AUDITING: A RISK

ANALYSIS APPROACH

5th edition

Larry F. Konrath

Electronic Presentation
by Harold
O. Wilson
1
Chapter 15

2
KEY CONCEPTS OVERVIEW
The broadness of Assurance Services
Positive assurance vs. limited assurance
vs. no assurance
Non-audit assurance service (e.g.,
agreed-upon procedures, prospective
financial statements, etc.)
Compilation & Review Services (SSARS)
Eleven attestation standards

3
Learning Objectives
Define assurance services vs. auditing
and attestation
Differentiate among audits, compilations,
and reviews, related assurance levels
Identify eleven attestation standards vs.
ten auditing standards
Apply the SSARS
Describe the newer assurance services of
the future
4
The CHANGING NATURE of
the ASSURANCE FUNCTION

Opinion audits are likely to

become a lesser percentage of
the work of CPA firms; data is
available faster, influencing the
markets faster. Assurances AND
attestations will be growth areas
as the new “CPA Vision”
develops.
5
Increasing emphasis is on…

A VIVIDLY CLEAR
UNDERSTANDING of
SERVICES
and the
ENGAGEMENT
LETTER!
6
 RELATIONSHIPS

CPA FIRM SERVICES

ASSURANCE NON-ASSURANCE
SERVICES SERVICES

ATTESTATIONS NON-ATTESTATIONS
Other assurances

FIN. STMT. NON-FIN. STMT.

AUDITS AUDITS

7
 The AICPA’s “Elliott
Committee” foresees…

Attestation Services expansion:

Agreed-upon procedures
Letters for underwriters
Compilations & Reviews; OCBOA
Contractual compliance
Financial projections
Personal financial statements
8
AND …
Assurance Services expansion:
Electronic commerce
WebTrust
Performance measures
Health care providers
Various other assurances (e.g.,
company ethics, product
quality)
9
ASSURANCE SERVICES
covered by GAAS & SSARS
Covered by GAAS:
Agreed-upon procedures for specified items
Letters to Underwriters; Comfort letters
Review of interim financial information
Unaudited financials of public entities
Covered by SSARS (unaudited financials
of nonpublic entities):
Compilations
Reviews
10
ASSURANCE SERVICES &
ATTESTATION STANDARDS
Compliance attestation
Reporting on internal control
Reports on prospective financial statements
Reports on personal financial statements
Applying agreed-upon procedures to
prospective financial statements

11
NEW TYPES OF ASSURANCE
SERVICES
WebTrust
SysTrust
Performance measures
Risk assessments
ElderCare

Discussions follow!

12
 DISTINCTIONS
(areas NOT limited to CPAs)

Assurance Services improve

(by reports to users) the
quality of information.
Attestations Services, a subset,
in which the attestor offers
assurance about another
party’s written assertions.
13
AGREED-UPON
PROCEDURES

GAAS usually applies to CPA involvement.

No opinion or assurance is expressed; after
purpose & scope are agreed upon, the
report addresses procedures & findings.
Procedures are engagement-specific
(e.g., royalty income).

14
AGREED-UPON
PROCEDURES

Reports are for “restricted use.”

Conditions for AUP:
Independence is required.
Parties agree on procedures by contract.
There is an expectation of evidence & findings.
The basis of financial statements is clear.
Materiality factors agreed-upon.

15
Notes on AGREED-UPON
PROCEDURES
Procedures are insufficient for CPA’s
opinions; non-CPAs sometimes state
limited assurance.
Two types of AUP engagements:
(a) Financial statement related, or
(b) Nonfinancial statement assertions.

Special Reports” (e.g., bond sinking fund

requirements) may be a part of
an audit report, or may be separate.
16
“Limited Assurance” means...
An overall opinion is disclaimed; however,
the CPA makes direct statements.
“Negative assurance” is usually reserved
for review-level engagements.
Phrasing: “…AICPA standards followed….
[we] are not aware of any material
modification that should be [required for
conformance] … with GAAP.”

17
LETTERS for
UNDERWRITERS

Underwriters (investment bankers, financial

institutions) market the bulk of regulated
securities transactions (e.g., IPOs).
Underwriters are responsible for “reasonable
investigation” of the financial
information.
A Comfort Letter from auditors is common,
but not required by the SEC.

18
Comfort Letter subjects:
Independence
Compliance with SEC financial
accounting requirements
Unaudited financial, pro forma data, various
statistics, management discussions, etc..
Procedures (inquiry and analytical procedures
by the CPA) are described.
Negative assurance is expressed re registration
statement compliance.

