In this video, we walk through 5 AUD practice questions teaching about factors to consider for attestation engagements. These questions are from AUD content area 4 on the AICPA CPA exam blueprints: Forming Conclusions and Reporting
The best way to use this video is to pause each time we get to a new question in the video, and then make your own attempt at the question before watching us go through it.
Also be sure to watch one of our free webinars on the 6 “key ingredients” to an extremely effective & efficient CPA study process here…
Factors to Consider for Attestation Engagements
When a CPA performs an attestation engagement—whether it’s an assertion-based examination, a direct examination, or a review—the practitioner must evaluate several core factors. These factors ensure that the engagement is appropriate, the information subject to examination is suitable, and the final report adds credible assurance for intended users.
This overview outlines the key pillars a CPA must consider, with examples drawn from common scenarios covered in attestation exams and practice.
Suitability of the Subject Matter
The subject matter of an attestation engagement must be appropriate for examination or review. That means it should be:
- Measurable against suitable criteria
- Capable of reasonably consistent evaluation
- Presented clearly in a form that can be objectively verified
Example: A CPA can perform an examination on a company’s assertion about its carbon emissions if the emissions are measured according to a widely accepted environmental standard such as the GHG Protocol.
Subject matter can be financial (such as internal control over financial reporting) or non-financial (such as number of units produced or cybersecurity metrics).
Suitability and Availability of Criteria
The criteria are the benchmarks used to assess or measure the subject matter. Suitable criteria must be:
- Objective
- Measurable
- Complete
- Relevant
Example: If management claims that its customer data privacy practices are secure, the practitioner must evaluate that statement against specific, recognized criteria such as the AICPA’s Trust Services Criteria.
In assertion-based engagements, these criteria must be available to the users of the report so they understand how the subject matter was evaluated.
Assertion vs. Direct Examination
There are two basic types of engagements:
- Assertion-based examination or review: Management provides a written assertion about the subject matter.
- Direct examination: The CPA reports on the subject matter directly, with no assertion required from the responsible party.
Example: If management asserts that their greenhouse gas emissions have decreased by 10 percent, the practitioner evaluates that claim. In a direct examination, the practitioner might evaluate the emissions and issue a report without a prior management claim.
Understanding the difference affects evidence gathering, report format, and whether the practitioner needs to obtain a management assertion letter.
Evidence and Level of Assurance
The level of assurance provided varies by engagement type:
- Examination: Provides reasonable assurance (similar to an audit)
- Review: Provides limited assurance (usually expressed in negative assurance terms)
Example: In a review engagement over internal control, the CPA might inquire and perform analytical procedures rather than full testing, stating that nothing came to their attention to indicate a material misstatement.
The evidence collected must align with the level of assurance. For example, a review does not involve confirmation or detailed transaction testing.
Written Representations and Management Responsibility
In both assertion-based and direct engagements, the responsible party must accept responsibility for the subject matter or underlying subject matter. Additionally, the CPA typically obtains written representations.
Example: In an MD&A review, the CPA obtains a representation letter from management confirming their responsibility for the data and its presentation. This ensures management stands behind the subject matter.
Without management’s acknowledgment of responsibility, the CPA may be unable to perform the engagement.
Independence and Ethical Requirements
The CPA must be independent in both fact and appearance for all attestation engagements. This includes compliance with the AICPA Code of Professional Conduct and any other applicable standards.
Example: If a CPA helped design the controls being evaluated in a future examination, they may not be independent and cannot issue an examination report.
Independence helps users trust that the CPA’s report is unbiased and objective.
Engagement Acceptance and Preconditions
Before accepting the engagement, the practitioner must evaluate whether:
- The engagement exhibits the characteristics of an attestation engagement
- The criteria and subject matter are suitable
- The practitioner expects to be able to gather sufficient appropriate evidence
Example: If the practitioner is asked to examine customer satisfaction using a vague 1-to-10 scale without defined criteria, they may reject the engagement because the criteria are not suitable or measurable.
Preconditions are especially important when dealing with new or emerging subject matter areas such as sustainability or artificial intelligence.
Consistency of Presentation
For narrative information such as management’s discussion and analysis (MD&A), the practitioner must consider whether the information is presented consistently with the financial statements and other source data.
Example: When a CPA reviews MD&A and compares non-financial operating metrics like square footage or units sold to internal records, the focus is on ensuring consistency between the narrative and the underlying records.
This helps prevent misleading disclosures or selective presentation of results.
Summary of Engagement Types
Examination engagements involve a high level of assurance and typically assess whether management’s assertion is fairly stated. Direct examinations involve a similar level of assurance but are based on the practitioner’s direct evaluation of the subject matter rather than an assertion. Review engagements offer limited assurance and focus on whether anything came to the practitioner’s attention that would suggest a material misstatement.
Each type requires careful consideration of the factors outlined above, including subject matter, criteria, evidence, independence, and responsibility.
Final Note
Attestation engagements are flexible and powerful, but they require professional judgment, proper planning, and careful consideration of criteria, independence, evidence, and presentation. By applying these pillars, CPAs can issue reliable reports that serve the needs of regulators, investors, and stakeholders in an expanding assurance landscape.
