Other Assurance Services Chapter 24

Distinguish AICPA attestation standards from auditing standards Learning Objective 1 Distinguish AICPA attestation standards from auditing standards and know the type of engagements to which they apply.

Attestation Engagements Standards Types of Attestation Engagements Levels of Service

Types of Engagements and Related Reports Type of Engagement Examination Review Agreed-upon procedures Amount of Evidence Extensive Significant Varying Level of Assurance High Moderate Varying Form of Conclusion Positive Negative Findings Distribution General Limited

Understand the nature of WebTrust assurance services. Learning Objective 2 Understand the nature of WebTrust assurance services.

WebTrust Services In a WebTrust assurance services engagement, a client engages a CPA to provide reasonable assurance that a company’s Web site complies with certain WebTrust principles and criteria for one or more aspects of e-commerce activities.

Seven WebTrust Principles Principle The entity discloses and maintains compliance with its: Privacy Privacy practices to protect a customer’s personally identifiable information. Security Security practices to ensure that e-commerce systems and data are restricted only to authorized individuals.

Seven WebTrust Principles Principle The entity discloses and maintains compliance with its: Business Business practices to ensure that practices/ e-commerce transactions are processed Transaction completely, accurately, and in conformity integrity with those disclosed practices. Availability Availability practices to ensure that its electronic commerce systems and data are available.

Seven WebTrust Principles Principle The entity discloses and maintains compliance with its: Confidentiality Confidentiality practices to ensure that information obtained through e-mail commerce activities that is designated as confidential is restricted to authorized individuals or entities.

Seven WebTrust Principles Principle The entity discloses and maintains compliance with its: Nonrepudiation Nonrepudiation practices to establish which parties to e-commerce transactions are liable. Customized Specified disclosures, which must comply with applicable professional standards and be relevant to e-commerce activities.

Understand the nature of SysTrust assurance services. Learning Objective 3 Understand the nature of SysTrust assurance services.

SysTrust Services In a SysTrust engagement, the SysTrust licensed accountant evaluates a company’s computer system using SysTrust principles and criteria.

Four SysTrust Principles 1. Availability The system is available for operation and use at times set forth in service- level statements or agreements. 2. Security The system is protected against unauthorized physical and logistical access. 3. Integrity System processing is complete, accurate, timely, and authorized. 4. Maintainability The system can be updated when required in a manner that continues to provide for system reliability, security, and integrity.

Describe special engagements to attest to prospective Learning Objective 4 Describe special engagements to attest to prospective financial statements.

Prospective Financial Statements Forecasts and projections Use of prospective financial statements Types of engagements Examination of prospective financial statements

Understand special engagements to attest to internal control, Learning Objective 5 Understand special engagements to attest to internal control, including controls over electronic commerce.

Reporting on Internal Control Comparison to requirements for audits Requirements for an examination of the effectiveness of internal control Internal control for service organizations

procedures engagements. Learning Objective 6 Describe agreed-upon procedures engagements.

Agreed-Upon Procedures Engagements 1. The SASs deal with financial statement items, whereas the SSAEs deal with nonfinancial statement subject matter. 2. Management must provide a written assertion for an SSAE engagement but not for an SAS engagement.

Understand the level of assurance and evidence requirements for Learning Objective 7 Understand the level of assurance and evidence requirements for review and compilation services.

Review and Compilation Services The standards for compilations and reviews of financial statements are called: Statements on Standards for Accounting and Review Services (SSARS)

Relationship between Evidence Accumulation and Assurance Attained High (Audit) Assurance Attained Level of Moderate (Review) None (Compilation) Minimal (Compilation) Significant (Review) Extensive (Audit) Amount of Evidence Accumulated

Review Services A review service (SSARS review) engagement is designed to allow the accountant to express limited assurance that the financial statements are in accordance with GAAP.

Procedures Suggested for Reviews Obtain knowledge of the accounting principles of the client’s industry. Obtain knowledge of the client. Make inquiries of management. Perform analytical procedures. Obtain letter of representation.

Make Inquires of Management 1. Inquire as to the company’s procedures for recording, classifying, and summarizing transactions and disclosing information in the statements. 2. Inquire into actions taken at meetings of stockholders and the board of directors. 3. Inquire of persons having responsibility for financial and accounting matters.

Form of Report 1. The first paragraph is similar to an audit report except for its reference to a review service rather than an audit. 2. The second paragraph notes that a review consists primarily of inquiries and analytical procedures.

Form of Report 3. The third paragraph expresses limited assurance in the form of a negative assurance that “we are not aware of any material modifications that should be made to the financial statements.”

Failure to Follow GAAP If a client has failed to follow GAAP in a review engagement, a modification of the report is needed.

Requirements for Compilation Establish an understanding with the client about the nature and limitations of the services to be performed and a description of the report. Possess knowledge about the accounting principles and practices of the client’s industry. Know the client; the nature of the client’s business transactions; and the basis, form, and content of the financial statements.

Requirements for Compilation Make inquiries to determine whether the client’s information is satisfactory. Read the compiled financial statements and be alert for any obvious omissions or errors in arithmetic and GAAP.

Compilation Form of Report Compilation with full disclosure It requires disclosures in accordance with GAAP. Compilation that omits substantially all disclosures This type of statement is usually expected to be used primarily for management purposes only. Compilation without independence A CPA firm can issue a compilation report even if it is not independent with respect to the client, as defined by the Code of Professional Conduct.

Describe special engagements to receive interim information Learning Objective 8 Describe special engagements to receive interim information for public companies.

Interim Financial Information for Public Companies The requirements for reviews of interim information for public companies (SAS 71 reviews) are set forth by SAS 71 (AU 722). A SAS 71 review does not provide a basis for expressing a positive-form opinion.

Interim Financial Information for Public Companies There are ordinarily no tests of the accounting records, independent confirmations, or physical examinations.

Describe other audit and limited assurance engagements related Learning Objective 9 Describe other audit and limited assurance engagements related to historical financial statements.

Other Comprehensive Bases of Accounting Introductory paragraph Scope paragraph Middle paragraph stating the accounting basis Opinion paragraph

Specified Elements, Accounts, or Items The specified elements, accounts, or items must be identified. The basis on which the specified elements, accounts, or items are presented and the agreements specifying the basis must be described.

Specified Elements, Accounts, or Items Source of significant interpretations made by the client about the provisions of a relevant agreement must be indicated and described.

Specified Elements, Accounts, or Items If the specified element, account, or item is presented on a basis that is not in conformity with GAAP, a paragraph that restricts the distribution of the report to those within the entity and the parties to the contract or agreement must be added.

Debt Compliance Letter and Similar Reports The engagement and report should be limited to compliance matters the auditor is qualified to evaluate. The auditor should provide a debt compliance letter only for a client for whom the auditor has done an audit of the overall financial statements.

Debt Compliance Letter and Similar Reports The auditor’s opinion is in the form of a negative assurance, stating that nothing came to the auditor’s attention that would lead the auditor to believe there was noncompliance.

End of Chapter 24