An Update on Review Engagements

SSARS no. 10 amends the guidance covering reviews of financial statements.


SSARS NO. 10, PERFORMANCE OF REVIEW ENGAGEMENTS, effective for reviews of financial statements for periods ending on or after December 15, 2004, amends SSARS no. 1, Compilation and Review of Financial Statements, by introducing new requirements for performing such services.

CPAs MUST APPLY THEIR KNOWLEDGE OF FINANCIAL and other factors affecting the broad economy, the client’s entire industry and the client’s company. Together these three kinds of information provide the basis for developing expectations necessary to measure the reasonableness of the client’s financial statements.

MANAGEMENT’S WRITTEN REPRESENTATIONS and staff’s oral statements made during discussions with the CPA complete the picture of the client’s business situation and help ensure it’s accurately reflected in the entity’s financial statements.

FRAUD IS A MAJOR NEW FOCUS of SSARS no. 10, which requires accountants to obtain specific representations from management concerning its knowledge of any actual fraud or suspected fraud affecting the entity, involving management or others and potentially having a material effect on the financial statements. SSARS no. 10 also requires CPAs to obtain management’s acknowledgement of its responsibility to prevent and detect fraud.

IN MAY 2004, THE ARSC ALSO ISSUED SSARS no. 11, Standards for Accounting and Review Services, which establishes a SSARS hierarchy that describes the relative authority of various publications. SSARS themselves have the most authority, interpretive publications have the next greatest weight and other publications have the least.

J. RUSSELL MADRAY, CPA, is president of Madray Group Inc., an accounting and auditing technical consulting practice. He also is a senior lecturer at Clemson University’s School of Accountancy and Legal Studies in Clemson, South Carolina. His e-mail address is .

n issuing Statement on Standards for Accounting and Review Services (SSARS) no. 10, Performance of Review Engagements, the AICPA accounting and review services committee (ARSC) has introduced the most significant changes in review engagement requirements since it released its first statement in 1978. This article gives practitioners and members in industry a look at the changes, which take effect for reviews of financial statements for periods ending on or after December 15, 2004.

By the Numbers
Reviews provide limited assurance that a client’s financial statements are free from material misstatement.

Source: PCPS/Texas Society of CPAs National MAP Survey of 3,052 firms, 2003.

SSARS no. 1, Compilation and Review of Financial Statements, has long been the source of information on procedures applicable to a financial statement review. But practitioners said they needed new and more comprehensive direction on several topics, such as inquiries, analytical procedures and documentation requirements. The new statement, which the ARSC issued in May 2004, amends SSARS no. 1 by providing guidance on

Analytical procedures, including specific instruction on how CPAs should compare client financial data with their existing expectations based on their understanding of the entity and the industry in which it operates. (See “ Testing for Reasonability. ”)

Questions that accountants should consider directing to management, including specific ones about its knowledge of any actual or suspected fraud that could have a material effect on the financial statements, or of transactions occurring or recognized near the end of the reporting period.

Statements in the representation letter required from management to confirm its oral responses to the CPA’s inquiries about fraud.

Documentation requirements.

Testing for Reasonability
SSARS no. 10 does not introduce methods for evaluating the reasonableness of the financial information management provides during a review engagement. CPAs always have been able to use a variety of analytical procedures for this purpose, from simple comparisons to complex models involving many relationships and data elements. Instead, SSARS no. 10 reinforces the appropriateness of using such methods and introduces a requirement that accountants document the analytical procedures they use during a review. These procedures compare key financial data with information from prior periods or with benchmark budgets and forecasts from the entity’s industry; with nonfinancial information that may be financially significant; or with any combination of these. The three types of analyses accountants most commonly perform are

Trend analysis, a comparison of a current recorded amount with the prior year balance or with balances from two or more periods. For example, practitioners often contrast monthly sales totals for the current year and preceding year.

Ratio analysis, a proportion calculated for the current period measured against a related or similar one for a prior period, an industry standard or a budget. The four major types of ratios measure liquidity, profitability, leverage and activity. For example, by calculating an inventory-turnover ratio, which compares the cost of sales to average inventory, the CPA may be able to identify inventory misstatements.