19
REVIEW of
INTERIM FINANCIAL DATA

Interim financial information: Financial

statements or condensed information
covering less that a year.
SEC Form 10-Q required, often with
limited procedures by independent CPAs.
“UNAUDITED” is clearly indicated, but
the concern is consistency with GAAP;
known departures are noted.
20
REVIEW of
INTERIM FINANCIAL DATA
Time constraints prompt more estimates
for interim reporting, based on valid
comparisons, comments on controls, etc.
Interim review procedures include…
Detailed reading of the interim statements
Inquiry (internal controls, changes)
Analytical procedures
Reading of minutes, etc.
Obtaining a Representation Letter
Issuance of a review report (limited assurance).

21
UNAUDITED FINANCIAL
STATEMENTS (Public Entity)
Disclaimer of Opinion
“UNAUDITED” on each page
CPA “associated” if name used OR CPA
assisted in preparing the financials
Known departures from GAAP require
either (1) revision by client, OR
(2) withdrawal from engagement.

22
 FAQs?

Is an accountant required to be
independent to perform a Compilation?
…a Review?
Is a Review a “stepped up” compilation,
OR is it a “scaled down” audit?

No! Yes! And, The Latter!

23
 ASSURANCE SERVICES
COVERED by SSARS
SSARS INVOLVES…
Unaudited financial statements of
nonpublic entities
Compilations or Reviews: Adequate?
Cheaper, faster than audits!
CPAs (1) Compile, or (2) Review, or
(3) must state s/he did neither and takes
no responsibility for statements.
24
 COMPILATIONS
The accountant, with some industry and
GAAP knowledge, compiles financials
from unaudited, unreviewed accounts
or data furnished.
The report provides no assurance as to
validity, GAAP, etc., stating that s/he
“…does not express an opinion or any
form of assurance.”

25
However, there are compilation
procedures to follow:
Develop some knowledge about the industry,
the client’s system, chart of accounts, basic
bookkeeping, procedures, and personnel.
Read the financials to ascertain freedom from
obvious errors, e.g., inadequacy of footnotes.
Issue a Compilation Report (disclaiming an
opinion); known problems are noted!

Becoming aware of errors or misstatements may

prompt additional inquiry, AJEs, or withdrawal.
26
 REVIEWS
An independent accountant makes
inquiries and performs certain
analytical procedures, and expresses
limited (negative) assurance, AFTER a
Disclaimer of Opinion statement.
Procedures are similar to compilations,
and there are additional concerns, which
follow.

27
Review procedures include…
Inquires on accounting principles, methods,
changes, internal auditors’ work, etc.
Inquires on accounting procedures, systems
Analytical procedures, hunting the unusual
Inquires as to minutes, meetings, decisions
Inquiry as to subsequent events
Reading of financials, focusing on appearance
of conformity with GAAP
Note: The most costly of audit procedures are
not parts of reviews.
28
REVIEWS: Avoid the
appearance of “auditing!”
Perform only “...inquiry and analytical
procedures that provide … a reasonable
basis for expressing negative assurance …
[about GAAP or OCBOA].”
Concerns: Unusual matters, practices,
procedures, plans, personnel, changes,
subsequent events.
Becoming aware of errors or misstatements may
prompt additional inquiry, AJEs, or withdrawal.
29
 ASSURANCE SERVICES
& ATTESTATION STANDARDS
Assertion: Any declaration, or set of
related declarations taken as a whole,
by a party responsible for it.
Attestation: Written communication
that expresses a conclusion about the
reliability of a written assertion that is
the responsibility of another party.
-AICPA
30
 Statements on Standards for
Attestation Engagements (SSAE)
• Apply to non-financial-statement
assurances.
• Eleven (11) standards!
• Embraces both positive and
limited assurances.

Similar to GAAS, but do not supersede GAAS!

31
 Preconditions for
Attestation Engagements
Adequate training, proficiency
Adequate knowledge of subject
Reasonable measurement &
disclosure criteria
Assertions capable of consistent
estimation or measurement
Independence of the practitioner.

32
Notes on SSAE
No requirement to understand internal
controls exists.
GAAP is not the standard; thus,
is uninvolved.
Nature of engagement (often diverse)
must be identified.
CPA must state applicable distribution
restrictions.

