The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization. Historically, attestation services were limited to providing an opinion over historical financial statements, but over the years have evolved to include other subject matter such as performance measurements, backlog data, historical events, analysis of ratios, systems and processes and company conduct such as corporate governance.
Even with the scope increase in attestation services, certain governing standards parallel those found within the generally accepted auditing standards (GAAS). These standards preserve core audit principles such as need for technical competence, independence, due professional care, adequate planning and supervision, sufficient evidence and appropriate reporting.
As attestation services have grown, the AICPA has had to create more formalized standards and in April 2016, released the Statement on Standards for Attestation Engagements (SSAE) 18, Attestation Standards: Clarification and Recodification. The goal of this project was to make standards clearer and easier to apply within engagements. Some of the major changes are outlined below.
- Assertions: All attestation engagements require that a management’s assertion be requested from the responsible party.
- Assertion Breakdown: Management should understand what an assertion is before signing. An assertion helps readers gain assurance that the information within the report can be relied upon and management stands behind the information presented.
- Representation Letters: All attestation engagements require that a representation letter be requested.
- Representation Letter Breakdown: The representation letter is not a section of the report but part of the accountant’s work papers. The representation letter confirms representations presented by the practitioner to the client. A few examples include information provided was appropriate, records were relevant and any known subsequent events have been disclosed.
- Risk Based Approach: New standards will require the use of a risk assessment to understand internal controls of the information being reported on as well as an assessment of material misstatements over the information.
- Risk Based Approach Breakdown: In the past, the majority of standards found within GAAS have been considered audit standards. The new standards under the SSAE 18 will now incorporate GAAS standards but will be less exhaustive. Some areas include materiality, estimates, sampling and fraud.
More information on the changes over attestation engagements can be found at the AICPA website.