Other Assurance Services
 Most are Attestation Engagements Covered
by Statements on Standards for Attestation
Engagements (SSAE).
 Attestation Engagements Offer Some Level
of Assurance on an Assertion by Another Usually Client Management.
 Some New Non-Attest Assurance Services
Only Offer General Assurance Not
Necessarily Based on an Assertion.
20-1
Relationship Between Assurance and Attestation
20-2
What is Attest Work?
An Engagement Where We Offer
Some Form or Level of Assurance
About a Subject Matter or an
Assertion About a Subject Matter.
20-3
Subject Matter
• Historical or prospective performance or
condition
• Physical characteristics
• Historical events
• Analyses
• Systems or processes
• Behavior
20-4
Criteria for Subject Matter
To be Suitable, it must be:
– Objective
– Permit Reasonable, Consistent Measurement
– Complete
– Relevant to the Assertion
To be Available, it must be either:
– Publicly Available or
– Presented in a Summary, the Assertion or
CPA’s Report
20-5
Relationships Among Terms Used in
Attestation Engagements
20-6
Levels of Attest Work
• Examination - Complete, Positive Opinion
About the Assertion of Client Management
(In our opinion, the assertion is fairly stated...)
• Review - “Negative” Assurance Conclusion
That We Have No Basis to Doubt the Assertion
(Based on our review, we are not aware of...)
• Agreed Upon Procedures - Presents the
Procedures Performed and the Findings from
Performing the Procedures
(The procedures and findings are as follows…)
20-7
Attestation Engagements
Type of
Engagement
Examination
Level of
Assurance
Nature of
Report
Highest
Expresses
opinion
(reasonable)
Procedures
Sufficient to limit
attestation risk to
low level
20-8
Attestation Engagements
Type of
Engagement
Examination
Review
Level of
Assurance
Highest
Nature of
Report
Procedures
(reasonable)
Expresses
opinion
Sufficient to limit
attestation risk to
low level
Moderate
or
Limited
Expresses
negative
assurance
Generally limited to
inquiry & analytical
procedures
20-9
Attestation Engagements
Type of
Engagement
Examination
Level of
Assurance
Highest
(reasonable)
Nature of
Report
Procedures
Expresses
opinion
Sufficient to limit
attestation risk to
low level
Review
Moderate or
Limited
Expresses
negative
assurance
Generally limited to
inquiry & analytical
procedures
Agreed-upon
procedures
Varies with
procedures
States
findings
Procedures agreedupon with the
specified users
20-10
1-1
The Attest Function
Client
Management
CPA
Responsible Party)
Subject
Suitable
Matter
Criteria
Consider
Subject
Presenting
Matter
Assertion
Gather and
Evaluate
Management may
present:
Evidence
•Nothing
Prepare
•Description of
Subject Matter,
and/or
Necessary
Adjustments
*If the criteria are not generally
available to the users, it should be
presented in the CPA’s report or
management’s presentation.
Issue
Report on
Findings
•An Assertion
Users
CPA’s
Attest
Report*
20-11
1-3
Audit of Financial Statements
Client
Independent
Accounting
Auditors
Personnel
Maintain
Accounting
Records
Prepare
Determine
Fairness of
Statements
Financial
Statements
Propose
Necessary
Adjustments
Issue Report
on Findings
Other
Evidential
Matter
Generally
Accepted
Accounting
Principles
Audited
Financial
Statements
Outside
Decision
Makers
Auditors’
Report
20-12
Statements on Standards for
Attestation Engagements
Note: For all clients, except attesting to internal controls at public
companies (PCAOB Standard).
20-13
Attestation Standards
Statements on Standards for Attestation Engagements (SSAE)
• Includes General, Field Work and Reporting
Standards Like the Auditing Standards (Ch 2)
(These came long before.)