33
 COMPLIANCE
ATTESTATION
Management’s assertions about meeting
requirements (laws, regulations, rules,
contracts), or effectiveness of internal controls
over compliance procedures.
Examples: Dept. of Education, EPA, FDIC,
MBAA, SEC and MD&A
MD&A reporting may be included here, IF
the CPA was the principal auditor!
SSAE is inapplicable to engagements under
Governmental Auditing Standards!
34
Notes on COMPLIANCE
ATTESTATION
Typically, agreed-upon procedures are
involved.
Internal control effectiveness differs from
the focus in financial statement audits
(e.g., EPA rules are unique).
The CPA’s procedures may be unique!

The CPA must know the regulations, laws, etc., and

likely needs exceptional expertise!
35
REPORTING ON
INTERNAL CONTROL
The SEC requires some entities (e.g., brokers)
to submit reports on internal controls.
The FCPA requires that public companies
maintain internal controls adequately to
detect selected types of fraud.
CPA’s alternatives:
INDIRECT attestation
DIRECT attestation

36
REPORTING ON
INTERNAL CONTROL
Indirect attestation: CPA opinion on
management’s assertions about controls.
Direct attestation: CPA opinion on the
effectiveness of a client’s internal controls.
The unrestricted report is as of a specific date,
and addresses internal control as a whole.
Weaknesses are communicated.
More extensive than a usual audit!

37
 PROSPECTIVE FINANCIAL
STATEMENTS (third parties)

Prospective financial statements may assume

two forms:
Forecasts—presenting an entity’s expected
financial position, operating results, and cash
flows, reflecting conditions expected to exist (e.g.,
a budget)
Projections—presenting the same type of data,
given one or more hypothetical assumptions.

38
 PROSPECTIVE FINANCIAL
STATEMENTS (third parties)

A CPA may accept only if…

The report goes only to specified users who
understand the tentative nature of the
prospective financial statements.
The assumptions are clear, reasonable,
consistent, and summarized.
No form of assurance is expressed, either as to
reliability or achievability of the prospects.
39
FINANCIAL FORECASTS &
PROJECTIONS (F&P)
Independent accountants may assist
in compiling F&P data.
“Feasibility” is not identical with vouching
for “achievability.”
The Auditing Standards Board standards
must be followed in any examination of
prospective financial statements.
CPAs evaluate the procedures, support for
assumptions, and preparation of F&P.
40
EXAMINING PROSPECTIVE
FINANCIAL STATEMENTS
The independent CPA may express
assurance about whether the statements
conform to AICPA guidelines, and as to
reasonableness of the assumptions as a
basis for a F&P.
Warning: Forecasts are rarely identical
to results!

41
PERSONAL FINANCIAL
STATEMENTS

Unaudited financial statements

are common (financing homes, etc.).
Assets may be reported at estimated FMVs--
a challenge; terminology differs from
GAAP.
The AICPA as issued an SOP and a Guide.
Assurance may be expressed.

42
THE FUTURE:
e-commerce & WebTrust
Business via the internet is booming and
will increase; paperwork will decrease!
Risks increase due to anonymity; possible
unauthorized data access opens more
opportunities for CPA firms.

Techniques & criteria are being developed

to measure authenticity & protection!
SysTrust relates to system integrity/control.
43
The WebTrust e-Icon
WebTrust is a seal of assurance (business-
to-consumer) the offers comfort about the
business transaction integrity, and data
[internet] security.
The “provider” is based on cooperation between
the AICPA & the Canadian Institute of Cas.
A CPA/CA has issued an unqualified opinion
that the vendor [business] discloses and
executes transactions consistent with defined
data and security needs.

44
PERFORMANCE-MEASUREMENT
ENGAGEMENTS
Planning and defining relevant
criteria, reliable evidence of goal
attainments.
Examples: Customer satisfaction,
product & service quality, morale.
CPA must examine entity objectives, and
evaluate the performance measures, then
express assurance as to reliability.
CPAs use agreed-upon procedures focusing
on client’s monitoring systems, etc.
45
ElderCare:
Health Care
Assurances

Several [CPA] firms,

confident of being of service,
have given assurances about...
Stability of services, realty management,
insurance claims, tax planning, quality
of life concerns, & care arrangements.
Quality of medical health care & records.

46
CRITICAL KEY TERMS
Assurance services Negative assurance
Attestation standards Positive assurance
Comfort letter Projection
Direct attestation Prospective financial
ElderCare statements
Forecast Review
Indirect attestation Risk assessment
Limited assurance SSARS
WebTrust SysTrust

47
End of Chapter 15

48