Audit and Assurance Services

Attest services can only be performed by a CPA who works within a CPA firm. The hallmark of an attest service is that the CPA must be independent to provide the service. Attest services include audits, examinations, reviews, agreed-upon-procedures, and, in most states, compilation engagements.

For an assurance service, the CPA expresses an opinion or a conclusion on the subject matter so the user can make informed decisions. Assurance services include audits, examinations, and review engagements.

An audit of a nonpublic company is performed in accordance with the AICPA Statements on Auditing Standards, also referred to as generally accepted auditing standards, aka GAAS. Those standards are applied to historical financial statements to obtain reasonable assurance that the financial statements are free from material misstatement. Reasonable assurance is a high level of assurance under GAAS. The nature, timing, and extent of procedures performed are based on the auditor’s judgment. Such procedures may include confirmations of balances and other information with outside sources, attorney representations regarding litigation and unasserted claims, an inspection of documents, inquiries with the Company’s personnel, recalculations, analytics, and written representations from the Company’s management documenting specific responses made to the auditor during the engagement. Reasonable assurance is the highest level of assurance that a CPA can provide. Under reasonable assurance, however, the auditor does not guarantee that the financial statements are 100% correct. Instead, the auditor opines that the financial statements present fairly, in all material respects, the Company’s financial position, results of operations, and cash flows. Audited financial statements give the end-users, such as banks, sureties, and parties involved in business acquisitions, high assurance that the financial statements used to make decisions are fairly presented.

Examinations are performed in accordance with the AICPA Statements on Standards for Attestation Engagements. An examination is an audit-level engagement applied to information other than historical financial statements. There is very little difference in approach between an audit and an examination; the most significant difference is the subject matter being examined. An examination, like an audit, is designed to provide a high level of assurance (i.e., reasonable assurance). An example of an examination engagement would include an examination of prospective financial information.

In a review of financial statements, the CPA seeks to obtain limited assurance whether any material modifications should be made to the financial statements for them to be presented in accordance with generally accepted accounting principles, i.e., GAAP or, in some engagements, other applicable financial reporting framework. A review engagement is substantially less in scope than an audit. A review consists primarily of two procedures borrowed from the audit toolbox: inquiries and analytical procedures. The CPA may occasionally apply other procedures when necessary to obtain limited assurance. Reviews of historical financial statements or other historical financial information are conducted in accordance with the AICPA Statements on Standards for Accounting and Review Services. However, reviews of certain interim financial information are conducted in accordance with the AICPA Statements on Auditing Standards. Review engagements of information other than historical financial statements, including pro forma financial information, are performed in accordance with AICPA Statements on Standards for Attestation Engagements.

Agreed-upon-procedure engagement is one of the three types of engagements performed in accordance with the AICPA Statements on Standards for Attestation Engagements. (The other two types described above are the examination engagement and certain review engagements.) An agreed-upon-procedures engagement is an attest service. Accordingly, the CPA must be independent. However, it is not an assurance engagement because the CPA does not express an opinion or conclusion on the subject matter. Instead, the client engages the CPA to issue a report of findings based on procedures agreed to between the CPA and the engaging party. The subject matter may be financial or nonfinancial information. An example of an agreed-upon-procedures scenario is when a CPA is engaged to recalculate employee bonuses based on the terms of employment agreements.

A compilation engagement is conducted in accordance with the AICPA Statements on Standards for Accounting and Review Services. In most states, a compilation engagement is a non-assurance attest engagement. Accordingly, only CPAs can perform a compilation engagement in those states. A CPA may be engaged to compile financial statements, prospective financial information, pro forma financial information, or other historical financial information. Unlike an audit or review, a compilation does not include performing any procedures to verify the accuracy or completeness of the information provided by management. Instead, the CPA applies accounting and financial reporting expertise to assist management in presenting financial statements without undertaking to obtain or provide any assurance that there are no material misstatements in the financial statements. As a result, a compilation may be more cost-beneficial in some cases. However, it is rare for some end-users, such as a bonding company, to accept a compilation at year-end. However, sometimes smaller bonding programs can and do accept compiled financial statements.

