Build On Your Firm's Strengths

From the enormous number of opportunities, choose only the ones your firm can handle.

  • NEW ASSURANCE SERVICES open up enormous opportunities for firms. But the services wont succeed unless they meet the market demand and also match CPA firm capabilities. Firms must choose new services that are a good fit with their competencies, cultures and reputations.
  • TO DETERMINE THE FEASIBILITY of offering a new service, a firm must determine its expected revenue. To arrive at that figure the firm must research the market to find the number of potential buyers of the firms service and approximate an average fee per engagement.
  • COSTS TO DEVELOP NEW SERVICES include development personnel training, technology, litigation risk and marketing.
  • FIRMS CONSIDERING OFFERING NEW assurance services must evaluate their ability to provide the services at a professional level. Firms must conduct a competency gap analysis to determine whether additional skills are needed.
  • LIABILITY RISK S ASSOCIATED with new assurance services can be controlled by the way in which the service is structured and delivered. Every technique that improves service quality lowers the litigation risk. Quality control is primary among such techniques.
  • OTHER TECHNIQUES THAT REDUCE risk include the use of cautionary language in assurance engagements, structuring new assurance services to be governed by contract law rather than tort law, using loss-limiting clauses in the engagement terms and agreeing to use alternative dispute resolution procedures to settle disputes.
  • INDEPENDENCE ISSUES, such as conflicts of interest, may arise in providing new assurance services. Firms need to establish a concept of assurance independence that applies to such services.
ROBERT K. ELLIOTT, CPA, is a partner of KPMG Peat Marwick LLP in New York City. He was chairman of the AICPA special committee on assurance services.
DON M. PALLAIS, CPA, has his own practice in Richmond, Virginia. He was executive director of the AICPA special committee on assurance services and now is a member of the assurance services committee.

CPA firms delivering new assurance services wont succeed unless the services they choose both meet market demand and match the firms capabilities. Not every accounting firm can provide every assurance service. A firm must know not only how to identify customer needs for assurance services but also how to choose the services that best fit the firms expertise.

This article explores how firms can decide on new assurance opportunities to develop. But such an exploration cannot be comprehensively covered in a single article. Each firm should consider its own characteristics, resources and capabilities as well as the potential fees from and costs of offering a new assurance service.

Special Committees
Web Sites in this Article

Paper on competencies:

Recommendations on liability risk:

Assurance independence:

The assurance service a firm decides to offer should fit the firms reputation and culture. A firm with a boutique, high-margin practice, for example, would have to think carefully about offering a service based on high volume and low margin. A misfit not only could reduce the likelihood of success in the new venture but also hurt the firms already successful operations.

The more closely the competencies needed for a new service match the firms strengths, the better the fit. A good fit offers a firm a competitive advantage over other providers of the service that lack desirable strengths. Clients are more likely to believe, for example, that tax planning is top level when a CPA already has services, known skills and experience in tax compliance work than when the provider has no experience related to taxation. The competitive advantage of a good fit also can come from being able to sell the service at lower cost or to provide a better service at a competitive price.

To determine potential revenues, multiply the anticipated fee per engagement by the estimated number of customers. To estimate a fee, start with a fee clients will accept. This means valuing the services importance to clients—that is, the degree to which it will make them better off economically. The estimate might be made by using the fees for comparable services and refining that figure with formal or informal market research. When fees for comparable services are too rough to be relied on, make a direct estimate of the value to the customer. For example, the value to a client of assurance on compliance with regulations would be influenced by the potential risks of being found in violation. The higher the dollar value of the potential loss and the more diligently potential violations are pursued, the more valuable the service to the client.

Audit fees evolved over the years and were not subjected to this model, but if they were, the ingredients for value to the client would be clear. Audits lower the cost of capital. The basis points by which the audit lowers the cost of capital times the amount of capital gives the audits value to the client in dollars. The relevance of this example, so true and yet so unappreciated and rarely applied, is that a clients tolerance for a fee must be based on its understanding of the services value. The assurer can help clarify the understanding but in the end is bound by the clients beliefs and attitudes, which define what the market will bear. That is why focus groups and other market research are sometimes needed to sharpen estimates.