• Then, Organized by Subject of Attest Work:
•
•
•
•
•
•
Financial Forecasts & Projections
Pro Forma Financial Information
Internal Control
Compliance w/ Laws, Regs, Contracts
Mgmt Discussion & Analysis (MD&A)
Applying Agreed Upon Procedures
20-14
Basic Attestation Standards
General Standards
1. The engagement shall be performed by a practitioner having
adequate technical training and proficiency in the attest function.
2. The engagement shall be performed by a practitioner having
adequate knowledge of the subject matter.
3. The practitioner shall perform the engagement only if he or she
has reason to believe that the subject matter is capable of
evaluation against criteria that are suitable and available to users.
4. In all matters relating to the engagement, an independence in
mental attitude shall be maintained by the practitioner.
5. Due professional care shall be exercised in the planning and
performance of the engagement.
20-15
Basic Attestation Standards
Standards of Fieldwork
1. The work shall be adequately planned and
assistants, if any, shall be properly
supervised.
2. Sufficient evidence shall be obtained to
provide a reasonable basis for the conclusion
that is expressed in the report.
20-16
Basic Attestation Standards
Standards of Reporting
1. The report shall identify the subject matter or the assertion
being reported on and state the character of the
engagement.
2. The report shall state the practitioner's conclusion about the
subject matter or the assertion in relation to the criteria
against which the subject matter was evaluated.
3. The report shall state all of the practitioner's significant
reservations about the engagement, the subject matter, and,
if applicable, the assertion related thereto.
4. The report shall state that the use of the report is restricted
to specified parties under certain circumstances.
20-17
Other Primary Attest Examples
 Compliance With Laws, Regulations,
Contracts/Grants or Agreements
 Financial Forecasts
 Financial Projections
 Internal Controls
 Management Discussion & Analysis
 Marketing Claims (Assertions)
 WebTrust
 SysTrust
Trust Services
20-18
Compliance With Laws, Regulations,
Contracts/Grants or Agreements
May be Required Periodically by 3rd Party.
Can Address One or Both Assertions:
 Actual Compliance
 Effectiveness of Internal Controls for
Ensuring Compliance
Can be Either an Examination or an Agreed
Upon Procedures Engagement.
Cannot be a Review.
20-19
Financial Forecasts & Projections
Forecasts: Estimating What is Expected.
Projections: Estimating based on Given
Assumptions or “What if”.
Can be Either an Examination or an
Agreed Upon Procedures Engagement.
Cannot be a Review.
20-20
Management Report on Internal Control
Wilson Company maintains internal control over financial reporting,
which is designed to provide reasonable assurance to the Company's
management and board of directors regarding the preparation of reliable
published financial statements. Internal control contains self-monitoring
mechanisms, and actions are taken to correct deficiencies as they are
identified. Even with effective internal control, no matter how well
designed, has inherent limitations---including the possibility of the
circumvention or overriding of controls---and therefore can provide only
reasonable assurance with respect to financial statement preparation.
Further, because of changes in conditions, internal control effectiveness
may vary over time.
The Company assessed its internal control as of December 31, 20X2, in
relation to criteria for effective internal control over financial reporting
described in Internal Control---Integrated Framework issued by the
Committee of Sponsoring Organizations of the Treadway Commission.
Based on this assessment, the Company believes that, as of December 31,
20X2, its internal control over financial reporting met those criteria.
20-21
Accountants’ Report on Internal Control
1st Paragraph
We have examined Wilson Company’s internal control over
financial reporting as of December 31, 20X2, based on criteria
established in Internal Control—Integrated Framework issued
by the Committee of Sponsoring Organizations of the
Treadway Commission (COSO). Wilson Company’s
management is responsible for maintaining effective internal
control over financial reporting, and for its assertion of the
effectiveness of internal control over financial reporting,
included in the accompanying Management Report on
Internal Control. Our responsibility is to express an opinion
on Wilson Company’s internal control over financial
reporting based on our examination.
