Professional Documents
Culture Documents
Other Assurance Services PAPER GROUP 11
Other Assurance Services PAPER GROUP 11
By:
LO25-2
The SEC requires that quarterly financial statements be reviewed by the company’s
external auditor prior to the company’s filing of the Form 10-Q with the SEC. The SEC also
requires a footnote in the annual audited financial statements disclosing quarterly sales, gross
profit, income, and earnings per share for the past two years. Typically, the footnote in the
annual statements is labeled unaudited. Like reviews under SSARS, a public company interim
review includes five requirements for review service engagements. The auditor must: (1) obtain
knowledge of the accounting principles of the client’s industry, (2) obtain knowledge of the
client, (3) make inquiries of management, (4) perform analytical procedures, and (5) obtain a
letter of representation. Also like SSARS reviews, reviews for public companies do not provide a
basis for expressing positive opinion level assurance. Ordinarily, auditors perform no tests of the
accounting records, independent confirmations, or physical examinations. However, the two
types of reviews differ in several areas. Because an annual audit is also performed for the public
company client, the auditor must obtain sufficient information about the client’s internal control
for both annual and interim financial information. Similarly, because the client is audited
annually, the auditor’s knowledge of the results of these audit procedures is used in considering
the scope and results of the inquiries and analytical procedures for the review. Under SSARS, the
auditor makes inquiries about actions taken at directors’ and stockholders’ meetings; for a public
company, the auditor reads the minutes of those meetings. The auditor must also obtain evidence
that the interim financial information agrees or reconciles with the accounting records for a
public company interim review. The quarterly data reviewed by the auditor and included as a
footnote in the annual audited statements should be labeled “unaudited.” However, a separate
review report for this information is not required.
LO 25-3:
According to attestation standards, there are three main levels of engagements and related
forms of conclusions, which are examinations, reviews, and agreed-upon procedures; these levels
produce different outcomes in the terms of conclusions. Examinations would provide a positive
conclusion, which would be expressed as an opinion; this level requires an extensive amount of
evidence and provides a high level of assurance. Reviews would provide a moderate level of
assurance, which would be expressed by as a form of a negative assurance conclusion; this level
requires a significant amount of evidence and provides a moderate level of assurance. Agreed-
upon procedures is different than the other levels; this level ensures that the procedures
performed are agreed upon by the CPA, the party who makes assertions, and specific users of the
CPA’s results. The conclusion would be based on the findings from the procedures and has a
limited distribution, which differs from other levels; this level also requires varying or
undetermined levels of assurance and amounts of evidence.
LO 25-4:
Nowadays, some companies may choose to outsource most or all of their IT components
and service needs to service companies. However, they might become extensively dependent on
the internal controls of the outsourced company in order to fulfill their auditing needs. In order to
help said companies, there are reports named Service Organization Control Reports that help
provide assurance regarding the service organization’s internal control. There are three types of
SOC reports, which are SOC 1 (Report on Controls at a Service Organization Relevant to User
Entities’ Internal Control Over Financial Reporting), SOC 2 (Report on Controls at a Service
Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or
Privacy), and SOC 3 (Trust Services Report for Service Organizations) reports.
SOC 1 reports needs to meet the user entities’ needs that use the service organization and their
auditors that needs to understand the internal controls; they are used by the user’s auditor to plan
and design the user’s audit. The SOC 1 report is then divided into 2 types of reports, which are
Type 1 and Type 2 reports; the Type 1 report gives an opinion regarding fairness of description
of the service organization’s system and regarding design of controls suitability in said system,
while the Type 2 report contains an additional opinion about the operating effectiveness of
controls.
SOC 2 reports is used to fulfill the needs of users who need information and assurance regarding
service organization controls and how they affect the security, availability, and processing
integrity of the current systems the service organization, and also the confidentiality and privacy
of the information processed by these systems. Auditors use the 5 Trust Services Principles as a
criterion of evaluation for controls that include security, availability, processing integrity,
confidentiality, or privacy. CPAs reports the controls from these engagements and intend to
prevent, or detect and correct, errors or other events that would negatively affect the service or
information provided. SOC 3 reports are similar to the SOC 2 reports, but SOC 3 reports are
intended to be distributed to a wider range of potential and current users of the service
organization.
LO 25-5:
There are three main types of engagements, which are examination engagements (CPA
obtains satisfaction as to the completeness and reasonableness of all the assumptions),
compilation engagements (CPA is primarily involved with the computational accuracy of the
statements), and agreed-upon procedure engagements (CPA and all users of the statements agree
on specific, limited attestation procedures). There are also 4 levels of examination of prospective
financial statements, which includes evaluating the preparation of the prospective financial
statements, evaluating the support underlying the assumptions, evaluating the presentation of the
prospective financial statements for conformity with AICPA presentation guidelines, and issuing
an examination report.
LO 25-6
Agreed-upon procedures engagement is a situation when the auditor and management or a third-
party user agree that the engagement will be limited to certain specific procedures. It is also
referred by many CPAs as procedures and findings engagements because the resulting reports
are focused on the specific procedures performed and the findings from those completed
procedures.
LO 25-7
There are other comprehensive basis of accounting other than GAAP and IFRS. Auditing
standards apply to these audit engagements but with different reporting requirements. There is
cash basis accounting, where only cash receipts and disbursements are recorded, and also
modified cash basis of accounting, where the cash basis is followed except for certain items.
There is also basis used to comply with the requirements of a regulatory agency, like the uniform
system of accounts required of some companies. Income tax basis uses the same measurement
rules used for filing tax returns for the financial statement preparation. Financial reporting
framework for small- and medium-sized businesses was developed by AICPA and it is a blend of
traditional accounting principles and accrual income tax methods of accounting. Lastly, there is
also a definite set of criteria having substantial support, like the price-level basis of accounting,
and it must be applied to all material items in the financial statements. The auditor must fully
understand the accounting basis that the client is required to follow, whether it is GAAP, IFRS,
or another comprehensive basis of accounting.
Auditors are often asked to audit and issue reports on specific aspects of financial statements.
The audit of specified elements, accounts, or items is applied to less than the full financial
statements than the ordinary audit. Materiality is defined in terms of the elements, accounts, or
items being audited rather than for the overall statements to ordinarily require more evidence
than if the item being verified is just one of many parts of the statements. Auditors must extend
their audit efforts to include other elements, accounts, or items that are interrelated with those
that are being audited.
Auditors may issue reports on debt compliance and similar engagements as separate reports or as
a part of a report that expresses their opinion on the financial statements. The auditor must be
qualified to evaluate whether the client has met the provisions in the engagement, but auditors
are not qualified to determine whether the client has properly restricted its business activities to
the requirements of an agreement or if it has title to pledged property. The auditor also should
provide a debt compliance letter for a client for whom the auditor has done an audit of the overall
financial statements. Lastly, the auditor’s opinion is a negative assurance, stating that nothing
came to the auditor’s attention that would lead the auditor to believe there was noncompliance.