Other Assurance Services

By:

Jonathan David 18/422958/EK/21636

Citra Aulia Ramadhanty 18/425432/EK/21818

Hendrawan Dhanes S. 18/429238/EK/21998

PROGRAM STUDI SARJANA AKUNTANSI

FAKULTAS EKONOMIKA DAN BISNIS
UNIVERSITAS GADJAH MADA
YOGYAKARTA
2019
LO25-1

Many nonpublic companies have their financial statements reviewed, compiled, or

prepared by a CPA, instead of having them audited the standards for preparation, compilation,
and review engagements of financial statements, called Statements on Standards for
Accounting and Review Services (SSARS), are issued by the Accounting and Review Services
Committee of the AICPA. This committee has authority equivalent to the Auditing Standards
Board for services involving unaudited financial statements of nonpublic companies. Because
they are not doing audits, SSARS refer to CPAs performing review, compilation, and preparation
services as accountants, not auditors. Because the assurance provided in a preparation,
compilation, or review engagement is considerably below that of audits, less evidence is required
for these services and they can be provided at a lower fee than an audit. A review service
(SSARS review) engagement allows the accountant to express limited assurance that the
financial statements are in accordance with applicable accounting standards, including
appropriate informative disclosures, or other comprehensive basis of accounting (OCBOA), such
as the cash basis of accounting. CPAs must be independent of the client for review service
engagements. Procedures Suggested for reviews the evidence for a review engagement consists
primarily of inquiries of management and analytical procedures, substantially fewer procedures
than those required for an audit. For reviews, accountants do not obtain an understanding of
internal control, test controls, assess fraud risk, or do substantive tests of transactions or tests of
balances, such as confirmation of receivables or physical examination of inventory. SSARS
require the accountant to obtain evidence that consists of the following for a review engagement:
Obtain agreement on engagement term, Obtain knowledge of the accounting principles and
practices of the client’s industry, Obtain knowledge of the client, Make inquiries of management,
Perform analytical procedures, Read the financial statements, Reconcile the financial statements
to underlying accounting records, Obtain letter of representation, Prepare documentation. The
standard review report includes four paragraphs. An introductory paragraph that identifies the
entity and period of financial statements subject to the review and explicitly notes that the
accountant has conducted a review. The second paragraph specifies that management is
responsible for the preparation and fairness of the financial statements and for designing,
implementing, and maintaining internal controls relevant to financial reporting. The third
paragraph notes that the accountant’s responsibility is to conduct a review of management’s
financial statements in accordance with SSARS and that those standards require the accountant
to perform procedures to obtain limited assurance that there are no material modifications that
should be made to the financial statements. The fourth paragraph, which is preceded by the
heading “Accountant’s Conclusion,” expresses limited assurance in the form of negative
assurance that “we are not aware of any material modifications that should be made to the
accompanying financial statements” in order for them to be in conformity with applicable
accounting standards. The date of the review report should be the date on which the accountant
has accumulated review evidence sufficient to provide a reasonable basis for the report
conclusion. If a client has failed to follow applicable accounting standards in a review
engagement, the report must be modified. A compilation service engagement is defined in
SSARS as one in which accountants apply accounting and financial reporting expertise to assist
management in the preparation of financial statements and issue a report to a client or third party
without providing any CPA assurance about those statements. Compilation does not absolve
accountants of responsibility, as they are always responsible for exercising due care in
performing all duties. In a compilation engagement, an accountant must accomplish the
following: Establish an understanding with the client in a written engagement letter about the
objectives of the compilation engagement; Possess knowledge about the accounting principles
and practices of the client’s industry; Know the client, including the nature of its business
transactions, accounting principles and practices used by the client, and content of its financial
statements; Make inquiries to determine whether the client’s information is satisfactory; Read the
compiled financial statements and be alert for any obvious omissions or errors in arithmetic and
in the application of accounting standards; Read the compiled financial statements and be alert
for any obvious omissions or errors in arithmetic and in the application of accounting standards ;
Prepare documentation in sufficient detail to provide a clear understanding of the work
performed and any findings or issues that are significant; Request management to revise the
financial statements, if the accountant becomes aware of needed revisions. SSARS define three
types of compilation reports: Compilation with full disclosure, Compilation that omits
substantially all disclosures, Compilation without independence. In a preparation service
engagement, the CPA is engaged by the client to prepare or assist in preparing financial
statements, but the CPA does not provide any assurance on the financial statements or issue a
report, even if the financial statements are expected to be used by, or provided to, a third party.
Additionally, because the preparation service is a non-attest service, the CPA does not need to
determine whether he or she is independent. The CPA’s responsibilities when performing a
preparation service are similar to those performed in a compilation. The key differences are the
CPA does not issue a report and the CPA does not need to assess independence.

