1-12audits

An assurance services is an independent professional service that improves the quality of information for decision makers. Such services are valued because the assurance provider is independent and perceived as being unbiased with respect to the information examined. Individuals who are responsible for making business decisions seek assurance services to help improve the reliability and relevance of the information used as the basis for their decisions.

Assurance services can be done by CPAs or by a variety of other professionals. For example, Consumer Union, a nonprofit organization, tests a  wide variety of products use by consumers and reports their evaluations of the quality of the products tested in Consumer Reports. The organization provides the information to help consumers make intelligent decisions about the products they buy. Many consumers consider the information in the Consumer Reports more reliable than information provided by the product manufacturers because Consumers Union is independent of the manufacturers. Similarly, the Better Business Bureau online reliability program, the BBB Accredited Business Seal, allows Web shoppers to check BBB information about a company and be assured the company will stand behind its service. Other assurance services provided by firms other than CPAs include the Nielsen television and Internet ratings and Arbitron radio ratings.

类似地，商业改善局的在线可靠性项目，即被“商业印章”认证的BBB，允许网络购物者查看有关一家公司的BBB信息，并确保该公司将支持其服务。除注册会计师外，其他公司提供的保证服务包括尼尔森电视频道和互联网评级和阿比顿广播评级。

The need for assurance is not new. CPAs have provided many assurance services for years. Particularly assurances about historical financial statement information. CPA firms have also performed assurance services （related to lotteries and contests）（ to provide assurance）（ that winners were determined in a unbiased fashion in accordance with contest rules）.  More recently, CPAs have expanded the types of assurance services they perform to include forward looking and other types of information, such as company financial forecasts and Web site controls. For example, businesses and consumers using the internet to conduct business need independent assurances about the reliability and security of electronic information. The demand for assurance services continues to grow as the demand increases for real time（实时） electronic information.

One category of assurance services provided by CPAs is attestation services. An attestation service is a type of assurance service in which the CPA firm issues a report about the reliability of an assertion that is made by another party. Attestation services fall into five categories:

Audit of historical financial statement; audit of internal control over financial reporting; review of historical financial statements; attestation services on information technology; other attestation services that may be applied to a broad range of subject matter(主题、论题）.

Audit of historical financial statements. 

Dina an audit of historical financial statements, management asserts that the statements are fairly stated in accordance with applicable U.S. or international accounting standards. An audit of these statements is a form of attestation service in which the auditor issues a written report expressing an opinion about whether the financial statements are fairly stated in accordance with the applicable accounting standards. These audits are the most common assurance services provided by CPA firms.

Publicly traded companies in the United States are required to have audits under the federal securities acts. Auditor reports can be found in all public companies’ annual in all financial reports. Most public companies’ audited financial statements can be accessed over the internet from the Securities and Exchange Commission EDGAR database(埃德加数据库） or directly from each company’s web site. Many privately held companies also have their annual financial statement audited to obtain financing from banks or other  financial institutions. Government and not-for-profit entities often have audits to meet the requirements of lenders or funding sources.

Audit of internal control over financial reporting .

For an audit of internal control over financial reporting, management asserts that internal controls have been developed and implemented following well established criteria. Section 404 of the sarbanes-oxley act requires public companies to report management’s assessment of the effectiveness of internal control. The act also requires auditors to attest to the effectiveness of internal control over financial reporting. This evaluation, which is integrated with the audit of the financial statements, increases user confidence about future financial reporting, because effective internal controls reduce the likelihood of future misstatements in the financial statements. 

Review of historical financial statements.

For a review of historical financial statements, management asserts that statements are fairly stated in accordance with accounting standards, the same as for audits. The CPA provides a lower level of assurance for reviews of financial statements compared to a high level for audits, therefore less evidence is needed. A review is often adequate to meet financial statement users’ needs. It can be provided by the CPA firm at a much lower fee than an audit because less evidence is needed. Many nonpublic companies use this attestation option to provide limited assurance on their financial statements without incurring the cost of an audit.

Attestation services on information technology.

For attestations on information technology, management makes various assertions about the reliability and security of electronic information. Many business functions, such as ordering and making payments, are conducted over the internet or directly between computers using electronic data interchange. As transactions and information are shared online and in real time, business people demand even greater assurances about information, transactions, and the security protecting them. Web trust ans SysTrust are examples of attestation services developed to address these assurance needs.

The AICPA and CICA have developed five principles related to online privacy, security, processing integrity, availability, and confidentiality to be used in performing services such as WebTrust and SysTrust.

Other attestation services (其他认证服务）

CPAs provides numerous other attestation services. Many of these services are natural extensions of the audit of historical financial statements, as users seek independent assurances about other types of information. In each case, the organization being audited must provide an assertion before the CPA can provide the attestation. For example, when a bank loans money to a company, the loan agreement may require the company to engage a CPA to provide assurance about the company’s compliance with the financial provisions of the loan. The company requesting the loan must assert the loan provisions to be attested to before the CPA can accumulate the evidence needed to issue the attestation report. CPA s can also, for example, attest to the information in a client’s forecasted financial statements, which are often used to obtain financing. 

Other assurance services(其他保证业务）

Most of other assurance services that CPAs provided do not meet the definition of attestation services, but the CPA MUST still be independent and must provide assurance about information used by decision makers. These assurance services differ from attestation services in that the CPA is not required to issue a written report, and the assurance does not have to be about the reliability of another party’s assertion about compliance with specified criteria. These other assurance service engagements focus on improving the quality of information for decision makers, just like attestation services. For example, a CPA MIGHT PROVIDE ASSURANCES ON A COMPANY’S USE OF personal data provided by customers.