To estimate the number of probable customers, three figures are used: (1) the total possible number of customers for the service in the marketplace, (2) the percentage of those who are likely to actually purchase the service and (3) the percentage of the purchasers that your firm can expect to get (that is, market share). Multiplying these three factors gives the probable number of customers for your firm. Various information sources can help in making the estimates. For example, total possible customers might be available from census data for the area, from other public sources or from economic consultants. The penetration rate of comparable services performed by your firm is a useful starting figure for the proportion of those who will actually purchase the service.

Exhibit 1 illustrates and gives an example of the overall process, showing some sources for the estimates. A hypothetical example helps highlight some of the points.

The costs to bring a new service to market include development, training, technology and marketing and the costs of opportunities foregone as a result of investment in the new service. After the service has reached the market, costs include marketing and personnel as well as litigation risk, which is discussed below.

There will be a learning curve, of course, as the practitioner gains experience with the new service. A typical learning curve is illustrated in exhibit 2. The effect of the learning experience is greater efficiency translating into an improved margin. The cost per engagement declines as the number of engagements performed increases. A practitioner could sensibly take some losses in introducing a service if an attractive margin is in the offing.

New services may call for new competencies. That depends on whether the firm already has the competencies that will be needed. But no potential service can be responsibly considered without evaluating the firms ability to provide it at a professional level. Exhibit 3 puts the issue in broad perspective. The firms objective is to close the gap between its existing competencies and those needed to deliver new services. The firm can close the gap by training, hiring or reducing the desired competencies by reducing service offerings.

The special committees paper on competencies needed for the future describes competency gap analysis more fully. The paper is available at

Preparing for the evolution of the market in new assurance services is plain prudence—the concept is not much different from doing what is necessary to ensure that skills and knowledge are appropriate for the changing demands in traditional services. For example, whether or not your firm is going to offer electronic commerce assurance services, you will still need to sharpen your skills and knowledge of information technology, because its advance affects the demands on professionals who deliver traditional services.

New assurance services carry liability risks. CPAs should first determine whether the risks are acceptable to the practice or would add too heavy a burden. If the risks are acceptable, they can be controlled by the way the CPA structures and delivers the service.

Every technique that improves service delivery also helps lower litigation risk, because it reduces the likelihood of engagement failure and makes the service more defensible if an unwarranted suit arises. Quality control is therefore a primary technique to manage litigation risk.

The same techniques that reduce litigation risk for existing services can be integrated into the process of developing new assurance services. Apart from quality control, the special committee noted these:

  • Cautionary language can help protect assurers from unwarranted liability when used in information describing an assurance engagement and in assurance reports. Such language warns of the limits of information to prevent a reader from being misled. The best known use of cautionary language today is in financial forecasts. ("There usually are differences between the forecasted and actual resultsand those differences may be material.") Cautionary language can be a useful risk control device when developing and structuring any new assurance service.
  • Structuring new assurance services to be governed by contract law, not tort law, promises advantages in many circumstances. Under tort law, settlements and court awards are generally unlimited and may be quite large, whereas in contracts the terms of the engagement can be specified, the potential damages for misperformance can be limited and the resolution of disputes can be mutually arranged and thereby controlled. Of course, contracts generally bind only those who agree to them, so they cannot protect against the claims of those not party to the contract. Nevertheless, engagement letters are contracts and affect litigation risk, as the next two points illustrate.
  • Loss-limiting clauses should be considered when arriving at engagement terms. These are contractual clauses that (1) agree to indemnify the client a specified amount (for example, fees paid) for losses caused by the services delivered or (2) agree that the client will indemnify the accountant for claims by third parties (gross negligence or willful misconduct by the accountant are typically identified exceptions).
  • Alternative dispute resolution (ADR) can be required by an engagement letter or can be agreed to after a dispute arises. ADR refers to a range of procedures that includes arbitration (where a third party makes the decision) and mediation (where a third party assists the disputants to reach a voluntary settlement). Intermediaries typically are chosen by the parties, and the rules generally are either set by the parties or approved by them. The obvious advantage of ADR is that it avoids the uncertainties of the courtroom. However, it also can prompt claims by some who would not otherwise press them. ADR can make it less costly to enter a claim as well as to defend it.