Model-based procedures, which use client operating data and relevant external data, such as industry-specific and general economic information, to develop an expectation for a recorded amount. These procedures also evaluate financial data for reasonableness. For example, the number of employees can be used to determine average wages or vacation pay per employee. Because nonfinancial operating data often are generated and maintained outside of the accounting department, comparisons involving such data can offer an independent check on the reasonableness of related financial information.

Analytical procedures provide a basis for the limited assurance CPAs provide in the review report and may identify financial statement items that appear to be materially misstated. The techniques for conducting an analysis fall into two categories: developing expectations—although this term was introduced in SSARS no. 10, SSARS no. 1 introduced the concept it represents—and evaluating results.

Developing expectations. In review engagements CPAs develop expectations by identifying and considering relationships they reasonably could assume might exist, given their understanding of the entity and the industry in which it operates. Expectations developed by a CPA in a review ordinarily are less encompassing than those developed in an audit, and in a review, it isn’t necessary to corroborate management’s responses with other evidence. Although SSARS no. 10 does not provide guidance on how to deal with the highly judgmental nature of this process, practitioners must be able to assimilate a wealth of information into a series of logical and internally consistent conclusions (see “ Key Factors in a Financial Relationship ”).

Key Factors in a Financial Relationship

W hile SSARS no. 10 requires CPAs to document the items they consider in developing expectations relating to the financial statements, it does not say how they should formulate those expectations. In my view, to perform this function properly CPAs need to be aware of

The general economy. Financial conditions establish the background for developing expectations. CPAs should stay abreast of trends in the regional and national economy, which can have a significant effect on the client and ultimately on its financial statements. If interest rates rise steadily, for example, a practitioner would expect the client’s interest costs to be higher than they were a year ago, assuming the amount of debt outstanding is relatively stable and its maturity short term.

The client’s entire industry. CPAs can evaluate industry trends to formulate more detailed expectations. Examples include the economic cycle and maturity of the client’s industry, the pace of technological change in the industry and relevant government regulations. If the client’s industry is at the low point of an economic cycle, the CPA would expect excess operating capacity to create significant volume variances that would affect the client’s gross profit margin and overall profitability.

The client’s company. CPAs should make inquiries to develop a general understanding of the client’s organization and operating characteristics and the nature of its assets, liabilities, revenues and expenses. They should become familiar with the client’s production methods, distribution system and products and services. A practitioner may have developed such knowledge during prior review engagements and by providing other services for the client. Based on prior engagements, for example, the CPA may be aware the client often makes costing errors when pricing certain raw materials.

Evaluating results. CPAs do this by comparing the recorded amounts—or ratios developed from them—with the expectations they’ve developed. The practitioner’s knowledge of the client and the industry in which it operates is essential to interpret the results of the analytical procedures and to determine when a difference from an expected amount is significant. For example, it’s important for CPAs to know whether fluctuations from previous periods resulted from changed conditions, such as major increases in product selling price, inventory obsolescence or changes in credit policy. It’s equally crucial to identify when a value should have fluctuated but did not, such as when a company’s gross profit percentage remained substantially the same even though its raw material costs increased significantly while its prices stayed flat. The AICPA’s annual Audit Risk Alert series is a good source of up-to-date information on economic and industry trends that can help CPAs make such evaluations accurately. For titles in the series, see “ AICPA Resources .”

After applying a specific analytical procedure to the client’s financial information, CPAs should compare the actual results with their original expectations of what that outcome should be. It is essential to do this, in my opinion, by means of objective analysis—by evaluating the results of the analytical procedure to determine whether the result is consistent with the expectation—rather than by relying on rationalization, that is, searching for conditions that support a result without identifying which conditions are the most important, most logical and most relevant to the evaluation.

The ARSC also created an issues paper, Analytical Procedures in a Review Engagement , that explains certain requirements related to analytical procedures in review engagements, including the development of expectations and the documentation of analytical procedures in such engagements.

The inquiry process is a fundamental technique used to collect information relevant to the financial statements. It should be evolving and ongoing. SSARS no. 10 gathers the inquiries the accountant should consider performing in one place in a logical sequence, and adds new ones—most notably concerning fraud.

