Other Assurance Services Most are Attestation Engagements Covered by Statements on Standards for Attestation Engagements (SSAE). Attestation Engagements Offer Some Level of Assurance on an Assertion by Another Usually Client Management. Some New Non-Attest Assurance Services Only Offer General Assurance Not Necessarily Based on an Assertion. 20-1 Relationship Between Assurance and Attestation 20-2 What is Attest Work? An Engagement Where We Offer Some Form or Level of Assurance About a Subject Matter or an Assertion About a Subject Matter. 20-3 Subject Matter • Historical or prospective performance or condition • Physical characteristics • Historical events • Analyses • Systems or processes • Behavior 20-4 Criteria for Subject Matter To be Suitable, it must be: – Objective – Permit Reasonable, Consistent Measurement – Complete – Relevant to the Assertion To be Available, it must be either: – Publicly Available or – Presented in a Summary, the Assertion or CPA’s Report 20-5 Relationships Among Terms Used in Attestation Engagements 20-6 Levels of Attest Work • Examination - Complete, Positive Opinion About the Assertion of Client Management (In our opinion, the assertion is fairly stated...) • Review - “Negative” Assurance Conclusion That We Have No Basis to Doubt the Assertion (Based on our review, we are not aware of...) • Agreed Upon Procedures - Presents the Procedures Performed and the Findings from Performing the Procedures (The procedures and findings are as follows…) 20-7 Attestation Engagements Type of Engagement Examination Level of Assurance Nature of Report Highest Expresses opinion (reasonable) Procedures Sufficient to limit attestation risk to low level 20-8 Attestation Engagements Type of Engagement Examination Review Level of Assurance Highest Nature of Report Procedures (reasonable) Expresses opinion Sufficient to limit attestation risk to low level Moderate or Limited Expresses negative assurance Generally limited to inquiry & analytical procedures 20-9 Attestation Engagements Type of Engagement Examination Level of Assurance Highest (reasonable) Nature of Report Procedures Expresses opinion Sufficient to limit attestation risk to low level Review Moderate or Limited Expresses negative assurance Generally limited to inquiry & analytical procedures Agreed-upon procedures Varies with procedures States findings Procedures agreedupon with the specified users 20-10 1-1 The Attest Function Client Management CPA Responsible Party) Subject Suitable Matter Criteria Consider Subject Presenting Matter Assertion Gather and Evaluate Management may present: Evidence •Nothing Prepare •Description of Subject Matter, and/or Necessary Adjustments *If the criteria are not generally available to the users, it should be presented in the CPA’s report or management’s presentation. Issue Report on Findings •An Assertion Users CPA’s Attest Report* 20-11 1-3 Audit of Financial Statements Client Independent Accounting Auditors Personnel Maintain Accounting Records Prepare Determine Fairness of Statements Financial Statements Propose Necessary Adjustments Issue Report on Findings Other Evidential Matter Generally Accepted Accounting Principles Audited Financial Statements Outside Decision Makers Auditors’ Report 20-12 Statements on Standards for Attestation Engagements Note: For all clients, except attesting to internal controls at public companies (PCAOB Standard). 20-13 Attestation Standards Statements on Standards for Attestation Engagements (SSAE) • Includes General, Field Work and Reporting Standards Like the Auditing Standards (Ch 2) (These came long before.) • Then, Organized by Subject of Attest Work: • • • • • • Financial Forecasts & Projections Pro Forma Financial Information Internal Control Compliance w/ Laws, Regs, Contracts Mgmt Discussion & Analysis (MD&A) Applying Agreed Upon Procedures 20-14 Basic Attestation Standards General Standards 1. The engagement shall be performed by a practitioner having adequate technical training and proficiency in the attest function. 2. The engagement shall be performed by a practitioner having adequate knowledge of the subject matter. 3. The practitioner shall perform the engagement only if he or she has reason to believe that the subject matter is capable of evaluation against criteria that are suitable and available to users. 4. In all matters relating to the engagement, an independence in mental attitude shall be maintained by the practitioner. 5. Due professional care shall be exercised in the planning and performance of the engagement. 20-15 Basic Attestation Standards Standards of Fieldwork 1. The work shall be adequately planned and assistants, if any, shall be properly supervised. 2. Sufficient evidence shall be obtained to provide a reasonable basis for the conclusion that is expressed in the report. 20-16 Basic Attestation Standards Standards of Reporting 1. The report shall identify the subject matter or the assertion being reported on and state the character of the engagement. 2. The report shall state the practitioner's conclusion about the subject matter or the assertion in relation to the criteria against which the subject matter was evaluated. 3. The report shall state all of the practitioner's significant reservations about the engagement, the subject matter, and, if applicable, the assertion related thereto. 