A preparation engagement is conducted in accordance with the AICPA Statements on Standards for Accounting and Review Services and is a nonattest service. Therefore, the CPA is not required to be independent. In a preparation service, the CPA uses their knowledge of the Company’s financial reporting framework (generally GAAP) and business knowledge to prepare financial statements or prospective financial information. The CPA is not required to verify the accuracy or completeness of the information provided by management. Therefore, the CPA does not provide any assurance regarding the financial statements or the financial information and, accordingly, does not express an opinion or conclusion. However, the CPA adds value in a preparation engagement by assisting management with significant judgments regarding amounts or disclosures to be reflected in the financial statements.

Yes. CPAs can provide certain nonattest services for a company’s management and still maintain their independence to perform attest services, such as audit, examination, review, agreed-upon-procedures, and compilation engagements, as long as they comply with specific stringent ethical requirements. For example, at Cooper, Travis & Company, we often assist our clients with nonattest services, such as drafting their financial statements, preparing tax returns, depreciation schedules, job schedules, and assisting with year-end close.

There are significant differences between an audit and a review regarding the amount of test work required and the cost of the engagement. An audit provides greater assurance to the end user than the limited assurance provided by a review engagement. Because of this, considerably more test work must be performed during an audit to achieve this higher level of assurance. Auditors will avail themselves of all the tools in the audit toolbox. This includes vouching, tracing, scanning, observation, inspection, confirmation, inquiry, recalculations, reperformance, testing of details, and analytical procedures.

Additionally, the standards require the auditor to perform a more robust risk assessment and gain a deeper understanding of the Company’s system of internal controls than is necessary for a review engagement. Because a review engagement is substantially less in scope than an audit and therefore provides less assurance to the end-user than an audit, it requires fewer procedures and less time to perform. Generally, a review engagement only borrows two tools from the audit toolbox: inquiries and analytical procedures. In some cases, other procedures are performed to obtain the limited assurance required in a review engagement.

The end users of the financial statements customarily drive the level of service. Most private companies choose compiled or reviewed financial statements; however, creditors, investors, and bonding companies may require an audit.  We will typically talk a contractor out of an audit and instead perform a review if their bonding company, bank, or licensing board does not require an audit.  Sureties often require an audit rather than a review engagement when the aggregate bonding program exceeds $30 million.  Certain regulatory agencies, such as the Tennessee Board of Contractors, also have requirements for the level of service (see below for the Tennessee Board for Licensing Contractors requirements).

The end users of the financial statements customarily drive the level of service. Most private companies choose compiled or reviewed financial statements; however, creditors, investors, and bonding companies may require an audit.  We will typically talk a contractor out of an audit and instead perform a review if their bonding company, bank, or licensing board does not require an audit.  Sureties often require an audit rather than a review engagement when the aggregate bonding program exceeds $30 million.  Certain regulatory agencies, such as the Tennessee Board of Contractors, also have requirements for the level of service (see below for the Tennessee Board for Licensing Contractors requirements).

We offer various services as described above, with a concentration geared toward the construction/ real estate industry. Additionally, we are familiar with numerous state contractor licensing boards and contractor pre-qualification requirements and offer services in those areas. We provide related services to the owners of our business clients, such as personal financial statements.

The question of whether the financial statement submitted to the Tennessee Board for Contractors for licensing be audited, reviewed, or compiled depends primarily on two broad considerations: 1) Whether the request is for an original application for a license, a renewal, or a monetary limit increase request 2) the monetary limit of the license. Nevertheless, the financial statements presented to the Board must be less than 12 months old.

When you initially apply for a contractor’s license:

• A review is required for a monetary limit request of $3,000,000 or less.
• An audit is required for limits over $3,000,000 to unlimited.

