Assurance services are a class of services provided by certified public accountants (CPAs) in public practice. While the term is sometimes used inconsistently among individual CPA firms, the American Institute of Certified Public Accountants (AICPA) Special Committee on Assurance Services defined assurance services as "independent professional services that improve the quality of information, or its context, for decision-makers."
Assurance services are rooted in the CPA's tradition of independent verification of data prepared by others. They differ from many services historically provided by CPAs in that they represent an expansion of the information and forms of reports provided. Indeed, they represent an evolution in the nature of services provided by CPAs, as CPAs have begun to provide services not just on accounting information but on many other types of information that people need in order to make decisions.
THE EVOLUTION OF CPA SERVICES
Since the early part of the twentieth century, CPAs have audited financial statements. The audit is the CPA's defining service and, aside from preparation of income taxes, the service most closely associated with the CPA profession. In an audit of financial statements, the CPA examines the transactions that underlie an entity's financial statements and reports whether the financial statements are fairly stated in conformity with generally accepted accounting principles. Such an opinion is required by the Securities and Exchange Commission (SEC) for companies whose stock is publicly traded and is often demanded by others, such as lenders, for entities that are not subject to the SEC.
Figure 1 is a pictorial depiction of the relationship among CPA services.
Beginning in the 1970s, financial statement users requested that CPAs provide some of the benefits of audits at a lower cost. As a result, CPAs began providing a lower-level service, called a review, on financial statements. Reviews are based on inquiry and analytical procedures applied to financial statement amounts, rather than on the more rigorous procedures required in an audit, such as physical inspection and confirmation with third parties. The review culminates in a report that provides limited assurance, that is, that the CPA is not aware of any material modifications that should be made to the accompanying financial statements in order for them to be in conformity with generally accepted accounting principles. Reviews are used for quarterly financial statements of publicly held companies. Reviews are performed for privately owned companies when the financial statement user wants some assurance about the statements but do not require the level of assurance provided in an audit.
CPAs also provide a third level of service on financial statements, the compilation. This service, provided only to privately owned companies, is usually done in connection with helping the company record its transactions and transform its records into financial statements. The accountant does not do any tests of the underlying data, but helps put the data into financial statement form and reads the statements for material misstatements. The compilation report expresses no assurance, but if the accountant discovers material misstatements, they must be corrected or described in the CPA's report.
The 1980s brought additional expansion of the CPA's role. Users wanted CPAs to use the audit and review services to report on subjects in addition to financial statements, such as the effectiveness of internal control and the company's compliance with laws, regulations, or contracts. The profession's response was the creation of standards for attestation engagements. In an attestation engagement, the CPA applies the tools used in audits and reviews to provide assurance on whether the subject matter of the engagement (such as internal control or management's discussion and analysis of operations) complies with applicable criteria for measurement and disclosure. The result is a report much like an audit (reasonable assurance) or review (limited assurance) of financial statements. In addition, CPAs can apply procedures specifically designed by the expected users of the report to financial or nonfinancial items. This service is neither an audit nor a review. These engagements, called agreed-upon procedures engagements, result in a report in which the CPA describes the procedures applied and their results but provides no overall conclusion.
By the 1990s CPAs were being asked to expand still further into additional services, including those that involve subjects far removed from financial reporting and that do not involve an explicit report or conclusion. This area of service—assurance services—is an extension of the audit/attest tradition. It is generally distinct from common consulting services, which generally either provide advice to clients or create internal systems. Probably the most famous assurance service is that provided in controlling and counting the ballots for the annual Oscars ceremony. Another common assurance service involves CPAs observing the drawing of numbers in state lotteries.
Assurance services might involve the type of reports provided in more traditional attestation engagements or they might provide less structured communications, such
as reports without explicit conclusions or reports that are issued only when there are problems. Assurance services are often desired to be more customized to information needs of decision makers in specific circumstances. To be responsive to those needs, the form of CPA communication is expected to be more flexible. Thus, a significant difference between assurance and attestation engagements is that assurance engagements do not necessarily result in a standard form of report, whereas attestation engagements (and more familiar audits and reviews) do. Yet assurance services require adherence to key professional qualities by practitioners.
ELEMENTS OF AN ASSURANCE ENGAGEMENT
The important elements involved in assurance engagement are:
- Information or context improvement
- Decision makers
The CPA should be independent in order to provide an assurance service; that is, he or she should have no vested interest in the information reported on. The CPA's only interest should be the accuracy of the information, not whether the information portrays results favorable or unfavorable to either the entity that prepares the information or the one that uses it.
