What are the 3 types of attestation service?

For most small business owners, the day-to-day accounting needs of the business primarily focus on two things: management accounting (maintaining an accurate record of the company’s accounting that can be used to effectively guide management decisions), and tax accounting (ensuring ongoing compliance and preparation for annual tax filings). However, there are times when a third objective comes into play: attestation.

Attestation is the process whereby a Certified Public Accountant (CPA) provides a specific and impartial review of one or more aspects of the accounting associated with the enterprise, and expresses a professional opinion regarding the reasonableness of what is presented. For example, an audit is one form of attestation, and is the one with which most people are familiar, at least conceptually.

The purpose of attestation is to provide a specific level of professional evaluation and confirmation regarding the state of the company’s accounting. The CPA in an attestation engagement is “attesting”, on the basis of his or her evaluation and professional reputation, to some aspect of the company’s accounting.

There are three levels of attestation commonly employed: compilation, review and audit. Each of these levels builds successively off the core elements established by its predecessor. Put another way, the compilation offers the most restricted level of attestation, and the audit offers the most comprehensive level of attestation.

Level 1: Compilation

In a compilation engagement, your CPA will prepare (compile) a set of financial statements, but will not express a professional opinion regarding the nature or accuracy of what is compiled. In other words, a compilation does not provide any assurance value.

However, compilations can be useful because they structure financial data into a format that is consistent and follows widely accepted standards. In layman’s terms, the compilation organizes your accounting and files everything in the right place, allowing for a clearer picture of the information contained within.

Level 2: Review

Whereas a compilation engagement focuses primarily on organizing information, the review builds on this foundation and goes one step further. In a review, the CPA evaluates and expresses limited assurance that there are no modifications or changes which must be made to your financial statements that would be necessary in order for them to conform with accounting standards (such as GAAP).

In this sense, the CPA is both organizing the information into the right files, and is then offering a qualified and limited statement saying that in looking at the files, everything appears to be in the right place.

Level 3: Audit

Audits are the most intensive form of attestation engagement, and result in a comprehensive level of assurance as a result of the process. In an audit, the compilation is performed and the review is executed, but far beyond that, the CPA firm will also perform a rigorous and in-depth analysis of all aspects of the accounting operation and supporting documentation or data, to ensure that information is accurate and based on sound sources.

Some organizations are required to have regular audits (such as publicly traded companies and nonprofit organizations), whereas others will have an audit to satisfy certain conditions (such as requirements from bonding companies, financial institutions, government agencies or private investors).

Considering the Right Level of Attestation

The Dodd-Frank Act and other recently enacted financial regulations have placed more scrutiny on accounting standards, often leading to more requests or requirements for full-blown audits. However, a full audit is a very expensive and time-consuming process, one that is often unreasonably out-of-reach in both time and investment for small businesses. As a result, audits are becoming increasingly rare as the option of choice, as businesses shift in favor of compilation or review in more cases.

As a result, it may be useful in many cases to consider a lower level of attestation when some form of attestation is required or requested. For example, a bonding company, lender or creditor working with a small construction company may consider accepting a review instead of an audit as a satisfactory level of attestation.

Small businesses owners would do well to familiarize themselves with the distinctions, differences and benefits associated with all three levels of attestation so that they can discuss all three levels as options with those parties to whom an attestation may be important for a transaction. To learn more about how the three levels of attestation may be relevant to your small business, contact your professional CPA today.

Attest Services

Assurance

• Audit
• Examination
• Review

Non-Assurance

• Agreed-Upon Procedures

Nonattest Services

• Compilation

Attest Services

Attest (or attestation) services can cover a broad range of financial or nonfinancial objectives based on the users’ needs. Auditors evaluate subject matter or an assertion in accordance with specific criteria. Attest engagements include assurance and non-assurance services. Most importantly, attest services are a set of protected services that only licensed certified public accountants (CPA) who operate within a CPA firm can perform. Why?  

Licensed CPAs have the right degree of expertise, education, and regulatory oversight to conduct attest engagements following standards issued by the American Institute of Certified Public Accountants (AICPA). CPAs must be independent on all attest engagements. 

In addition, they’re required to participate in ongoing education requirements and peer review efforts and comply with a professional code of conduct. Each of these factors ensures that the CPA profession is appropriately regulated and CPAs deliver high-quality services.  

If you choose to engage an audit firm for an attest service, you can be confident that the CPAs have the credentials and resources to do the job well.  

Back to top

Assurance Services

Assurance services fall within the larger category of attest services. When providing assurance services, a CPA issues a report that expresses his/her opinion on the subject matter. The goal of an assurance service is to enhance decision-makers’ confidence in specific information, such as financial statements or security controls. Therefore, CPAs perform procedures to test the credibility of information. These procedures may include inquiries, observations, or more detailed testing. 

In Michigan, three engagements fall under the umbrella of attest and assurance services: audits, reviews, and examinations.

