Four SysTrust Principles
The system is available for operation
1. Availability
and use at times set forth in servicelevel statements or agreements.
The system is protected against
2. Security
unauthorized physical and
logistical access.
System processing is complete,
3. Integrity
accurate, timely, and authorized.
The system can be updated when required
4. Maintainability in a manner that continues to provide for
system reliability, security, and integrity.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 13
Learning Objective 4
Describe special engagements
to attest to prospective
financial statements.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 14
Prospective Financial
Statements
 Forecasts and projections
 Use of prospective financial statements
 Types of engagements
 Examination of prospective financial statements
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 15
Learning Objective 5
Understand special engagements
to attest to internal control,
including controls over
electronic commerce.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 16
Reporting on Internal Control
Comparison to requirements for audits
 Requirements for an examination of the
effectiveness of internal control
 Internal control for service organizations

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 17
Learning Objective 6
Describe agreed-upon
procedures engagements.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 18
Agreed-Upon Procedures
Engagements
1. The SASs deal with financial statement
items, whereas the SSAEs deal with
nonfinancial statement subject matter.
2. Management must provide a written
assertion for an SSAE engagement
but not for an SAS engagement.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 19
Learning Objective 7
Understand the level of assurance
and evidence requirements for
review and compilation services.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 20
Review and Compilation
Services
The standards for compilations and
reviews of financial statements are called:
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 21
Level of
Assurance Attained
Relationship between Evidence
Accumulation and Assurance Attained
High
(Audit)
Moderate
(Review)
None
(Compilation)
Minimal
(Compilation)
Significant
(Review)
Extensive
(Audit)
Amount of Evidence Accumulated
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 22
Review Services
A review service (SSARS review) engagement
is designed to allow the accountant to express
limited assurance that the financial statements
are in accordance with GAAP.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 23
Procedures Suggested
for Reviews
Obtain knowledge of the accounting
principles of the client’s industry.
Obtain knowledge of the client.
Make inquiries of management.
Perform analytical procedures.
Obtain letter of representation.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 24
Make Inquires
of Management
1. Inquire as to the company’s procedures
for recording, classifying, and
summarizing transactions and disclosing
information in the statements.
2. Inquire into actions taken at meetings of
stockholders and the board of directors.
3. Inquire of persons having responsibility
for financial and accounting matters.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 25
Form of Report
1. The first paragraph is similar to an audit report
except for its reference to a review service
rather than an audit.
2. The second paragraph notes that a review
consists primarily of inquiries and
analytical procedures.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 26
Form of Report
3. The third paragraph expresses limited assurance
in the form of a negative assurance that “we are
not aware of any material modifications that
should be made to the financial statements.”
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 27
Failure to Follow GAAP
If a client has failed to follow GAAP in
a review engagement, a modification
of the report is needed.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 28
Requirements for Compilation
• Establish an understanding with the client about
the nature and limitations of the services to be
performed and a description of the report.
• Possess knowledge about the accounting
principles and practices of the client’s industry.
• Know the client; the nature of the client’s
business transactions; and the basis, form,
and content of the financial statements.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 29
Requirements for Compilation
• Make inquiries to determine whether the
client’s information is satisfactory.
• Read the compiled financial statements and
be alert for any obvious omissions or errors
in arithmetic and GAAP.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 30
Compilation Form of Report
Compilation with full disclosure
It requires disclosures in accordance with GAAP.
Compilation that omits substantially all disclosures
This type of statement is usually expected to be
used primarily for management purposes only.
Compilation without independence
A CPA firm can issue a compilation report even
if it is not independent with respect to the client,
as defined by the Code of Professional Conduct.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 31
Learning Objective 8
Describe special engagements to
receive interim information
for public companies.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 32
Interim Financial Information
for Public Companies
The requirements for reviews of interim
information for public companies
(SAS 71 reviews) are set forth
by SAS 71 (AU 722).
A SAS 71 review does not provide
a basis for expressing a
positive-form opinion.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 33
Interim Financial Information
for Public Companies
There are ordinarily no tests of the accounting
records, independent confirmations,
or physical examinations.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 34
Learning Objective 9
Describe other audit and limited
assurance engagements related
to historical financial statements.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 35
Other Comprehensive
Bases of Accounting
 Introductory paragraph
 Scope paragraph
 Middle paragraph stating
the accounting basis
 Opinion paragraph
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 36
Specified Elements,
Accounts, or Items
The specified elements, accounts,
or items must be identified.
The basis on which the specified
elements, accounts, or items are
presented and the agreements
specifying the basis must be described.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 37
Specified Elements,
Accounts, or Items
Source of significant
interpretations made
by the client about the
provisions of a relevant
agreement must be
indicated and described.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 38
Specified Elements,
Accounts, or Items
If the specified element, account, or item is
presented on a basis that is not in conformity
with GAAP, a paragraph that restricts the
distribution of the report to those within
the entity and the parties to the contract or
agreement must be added.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 39
Debt Compliance Letter
and Similar Reports
The engagement and report should be
limited to compliance matters the
auditor is qualified to evaluate.
The auditor should provide a debt
compliance letter only for a client
for whom the auditor has done an
audit of the overall financial statements.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 40
Debt Compliance Letter
and Similar Reports
The auditor’s opinion is in the form of a
negative assurance, stating that nothing came
to the auditor’s attention that would lead the
auditor to believe there was noncompliance.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 41
End of Chapter 24
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 42