You must renew your Tennessee Contractor’s license every two years. Due to a recent statute change, the rules have changed:

• A compiled financial statement prepared by a public accountant or a certified public accountant is required to renew licenses with a monetary limit of over $1,500,000, including unlimited. A compilation of the balance sheet only is acceptable. No statute or rule requires financial statement disclosure, but it is preferred.
• Any license renewed with a limit of $1,500,000 or less will only require a notarized statement from the contractor attesting that the financial statement is true and correct.

If you request an increase of the monetary limit on your existing contractor’s license, you must submit with the limit increase request a reviewed or audited financial statement for requests of $3,000,000 or less and an audited financial statement for any request over $3,000,000, including unlimited

Reviewed financial statements MUST include the following:

• CPA signed report letter
• Balance sheet based on GAAP
• Notes to the financial statements

Audited financial statements MUST include the following:

• CPA signed opinion letter
• Balance sheet, income statement, and statement of cash flows based on GAAP
• Notes to the financial statements

An attorney letter is a letter of inquiry from the Company’s management to the Company’s external legal counsel. The letter requests that the attorney reply directly to the auditor regarding litigation and unasserted claims. The letter is mailed (or emailed) by the auditor. The attorney generally bills the Company for responding to this letter. Under auditing standards, the auditor must obtain an attorney letter (assuming an attorney has been consulted) if there is evidence that the Company has actual or potential litigation, claims, or assessments that may give rise to a risk of material misstatement. Additionally, many auditors find it prudent to send an attorney letter to the Company’s general counsel, even if there is no evidence of litigation.

As odd as it may sound, the management representation letter is a letter on the Company’s letterhead, addressed to the auditor, that the auditor writes on behalf of the Company’s management. Even though written by the auditor, the letter is styled as a letter from management to the auditor. Once the letter’s contents are agreed to and signed by management, it becomes just that, a letter from the Company’s management to the auditor that confirms meaningful representations to the auditor. Those representations include management’s acknowledgment of their responsibilities regarding the preparation and fair presentation of the financial statements, the quality of the information provided to the auditors and the completeness of transactions, and many other representations critical to the fair presentation of the financial statements. The management representation letter provides the auditor with corroborating support for audit evidence obtained during audit fieldwork. Auditors are required under auditing standards to get this signed letter from management on every audit.

The auditing standards require the auditor to obtain an understanding of the Company’s internal controls over financial reporting that is sufficient to enable the auditor to design appropriate audit procedures. This requirement is not for the purpose of expressing an opinion on the effectiveness of internal control but is a tool to assist the auditor in assessing the risk of a material misstatement in the financial statements. During the risk assessment process, the auditor may identify deficiencies in internal control that are of sufficient magnitude that they should be communicated to the Company’s management. That is done with a SAS 115 letter. (SAS 115 is the AICPA’s original standard that requires the auditor to communicate to management certain deficiencies in internal control identified during an audit.) Under the standard, two categories of internal control deficiencies merit reporting to management: 1) material weakness and 2) significant deficiencies. A material weakness is the most problematic. A material weakness means that the auditor identified a weakness in internal control whereby it is reasonably possible that a material misstatement of the financial statements will not be prevented or detected and corrected on a timely basis. A significant deficiency in the Company’s internal control is less severe than a material weakness yet important enough to merit the Company’s attention. This written communication aims to bring to management’s awareness the internal control weaknesses and the significance of those weaknesses so that management can remedy them.

What is its Purpose

The purpose of the Statement of Cash Flows is to provide a detailed picture of a company’s cash inflows and outflows during a specific period. It demonstrates the organization’s ability to generate cash from its operations, investments, and financing activities and its capacity to meet short-term and long-term obligations. Presenting cash movements that may not be apparent in other financial statements offers valuable insights into a company’s financial health, operational efficiency, and potential issues. This statement complements accrual-based documents like the income statement and balance sheet, helping investors, analysts, and management make informed decisions about the company’s financial position and prospects.

