What Is Attestation?

attestation services and engagements

In the past few years, attestation services have grown in popularity as the need for an independent party to provide assurance over topics other than financial statements has become required by laws, regulators, or service clients. This blog will include the basic definition, standards, and examples of attestation services.

What are attestation services in auditing?

In accounting, an attestation service or engagement is the process of engaging a CPA to provide assurance or attestation audits over services such as: examinations, reviews, or agreed-upon procedure reports. These services can be used to gain assurance over the following subject matters: agreed-upon procedures, prospective financial statements, compliance, Management Discussion and Analysis (MD&A), and service organizations.

Attestation vs. Audit. What is the difference?

The answer is nothing. An attestation is a type of audit as it provides an opinion.

As the scope increases in attestation services, the governing standards continue to parallel those found within the generally accepted auditing standards (GAAS). These standards preserve core audit principles such as the need for technical competence, independence, due professional care, adequate planning and supervision, sufficient evidence, and appropriate reporting.

As attestation services have grown, the AICPA has had to create more formalized standards and in April 2016, released the Statement on Standards for Attestation Engagements (SSAE) 18, Attestation Standards: Clarification and Recodification. The goal of this project was to make standards clearer and easier to apply within engagements. Some of the major changes are discussed below.

Assertions

All attestation engagements require that a management’s assertion be requested from the responsible party. The responsible party are those individuals who represent the information presented within an attestation report. This information is the basis for the auditor’s opinion. The responsible party and attestor or auditor can never be the same person as that would be a conflict of interest. The responsible party should have intimate knowledge of the evidence provided during the course of the audit.

Assertion Breakdown: Management should understand what an assertion is before signing. An assertion helps readers gain assurance that the information within the report can be relied upon and management stands behind the information presented.

Representation Letters

All attestation engagements require that a representation letter be requested by the responsible party.

What is a letter of attestation?

A letter of attestation is the same thing as a letter of representation. Read on for more information.

Representation Letter Breakdown: The representation letter is not a section of the report but part of the accountant’s work papers. The representation letter confirms representations presented by the practitioner to the client. A few examples include: information provided was appropriate, records were relevant, and any known subsequent events have been disclosed.

Risk Based Approach

New standards will require the use of a risk assessment to understand internal controls of the information being reported on as well as an assessment of material misstatements over the information.

Risk Based Approach Breakdown: In the past, the majority of standards found within GAAS have been considered audit standards. The new standards under the SSAE 18 will now incorporate GAAS standards but will be less exhaustive. Some areas include materiality, estimates, sampling, and fraud.

Attestation Risk: Another risk to consider is what is known as attestation risk. This is the risk that the auditor may fail to modify the report because the information provided was inaccurate or not complete. To combat this type of risk, auditors are required to consider what is considered material to the accuracy of the opinion provided. Based on what is considered material, additional audit steps may be required to gain the appropriate amount of assurance.

what are attestation standards

What are the Attestation Standards?

The goal of attestation standards are to provide guidance, set boundaries around a growing service line, define a measure of quality, and outline the objectives that should be reached when performing attestation engagements.

As mentioned above, the SSAEs adopt many of the standards followed under GAAS but differ in two main ways. First, the SSAE, unlike GAAS, does not reference financial statements within the reports, since the reports are not centered around the fair presentation of them. Second, SSAEs differ as they do not reference GAAS within SSAE reports for the same reason.

Attestation engagements follow eight main standards, which are found in all attestation engagements. They are broken out below.