注册会计师提供的大多数其他保证服务不符合认证服务的定义，但注册会计师必须独立的，必须对决策者使用的信息提供保证。这些保证服务与认证服务的不同之处在于，注册会计师无需出具书面报告，而且该保证不必涉及另一方关于遵守规定标准的主张的可靠性。这些其他的保证服务活动侧重于提高决策者的信息质量，就像认证服务一样。例如，一个注册会计师可能会为一个公司使用由客户提供的个人数据提供保证。

CPA firms face a larger field of competitors in the market for other assurance services. Audits and some types of attestation services are limited y regulation to licensed CPAs,, but the market for other forms of assurance is open to non CPA competitors. For example, CPAs must compete with market research firms to assist clients in the preparation of customer surveys and in the evaluation of the reliability and relevance of survey information . however, CPA firms have the competitive advantage of their reputation for competence(能力、技能） and independence.

The types of assurance services that CPAs can provide are almost limitless. A survey of large CPA firms identified more than 200 assurance services that are currently being provided.

Other services

CPA firms perform numerous other services that generally fall outside the scope of assurance services. Three specific examples are:

Accounting and bookkeeping services;tax services; management consulting services.

Most accounting and bookkeeping services, tax services,and management consulting services fall outside the scope of assurance services, although there is some common area of overlap between consulting and assurance services. While the primary purpose of an assurance service is to improve the quality of information, the primary purpose of a management consulting engagement is to generate a recommendation to management.

Although the quality of information is often an important criterion in management consulting, this goal is normally not the primary purpose. For example, a CPA may be engaged to design and install a new information technology system for a client as a consulting engagement. The purpose of that engagement is to install the new system, with the goal of improve information being a by product of that engagement.

总结：

保证业务：认证和其他保证业务；非保证业务（其他服务）

认证业务：审计业务和复核业务、内部控制保证业务、信息技术认证服务、其他认证服务； 审计业务：经营审计、合规性性审计、财务报表审计

非保证业务：税务、咨询、代理记账业务等。

Assurance services

Non-assurance services

Attestation services

Other assurance services

Other management consulting

audits

Operational audit

Tax services 

Compliance audit

Accounting and bookkeeping

Financial statement audit

Management consulting

reviews

Internal control over financial reporting

Attestation services on information technology 

Other attestation services

The operational audit evaluates the efficiency and effectiveness of any part of an organization’s operating procedures and methods. At the completion of an operational audit, management normally expects recommendations for improving operations. For example, auditors might evaluate the efficiency and accuracy of processing payroll transactions in a newly installed computer system. Another example, where most accountants feel less qualified(不太满意）, is evaluating the efficiency, accuracy, and customer satisfaction in processing the distribution of letters and packages by a company such as Federal Express.

In operational auditing, the reviews are not limited to accounting. They can include the evaluation of organizational structure, computer operations , production methods, marketing, and any other area in which the auditor is qualified. Because of the many different areas in which operational effectiveness can be evaluated, it is impossible to characterize(描述） the conduct of a typical operational audit. In one organization, the auditor might evaluate the relevancy and sufficiency of the information used by management in making decisions to acquire new fixed assets. In a different organization, the auditor might evaluate the efficiency of the information flow in processing sales.

It is more difficult to objectively evaluate whether the efficiency and effectiveness of of operations meets established criteria than it is for compliance and financial statement audits. Also, establishing criteria for evaluating the information in an operational audit is extremely subjective. In this sense, operational auditing is more like management consulting than what is usually considered auditing.

a compliance audit is conducted to determine whether the auditee is following specific procedures, rules, or regulations set by some higher authority. Following examples of compliance audits for a private business.

Determine whether accounting personnel are following the procedures prescribed by the company controller.

Review wage rates for compliance with minimum wage laws

Examine contractual agreements with bankers and other lenders to be sure the company is complying with legal requirement.

Government units, such as school districts, are subject to considerable compliance auditing because of extensive government regulation. Many private and not-for -profit organizations have prescribed policies, contractual agreements, and legal requirements that may require compliance auditing. Compliance audits for federally funded grant (联邦资助项目）programs are often done by CPAs and are discussed in detail further.

Results of compliance audits are typically reported to management, rather than outside users, because management is the primary group concerned with the extent of compliance with prescribed procedures and regulations. Therefore a significant portion of work of this type is often done by auditors employed by the organizational units when an organization such as the IRS wants to determine whether individuals or organizations are complying with its requirements,the auditor is employed by the organization issuing the requirements.

说明：合规性审计可以单独进行，也可以作为其他两种审计的一部分，一般属于内部审计的一部分，当然也可以外聘审计师来作，结果保送到企业管理层。

A financial statement audit

A Financial statement audit is conducted to determine whether the financial statements are stated in accordance with specified criteria. Normally, the criteria are U.S. or international accounting standards. Although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In determining whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements. The primary focus of this book is on financial statement audits.

As businesses increase complexity, it is no longer sufficient for auditors to focus only on accounting transactions, an integrated approach to auditing considers both the risk of misstatements and operating controls intended to prevent misstatements. The auditor must also have a thorough understanding of the entity and its environment. This understanding includes knowledge of the client’s industry and its regulatory and operating environment, including external relationships, such as with suppliers, customers, and creditors. The auditor also considers the client’s business strategies and processes and critical success factors related to those strategies. This analysis helps the auditor identify business risks associated with the client’s strategies that may affect whether the financial statements are fairly stated.