What Are Some Common Pitfalls in Preparing the Statement of Cash Flows?

• Misclassifying cash flows among operating, investing, and financing activities
•  including non-cash transactions in the main body of the statement
• Improperly netting cash flows that should be reported at gross
• Misreporting interest and taxes paid when using the indirect method
• Improper handling of restricted cash.

How Should Non-cash Transactions be treated?

Non-cash transactions should not be included in the main body of the Statement of Cash Flows. Instead, they should be disclosed separately, either in a narrative at the bottom of the statement or in a separate footnote.

Can Similar Transaction Types be Netted?

Generally, reporting on a gross basis is preferred. However, netting is acceptable in certain circumstances:

• Items with fast turnover rates, large amounts, and short maturities
• Assets or liabilities with original maturities of three months or less.

Examples where netting is appropriate include:

• Short-term treasury bills with less than three months maturity
• Short-term loans due within three months
• Short-term debt with original maturities of three months or less.

How Are They Defined?

Loss contingencies are defined as existing conditions, situations, or circumstances involving uncertainty about possible losses that will be resolved when future events occur or fail to occur.

When Must They Be Recognized as a Loss?

• The loss must be probable (75% or greater chance of occurring, and
• The amount must be reasonably estimable.

What if They Do Not Meet the Above Criteria?

• If the loss is only reasonably possible (more than remote but less than probable), loss recognition is not required, but the potential loss must be disclosure,
• If the chance of loss is remote (10% or less), no recognition or disclosure is typically required.

Risk assessment is critical for auditors because it lays the foundation for the entire audit by identifying and evaluating risks that could lead to material misstatements in financial statements. Here’s why it’s done:

‍• Identifying Risks of Material Misstatement (RMM): Auditors aim to find areas in financial statements where there is a “reasonable possibility” of a material misstatement occurring. By identifying these risks, auditors can focus their efforts on the greatest potential for error or fraud.
• Tailoring the Audit Approach: Risk assessment allows auditors to design audit programs and procedures that address identified risks. This ensures the audit is efficient and effective rather than generic and potentially inadequate.
• Complying with Standards: Under SAS 145, auditors must gain an understanding of the entity, its environment, and its internal controls to comply with professional auditing standards. This process ensures that auditors perform their duties systematically and thoroughly.
• Mitigating Audit Risk: By identifying risks, auditors can plan and perform procedures that reduce the risk of issuing an incorrect audit opinion. Proper risk assessment supports the overall objective of providing reasonable assurance that the financial statements are free of material misstatement.
‍• Assessing IT and Environmental Risks: Modern audits emphasize understanding risks from IT systems and external factors. Evaluating IT risks, such as data loss or unauthorized access, ensures financial data integrity is maintained.

Risk assessment is the process auditors use to identify, evaluate, and respond to risks of material misstatement within financial statements. It involves:

‍• Understanding the Entity and Its Environment: This includes assessing the entity’s operations, industry, regulatory environment, and IT systems to identify potential risk areas.
‍• Evaluating Inherent Risk (IR): This is the susceptibility of an assertion to material misstatement due to the nature of the account or transaction without considering internal controls.
‍• Evaluating Control Risk: This is the risk that internal controls fail to prevent or detect material misstatements in a timely manner. Together with IR, it contributes to the combined RMM.
‍• Identifying Relevant Assertions: Assertions are representations by management about financial statement elements. Auditors determine which assertions are relevant (i.e., where risks of material misstatements exist).
‍• Addressing Specific Risks: SAS 145 emphasizes specific risks, such as IT-related and fraud risks, at both the financial statement and assertion levels.
‍• Designing Further Procedures: Based on assessed risks, auditors design substantive and control testing procedures to address identified RMMs.

By systematically understanding and addressing risks, auditors enhance the reliability of their opinion on the financial statements.