Chapter 20
Additional Assurance
Services: Other
Information
McGraw-Hill/Irwin
Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
Assurance Services




Independent professional services that “improve the
quality of information, or its context, for decision makers”
Assurance service encompass attestation services but
are broader
Attestation, a portion of assurance services, are
restricted to examination, review or agreed-upon
procedures engagements
Assurance services go beyond attestation, may involve
analyzing data or putting them in a form to facilitate
decision making
20-2
Relationship Between Assurance and
Attestation
20-3
Demand for Assurance Services

Reduce information risk for outside parties and
enable the company to contract at more
favorable terms
 Information technology has significantly changed
expectations of information users
 New services being developed
 Continuous auditing
 Assurance on system reliability
 Performed in accordance with Statement on
Standards for Attestation Services
20-4
Selected Characteristics of
Assurance Services
20-5
Subject Matter
 Historical
or prospective performance or
condition
 Physical characteristics
 Historical events
 Analyses
 Systems or processes
 Behavior
20-6
Assertion
 Declaration
about whether the subject
matter is presented in accordance with
certain criteria.
 Practitioners generally must obtain
appropriate assertion about subject matter
 Report can be on either


The assertion about the subject matter or
The subject matter itself
20-7
Criteria

Suitable





Objective
Permit reasonable consistent measurements
Complete
Relevant
Available


Publicly available
Presented in a summary, the assertion or the
practitioners’ report
20-8
Relationships Among Terms Used
in Attestation Engagements
20-9
Attestation Risk



Risk that practitioners will unknowingly fail to
appropriately modify their report on subject matter that is
materially misstated
Consists of
 Inherent risk
 Control risk
 Detection risk
Materiality
 Difficult because subject matter may not be financial
 Determine likely needs of intended users
20-10
Types of Attestation Engagements
 Examinations


Highest level of assurance
Attestation risk at low level
 Reviews


Limited or negative assurance
Attestation risk at moderate level
 Agreed-upon

procedures
Restricted use reports
20-11
Examination Report
20-12
Review Report on Subject Matter
20-13
Assurance on Internal Control over
Financial Reporting

Practitioners can audit (AT 501) or perform
agreed-upon procedures engagements (AT 201)
for nonpublic companies



Audits of internal control are a part of integrated
audits
Reviews are not performed for internal control
engagements.
Management must evaluate company’s internal
control using a set of suitable criteria

Example: COSO control criteria
20-14
Management Report on Internal Control
("Management's Assertion")
Wilson Company maintains internal control over financial reporting,
which is designed to provide reasonable assurance to the Company's
management and board of directors regarding the preparation of reliable
published financial statements. Internal control contains self-monitoring
mechanisms, and actions are taken to correct deficiencies as they are
identified. Even with effective internal control, no matter how well
designed, has inherent limitations---including the possibility of the
circumvention or overriding of controls---and therefore can provide only
reasonable assurance with respect to financial statement preparation.
Further, because of changes in conditions, internal control effectiveness
may vary over time.
The Company assessed its internal control as of December 31, 19X5,
in relation to criteria for effective internal control over financial reporting
described in Internal Control---Integrated Framework issued by the
Committee of Sponsoring Organizations of the Treadway Commission.
Based on this assessment, the Company believes that, as of December
31, 19X5, its internal control over financial reporting met those criteria.
20-15
Objective and Steps of IC
Reporting
Objective: Form an opinion on the effectiveness of the
entity's internal control
Steps (originally presented in Chapter 7)
 Plan the engagement
 Use a top-down approach to identify controls to test
 Test and evaluate design effectiveness of internal control
 Test and evaluate operating effectiveness of internal
control
 Form an opinion on the effectiveness of Internal control
20-16
Accountants’ Report on Internal Control-Introductory and Scope Paragraphs
We have examined Wilson Company’s internal control over financial reporting as of
December 31, 20X1, based on criteria established in Internal Control—Integrated
Framework issued by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO). Wilson Company’s management is responsible for maintaining
effective internal control over financial reporting, and for its assertion of the
effectiveness of internal control over financial reporting, included in the accompanying
Management Report on Internal Control. Our responsibility is to express an opinion on
Wilson Company’s internal control over financial reporting based on our examination.
We conducted our examination in accordance with attestation standards established
by the American Institute of Certified Public Accountants. Those standards require that
we plan and perform the examination to obtain reasonable assurance about whether
effective internal control over financial reporting was maintained in all material
respects. Our examination included obtaining an understanding of internal control over
financial reporting, assessing the risk that a material weakness exists, and testing and
evaluating the design and operating effectiveness of internal control based on the
assessed risk. Our examination also included performing such other procedures as we
considered necessary in the circumstances. We believe that our examination provides
a reasonable basis for our opinion.
20-17
Accountants’ Report on Internal
Control--Definition Paragraph
An entity’s internal control over financial reporting is a process effected by those charged
with governance, management and other personnel, designed to provide reasonable
assurance regarding the preparation of reliable financial statements in accordance with
accounting principles generally accepted in the United States of America. An entity’s
internal control over financial reporting includes those policies and procedures that (1)
pertain to the maintenance of records that, in reasonable detail, accurately and fairly
reflect the transactions and disposition of the assets of the entity; (2) provide reasonable
assurance that transactions are recorded as necessary to permit preparation of financial
statements in accordance with accounting principles generally accepted in the United
States of America, and that receipts and expenditures of the entity are being made only in
accordance with authorizations of management and those charged with governance; and
(3) provide reasonable assurance regarding prevention, or timely detection and correction
of unauthorized acquisition, use, or disposition of the entity’s assets that could have a
material effect on the financial statements.
20-18
Accountants’ Report on Internal Control--Inherent Limitations,
Opinion, and Audit of Financial Statements Paragraphs
Because of inherent limitations of internal control, errors or irregularities may occur
and not be detected. Also, projections of any evaluation of internal control over financial
reporting to future periods are subject to the risk that internal control may become
inadequate because of changes in conditions, or that the degree of compliance with the
policies or procedures may deteriorate. Because of its inherent limitations, internal control
over financial reporting may not prevent, or detect and correct misstatements. Also,
projections of any evaluation of effectiveness to future periods are subject to the risk that
controls may become inadequate because of changes in conditions, or that the degree of
compliance with the policies or procedures may deteriorate.
In our opinion, Wilson Company maintained, in all material respects, effective internal
control over financial reporting as of December 31, 20X1, based on criteria established in
Internal Control—Integrated Framework issued by the Committee of Sponsoring
Organizations of the Treadway Commission (COSO)
We also have audited, in accordance with auditing standards generally accepted in the
Untied States of America, the financial statements of Wilson Company and our report
dated February 15, 20X2 expressed an unqualified opinion.
20-19
Internal Control Audit Report Modifications
Situation
Report Modification
Material Weakness
Adverse opinion
Scope limitation
Withdraw or disclaimer
Management report
incomplete or improper
Explanatory paragraph
Other auditor
Explanatory language (if
not taking responsibility)
Management's report
includes additional
information
Add paragraph indicating
no opinion or other
assurance on this
information
20-20
Prospective Financial Statements
 Financial