LO25-2

The SEC requires that quarterly financial statements be reviewed by the company’s
external auditor prior to the company’s filing of the Form 10-Q with the SEC. The SEC also
requires a footnote in the annual audited financial statements disclosing quarterly sales, gross
profit, income, and earnings per share for the past two years. Typically, the footnote in the
annual statements is labeled unaudited. Like reviews under SSARS, a public company interim
review includes five requirements for review service engagements. The auditor must: (1) obtain
knowledge of the accounting principles of the client’s industry, (2) obtain knowledge of the
client, (3) make inquiries of management, (4) perform analytical procedures, and (5) obtain a
letter of representation. Also like SSARS reviews, reviews for public companies do not provide a
basis for expressing positive opinion level assurance. Ordinarily, auditors perform no tests of the
accounting records, independent confirmations, or physical examinations. However, the two
types of reviews differ in several areas. Because an annual audit is also performed for the public
company client, the auditor must obtain sufficient information about the client’s internal control
for both annual and interim financial information. Similarly, because the client is audited
annually, the auditor’s knowledge of the results of these audit procedures is used in considering
the scope and results of the inquiries and analytical procedures for the review. Under SSARS, the
auditor makes inquiries about actions taken at directors’ and stockholders’ meetings; for a public
company, the auditor reads the minutes of those meetings. The auditor must also obtain evidence
that the interim financial information agrees or reconciles with the accounting records for a
public company interim review. The quarterly data reviewed by the auditor and included as a
footnote in the annual audited statements should be labeled “unaudited.” However, a separate
review report for this information is not required.

LO 25-3:

Nowadays, CPAs are requested to perform various audit-like procedures, or attest

services, in order to gain information for various objectives. A CPA may perform an attestation
engagement, where they report on how reliable the information received from parties really are;
an example of this would be when banks request information regarding loan requirement
fulfillment by a certain audit client to CPAs. As any other engagement performed by CPAs,
some rules and standards have been set in order to control performance of CPAs. According to
AICPA, there are 5 general standards, 2 standards of field work, and 4 standards of reporting;
they are stated in general terms so usage would be simple, while also being parallel to audit
principles in accordance to audit standards. The AICPA’s Auditing Standards Board also issued
attestation standards called Statements on Standards for Attestation Engagements (SSAE); they
issue this in an attempt to distinguish between issues that should be addressed using auditing or
attestation standards. Aside from on conceptual terms, AICPA does not differentiate or set
boundaries for attestation engagements since there are a lot of new methods or things that keep
on popping up.

According to attestation standards, there are three main levels of engagements and related
forms of conclusions, which are examinations, reviews, and agreed-upon procedures; these levels
produce different outcomes in the terms of conclusions. Examinations would provide a positive
conclusion, which would be expressed as an opinion; this level requires an extensive amount of
evidence and provides a high level of assurance. Reviews would provide a moderate level of
assurance, which would be expressed by as a form of a negative assurance conclusion; this level
requires a significant amount of evidence and provides a moderate level of assurance. Agreed-
upon procedures is different than the other levels; this level ensures that the procedures
performed are agreed upon by the CPA, the party who makes assertions, and specific users of the
CPA’s results. The conclusion would be based on the findings from the procedures and has a
limited distribution, which differs from other levels; this level also requires varying or
undetermined levels of assurance and amounts of evidence.
LO 25-4:

Nowadays, some companies may choose to outsource most or all of their IT components
and service needs to service companies. However, they might become extensively dependent on
the internal controls of the outsourced company in order to fulfill their auditing needs. In order to
help said companies, there are reports named Service Organization Control Reports that help
provide assurance regarding the service organization’s internal control. There are three types of
SOC reports, which are SOC 1 (Report on Controls at a Service Organization Relevant to User
Entities’ Internal Control Over Financial Reporting), SOC 2 (Report on Controls at a Service
Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or
Privacy), and SOC 3 (Trust Services Report for Service Organizations) reports.

SOC 1 reports needs to meet the user entities’ needs that use the service organization and their
auditors that needs to understand the internal controls; they are used by the user’s auditor to plan
and design the user’s audit. The SOC 1 report is then divided into 2 types of reports, which are
Type 1 and Type 2 reports; the Type 1 report gives an opinion regarding fairness of description
of the service organization’s system and regarding design of controls suitability in said system,
while the Type 2 report contains an additional opinion about the operating effectiveness of
controls.