Back to top

Audit

Audits provide the highest level of assurance. The purpose of an audit is to provide financial statement users with an opinion on whether the financial statements are presented fairly, in all material respects, according to the applicable reporting framework. Financial statement audits are subject to generally accepted auditing standards (GAAS) issued by the AICPA. 

During an audit, CPAs perform procedures to obtain reasonable assurance that financial statements are free from material misstatement. The auditor may conduct physical inspections, make inquiries, request third-party confirmations, make observations, and take other actions they deem necessary to obtain this assurance. 

Once procedures are complete, CPAs will issue a formal report letter attached to the financial statements. The report expresses an opinion on whether the information is presented fairly in accordance with the applicable financial reporting framework. And, CPAs must issue a separate report on any internal control deficiencies they discover that rise to the level of a significant deficiency or material weakness. 

Many companies need an audit when applying for financing or credit, looking for outside investors, or preparing to sell or merge. The auditor’s report gives each party more confidence in the accuracy of the information and allows them to make a more informed decision.  

Back to top

Read our blog post: 11 Different Types Of Audits That Can Help Your Business

Examination

An examination achieves the same level of assurance – reasonable assurance – as an audit. However, CPAs examine business matters, not financial statements. When conducting an examination, a CPA obtains reasonable assurance by gathering sufficient evidence to evaluate the subject matter against criteria. Then, the CPA offers a written opinion on whether the subject matter complies with the criteria in all material respects.  

Examples of business matters that could be subject to examination include security and privacy controls, sustainability, compliance with rules/regulations, and greenhouse gases. 

Back to top

Review

According to the AICPA, “the review is the base level of CPA assurance services.” CPAs provide limited assurance to the end-users of the reviewed information. The scope of a review is much narrower than an audit or examination. 

During a review, the CPA performs analytical procedures and inquiries to obtain sufficient evidence to support their conclusion. Once the review is complete, the CPA will issue a report that states whether they’re aware of any material adjustments that need to be made so that records comply with the applicable criteria or to ensure the information is fairly stated. They also describe their process so users have the context to understand the conclusion. 

Many privately-held companies provide financial statements to outside parties, and therefore, require reviews. You may want a review if your business is growing and needs additional financing or credit. Or, you may want to evaluate an aspect of your business on its overall accuracy to make key decisions. Again, CPAs commonly review financial statements, but you could also request a review of the physical characteristics of facilities or human resource practices.  

Back to top

Non-Assurance Services

When CPAs perform non-assurance services, they issue a report, but it doesn’t include their opinion or conclusion on the subject matter they evaluated. Non-assurance services can fall within the umbrella of attest engagements. Agreed-upon procedures engagements are a type of non-assurance service.

Back to top

Agreed-Upon Procedures

An agreed-upon procedures (AUP) engagement is when a CPA conducts a select set of procedures. The CPA works with the client and/or related parties to identify and verify the procedures, performs them, then issues a report on their findings. The CPA doesn’t provide their opinion or conclusion in the report. The client is responsible for reviewing the report and drawing their own conclusions based on the CPA’s findings.  

Why would you want an AUP? If you don’t need a full audit, AUPs are great options! You get the benefit of an independent professional conducting audit-like procedures. You can design procedures to evaluate financial or nonfinancial subjects. You can review the report and make your own decisions. It’s less rigorous than an audit but specific enough to gain a better understanding of the subject matter.  

Examples of agreed-upon procedures include verifying cash balances, evaluating the validity of credit card transactions, and confirming the sales and profits of an entity. As with all attest services, the CPA you hire to conduct agreed-upon procedures must be licensed, work for a licensed CPA firm, and be independent.

Back to top

Nonattest Services

Nonattest services differ from attest engagements because CPAs don’t express opinions, conclusions, or findings. They cover a broad range of accounting services, such as financial statement preparation, compilations, cash to accrual conversions, tax return preparation, advisory services, forensic accounting, and more!  

Both CPAs and non-CPAs can perform nonattest services, but CPAs follow more rigorous reporting standards as members of professional accounting associations. If a CPA provides an attest service to a client, they should evaluate their independence before beginning a nonattest service. If their independence is impaired by performing a nonattest service, they should resolve the independence issue or decline the job.  

Back to top

Compilation

CPAs use their expertise to help management prepare and present the company’s financial statements. The CPA doesn’t perform any procedures to obtain assurance on the validity of the information in the financial statements.  

Simply put, management collects and shares the required financial information with the CPA. The CPA compiles the information and shares the results in the form of financial statements. If the CPA finds significant issues, they’ll communicate them to management to make necessary corrections before issuing an accountant’s compilation report letter. 

You may request a compilation for your business to obtain financing or credit or when you don’t have the resources to properly prepare financial statements.

What are examples of attestation services?

What are the four categories of attestation services?

What are the five categories of attestation services?

What are considered attest services?