Businesses have a wide range of financial statement users who make decisions based on the information provided and therefore expect it to be timely, accurate, and understandable. Businesses often engage CPA’s to provide assurance services not only to meet requirements of lenders and licensing agencies but also to lend credibility to their financial reporting and status as they make this information available owners, partners and shareholders.
CPAs can perform various services that address multiple needs of businesses This article describes the four most common types of assurance engagements including pros and cons of each.
As a reminder, CPAs can obtain a level of “assurance” about whether the financial statements are in accordance with the financial reporting framework by obtaining evidence. The levels of assurance range from no assurance at all (as in a compilation) to the highest level of assurance (as in an audit). A business’s assurance requirements will depend on the needs and requirements of its financial statement users. Regardless of the level of service, the financial statements are the responsibility of management.
Audit
A financial statement audit provides management and those charged with governance with an independent auditor’s report stating whether, in their opinion, the financial statements present fairly the business’s financial position, changes in financial position, and cash flows in accordance with the applicable financial reporting framework. In an audit, CPAs obtain reasonable assurance (defined as high but not absolute) about whether the financial statements are free from material misstatement, whether caused by error or fraud.
Pros:
• Compared to other types of assurance engagements, the audit provides the highest level of assurance as it is designed to examine, on a test basis, evidence regarding the amounts and disclosures in the financial statements.
• As part of a financial statement audit, CPAs are required to gain an understanding of internal controls and assess whether any identified control deficiencies rise to the level of material weaknesses or significant deficiencies. If so, the auditor will communicate these deficiencies to management and those charged with governance.
• Although not required, auditors may offer additional input based on their evaluations of operations and controls that can help management and the board understand risks and make improvements in their processes and controls.
Cons:
• A financial statement audit places a significant preparatory burden on the business’s accounting staff, so taking availability of resources into account is critical when deciding to engage a CPA for this service.
• Audits tend to be the most expensive of the assurance engagements as they require vastly more effort from audit firms to complete.
Review
A financial statement review provides limited assurance about the financial statements of the business. In this type of engagement, the CPA indicates whether any material modifications are necessary for the financial statements to be in accordance with the applicable financial reporting framework. In contrast to an audit, a CPA performing a review is not required to obtain an understanding of the business’s internal control; assess fraud risk; or test accounting records through inspection, observation, outside confirmation, or the examination of evidence. Review procedures consist primarily of inquiry and analytical procedures to identify unusual items or trends that may need further explanation by management.
Pros:
• Because a review is much narrower in scope than an audit, a review is typically a less costly option.
Cons:
• The assurance level provided by a review is much lower than that of an audit.
• Internal controls are not considered in a review, and as such, management and those charged with governance typically do not receive a formal communication of deficiencies.
• Lenders and other financial statement users might not be willing to accept a review report as a substitution for an audit report, so it is important to communicate with the intended users and understand their needs before engaging a CPA.
Compilation
A compilation does not provide a basis for obtaining or providing any assurance regarding the financial statements. In a compilation engagement, the CPA is required to read the financial statements considering the financial framework being used and let management know whether they are appropriate in form and free from obvious material errors. No detail testing or analytical procedures are performed.
Pros:
• Compilations can provide a business with a second set of eyes and advice on presentation matters.
• They can be especially helpful for smaller organizations whose financial statement users do not require an audit or a review but appreciate the association with a CPA.
Cons:
• No opinion is issued as to whether the financial statements are fairly presented or require any material modifications to be in conformity with GAAP.
Agreed-upon-procedures
In an agreed-upon procedures (AUP) engagement, the CPA firm performs specific procedures agreed upon by the interested parties. The final reporting package provides findings in a specific area of interest, enabling boards and management to make informed decisions. Although they are often performed for internal purposes (for example, merger or acquisition due diligence or gaining comfort over certain transactions), AUPs can be requested and relied upon by third parties.
Pros:
• AUPs can enable a business to dive deeper into an area of concern that might not be covered in such detail by an audit.
• Depending on the subject matter, AUPs can offer timing flexibility, thus reducing the burden on staff.
• Because the procedures are typically more limited in scale than an audit, AUPs offer more cost flexibility for entities (that is, to pick and choose which procedures are performed), yet rely on techniques similar to those used during an audit.
Cons:
• In an AUP engagement, the CPA does not perform an examination or review and does not provide an opinion or negative assurance.
• Because the report does not provide an opinion, it would be the entity’s responsibility to draw conclusions based on AUP engagement findings.
Whether your organization is in need of a more complete examination of your records or is just looking for peace of mind surrounding a disbursement cycle, it is important to remember that no assurance services will offer absolute assurance over the accuracy and completeness of your organization’s records. A strong system of internal controls and clear channels of communication with your board, management, and advisors can help mitigate the risk of errors or fraud in your financial reporting, especially in the remote environment of the current pandemic.