The special committees conclusions and recommendations on liability risk are stated fully at

When deciding whether to develop or provide a new assurance service, firms should consider potential conflicts of interest. Some examples are

  1. A preferred installer of a new software package cannot offer written assurance on its characteristics.
  2. Being on the board of a home health care organization disqualifies a CPA delivering ElderCare-Plus services from providing evaluations of home health care options in the area served by the health care organization.
  3. Holding stock in entities nominated for an award disqualifies a CPA from performing an engagement to count ballots for the award, just as having a brother who is the chief executive officer of one of the nominees disqualifies the CPA from performing the engagement.

In each of these cases, the assurer is not independent. But only in the first—an attest engagement—is there professional guidance on what is permissible. The special committee believes, however, that in all cases an assurer must be independent even when there are no applicable authoritative rules. The firm would damage its reputation and that of the profession by performing an assurance engagement with a conflict of interest.

Independence presents a problem that could grow as new assurance services play a larger and larger role in CPAs practices. The problem is how to make the judgments without authoritative guidance for the endless variations of new assurance services that are possible. Clearly, firms need a concept of assurance independence to apply to new assurance services.

For this reason, the special committee developed a concept of assurance independence for use with assurance services other than audit and attest services:

"Assurance independence is an absence of interests that create an unacceptable risk of material bias with respect to the quality or context of information that is the subject of an assurance engagement."

A "material bias" exists if a reasonable person with knowledge of the assurers interests in the information (or context) would conclude that the assurers objectivity is impaired.

"Information that is the subject of an assurance engagement" includes the output of information systems that are the subject of assurance engagements. For example, in an assurance engagement to evaluate the reliability of a system that produces customer satisfaction information, the assurer is independent if the CPA has no interest that could create an unacceptable risk of material bias with respect to the quality or context of the customer satisfaction information.

When assurers supply the information that is the subject of the engagement, they must be independent with respect to it. For example, if an assurer gives a report about a companys qualifications to be certified for its quality controls (ISO 9000 certification), that assurer should not have interests in the reported information that would present an unacceptable risk of material bias. Ownership of material amounts of the companys securities would constitute such an interest.

The special committees concept of assurance independence is more fully described at

Assurance on Risk Assessment Services

Organizations that want to achieve their strategic objectives are mindful of the risk that events and actions might damage their ability to do so. The special committees research shows that managers, boards, creditors and owners are increasingly worried about the growing range of the risks facing their enterprises; regulators share their concern. Experiences such as the derivatives debacles, the sudden downfall of the financial house Barings, environmental disasters and the new mix of political conditions faced by transnational business have reminded the business community and its observers the world over of the need for risk management. Moreover, as the pace and complexity of economic activity increase, risk management becomes even more important. Conditions are less forgiving of inefficiencies and of strategic and tactical errors. This applies to not-for-profit entities as well as to business corporations. These circumstances create a market for improved information on risks.

The services

Assurance on risk assessment is a group of related services. The CPA can help identify the primary risks facing an entity, assess them or evaluate the entitys systems for identifying, limiting and responding to risks.

Risk assessment includes gauging the likelihood of adverse events of significant magnitude and quantifying the possible magnitudes of the events. The measures can be quantitative, such as dollars, or qualitative, and be judged manageable, difficult or catastrophic.

Risk assessment services can result in the issuing of a report under the attestation standards. For example, trading partners, investors, creditors and regulators can benefit from an independent evaluation of managements assessment of the entitys risks. On the other hand, management may want to receive assurance about the nature and extent of the risks it must control, which would result in a direct report.

Individual CPAs can develop their own criteria to identify and assess clients risks, or they can use publicly available criteria. Marketplace positioning

The principal purchasers of these services are the senior managers and boards of directors of larger businesses and owners of small businesses. Therefore, CPAs who serve both small or large clients can provide risk assessment services.

CPAs are generally perceived as having knowledge of business risks, on the good grounds that they must make such evaluations on audits. The perception should help the professions market position. However, there is competition: businesses are devoting increasing attention to in-house risk assessment, and consulting firms provide related services, such as strategic analyses.


