In this video, we walk through 5 AUD practice questions teaching about reporting on contractual and regulatory compliance. These questions are from AUD content area 4 on the AICPA CPA exam blueprints: Forming Conclusions and Reporting
The best way to use this video is to pause each time we get to a new question in the video, and then make your own attempt at the question before watching us go through it.
Also be sure to watch one of our free webinars on the 6 “key ingredients” to an extremely effective & efficient CPA study process here…
Reporting on Contractual and Regulatory Compliance
When an auditor reports on whether an entity complied with specific contractual or regulatory requirements as part of a financial statement audit, several important conditions and limitations apply. These reports are not stand-alone assurance services. Instead, they are issued only when certain criteria related to the financial statement audit have been met, and they are governed by clear professional standards. Below is a detailed look at what auditors need to consider in these situations.
Audit Opinion Requirement
Before an auditor can report on compliance with contractual agreements or regulatory requirements, they must have completed the audit of the financial statements and issued either an unmodified or qualified audit opinion.
- An unmodified opinion means the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.
- A qualified opinion indicates that except for a specific issue, the financial statements are fairly presented.
An adverse opinion (financial statements are materially misstated and not reliable) or a disclaimer of opinion (auditor was unable to obtain sufficient audit evidence) disqualifies the auditor from reporting on compliance.
Example:
A company wants its auditor to report on compliance with a debt covenant requiring a minimum current ratio. If the auditor issued an unmodified or qualified opinion on the financial statements, this is permitted. If the auditor issued an adverse opinion because inventory was materially overstated, the auditor cannot issue a compliance report.
Nature of Assurance: Only Negative Assurance Permitted
In this type of reporting, the auditor is limited to providing negative assurance. This means the auditor states that nothing came to their attention that caused them to believe the entity failed to comply with the specified requirements. This is far less extensive than the positive (reasonable) assurance provided in an audit opinion.
Negative assurance is only permitted when the auditor has already audited the financial statements and has sufficient evidence, through the audit work, to make a limited statement about compliance.
Example:
Acceptable wording might be: “Based on our audit, nothing came to our attention that caused us to believe the entity failed to comply with the debt covenants described in Section 3.2 of the agreement.”
Auditors may not say, “We believe the entity complied with…” or “In our opinion, the entity was in compliance…” because those would imply a level of assurance not supported by the procedures performed.
Use of the Report Must Be Restricted
Compliance reports of this nature are not general-purpose reports and must be clearly marked for restricted use. This means the report should be addressed only to those who have a direct interest in the compliance—such as lenders, grant providers, or regulatory authorities.
The restriction is necessary because the report is based only on procedures performed in connection with the financial statement audit. It may not be suitable for users who lack a clear understanding of those procedures or the limitations of negative assurance.
Example:
If a bank has required the auditor to report on compliance with a loan agreement, the report should state that it is intended solely for the information and use of the bank and the audited entity, and not intended to be used by others.
Specific Reference to the Relevant Provisions
The auditor must clearly identify the exact contractual or regulatory provisions being reported on. It is not sufficient to say the auditor considered “the agreement” or “the regulations” as a whole. The language in the report must point to particular clauses, requirements, or terms.
This level of specificity is necessary for the report to be meaningful and relevant to users who want assurance over particular compliance matters.
Example:
Instead of saying: “We considered compliance with the lease agreement,”
the report should state: “We considered compliance with the maintenance reserve funding requirements as outlined in Section 4.1 of the lease agreement dated May 1, 20X3.”
No Separate Procedures Performed
Auditors do not perform additional procedures solely for the purpose of issuing a compliance report in this context. All assurance is based on procedures already completed during the financial statement audit. That means the auditor must evaluate whether those procedures provide sufficient evidence to support a statement about compliance.
If additional procedures are necessary to support the report, then the engagement likely falls under a different service category—such as a separate agreed-upon procedures or attestation engagement.
Example:
If a grant requires that at least 75% of funds be spent on program services, and the auditor’s financial audit already involved detailed testing of expenses and functional classifications, then the auditor may use that work to support the compliance report. They do not go back and perform new or additional testing specific to the grant.
Summary of Key Points
Auditors can issue a report on compliance with aspects of contracts or regulations only when the following factors are met:
- The auditor issued an unmodified or qualified opinion on the audited financial statements.
- The report provides negative assurance only.
- The report is restricted to intended users (e.g., lenders, regulators).
- The auditor references specific contractual or regulatory provisions.
- No new procedures are performed; the auditor relies solely on procedures completed during the audit.
These reports are tightly scoped and follow specific rules to prevent misunderstanding about what level of assurance is being provided. They help provide limited feedback to stakeholders who rely on compliance with financial terms—but only within the bounds of what the audit work already supports.
