Editor’s Note: The following guidance applies to non–publicly held entities. Guidance for SEC issuers under PCAOB standards may differ.
Agreed-upon procedures engagements are a special type of attest services that differ significantly from consulting services in purpose and reporting and performance requirements. As acknowledged in the consulting standard, however, “the nature and scope of [consulting] work are determined solely by agreement with the client” (CS 100.05). Therefore, the difference between agreed-upon procedures and certain similar types of consulting engagements is often a source of confusion among accountants. The language in CS 100.05 does not mean that the client determines the methodologies or specific procedures to be employed, and it is not intended to suggest such engagement should ever be defined as “agreed-upon procedures” unless the engagement is structured and conducted in compliance with the more rigid attestation standards in which that term is defined.
What Else Do the Standards Say?
Agreed-upon procedures engagements are governed by the AICPA’s Statements on Standards for Attestation Engagements (SSAE), most recently by SSAE 18, Attestation Standards: Clarification and Recodification(effective May 1, 2017), principally as AT-C section 215, “Agreed-Upon Procedures Engagements.” On the other hand, the broad range of consulting services performed by accountants are governed by the AICPA’s Statement on Standards for Consulting Services (SSCS) 1, now codified as CS section 100. CS 100.02 says that consulting services “differ fundamentally” from attest services, in which the accountant performs procedures enabling the issuance of a written report that adds credibility to an assertion that is the responsibility of another party. The scope of each of these standards mutually excludes services within the scope of the other.
CS 100.05 defines consulting services as those wherein the accountant or consultant “develops the findings, conclusions, and recommendations presented”; it further states that they typically involve fact-finding, problem-solving, evaluating alternatives, and recommending or implementing courses of action, with the focus being generally to provide advice or technical assistance that is “only for the use and benefit of the client” (CS 100.02). Agreed-upon procedures or other attest services, however, are generally performed at the request or for the benefit of a third-party user. Ordinarily, there is little point in choosing the more rigid structure of an agreed-upon procedures engagement when there is no third-party user.
Consulting services also typically “employ the accountant’s technical skills, education, observations, experiences, and knowledge of the consulting process,” a different skill set than an attest service (CS 100.02). The basic underlying professional standards embodied in CS 100.06, however, are quite brief and essentially the same as the general requirements set forth in the Code of Professional Conduct. These apply to all professional engagements, and specifically include requirements to 1) employ competency, integrity, objectivity, and due professional care; 2) obtain sufficient relevant data to afford reasonable support for any conclusions or recommendations; and 3) plan and supervise engagement performance adequately.
A Closer Look at the Differences
The most significant distinction between consulting services and agreed-upon procedures is that an agreed-upon procedures engagement, as an attest service, results in a written report that is typically intended to add credibility to an assertion of the responsible party, usually management, to benefit a third-party user. Management is not a “third-party” user, although a consulting engagement is usually conducted for the primary benefit of the client and need not result in a written report.
Two of the six categories of consulting services defined by CS 100.05(a)-(f), advisory and transaction services, frequently involve third-party users who will rely on the consultant’s expertise in making financing, investment or other decisions. Nevertheless, the presence or absence of a third-party user is not the sole determinant in deciding if a service should be structured as an attest or consulting engagement. There might be third-party users for some consulting services, and there might not be any identifiable third-party users for some attest services. For agreed-upon procedures, however, authorized users must be identified in the required report and must take responsibility for determining the effectiveness of the procedures for their purposes.
The three parties usually involved in any attest service are—
- the asserter, who is responsible for a written assertion;
- the attester, who performs procedures and issues a report intended to add credibility to the assertion; and
- the user or interested party, who may rely on both the asserter and the attester in judging the credibility of the assertion.
Note that the asserter might be the client or another party, in which case four parties are involved.
In contrast, the entire presentation and the declarations in a consulting service are usually those of the accountant or consultant, who is not attesting to another party’s assertion. The assumptions are typically developed based on the accountant’s or consultant’s own expertise, research, and analysis.
Another important distinction between attest and consulting services is that independence is required for attest services, but not for consulting services, although maintaining objectivity is (CS 100.09, fn. 4). In addition, consulting reports may be written or oral; agreed-upon and other attest reports must always be written.
There are many circumstances where it is either necessary or preferable to structure an engagement as a consulting service, even though the client initially requested an agreed-upon procedures engagement:
- An agreed-upon procedures engagement cannot be performed because the CPA is not independent, or because there is no assertion of a responsible party.
- There is no third-party user reliance expected, or the third-party user is willing to accept a consulting report in lieu of an agreed-upon procedures report, and the client wishes to minimize time and fees.
- The client is most interested in the accountant’s or consultant’s views and advice about the subject matter, rather than specific tests applied to an assertion of management or another responsible party.
Some consulting engagements may produce reports that resemble agreed-upon procedures reports (without the constraints of the attestation standards) and therefore may represent practical alternatives to a more onerous agreed-upon procedures engagement.
As part of the research supporting a conclusion and recommendation, a reporting accountant or consultant might incidentally evaluate written assertions of another party. This does not necessarily require that the services be classified as attest services. In fact, such an evaluation or related conclusion would be prohibited in an agreed-upon procedures report that is limited by attestation standards to reporting only procedures and objective findings (AT 215.25, and .35h). A consulting report, however, may contain no conclusion or recommendation and is limited to reporting procedures employed and findings.
The Exhibit illustrates the significant differences between the two types of engagements. Accordingly, it is necessary that the proper classification of the engagement be recognized and the accountant or consultant comply with the appropriate professional standards. Distinguishing between attest and consulting services can be complex; these two services not only require compliance with different professional standards, but also affect engagement planning, staffing, fieldwork, evaluation criteria, and perhaps most significantly, reporting. It is the accounting firm’s responsibility to determine which service is most appropriate, since clients’ management and users cannot generally be expected to be aware of the significant differences.
Principal Differences between Agreed-Upon Procedures and Consulting Engagements
Whenever there is even a remote possibility of misunderstanding, the accountant or consultant would be well advised to use language in engagement letters and reports that clearly state the objective of the engagement and describe the nature of the services as consulting.
Is There Another Alternative?
Contrary to popular belief, there is no requirement that an engagement to perform procedures and report findings must be conducted in compliance with either agreed-upon services or consulting engagement standards. Although any service that is intended primarily to assist management in achieving one of its objectives might well be considered a consulting service, even if it does not produce advice or a recommendation, some may view certain nonattest engagements to perform procedures and report findings as something else.
If, in the auditor’s judgment, an engagement does not fit the definition of a consulting service and does not qualify as an agreed-upon procedures (attestation) engagement, an acceptable alternative format is a third-party verification letter (not “report”). Verification letters are not products of attestation or consulting services, and accordingly are not governed by any specific categorical standards, but only by the requirement to protect client confidentiality and the general requirements of the Code of Professional Conduct.
Nonauthoritative guidance, including cautionary advice, as to the use of verification letters, “What to Know About Third Party Verification Letters (Often Referred to as Comfort Letters),” was issued in October 2014 by the AICPA’s Financial Reporting Center (http://bit.ly/2sEGNdN), and a related untitled position paper was issued previously in May 2014 (http://bit.ly/2rAYp5G).