4. The report shall state that the use of the report is restricted to specified parties under certain circumstances. 20-17 Other Primary Attest Examples Compliance With Laws, Regulations, Contracts/Grants or Agreements Financial Forecasts Financial Projections Internal Controls Management Discussion & Analysis Marketing Claims (Assertions) WebTrust SysTrust Trust Services 20-18 Compliance With Laws, Regulations, Contracts/Grants or Agreements May be Required Periodically by 3rd Party. Can Address One or Both Assertions: Actual Compliance Effectiveness of Internal Controls for Ensuring Compliance Can be Either an Examination or an Agreed Upon Procedures Engagement. Cannot be a Review. 20-19 Financial Forecasts & Projections Forecasts: Estimating What is Expected. Projections: Estimating based on Given Assumptions or “What if”. Can be Either an Examination or an Agreed Upon Procedures Engagement. Cannot be a Review. 20-20 Management Report on Internal Control Wilson Company maintains internal control over financial reporting, which is designed to provide reasonable assurance to the Company's management and board of directors regarding the preparation of reliable published financial statements. Internal control contains self-monitoring mechanisms, and actions are taken to correct deficiencies as they are identified. Even with effective internal control, no matter how well designed, has inherent limitations---including the possibility of the circumvention or overriding of controls---and therefore can provide only reasonable assurance with respect to financial statement preparation. Further, because of changes in conditions, internal control effectiveness may vary over time. The Company assessed its internal control as of December 31, 20X2, in relation to criteria for effective internal control over financial reporting described in Internal Control---Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment, the Company believes that, as of December 31, 20X2, its internal control over financial reporting met those criteria. 20-21 Accountants’ Report on Internal Control 1st Paragraph We have examined Wilson Company’s internal control over financial reporting as of December 31, 20X2, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Wilson Company’s management is responsible for maintaining effective internal control over financial reporting, and for its assertion of the effectiveness of internal control over financial reporting, included in the accompanying Management Report on Internal Control. Our responsibility is to express an opinion on Wilson Company’s internal control over financial reporting based on our examination. 20-22 Accountants’ Report on ICS 2nd Paragraph We conducted our examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform the examination to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our examination included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our examination also included performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. 20-23 Accountants’ Report on ICS 3rd Paragraph An entity’s internal control over financial reporting is a process effected by those charged with governance, management and other personnel, designed to provide reasonable assurance regarding the preparation of reliable financial statements in accordance with accounting principles generally accepted in the United States of America. An entity’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and disposition of the assets of the entity; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles generally accepted in the United States of America, and that receipts and expenditures of the entity are being made only in accordance with authorizations of management and those charged with governance; and (3) provide reasonable assurance regarding prevention, or timely detection and correction of unauthorized acquisition, use, or disposition of the entity’s assets that could have a material effect on the financial statements. 20-24 Accountants’ Report on ICS 4th Paragraph Because of inherent limitations of internal control, errors or irregularities may occur and not be detected. Also, projections of any evaluation of internal control over financial reporting to future periods are subject to the risk that internal control may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. 20-25 Accountants’ Report on ICS 5th & 6th Paragraphs In our opinion, Wilson Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 20X2, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) We also have audited, in accordance with auditing standards generally accepted in the Untied States of America, the financial statements of Wilson Company and our report dated February 15, 20X3 expressed an unqualified opinion. 20-26 Report on Internal Controls • Can be Either an Examination or Agreed Upon Procedures (AUP). • Cannot be a Review if on Internal Controls over Financial Reporting. 20-27 Mgmt Discussion & Analysis MD&A is Management’s Narrative on the Historical & Maybe Prospective Performance. It Appears in the Annual Report and part of the SEC 10Q and 10K. CPAs Perform an Examination or Review. Normally, No 3rd Party to Specify AgreedUpon Procedures. 20-28 Marketing Claims (Assertions) Usually Assertions of Lowest Prices or Other Comparison with Competition. Grocery Prices (Text example & problem 20-36) MCI Price Comparison Methodology How About Best Slot Machine Payout? Usually an Examination to be Beneficial. 