20-22
Accountants’ Report on ICS
2nd Paragraph
We conducted our examination in accordance with attestation
standards established by the American Institute of Certified
Public Accountants. Those standards require that we plan and
perform the examination to obtain reasonable assurance about
whether effective internal control over financial reporting was
maintained in all material respects. Our examination included
obtaining an understanding of internal control over financial
reporting, assessing the risk that a material weakness exists,
and testing and evaluating the design and operating
effectiveness of internal control based on the assessed risk. Our
examination also included performing such other procedures as
we considered necessary in the circumstances. We believe that
our examination provides a reasonable basis for our opinion.
20-23
Accountants’ Report on ICS
3rd Paragraph
An entity’s internal control over financial reporting is a process effected by
those charged with governance, management and other personnel, designed
to provide reasonable assurance regarding the preparation of reliable
financial statements in accordance with accounting principles generally
accepted in the United States of America. An entity’s internal control over
financial reporting includes those policies and procedures that (1) pertain to
the maintenance of records that, in reasonable detail, accurately and fairly
reflect the transactions and disposition of the assets of the entity; (2) provide
reasonable assurance that transactions are recorded as necessary to permit
preparation of financial statements in accordance with accounting principles
generally accepted in the United States of America, and that receipts and
expenditures of the entity are being made only in accordance with
authorizations of management and those charged with governance; and (3)
provide reasonable assurance regarding prevention, or timely detection and
correction of unauthorized acquisition, use, or disposition of the entity’s
assets that could have a material effect on the financial statements. 20-24
Accountants’ Report on ICS
4th Paragraph
Because of inherent limitations of internal control, errors or
irregularities may occur and not be detected. Also, projections
of any evaluation of internal control over financial reporting
to future periods are subject to the risk that internal control
may become inadequate because of changes in conditions, or
that the degree of compliance with the policies or procedures
may deteriorate. Because of its inherent limitations, internal
control over financial reporting may not prevent, or detect and
correct misstatements. Also, projections of any evaluation of
effectiveness to future periods are subject to the risk that
controls may become inadequate because of changes in
conditions, or that the degree of compliance with the policies
or procedures may deteriorate.
20-25
Accountants’ Report on ICS
5th & 6th Paragraphs
In our opinion, Wilson Company maintained, in all material
respects, effective internal control over financial reporting as
of December 31, 20X2, based on criteria established in Internal
Control—Integrated Framework issued by the Committee of
Sponsoring Organizations of the Treadway Commission
(COSO)
We also have audited, in accordance with auditing standards
generally accepted in the Untied States of America, the
financial statements of Wilson Company and our report dated
February 15, 20X3 expressed an unqualified opinion.
20-26
Report on Internal Controls
• Can be Either an Examination or Agreed
Upon Procedures (AUP).
• Cannot be a Review if on Internal Controls
over Financial Reporting.
20-27
Mgmt Discussion & Analysis
MD&A is Management’s Narrative on the
Historical & Maybe Prospective Performance.
It Appears in the Annual Report and part of
the SEC 10Q and 10K.
CPAs Perform an Examination or Review.
Normally, No 3rd Party to Specify AgreedUpon Procedures.
20-28
Marketing Claims (Assertions)
Usually Assertions of Lowest Prices or Other
Comparison with Competition.
Grocery Prices (Text example & problem 20-36)
MCI Price Comparison Methodology
How About Best Slot Machine Payout?
Usually an Examination to be Beneficial.
20-29
Price Comparison “Methodology”
We have examined the Proof Positive Methodology of
MCI Telecommunications Corp. (MCI) for the period . . .
The Proof Positive Methodology for comparing MCI’s
billing charges to AT&T and between MCI services is
described in the You Save Money With MCI section of
the enclosed Proof Positive Account Review . . .
In our opinion, the Proof Positive Methodology properly
compares billing charges between MCI and AT&T and
between alternative MCI services and accurately reflects
the price differences for the period . . .
20-30
Casino Payout Promises
We have audited the accompanying schedule of theoretical
payout percentages for slot and video poker machines
located in the casino area known as . . .