Practitioners should consider making inquiries to management concerning the following matters, most of which are introduced in SSARS no. 10:

The preparation of the financial statements in conformity with consistently applied generally accepted accounting principles (GAAP) or an other comprehensive basis of accounting (OCBOA).

The entity’s accounting principles and practices, methods followed in applying them and the procedures for recording, classifying and summarizing transactions and accumulating information for disclosure in the financial statements. (Previously discussed in AR100.28.)

Unusual or complex situations that may have an effect on the financial statements.

Significant transactions occurring or recognized near the end of the reporting period.

The status of uncorrected misstatements identified during the previous engagement.

Questions that have arisen in the course of applying the review procedures.

Events subsequent to the date of the financial statements that could have a material effect on the financial statements.

Management’s knowledge of any actual or suspected fraud that affects the entity and involves management or others where the fraud could have a material effect on the financial statements.

Significant journal entries and other adjustments.

Communications from regulatory agencies.

Actions taken at meetings of shareholders, the board of directors, committees of the board or comparable gatherings that may affect the financial statements. (Previously discussed in AR100.28.)

Although the inquiry process is straightforward, its success depends on how it is followed. A related critical factor not within SSARS no. 10’s scope is the importance, in my opinion, of CPAs’ knowing what questions to ask and how to effectively pursue a particular line of inquiry. The quality of the review engagement is reduced dramatically when a practitioner performs inquiries in a mechanical fashion and accepts responses without thoroughly evaluating them. For example, a practitioner who is aware of major recent changes in the client’s business activities or structure would be remiss in not probing further if the client said there had been no such modifications.

Many of the questions typically found on engagement checklists apply to almost all review engagements. CPAs typically ask such questions in a formal manner when they interview appropriate client personnel and record their responses directly in the documentation. But the inquiry should consist of more than this rather rigid process; it also should take the more dynamic form of a dialogue between the CPA and the client’s management. As practitioners become aware of circumstances, facts or relationships, they may find it logical and appropriate to pose follow-up questions to the client.

For example, the CPA may ask management to provide more information about a recent acquisition that the company made and how it recorded the transaction, and then change the focus of the questioning based on the client’s responses, if applicable. Or when a relative of the company’s owner is a company subcontractor, the CPA might inquire about the types of services the relative provides and how he or she is compensated.

An All-SSARS Lineup
T he accounting and review services committee (ARSC) in May issued SSARS no. 11, Standards for Accounting and Review Services, which establishes a SSARS hierarchy and informs practitioners of the appropriate publications’ relative authority. The statement, which took effect upon issuance, also addresses a technical correction to SSARS no. 2, Reporting on Comparative Financial Statements. SSARS no. 2 currently provides guidance to be followed when the financial statements of a prior period were compiled or reviewed by a predecessor accountant whose report is not presented, and the successor accountant has not compiled or reviewed those financial statements. SSARS no. 11 also amends SSARS no. 2 to conform with the guidance found in SAS no. 58, Reports on Audited Financial Statements, as amended, which states that a successor auditor may name the predecessor auditor if the predecessor auditor’s practice was acquired by, or merged with, that of the successor auditor.

A review engagement provides limited assurance the financial statements require no material modifications to conform to GAAP or an other comprehensive basis of accounting. Misstatements could be intentional, thus constituting fraud, or unintentional, the result of error. The ARSC determined that the issue of fraud should be addressed in a review engagement; SSARS no. 10 therefore requires specific inquiries about fraud and specific written representations from management about it.

SSARS no. 10 requires the accountant to obtain from management written representations for all financial statements and periods covered by the accountant’s review report (see “ Your Signature, Please ,” below). The contents will depend on the circumstances of the engagement and the nature and basis of presentation of the financial statements, but SSARS no. 10 requires specific representations from management on the following matters:

Management’s acknowledgement of its responsibility to prevent and detect fraud.

Management’s knowledge of any known or suspected fraud affecting the entity, involving management or others, where the fraud could have a material effect on financial statements.