Information about the entity’s expected
financial position, results of operations and
cash flows
 Financial

Forecasts
Projection
Expected results, given one or more
hypothetical assumptions
 CPAs
engaged to examine or perform
agreed-upon procedures but no review
20-21
Examinations of Prospective
Financial Statements
 Practitioners
gather evidence relating to
the client’s procedures for preparation of
the statements
 Evaluate the underlying assumptions
 Obtain a written representation letter from
the client
 Evaluate whether statements are in
conformity with AICPA guidelines
20-22
Report
 Report
on subject matter
 States whether the statements are
presented in conformity with AICPA
guidelines
 Whether underlying assumptions provide a
reasonable basis for the statements
 Does not vouch for the achievability of the
forecast or projection
20-23
Compliance
 Types
1. Attesting to an entity’s compliance with
specified requirements of laws, regulations,
rules, contracts, or grants.
2. Attesting to the effectiveness of an entity’s
internal control over compliance with specified
requirements.
20-24
Management’s Discussion and Analysis



Management required to provide narrative explanation of
financial results as part of 10-K and 10-Q
Practitioner may examine or review
Objective to provide assurance on
(1) the presentation includes, in all material respects, the required
elements of the rules and regulations adopted by the SEC;
(2) the historical financial amounts included in the presentation have
been accurately derived, in all material respects, from the entity’s
financial statements; and
(3) the underlying information, determinations, estimates, and
assumptions of the entity provide a reasonable basis for the
disclosures contained in the presentation.
20-25
Trust Services


Intended to address user and preparer needs regarding
issues of security, availability, processing integrity, online
privacy and confidentiality within e-commerce and other
systems
System consists of
 Infrastructure
 Software
 People
 Procedures
 data
20-26
Trust Services
The practitioner
(1) performs procedures to determine that
management’s description of the system is fairly stated
and
(2) obtains evidence that the controls over the system
are designed and operating effectively to meet the Trust
Services Principles and Criteria—the suitable criteria
required for an attest engagement
20-27
Principles and Criteria
Principles
1. Security
2. Availability
3. Processing Integrity
4. Online privacy
5. Confidentiality
Criteria for each principle
1. Policies
2. Communications
3. Procedures
4. Monitoring
20-28
Types of Trust Services Engagements
 Examination


or agreed-upon procedures
WebTrust
• Assurance on electronic commerce
systems
SysTrust
• Assurance on any system
20-29
Reporting on Trust Services


Designed to incorporate a seal management process
 Seal (logo) included on a client’s website as
electronic representation of the report
 Engagement must be updated at least annually to use
the seal
 Initial reporting period must be at least 2 months
Competition
 BBBOnLine program
 TRUSTe
20-30
ElderCare/PrimePlus Services



Financial
 Goal setting, funding analysis, needs assessment
Nonfinancial
 Interpersonal and relationship management
 Management of interaction between service providers
and client
Target market
 Older clients of CPA
 Children of older adults
 Other professionals that deal with older adults
20-31
CPA Performance View
 System
that merges standard financial
measures with leading indicators such as:




Customer satisfaction.
Employee training and satisfaction.
Product quality.
Sales calls and proposals delivered.
 Based
on performance measurement
theory like balanced scorecard approach
20-32
CPA Risk Advisory Services
 Help
organization manage risk
 Approach
(1) identifying and analyzing risks,
(2) designing and implementing strategies
related to risks, and
(3) measuring, monitoring, and reporting
on solutions.
20-33
Future Assurance Services
Committees working on:
 Health care performance measurement.
This service provides assurance about the
effectiveness of health care services provided by
health maintenance organizations, hospitals,
doctors, and other providers.
 Continuous auditing
provides assurance using a series of reports
provided simultaneously or shortly after the
related information is released.
20-34