An assurance service is a professional service, meaning it draws on the CPA's experience, expertise, and judgment. It is based on the skills brought to bear in more traditional services, such as measurement, analysis, testing, and reporting.
Information in an assurance service can be financial or nonfinancial, historical or forward-looking, discrete data or information about systems, internal or external to the decision maker. The information's context relates to how it is presented. An assurance service improves the information or its context by providing assurance about its reliability, increasing its relevance, or making it easier to use and understand.
Decision makers are the users of the information and immediate beneficiaries of the assurance service. They might be internal to an entity, such as the board of directors, or a trading partner, such as a creditor or customer. The goal of an assurance service is to improve the information or its context so that decision makers can make more informed—presumably better—decisions. The decision maker need not be the party engaging the CPA or paying for the service.
The needs of decision makers are evolving. For decades their needs were generally met by periodic cost-based financial statements. As information technology advances and needs become more decision-specific, decision makers are likely to:
|Replace their need for …||With a need for …|
|periodic information||real-time or continuous data|
|historical data||forward-looking data|
|cost-based information||value-based information|
|financial information||comprehensive data that includes nonfinancial information|
|static statements||searchable databases|
Assurance services, how they are delivered, and the types of information they deal with are evolving to meet these changing needs.
Although the needs of each decision maker are unique, in research done by the Special Committee on Assurance Services, decision makers expressed keen interest in better information about topics such as:
- Business risks
- Product quality
- Performance measures
- Quality of processes and systems
- Strategic plan execution
- Government performance
TYPES OF ASSURANCE SERVICES
The Special Committee on Assurance Services identified hundreds of assurance services that CPAs provide. It also identified several services that it believed would be of particular appeal to decision makers in the near future. They included the following.
Comprehensive risk assessments
The CPA identifies and assesses the various risks facing an organization, such as the operating environment, operating systems, or information systems. The risks might be internal, external, or regulatory. The CPA can help prioritize the risks and assess the entity's efforts to control or mitigate risks faced.
Business performance measurement
Many organizations use, or should use, data to run their businesses other than that emanating from the financial reporting system. The service deals with identifying or providing explicit assurance on the financial or nonfinancial measures used to evaluate the effectiveness or efficiency of the organization's activities. While CPAs have historically been involved in the development of financial statement information, their skills and knowledge can add similar value to the creation of other information that can monitor the organization's results and its effectiveness in implementing strategic plans.
As more business is conducted electronically (via the Internet or in business-to-business electronic data interchange systems) participants have concerns about the integrity and security of data transmitted in furtherance of those transactions. An assurance service can help to address the risks and promote the integrity and security of electronic transmissions, electronic documents, and the supporting systems. One such service, CPA WebTrust, provides explicit assurance about the disclosure of an entity's business policies and about the controls over privacy and information integrity in consumer purchases over the Internet.
As information technology advances, it becomes increasingly common for critical information to be produced and acted on electronically. Accordingly, decision makers need confidence that the information is continuously reliable. There is an increased need for assurance that systems are designed and operated to produce reliable data in such areas as information about customers, suppliers, and employees, project costing, rights and obligations related to contractual agreements, and competitors and market conditions. In systems reliability engagements, CPAs provide assurance about the design and operation of such systems.
Elder care services
The CPA assists the increasing population of older adults with a wide range of services such as bill paying, providing assurance that health care providers are delivering services in conformity with the client's criteria, and consulting on care alternatives and how to pay for them. The CPA provides independent, objective information to protect vulnerable clients from potentially unethical individuals and businesses as well as more traditional services (such as financial control) for nontraditional clients.
The CPA provides assurance that a company complies with its own policies. The policies—such as ones involving treatment of women or minorities, conflicts of interest, animal testing, environmental matters, or customer service—might be based on internal concerns, calls for social accountability, or laws and regulations.
Trading partner accountability
The CPA provides assurance that the client's trading partners—such as suppliers, customers, or joint venture partners—have appropriately fulfilled their responsibilities. Common situations involve collecting rents or royalties based on sales made by another entity or agreements regarding use of lowest prices or specific billing practices.
Mergers and acquisitions
The CPA applies the types of services done on a client's records and practices to a potential acquisition. He or she can, for example, provide insights into the acquisition target's business risks, appropriateness of accounting methods, the value of its assets, or the adequacy of its systems and controls.
see also Auditing
Elliott, Robert K., and Pallais, Don M. (1997). "Are You Ready For New Assurance Services?" Journal of Accountancy June: 47–51.
Pallais, Don M., Spradling, L. Scott, and Ecklund, Kathy J. (2004). Guide to Nontraditional Engagements. Fort Worth, TX: Practitioners Publishing Company
Don M. Pallais