Effective for periods ending after December 15, 2010, SSARS No. 19, Compilation and Review Engagements, has been billed as the biggest change to the SSARS literature since SSARS No. 1 in 1978. This may be true!
All the SSARS literature has been recodified under the AICPA clarity project; rules are presented first with application details later. This is not a big deal! Non-independent preparers of compiled financial statements now have the option of stating their reasons for non-independence. This is not a big deal; in fact, most CPAs recognize the potential increased legal liability from disclosing their reasons for non-independence. Some new terminology has been added and other terms have been clarified (review risk, review evidence, materiality). These could be a big deal!
Believe it or not, the approach to performing compilation and review engagements was always intended to be risk driven!. The original ARSC simply didn't want us to confuse the term audit risk with review risk. What do you call obtaining an understanding of a client's business and industry and then looking for unusual matters? We used to call it looking for potential errors, the nice way to say RISK!. Now we call it risk of misstatement due to error or fraud! The higher the risk, the more "something" we are required to do on both reviews and compilations.
So here are the "new" SSARS No. 19 definitions:
- Review risk is the risk that an accountant may unknowingly fail to modify the review report on financial statements that are materially misstated.
- Review evidence is the information used by the accountant to provide a reasonable basis for obtaining limited assurance.
- Materiality is discussed subjectively, as it has always been, in the context of preparation and presentation of fiancials, i.e., in terms of the effects on users of the financial statements.
So, what's the big deal? For CPAs that have used their professional judgment and designed review engagement procedures based on risks of misstatements, there is no big deal. For CPAs that have purchased "canned" work programs and performed all the procedures, necessary or not, peer review may make a big deal!
The definition of review risk incorporates the concept of professional judgment into the process of obtaining review evidence for the purpose of expressing limited assurance. Review assurance is limited assurance, not reasonable assurance which is required for audits. Using the same routine procedures on every review engagement is not contemplated by the standards. It never was and, according to SSARS No. 19, never will be!
Reading between the lines, CPAs are now clearly responsible for performing risk assessment procedures (analytical procedures and inquiries) on review engagements. The level of review risk will determine the specific analytical procedures, inquiries and additional procedures that are necessary to express limited assurance. No longer can we comply with the SSARS standards by defaulting to maximum risk and performing all standard procedures on every review engagement. Sound familiar?
Need to know more? I'm presenting four, two-hour webcasts on compilation and review engagements on www.cpelink.com beginning May 6, 2010. Please plan to join me.
Post a comment below and let us know how you feel about SSARS No. 19.