The AICPA Auditing Standards Board (ASB) issued Statements for Attestation Engagements (SSAE) No. 18, Attestation Standards, Clarification and Recodification in April 2016. It will be effective for examination, review and agreed-upon reports dated on or after May 1, 2017.
Increasingly more often that the past, third parties are asking for attestation on subject matters other than historical financial statements, and the SSAEs may be the vehicle that allows the CPA to provide the desired conclusions or assurance. Examples of evolving relevant attestation engagements include:
- Reviewing an entity’s forecasted or projected financial information associated with a loan application,
- Examining an entity’s compliance with laws, regulations, contracts or agreements,
- Reviewing pro forma information presented to a potential investor or creditor,
- Examining the effectiveness of an entity’s controls over the security of an information technology system in a cloud-based environment,
- Reviewing the fairness of an entity’s presentation of nonfinancial statement matters, such as a statement of greenhouse gas emissions, or
- Performing agreed-upon procedures on an entity’s payroll wage reports, cash flows or other financial or nonfinancial matters.
In addition to redrafting the SSAEs using conventions designed to make the standards easier to read, understand and apply, recodified standards will be more consistent with related international requirements. Final completion of the ASB’s Clarity Project will also result in the physical location of technical guidance for performing certain attest engagements to shift. By the end of 2016, every compilation engagement will ultimately be governed by Statements on Standards for Accounting and Review Services (SSARS), along with existing guidance for reviews of historical financial information. Audits of historical financial statements are governed by Statements on Auditing Standards (SASs), and now the SASs will also govern any examination of an entity’s internal control over financial reporting that is integrated with an audit of financial statements.
The applicability of any recodified SSAE No. 18 section to a particular engagement depends on the level of service provided and the subject matter of the engagement. The purpose of any attestation engagement is to provide users (generally, third parties) with an opinion, conclusion or findings regarding the reliability of subject matter or an assertion about the subject matter, as measured against suitable and available criteria. A CPA’s report can enhance the degree of confidence that intended users can place in a wide array of financial and nonfinancial subject matter, both historical and prospective.
The downloadable and customizable practice aids in The Essential Third Party Verification Toolkit helps CPAs make more informed decisions about how to appropriately respond to outside requests for verification or other form of comfort, considering all nonattest and attest service options available. It also provides numerous illustrative engagement letters, procedures checklists, client representation letters, and reports for all services promulgated by the SSAEs, including highlighting the new requirements of SSAE No. 18.