SOC 2 reports is used to fulfill the needs of users who need information and assurance regarding
service organization controls and how they affect the security, availability, and processing
integrity of the current systems the service organization, and also the confidentiality and privacy
of the information processed by these systems. Auditors use the 5 Trust Services Principles as a
criterion of evaluation for controls that include security, availability, processing integrity,
confidentiality, or privacy. CPAs reports the controls from these engagements and intend to
prevent, or detect and correct, errors or other events that would negatively affect the service or
information provided. SOC 3 reports are similar to the SOC 2 reports, but SOC 3 reports are
intended to be distributed to a wider range of potential and current users of the service
organization.

LO 25-5:

Prospective financial statements can be defined as the predicted future financial

statements for a company or entity, most commonly for the next year; users commonly use these
reports to help aid in their decision making. Since it is widely used, it is critical for auditors to
give attention to the reliability of the information; there are many opportunities and risks
associated with these statements. Risks might appear when initial predictions differ from the
reality, making the decisions made incorrect. There are 2 common types of these statements,
which are forecasts (present the best estimation of an entity’s expected financial position, results
of operations, and cash flows) and projections (present an entity’s financial position, results of
operations, and cash flows, to the best of the responsible party’s knowledge and belief, with one
or more hypothetical assumptions). These statements can be prepared for 2 audiences, which is
the general audience (where statements are used by any third party) and the limited audience
(where statements are used by parties in which the preparing party is directly related with). In
audience terms, forecasts can be provided for both general and limited use. On the other hand,
projections are restricted to limited usage, because they would better understand the prospective
statements and related assumptions than other parties.

There are three main types of engagements, which are examination engagements (CPA
obtains satisfaction as to the completeness and reasonableness of all the assumptions),
compilation engagements (CPA is primarily involved with the computational accuracy of the
statements), and agreed-upon procedure engagements (CPA and all users of the statements agree
on specific, limited attestation procedures). There are also 4 levels of examination of prospective
financial statements, which includes evaluating the preparation of the prospective financial
statements, evaluating the support underlying the assumptions, evaluating the presentation of the
prospective financial statements for conformity with AICPA presentation guidelines, and issuing
an examination report.

LO 25-6

Agreed-upon procedures engagement is a situation when the auditor and management or a third-
party user agree that the engagement will be limited to certain specific procedures. It is also
referred by many CPAs as procedures and findings engagements because the resulting reports
are focused on the specific procedures performed and the findings from those completed
procedures.

Agreed-upon procedures engagements appeal to CPAs because the management, or a third-party

user, specifies the procedures they want done by the CPA and then the CPA make the resulting
reports describing the procedures and the findings from the procedures which has been done. If
the management or a third-party user is willing to identify some specific procedures for the CPA
firm to do for the company, it will be easier for the CPA to manage the audit. Some agreed-upon
procedures engagements might involve a CPA calculating internal rates of return and beta risk
for measuring volatility for a mutual fund or gross sales amounts used to compute rent under a
store lease for a retail firm.

LO 25-7

There are other comprehensive basis of accounting other than GAAP and IFRS. Auditing
standards apply to these audit engagements but with different reporting requirements. There is
cash basis accounting, where only cash receipts and disbursements are recorded, and also
modified cash basis of accounting, where the cash basis is followed except for certain items.
There is also basis used to comply with the requirements of a regulatory agency, like the uniform
system of accounts required of some companies. Income tax basis uses the same measurement
rules used for filing tax returns for the financial statement preparation. Financial reporting
framework for small- and medium-sized businesses was developed by AICPA and it is a blend of
traditional accounting principles and accrual income tax methods of accounting. Lastly, there is
also a definite set of criteria having substantial support, like the price-level basis of accounting,
and it must be applied to all material items in the financial statements. The auditor must fully
understand the accounting basis that the client is required to follow, whether it is GAAP, IFRS,
or another comprehensive basis of accounting.

Auditors are often asked to audit and issue reports on specific aspects of financial statements.
The audit of specified elements, accounts, or items is applied to less than the full financial
statements than the ordinary audit. Materiality is defined in terms of the elements, accounts, or
items being audited rather than for the overall statements to ordinarily require more evidence
than if the item being verified is just one of many parts of the statements. Auditors must extend
their audit efforts to include other elements, accounts, or items that are interrelated with those
that are being audited.

Auditors may issue reports on debt compliance and similar engagements as separate reports or as
a part of a report that expresses their opinion on the financial statements. The auditor must be
qualified to evaluate whether the client has met the provisions in the engagement, but auditors
are not qualified to determine whether the client has properly restricted its business activities to
the requirements of an agreement or if it has title to pledged property. The auditor also should
provide a debt compliance letter for a client for whom the auditor has done an audit of the overall
financial statements. Lastly, the auditor’s opinion is a negative assurance, stating that nothing
came to the auditor’s attention that would lead the auditor to believe there was noncompliance.