CPAs possess much of the knowledge used in risk assessment. Auditors are experienced in evaluating control systems designed to safeguard assets and limit the risks of erroneous financial information and in identifying and evaluating risks faced by financial statement preparers. CPAs evaluate going-concern situations, they assess how management mitigates the risk of business failure and they evaluate a variety of risks in the course of client acceptance and retention procedures. They have considerable knowledge of the business practices, laws and regulations affecting transactions. Nevertheless, CPAs could benefit from training in elements of business strategy and external environment and in areas of special risks.

Practitioners Publishing Co. has developed relevant practice aids, some of which can be downloaded from The aids include material on procedures and a risk identification questionnaire.

The AICPA has developed a self-study CPE course, Assurance Services: Risk Assessments ($49; product no. 732024JA; 2 hours recommended CPE); to order, call 800-862-4272. The course focuses on how the service fits into the concept of assurance services, the skills and resources needed to provide the service and how to identify client needs and deliver the service. The committee of sponsoring organizations of the Treadway commission (COSO) wrote a comprehensive risk-assessment framework that would be useful to CPAs assessing the full range of risks facing an enterprise (product no. 990009JA).

Screening potential services and gearing up to provide new assurance services call for judgment. There are few certainties in estimating costs and benefits, in determining potential market share, in establishing competency needs and in assessing litigation risk. Exhibit 4, at right, briefly summarizes the judgments that must be made. Practitioners will find some services immediately attractive. Other services will not fit a firms market or culture; and still others should be pursued only with a rational plan for developing needed competencies and mitigating litigation risk.

Implications of the Committees Findings
for Government CPAs

Many government CPAs already perform a wider variety of assurance services than do CPAs in most other branches of the profession. They are nevertheless affected by the same forces that are reordering the priorities of CPAs in public practice, and they are equally challenged by the opportunities and threats of the evolving practice environment.

Cost pressures affecting governments have been the stuff of electoral campaigns and highly publicized budgetary negotiations, both nationally and locally. Outsourcing and smart software are replacing in-house workers throughout our economy, particularly in tasks performed by service workers, and government functions are being spun off through privatization. Powerful trends are increasing government needs for improved information quality.

Major trends

The demand for accountability by stakeholders is rising and will continue to do so. It interacts with our political concept that governments have responsibilities to citizens and with the notion that openness is good public relations. The trend also interacts with the movement for devolved federal responsibilities and its counterpart—more empowered local governments.

These accountability demands create needs for the kinds of information that make more efficient government services possible. Modern organizations in the public or private sector need sound performance information to make effective managerial decisions.

The Governmental Accounting Standards Boards exploration of new possibilities for government reporting, from reporting service efforts and accomplishments to consideration of a new reporting model, is consistent with the burgeoning accountability forces. Nevertheless, constituents in the 80,000-plus government units in our society will have different needs that will not necessarily be satisfied by financial reporting in conformity with generally accepted accounting principles.

Information technology has long been recognized as a route to government efficiency, but its full potential has not been realized. Computerized online communications present an opportunity for governments eager to meet both the accountability expectations of their citizens and the demands for leaner, more productive government. For example, New Jersey traffic officers now carry handheld computers linked by radio to the states databases. The officers can identify scofflaws in real time, issue tickets that are instantly added to the database and summon immediate help merely by pressing a button. By cutting the time, labor and costs of issuing and processing tickets, the state is saving $5 million annually.

Governments provide much more than financial reports to their stakeholders, and these stakeholders in turn use much more than financial information for their decisions. The primary users of externally reported information are citizens, their representatives, investors and creditors.

The variety of users and information are evidence of information demand. The quality of information for external as well as internal government decision making depends on how well it meets the needs of the varied information users. The more timely, relevant and reliable it is, the more likely government can function efficiently and productively.

Accountability demands, the need for leaner, more productive government and the growing reliance on information-assisted efficiencies could be a great opportunity for government CPAs. They are both purchasers of assurance services, such as audits, and providers of them, such as financial statement preparation. When it comes to meeting expanded needs for improved information quality, government CPAs can expand the range of their own services, hire firms in public practice or find some mix of the two. The task falls to individual CPAs in government to identify their customers information and assurance needs and find ways to meet them.

Where to find January’s flipbook issue

Starting this month, all Association magazines — the Journal of Accountancy, The Tax Adviser, and FM magazine (coming in February) — are completely digital. Read more about the change and get tips on how to access the new flipbook digital issues.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.