We conducted our audit in accordance with generally
accepted auditing standards. . .to obtain reasonable
assurance about whether the schedule of theoretical payout
percentages is free of material misstatement . . .
In our opinion, such schedule of theoretical payout
percentages for slot and video poker machines located in
the casino area known as . . . presents fairly, in all material
respects, the theoretical payout percentages for such . . .
Note: This report is not compliant with current attestation
standards - auditors merely adapted an audit report.
20-31
Trust Services
Generally relates to assurance offered for IT
services via eCommerce (generally called
WebTrust) or other IT Applications (generally
called SysTrust and was originally for trading
partners, but now for Service Organizations)
Original services were developed jointly by
the AICPA and the Canadian Institute of
Chartered Accountants (CICA).
WebTrust & SysTrust are logos/seals to post on
web sites. Examination required.
32
AICPA Trust Services
Principles
Criteria (for each principle)
1. Security
1. Policies
2. Availability
2. Communications
3. Processing Integrity
3. Procedures
4. Confidentiality
4. Monitoring
5. Privacy
Under AICPA standards, can be an examination or AUP.
33
Service Organization Control (SOC) Reports
34
Environmental
Independent Accountant’s Report
We have examined the accompanying schedule of greenhouse gas emissions of XYZ
Company for [identify period, for example, the year ended December 31, 20XX]. XYZ
Company’s management is responsible for the schedule. Our responsibility is to express an
opinion based on our examination.
Our examination was conducted in accordance with attestation standards established by
the American Institute of Certified Public Accountants and, accordingly, included
obtaining an understanding of the nature of the company’s greenhouse gas emissions;
examining, on a test basis, evidence supporting the company’s schedule of greenhouse gas
emissions; and performing such other procedures as we considered necessary in the
circumstances. We believe that our examination provides a reasonable basis for our opinion.
As described in footnote X, environmental and energy use data are subject to measurement
uncertainties resulting from limitations inherent in the nature and methods used for
determining such data. The selection of different but acceptable measurement techniques
can result in materially different measurements. The precision of different measurement
techniques may also vary.
In our opinion, the schedule referred to above presents, in all material respects, the
greenhouse gas emissions of XYZ Company for [identify period, for example, the year ended
December 31, 20XX] in conformity with [identify criteria].
35
Political
• “Conflict Minerals”: certain minerals—tantalum, tungsten,
tin, and gold—that are mined in the Democratic Republic
of the Congo (DRC) or the surrounding areas.
• The Dodd-Frank Act requires:
– Issuers who use conflict minerals in their manufacturing
processes and supply chain to disclose whether the minerals
came from the DRC or the surrounding areas.
– If a company determines its conflict minerals originated in
those countries, it will have to file a “Conflict Minerals
Report” with the SEC and publish it on its website.
– The reports outline all of the due diligence the company
performed as it sourced its supply chain and must be
independently audited.
20-36
Political
• Purpose of the audit is to express an opinion or conclusion
as to whether the:
1) Design of the issuer’s due diligence framework as set forth in the
Conflict Minerals Report is in conformity with, in all material
respects, the criteria set forth in the nationally or internationally
recognized due diligence framework used by the issuer, and
2) Issuer’s description of the due diligence measures it performed
as set forth in the Conflict Minerals Report is consistent with the
due diligence process that the issuer undertook.
• The audit is required to be performed in accordance with
the “Yellow Book” & can consist of either an examination
attestation engagement or a performance audit.
20-37
NonAttest Assurance Services
 Somewhat Loosely Defined Category
 Part of AICPA and Profession’s move to
Develop new Business for CPAs.
 CPA may offer Assurance as to the Quality of
Care Given or Services Provided.
 Criteria Very Subjective.
20-38
PrimePlus/ElderCare Services
• Financial
– Goal setting, funding analysis, needs assessment
• Nonfinancial
– Interpersonal and interrelationship management
– Management of interaction between service providers and client
• Target market
– Older clients of CPA
– Children of older adults
– Other professionals that deal with older adults
20-39