Auditing, Attestation and Assurance
The role of the CPA, the auditor, and the accounting professional has changed drastically in the past few years; specifically after the passing of the Sarbanes Oxley Act of 2002 (SOX). As more companies were exposed for falsifying their financial statements regardless of intent, the SOX ruling was put in place to limit as much as possible such violations and misleading of the public concerning investments in publicly traded companies. New services such as assurance and attesting services have been added to those which CPA’s offer which are much desired in today’s unstable financial condition.
Auditing is the process of inspecting the accounting records and business practices of companies, organizations, and other business entities. The Report of the Committee on Basic Auditing Concepts of the American Accounting Association defines auditing as a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users.
Typically, three types of auditors exist: (i) independent auditors, (ii) internal auditors, and (iii) government auditors. The information that is obtained from an audit is used by a variety of different users, such as, investors, general management, or lenders. An investor could use the information to decide if the company was a valuable entity to purchase stock from. A general manager would use the information to make adjustments that could improve the business by having the ability to make more sound decisions on how the company is functioning. The banks would be interested in the information because could help them determine if loaning money to the business would be a risk.
Independent auditors are often hired by corporations to conduct financial statement audits, compliance audits, and operational audits. Prior to performing auditing services, the auditor and business entity perform engagement planning to ensure that the auditor is capable and possesses the education, ability, and understanding to properly address the auditing needs of the company, and that the business entity has demonstrated ethical and appropriate accounting practices which provide the auditor with accurate and reliable information.
When performing a financial statement audit, the auditor must obtain all relevant evidence pertaining to the entity’s financial position, results of operations, and cash flows in order to opine on whether or not data is presented in conformity with Generally Accepted Accounting Principles (GAAP) and other established criteria. Compliance auditing is the process of evaluating evidence to ascertain that financial and operational activities conform to preexisting accounting principles, laws, and regulations. An operational audit determines the effectiveness of the entity’s operational activities in relation to specified objectives.
Standards that apply to auditing services are mainly derived from Generally Accepted Auditing Standards (GAAS), the Public Companies Accounting Oversight Board (PCAOB), and the Statements on Auditing Standards (SAS). GAAS provides general standards, relating to the auditor’s qualifications and quality of work, standards of fieldwork, and standards for reporting that auditors must follow. The PCAOB is a private sector organization that oversees auditors of public companies with the intention of protecting the interests of the auditing report users. SAS is designated as the senior technical body of the American Institute of Certified Public Accountants (AICPA) to issue pronouncements on auditing standards for auditors to comply with.
Attestation engagements are provided in circumstances that require that the assertions and statements of a party need to be reviewed and verified by an impartial third party with adequate knowledge and expertise to provide an opinion on the accuracy and validity of the assertions. Attestation engagements differ from audits in that they are not designed to test procedural and reporting compliance with GAAP. For this reason no detailed review of historical financial information may be required except where necessary to test the assertions and accuracy of the assertions being made.
The governing standards for attestation agreements are put forward in the Statements on Standards for Attestation Engagements (SSAE) and differ from GAAS in that the practitioner, generally a CPA, provides no opinion. The level of assurance available for attestation engagements is limited to examination, review, compilation, and agreed upon procedures. Under these standards the four major types of attestation services provided by practitioners are:
- SSAE 101 engagements (involving review of the reliability of information systems)
- Agreed-upon procedures engagements
- Prospective financial information (forecasts & projections)
- Compliance attestations
A variety of types of consumers can benefit from the various attestation engagements. Third parties interested in the accuracy of statements and information produced by companies and other organizations regarding business transactions and relationships would require verification of the information provided by the entity. Examples include retail leasing agents who receive over-rides on sales amounts in addition to base rent may want sales figures of stores attested. Banks providing lending agreements with inventory and accounts receivable as collateral would want independent verification of these amounts. Governments and other entities providing grants and other monies contingent ion compliance and performance of the receiving entity would want to be able to verify the assertions put forward by the recipient. In each of these circumstances attestation engagements would provide useful and cost effective confirmation of the information used to make decisions.
While auditing services relates specifically to financial statements and attestation services relates to financial information which is expanded further than the financial statements, assurance services relates to many different kinds of information, including nonfinancial. The AICPA Special Committee on Assurance Services defines assurance services as independent professional services that improve the quality of information, or its context, for decision makers.
In improving the quality of information, assurance services improve the reliability and relevance of the information. To show reliability of information, the information should be represented faithfully, be neutral and be consistent throughout time. To show relevance, the information should be understandable, compatible with similar entities, usable, and complete.
Assurance services, normally performed by CPAs, are targeted for decision makers. These decision makers may or may not be the client. Decision makers are anyone who would benefit from the information. The target group can range from a small group, such as the managers of a database, to a large group, such as potential investors. Examples of an assurance service a CPA firm may provide are customer satisfaction surveys, business risk assessment, and information systems security reviews.
When providing assurance services, CPAs should follow the Government Auditing Standards. The Government Auditing Standards are general standards that are an addition to generally accepted auditing standards (GAAS), which are required.
Multiple organizations that govern auditing, assurance, and attesting services, are available and easily accessed. The most prevalent organizations are the PCAOB for publicly traded companies and the AICPA for privately held corporations. The services provided by professional accountants, specifically CPA’s, have grown and the public as well as the accountant stands to gain from new restrictions, guidelines, and services available. Corporations will benefit from the trust obtained by such reports as the public makes investing decisions as well as security levels of their own internal controls. The public benefits as they read more detailed more restricted financial reports, and the CPA firms will benefit from increased need for the services provided.