Other Assurance Services. Chapter 25. Learning Objective 1. Distinguish AICPA attestation standards from auditing stan- dards and know the type of engagements to which they apply. Attestation Engagements. Attestation standards. Types of attestation engagements. Levels of service.
Types of attestation engagements
Levels of service
In a WebTrustassurance services engagement,
a client engages a CPA to provide reasonable
assurance that a company’s Web site complies
with certain Trust Servicesprinciples and criteria
for one or more aspects of e-commerce activities.
The WebTrustserviceis a specific service
developed under the broader Trust Services
principles and criteria jointly issued in 2003
by the AICPA and CICA.
The system is protected against
(both physical and logical).
The system is available for operation
and use as committed or agreed.
System processing is complete,
accurate, timely, and authorized.
Personal information obtained as a result of
e-commerce is collected, used, disclosed,
and retained as committed or agreed.
Information designated as confidential
is protected as committed or agreed.Five TrustServices Principles
In a SysTrust engagement, the SysTrust
licensed accountant evaluates a
company’s computer system using
Trust Servicesprinciples and criteria.
A licensed SysTrustaccountant
may report on only one Trust Service
principle or any combination of principles.
Forecasts and projections
Use of prospective financial statements
Types of engagements
Examination of prospective financial statements
The audit is limited to certain specific
These are referred to as procedures
and findings engagements.
The SASs deal with financial statement
items, whereas the SSAEs deal with
nonfinancial statement subject matter.
The standards for compilations and
reviews of financial statements are called...
Statements on Standards for Accounting
and Review Services (SSARS)
Amount of Evidence AccumulatedRelationship between EvidenceAccumulation and Assurance Attained
A review service (SSARS review) engagement
is designed to allow the accountant to express
limited assurance that the financial statements
are in accordance with GAAP.
Obtain knowledge of the accounting
principles of the client’s industry.
Obtain knowledge of the client.
Makeinquiries of management.
Perform analytical procedures.
Obtain letter of representation.
1. Inquire as to the company’s procedures for
recording, classifying, and summarizing
transactions and disclosing information
in the statements.
2. Inquire into actions taken at meetings of
stockholders and the board of directors.
3. Inquire of persons having responsibility
for financial and accounting matters.
1. The first paragraph is similar to an audit report
except for its reference to a review service
rather than an audit.
2. The second paragraph notes that a review
consists primarily of inquiries and
3. The third paragraph expresses limited assurance
in the form of a negative assurance that “we are
not aware of any material modifications that
should be made to the financial statements.”
If a client has failed to follow GAAP in
a review engagement, a modification
of the report is needed.
A compilation service engagement is defined in
SSARS as one in which the accountant presents
to a client or third party financial statements that
the accountant has prepared.
The CPA firm does not express any assurance
on the statements.
Compilation with full disclosure:
It requires disclosures in accordance with GAAP.
Compilation that omits substantially all disclosures:
This type of statement is usually expected to be
used primarily for management purposes only.
Compilation without independence:
A CPA firm can issue a compilation report even
if it is not independent with respect to the client,
as defined by the Code of Professional Conduct.
The SEC requires quarterly financial statements
to be reviewed by the company’s external auditor
prior to the company’s filing of the Form 10Q.
Like reviews under SSARS, a review for a public
company does not provide a basis for expressing
a positive form opinion.
The review is conducted according to the
standards of the PCAOB, and there is no
reference to the SSARS in a review report.
Cash or modified cash basis
Basis used to comply with the requirements
of a regulatory agency
Income tax basis
A definite set of criteria having substantial
Middle paragraph stating the accounting basis
The specified elements, accounts, or items
must be identified.
The basis on which the specified elements,
accounts, or items are presented and the
agreements specifying the basis must
The source of significant interpretations made
by the client about the provisions of a relevant
agreement must be indicated and described.
If the specified element, account, or item is
presented on a basis that is not in conformity
with GAAP, a paragraph that restricts the
distribution of the report to those within
the entity and the parties to the contract
or agreement must be added.
The engagement and report should be
limited to compliance mattersthe
auditor is qualified to evaluate.
The auditor should provide a debt
compliance letter only for a client
for whom the auditor has done an
audit of the overall financial statements.
The auditor’s opinion is in the form of a
negative assurance, stating that nothing
came to the auditor’s attention that would
lead the auditor to believe there was