The AICPA Auditing Standards Board (ASB), which has completed clarifying Statements on Auditing Standards (SASs), is currently clarifying Statements on Standards for Attestation Engagements (SSAEs), also commonly known as the attestation standards. The attestation standards establish requirements for performing and reporting on examination, review, and agreed-upon procedures engagements that address subject matter other than financial statements, for example, the effectiveness of an entity’s controls over the security of a system, the fairness of the presentation of a statement of greenhouse gas emissions, and the privacy of personal information.
In clarifying the standards it issues, the ASB uses the following special drafting conventions to make the standards easier to read, understand, and apply:
Establishing objectives for each clarified section
- Including a definitions section, when relevant, in each clarified section
- Separating requirements from application and other explanatory material
- Numbering application and other explanatory material paragraphs using an A- prefix and presenting them in a separate section that follows the requirements section
- Using formatting techniques, such as bulleted lists, to enhance readability
Exposure Draft on General Attestation Standards
The extant attestation standards include four general standards that provide a framework for developing an attestation engagement. Those standards are AT section 20, Defining Professional Requirements in Statements on Standards for Attestation Engagements; AT section 50, SSAE Hierarchy; AT section 101, Attest Engagements (which addresses examination and review engagements); and AT section 201, Agreed-Upon Procedures Engagements.
On July 24, 2013 the ASB issued an exposure draft (ED) of a proposed SSAE Attestation Standards: Clarification and Recodification that would restructure the attestation standards. The ED proposes an initial section that would contain concepts common to all attestation engagements, and three separate sections for examinations, reviews, and agreed-upon procedures. These four sections would supersede AT sections 20, 50, 101 and 201.
At present the attestation standards also contain six subject-matter specific standards that address prospective financial information, pro forma financial information, internal control over financial reporting, compliance with laws and regulations, management’s discussion and analysis, and controls at service organizations. In the proposed restructured attestation standards, the subject-matter specific attestation standards would build on, and not repeat, the requirements and guidance in the applicable general attestation standards. For example, a practitioner examining an entity’s compliance with laws and regulations would need to comply with (1) the section that addresses concepts common to all attestation engagements, (2) the section that addresses examination engagements, and (3) the section that addresses compliance with laws and regulations.
Some of the more significant changes introduced in the July 2013 ED are the following
- The practitioner is required to obtain a written assertion in an examination or review engagement.
- The practitioner is required to obtain written representations in an examination or review engagement. However, if a responsible party who is not the engaging party, refuses to provide the practitioner with the required written representations, the practitioner may obtain satisfactory oral responses to inquires that address the matters ordinarily addressed by the written representations and restrict the use of the report to the engaging party.
- A risk assessment model is incorporated in the section of the attestation standards that addresses examination engagements.
The ASB discussed comments on the ED at its January 7-9, 2014 and among other things concluded that:
- The ED should be revised to provide for an exemption from obtaining a written assertion from the responsible party when the practitioner is performing an examination or review for a governmental entity that is required by law to undergo that engagement and the responsible party is not able or willing to provide a written assertion.
- In an agreed-upon procedures engagement an implicit or explicit assertion does not necessarily exist, as it does in an examination or review engagement. The common concepts and agreed-upon procedures sections of the proposed clarified attestation standards should be revised to reflect this conclusion; thereby, enabling the agreed-upon procedures standard to be retained in the attestation standards.
Because one of the objectives of the ASB’s clarity project is convergence with standards of the International Auditing and Assurance Standards Board (IAASB), the foundation for the common concepts, examination, and review sections of the proposed attestation standards is the April 2011 IAASB exposure draft, ISAE 3000, Assurance Engagements Other than Audits and Review of Historical Financial Information; final ISAE 3410, Assurance Engagements on Greenhouse Gas Emissions; and the AICPA’s attestation standards. ISAE 3000 is the IAASB’s framework standard for assurance engagements (the equivalent of attestation engagements). (ISAE 3000 was finalized in December 2013 and the ASB’s ED will be updated to reflect certain changes included in final ISAE 3000.)
Exposure Draft on Subject-Matter Specific Attestation Standards
On January 28, 2014, the ASB issued an ED of a proposed SSAE entitled Subject-Matter Specific Attestation Standards: Clarification and Recodification that clarifies AT 301, Forecasts and Projections, AT 401, Pro Forma Financial Information and AT 601, Compliance Attestation.
Some of the more significant changes introduced in the ED are the following proposed changes to AT 301:
The guidance on compilations of prospective financial statements would be removed from the attestation standards and redrafted as a Statement on Standards for Accounting and Review Services by the AICPA Accounting and Review Services Committee.
- The procedural guidance for examinations of prospective financial information would be moved from an appendix into AT 301 itself.
- The opinion in the examination report would be expanded to specifically state that, in the practitioner’s opinion, the assumptions are suitably supported.
The January 2014 ED does not include the following three subject-matter specific attestation standards:
AT 801, Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. Clarified AT 801 will be exposed for comment at a later date to provide the AICPA Service Organizations Task Force with the opportunity to align the draft with certain application guidance in the May 2013 AICPA Guide, Service Organizations, and to address certain issues encountered in practice.
- AT 501, An Examination of an Entity’s Internal Control Over Financial Reporting That is Integrated With An Audit of Financial Statements. AT 501 will be clarified and reissued as a SAS because it addresses an examination of internal control that is integrated with an audit of financial statements. (The ASB intends to develop a generic internal control attestation standard that will provide guidance to practitioners engaged to examine an entity’s internal control over financial reporting, operations, or compliance.)
- AT 701 Management’s Discussion and Analysis. AT 701 will not be clarified because practitioners report that they rarely perform these engagements; it will be retained in the attestation standards in its current form.
The comment period for the January 2014 ED ends on May 27, 2014.