Audits, Reviews, and Compilations, Oh My!Carol Kone and Jennifer Johnston
June 5, 2008 — 1,394 views
Accountants’ liability cases are among the most complex and challenging areas of the law, presenting difficult issues of compliance with professional standards, causation, and damages. Before bringing an action against a CPA firm or an individual CPA, attorneys need to determine in what way, if any, the CPA firm or individual CPA was associated with the financial statements or financial information in question.
A critical element to be addressed in a CPA’s liability matter is determining which professional standards apply to the issue raised against the CPA. These professional standards vary significantly for the different services a CPA performs.
The type of engagement a CPA performs is primarily driven by the interests and needs of the financial statement recipients. For example, the Securities and Exchange Commission (SEC) requires that public companies file annual audited financial statements because of the investing public’s heavy reliance on them.
Lenders to nonpublic companies may require audited or reviewed financial statements to assess a company’s creditworthiness.
Audits: The Highest Level of Assurance
An audit provides the highest level of CPA assurance that the financial statements are fairly stated and free of material misstatements. This high level of assurance is attributable to the extensive standards CPAs performing audits must abide by. The standards include comprehensive planning, supervision, testing, verification, and reporting procedures.
These stringent auditing standards provide CPAs with a foundation to form their opinion on whether the financial statements are fairly presented, in all material respects, according to generally accepted accounting principles (GAAP).
The CPAs’ opinion is communicated in a signed report (the auditors’ report) accompanying the company’s financial statements. The auditors’ report must disclose any material deviations from GAAP within the financial statements or other significant matters they believe should be emphasized.
The Public Company Accounting Oversight Board (PCAOB) was established as a result of the passage of the Sarbanes-Oxley Act of 2002. Prior to its creation, the AICPA’s Auditing Standards Board established generally accepted auditing standards (GAAS) that CPAs had to comply with in performing audits of public and nonpublic companies.
Currently, the PCAOB sets the standards for public company audits and quarterly reviews and the AICPA continues to set the standards for nonpublic company audits and reviews. Additionally, other standards may apply if, for example, the CPA’s client is a government entity.
At its inception, the PCAOB adopted GAAS and has since adopted additional standards that CPAs must adhere to for public company audits and quarterly reviews. GAAS includes the following broad categories:
• General standards — the qualifications of CPAs performing audits and the quality of work. These standards apply to all areas of the audit such as CPA training and independence requirements.
• Standards of field work — the performance of the auditors’ field work, such as considering the possibility of fraudulent transactions, identifying areas of high financial statement risk, and obtaining evidential matter during the audit.
• Standards of reporting — the preparation of the auditors’ report to ensure the recipients clearly understand the CPA’s association with the financial statements and the CPA’s opinion on the financial statements.
Audits Not Always Necessary
CPAs who associate themselves with an organization’s financial statements are not always performing an audit. Many recipients only require limited assurance that the financial information is correct.
In these instances, the organization does not need to incur the time or money required to perform an audit. Instead, it can request that the CPA perform a review or a compilation.
Professional standards did not exist for non-audit engagements such as reviews and compilations prior to 1972. After the conviction of a CPA firm for negligence in 1136 Tenants’ Corporation v. Max Rothenberg and Company [30 N.Y. 2d 585, 330 N.Y.S. 2d 800 (1972)], the auditing profession realized that CPAs had exposure to significant legal risk related to non-audit engagements.
Currently, the AICPA establishes the standards for CPAs performing nonpublic company reviews or compilations.
Limited Verification Procedures
The objectives of reviews and audits differ significantly. Performing a review does not provide a basis for the CPA to express an opinion on the financial statements.
In conducting a review, the CPA does not obtain an understanding of internal controls or assess control risk; test accounting records and responses to inquiries by obtaining corroborating evidential matter; or perform certain other procedures ordinarily performed during an audit.
The CPA may identify significant matters affecting the financial statements when performing a review, but a review does not provide assurance that the CPA will become aware of all the significant matters that would be disclosed in conducting an audit.
The procedures performed in a review are only intended to provide the CPA with a reasonable basis to express limited assurance that no material modifications need to be made to the financial statements to conform to GAAP.
In performing a review, the CPA gathers a limited amount of information through inquiry and analytical procedures to determine whether material modifications are needed, so that the company’s financial statements conform to GAAP.
The objective of the CPA’s inquiries is to learn whether:
• Appropriate accounting principles have been used and applied consistently, including an evaluation of changes in operations relative to the selection of appropriate accounting principles;
• Adequate procedures existed for recording, classifying, and summarizing transactions;
• Actions taken by the stockholders and directors have been properly reflected; and
• Events after the date of the financial statements have been evaluated and, if appropriate, reflected in the financial statements.
The analytical procedures the CPA performs during a review are designed to determine whether the amounts and other information presented in the financial statements appear to be reasonable.
The CPA communicates the results of the review in the form of a signed report accompanying the organization’s financial statements. This review report includes a statement that the CPA is unaware of any material changes that need to be made to the financial statements so that they conform to GAAP.
However, if the CPA is aware of material departures from GAAP within the reviewed financial statements, the departures must be disclosed within the CPAs’ signed report.
No Assurance, No Opinion
In contrast to audits and reviews, a CPA provides no assurance and issues no opinion for a compilation engagement. The CPA, in a compilation engagement, is usually responsible for taking the company’s financial data and formatting it into a properly structured set of financial statements.
The CPA is not required to perform any procedures to review, validate, or verify the information supplied by the company unless he or she is aware the information provided is incomplete or erroneous. As a result, the CPA does not offer any form of assurance as to the content of the financial statements when a compilation has been performed.
Even though the CPA is not providing any form of assurance, he or she still needs to understand the accounting principles and practices of the company’s industry and possess a general understanding of the following:
• Nature of the company’s business transactions;
• Form of its accounting records;
• Qualifications of its accounting personnel;
• Accounting basis on which the financial statements are to be presented; and
• Form and content of the financial statements.
The CPA communicates the results of the compilation in a signed report accompanying the company’s financial statements. The CPAs’ compilation report includes a statement that their work consisted of presenting, in the form of financial statements, information that they obtained from the company.
The report also states that the CPA has not performed a review or an audit on the financial statements and, therefore, expresses no opinion or any other form of assurance on them. However, if the CPA is aware of material departures from GAAP within the compiled financial statements, the departures must be disclosed within the CPAs’ signed report.
As noted earlier the standards that a CPA is held accountable for vary considerably based on the services the CPA commits to provide. In general, as the level of assurances provided by the CPA increases, the number of required professional standards that must be followed increases.
This article provides a broad overview of the differences in the professional standards CPAs must adhere to in performing audits, reviews, and compilations. Legal matters involving CPA liability are complex and as a result, it is critical that attorneys work with experts to understand the services provided by the CPA and how the CPA’s performance should be evaluated.
CPA Standards for Audit, Review, and Compilation Engagements
The table below compares the levels of assurance provided by CPAs for audits, reviews, and compilations:
Carol Kone and Jennifer Johnston
Crowe-Chizek and Company LLC