The Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) recently issued its attestation guidance in a new, clarified format. Here are more details on what’s changing for attestation engagements, including examinations, reviews and agreed-upon procedures.
Out with the old
On April 5, the AICPA published Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification. It supersedes the existing attestation guidance except for:
- SSAE No. 15, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements,
- Attestation Interpretation No. 1, Reporting Under Section 112 of the Federal Deposit Insurance Corporation Improvement Act, and
- Chapter 7, “Management’s Discussion and Analysis,” of SSAE No. 10, Attestation Standards: Revision and Recodification.
In with the new
Some of the most significant changes in SSAE No. 18 relate to:
Written assertions. Under the new guidance, an accountant is required to request a written assertion from the responsible party — which is usually the company’s management — in all attestation engagements, including agreed-upon procedures engagements. The existing standards state that a practitioner should ordinarily obtain a written assertion from the responsible party in only an examination or review engagement.
Representation letters. The new standard requires accountants to request written representations for all attestation engagements. Current guidance for attestation engagements doesn’t require a representation letter. But it does suggest requesting one under the standards that provide specific subject matter guidance and when performing an examination or review engagement.
Incorporation of auditing concepts. The ASB generally equates an examination under the attestation standards with an audit under U.S. Generally Accepted Auditing Standards (GAAS). So, the new attestation standard adopts several requirements previously found only in GAAS. The most significant is a requirement to apply risk-assessment procedures in an attestation examination. The risk assessment includes an understanding of internal control over the subject matter and an assessment of risks of material misstatement of the subject matter.
The new guidance for examination engagements also creates requirements similar to — but generally less detailed than — those in the auditing standards in the following areas:
- Tests of controls,
- Analytical procedures,
- Fraud, and
- Internal auditors.
These requirements don’t apply to review engagements. Moreover, the guidance for compilation services has been removed from the attestation standards. Now, the attestation standards apply only to examination, review and agreed-upon procedures engagements.
The current guidance covers compilations of prospective financial information because it was originally issued before the attestation standards were established. Accordingly, the AICPA issued an exposure draft in December 2015 that would establish separate standards for compilations of prospective financial information. A final standard is expected to be issued later this year and go into effect for reports dated on or after May 1, 2017.
Integrated audit guidance to the auditing standards. The ASB moved the content of AT Section 501, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements, from the attestation guidance to the auditing standards. This change happened when the AIPCA published Statement on Auditing Standards No. 130, An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements, and it’s effective for engagements with periods ending on or after December 15, 2016. Once effective, SAS 130 will supersede the integrated audit guidance in the attestation standards.
The SSAE No. 18 project is part of the AICPA’s broad-ranging initiative to reformat much of its existing guidance. The changes aim to make the rules easier to understand and apply. In the clarified format, each section of the attestation guidance includes an objective, definitions of key terms, the section’s requirements for accountants, application guidance and explanatory material. The clarified rules also are expected to converge with the guidance issued by the International Auditing and Assurance Standards Board. The new standard goes into effect for reports issued on or after May 1, 2017.