Distinguishing Agreed-Upon Procedures from Consulting

Engagements and Reports

By Howard B. Levy, CPA

Featured, Columns, July 2017 Issue | July 2017

Get Copyright Permission

Editor’s Note: The following guidance applies to non–publicly held entities. Guidance for SEC issuers under PCAOB
standards may differ.

Agreed-upon procedures engagements are a special type of attest services that differ significantly from consulting
services in purpose and reporting and performance requirements. As acknowledged in the consulting standard,
however, “the nature and scope of [consulting] work are determined solely by agreement with the client” (CS 100.05).
Therefore, the difference between agreed-upon procedures and certain similar types of consulting engagements is
often a source of confusion among accountants. The language in CS 100.05 does not mean that the client
determines the methodologies or specific procedures to be employed, and it is not intended to suggest such
engagement should ever be defined as “agreed-upon procedures” unless the engagement is structured and
conducted in compliance with the more rigid attestation standards in which that term is defined.

What Else Do the Standards Say?

Agreed-upon procedures engagements are governed by the AICPA’s Statements on Standards for Attestation
Engagements (SSAE), most recently by SSAE 18, Attestation Standards: Clarification and Recodification(effective
May 1, 2017), principally as AT-C section 215, “Agreed-Upon Procedures Engagements.” On the other hand, the
broad range of consulting services performed by accountants are governed by the AICPA’s Statement on Standards
for Consulting Services (SSCS) 1, now codified as CS section 100. CS 100.02 says that consulting services “differ
fundamentally” from attest services, in which the accountant performs procedures enabling the issuance of a written
report that adds credibility to an assertion that is the responsibility of another party. The scope of each of these
standards mutually excludes services within the scope of the other.

CS 100.05 defines consulting services as those wherein the accountant or consultant “develops the findings,
conclusions, and recommendations presented”; it further states that they typically involve fact-finding, problem-
solving, evaluating alternatives, and recommending or implementing courses of action, with the focus being generally
to provide advice or technical assistance that is “only for the use and benefit of the client” (CS 100.02). Agreed-upon
procedures or other attest services, however, are generally performed at the request or for the benefit of a third-party
user. Ordinarily, there is little point in choosing the more rigid structure of an agreed-upon procedures engagement
when there is no third-party user.
Consulting services also typically “employ the accountant’s technical skills, education, observations, experiences, and
knowledge of the consulting process,” a different skill set than an attest service (CS 100.02). The basic underlying
professional standards embodied in CS 100.06, however, are quite brief and essentially the same as the general
requirements set forth in the Code of Professional Conduct. These apply to all professional engagements, and
specifically include requirements to 1) employ competency, integrity, objectivity, and due professional care; 2) obtain
sufficient relevant data to afford reasonable support for any conclusions or recommendations; and 3) plan and
supervise engagement performance adequately.

A Closer Look at the Differences

The most significant distinction between consulting services and agreed-upon procedures is that an agreed-upon
procedures engagement, as an attest service, results in a written report that is typically intended to add credibility to
an assertion of the responsible party, usually management, to benefit a third-party user. Management is not a “third-
party” user, although a consulting engagement is usually conducted for the primary benefit of the client and need not
result in a written report.

Two of the six categories of consulting services defined by CS 100.05(a)-(f), advisory and transaction services,
frequently involve third-party users who will rely on the consultant’s expertise in making financing, investment or other
decisions. Nevertheless, the presence or absence of a third-party user is not the sole determinant in deciding if a
service should be structured as an attest or consulting engagement. There might be third-party users for some
consulting services, and there might not be any identifiable third-party users for some attest services. For agreed-
upon procedures, however, authorized users must be identified in the required report and must take responsibility for
determining the effectiveness of the procedures for their purposes.

The three parties usually involved in any attest service are—

the asserter, who is responsible for a written assertion;

the attester, who performs procedures and issues a report intended to add credibility to the assertion; and
the user or interested party, who may rely on both the asserter and the attester in judging the credibility of the
assertion.

Note that the asserter might be the client or another party, in which case four parties are involved.

In contrast, the entire presentation and the declarations in a consulting service are usually those of the accountant or
consultant, who is not attesting to another party’s assertion. The assumptions are typically developed based on the
accountant’s or consultant’s own expertise, research, and analysis.

Another important distinction between attest and consulting services is that independence is required for attest
services, but not for consulting services, although maintaining objectivity is (CS 100.09, fn. 4). In addition, consulting
reports may be written or oral; agreed-upon and other attest reports must always be written.

There are many circumstances where it is either necessary or preferable to structure an engagement as a consulting
service, even though the client initially requested an agreed-upon procedures engagement:

An agreed-upon procedures engagement cannot be performed because the CPA is not independent, or
because there is no assertion of a responsible party.
There is no third-party user reliance expected, or the third-party user is willing to accept a consulting report in
lieu of an agreed-upon procedures report, and the client wishes to minimize time and fees.
The client is most interested in the accountant’s or consultant’s views and advice about the subject matter,
rather than specific tests applied to an assertion of management or another responsible party.

Some consulting engagements may produce reports that resemble agreed-upon procedures reports (without the
constraints of the attestation standards) and therefore may represent practical alternatives to a more onerous agreed-
upon procedures engagement.

As part of the research supporting a conclusion and recommendation, a reporting accountant or consultant might
incidentally evaluate written assertions of another party. This does not necessarily require that the services be
classified as attest services. In fact, such an evaluation or related conclusion would be prohibited in an agreed-upon
procedures report that is limited by attestation standards to reporting only procedures and objective findings (AT
215.25, and .35h). A consulting report, however, may contain no conclusion or recommendation and is limited to
reporting procedures employed and findings.

The Exhibit illustrates the significant differences between the two types of engagements. Accordingly, it is necessary
that the proper classification of the engagement be recognized and the accountant or consultant comply with the
appropriate professional standards. Distinguishing between attest and consulting services can be complex; these two
services not only require compliance with different professional standards, but also affect engagement planning,
staffing, fieldwork, evaluation criteria, and perhaps most significantly, reporting. It is the accounting firm’s
responsibility to determine which service is most appropriate, since clients’ management and users cannot generally
be expected to be aware of the significant differences.

EXHIBIT
Principal Differences between Agreed-Upon Procedures and Consulting Engagements
Whenever there is even a remote possibility of misunderstanding, the accountant or consultant would be well advised
to use language in engagement letters and reports that clearly state the objective of the engagement and describe
the nature of the services as consulting.

Is There Another Alternative?

Contrary to popular belief, there is no requirement that an engagement to perform procedures and report findings
must be conducted in compliance with either agreed-upon services or consulting engagement standards. Although
any service that is intended primarily to assist management in achieving one of its objectives might well be
considered a consulting service, even if it does not produce advice or a recommendation, some may view certain
nonattest engagements to perform procedures and report findings as something else.

If, in the auditor’s judgment, an engagement does not fit the definition of a consulting service and does not qualify as
an agreed-upon procedures (attestation) engagement, an acceptable alternative format is a third-party verification
letter (not “report”). Verification letters are not products of attestation or consulting services, and accordingly are not
governed by any specific categorical standards, but only by the requirement to protect client confidentiality and the
general requirements of the Code of Professional Conduct.

Nonauthoritative guidance, including cautionary advice, as to the use of verification letters, “What to Know About
Third Party Verification Letters (Often Referred to as Comfort Letters),” was issued in October 2014 by the AICPA’s
Financial Reporting Center (http://bit.ly/2sEGNdN), and a related untitled position paper was issued previously in
May 2014 (http://bit.ly/2rAYp5G).