The ARSC issued an interpretation ( ) of SSARS no. 10 to provide guidance on the steps CPAs should follow to perform the required communication when, during a compilation or review engagement, they suspect fraud or an illegal act may have occurred.

Your Signature, Please
SSARS no. 10 requires that the representation letter be signed by those members of management whom the accountant believes are responsible for and knowledgeable—directly or through others in the organization—about the matters covered in the letter. Normally, this would be the CEO and CFO or others in equivalent positions. Even if the current management was not present during all periods covered in the accountant’s report, the accountant should obtain their written representations on all such periods.

Documentation is the principal record of the procedures performed and the conclusions reached in performing the review. The ARSC determined that SSARS no. 1 didn’t provide enough specific documentation guidance for practitioners. The guidance now requires the documentation to describe

Matters covered in the practitioner’s inquiries.

Analytical procedures performed.

Significant expectations that otherwise were not readily determinable from the documentation of the work performed and factors considered in the development of those expectations.

Results of the comparison of the expectations to the recorded amounts or ratios that are developed from the recorded amounts.

Any additional procedures performed in response to significant unexpected differences arising from the analytical procedures and the results of such procedures.

Unusual matters—such as significant journal entries that were made on the last day of the accounting period for no apparent business purpose—the practitioner considered during the performance of the review procedures and their disposition.

The management representation letter.

SSARS no. 10 does not preclude CPAs from supporting their review reports by means in addition to the review documentation. This may be written documentation contained in other engagement files (for example, compilation files) or quality control files (for example, consultation files) or oral explanations when the accountant finds it necessary to supplement or clarify information contained in the documentation. Oral explanations should not be the principal support for the work performed or the conclusions reached.


CPAs should know how to develop expectations by identifying and considering relationships they reasonably can expect to exist, based on their knowledge of the entity and its industry.

Practitioners also must use that knowledge to contrast the values recorded in the client’s financial statements—or ratios based on those values—with the expectations they have developed during the review.

A CPA’s inquiries during a review should be sufficiently flexible and open-ended to identify any inconsistencies between expectations and results and resolve any inconsistencies to the extent possible and appropriate.

It has been more than 25 years since the ARSC issued SSARS no. 1. With the issuance of SSARS no. 10, practitioners now are required to raise the issue of fraud. Will this change raise the bar of a review engagement, as some practitioners predict, and lead to a better understanding by management of their responsibilities, and therefore, to higher-quality engagements? One thing is certain—as the profession enters a new era of scrutiny by the public and regulators, it is imperative that practitioners and management understand their respective roles and responsibilities.


Advanced Update for Compilation and Review Engagements, a self-study course (# 731503JA).

AICPA InfoBytes, Drafting Audit, Review, and Compilation Reports.

AICPA InfoBytes, Reporting on Review Engagements.

Compilation and Review Engagements, a self-study course (# 733672JA).

Compilation and Review Risk Alert, Strategic Briefing, a self-study course consisting of a recent AICPA webcast archived on CD-ROM (# 737157HSJA).

AICPA Audit and Accounting Manual, loose-leaf subscription (# AAM-XXJA); paperback (# 005133JA).

AICPA Audit Guide, Analytical Procedures, paperback (# 012554JA).

Audit Risk Alert, Compilation and Review, paperback (# 022304JA).

In addition to its general Audit Risk Alert , the AICPA publishes analyses focused specifically on auto dealerships (# 022444JA); banks, credit unions and other lenders and depository institutions (# 022294JA); common interest realty associations (# 022464JA); construction contractors (# 022314JA); employee benefit plans (# 022414JA); health care organizations (# 022344JA); high-technology enterprises (# 022404JA); independence and ethics (# 022474JA); insurance companies (# 022354JA); investment companies (# 022364JA); manufacturing (# 022374JA); not-for-profit organizations (# 022424JA); real estate (# 022394JA); securities (# 022384JA); single audits (# 022454JA); and state and local governments (# 022434JA).

Review Engagements: New and Expanded Guidance on Analytical Procedures and Inquiries, paperback (# 006618JA; available October 2004).

For more information or to place an order, go to or call the Institute at 888-777-7077.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.