20-29 Price Comparison “Methodology” We have examined the Proof Positive Methodology of MCI Telecommunications Corp. (MCI) for the period . . . The Proof Positive Methodology for comparing MCI’s billing charges to AT&T and between MCI services is described in the You Save Money With MCI section of the enclosed Proof Positive Account Review . . . In our opinion, the Proof Positive Methodology properly compares billing charges between MCI and AT&T and between alternative MCI services and accurately reflects the price differences for the period . . . 20-30 Casino Payout Promises We have audited the accompanying schedule of theoretical payout percentages for slot and video poker machines located in the casino area known as . . . We conducted our audit in accordance with generally accepted auditing standards. . .to obtain reasonable assurance about whether the schedule of theoretical payout percentages is free of material misstatement . . . In our opinion, such schedule of theoretical payout percentages for slot and video poker machines located in the casino area known as . . . presents fairly, in all material respects, the theoretical payout percentages for such . . . Note: This report is not compliant with current attestation standards - auditors merely adapted an audit report. 20-31 Trust Services Generally relates to assurance offered for IT services via eCommerce (generally called WebTrust) or other IT Applications (generally called SysTrust and was originally for trading partners, but now for Service Organizations) Original services were developed jointly by the AICPA and the Canadian Institute of Chartered Accountants (CICA). WebTrust & SysTrust are logos/seals to post on web sites. Examination required. 32 AICPA Trust Services Principles Criteria (for each principle) 1. Security 1. Policies 2. Availability 2. Communications 3. Processing Integrity 3. Procedures 4. Confidentiality 4. Monitoring 5. Privacy Under AICPA standards, can be an examination or AUP. 33 Service Organization Control (SOC) Reports 34 Environmental Independent Accountant’s Report We have examined the accompanying schedule of greenhouse gas emissions of XYZ Company for [identify period, for example, the year ended December 31, 20XX]. XYZ Company’s management is responsible for the schedule. Our responsibility is to express an opinion based on our examination. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included obtaining an understanding of the nature of the company’s greenhouse gas emissions; examining, on a test basis, evidence supporting the company’s schedule of greenhouse gas emissions; and performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. As described in footnote X, environmental and energy use data are subject to measurement uncertainties resulting from limitations inherent in the nature and methods used for determining such data. The selection of different but acceptable measurement techniques can result in materially different measurements. The precision of different measurement techniques may also vary. In our opinion, the schedule referred to above presents, in all material respects, the greenhouse gas emissions of XYZ Company for [identify period, for example, the year ended December 31, 20XX] in conformity with [identify criteria]. 35 Political • “Conflict Minerals”: certain minerals—tantalum, tungsten, tin, and gold—that are mined in the Democratic Republic of the Congo (DRC) or the surrounding areas. • The Dodd-Frank Act requires: – Issuers who use conflict minerals in their manufacturing processes and supply chain to disclose whether the minerals came from the DRC or the surrounding areas. – If a company determines its conflict minerals originated in those countries, it will have to file a “Conflict Minerals Report” with the SEC and publish it on its website. – The reports outline all of the due diligence the company performed as it sourced its supply chain and must be independently audited. 20-36 Political • Purpose of the audit is to express an opinion or conclusion as to whether the: 1) Design of the issuer’s due diligence framework as set forth in the Conflict Minerals Report is in conformity with, in all material respects, the criteria set forth in the nationally or internationally recognized due diligence framework used by the issuer, and 2) Issuer’s description of the due diligence measures it performed as set forth in the Conflict Minerals Report is consistent with the due diligence process that the issuer undertook. • The audit is required to be performed in accordance with the “Yellow Book” & can consist of either an examination attestation engagement or a performance audit. 20-37 NonAttest Assurance Services Somewhat Loosely Defined Category Part of AICPA and Profession’s move to Develop new Business for CPAs. CPA may offer Assurance as to the Quality of Care Given or Services Provided. Criteria Very Subjective. 20-38 PrimePlus/ElderCare Services • Financial – Goal setting, funding analysis, needs assessment • Nonfinancial – Interpersonal and interrelationship management – Management of interaction between service providers and client • Target market – Older clients of CPA – Children of older adults – Other professionals that deal with older adults 20-39