Agreed Upon Procedures: What They Are and How They Differ From Audits

Businesses, lenders, and investors often need assurance on specific financial information without undergoing a full audit. In these situations, an Agreed Upon Procedures (AUP) engagement can offer a practical solution. Accountants perform these tailored procedures to address particular concerns or verify certain facts, providing flexibility that traditional audits may not.

Understanding AUP engagements is beneficial for financial decision-making. They offer targeted insights but are more limited in scope than audits or reviews. This article explains who typically requests an AUP, how it differs from other engagements, the process involved, and the resulting report.

Who Typically Requests This Engagement

A diverse group of stakeholders initiates Agreed-Upon Procedures (AUP) engagements to obtain factual findings on specific matters. These requests often come from parties needing verification of certain information without the comprehensive scope of a full audit or review. Common requesters include company management, lenders, investors, regulators, creditors, and potential buyers during acquisitions.

For instance, a bank considering a loan might request an AUP engagement to verify the existence and valuation of specific collateral, like accounts receivable, instead of requiring a full audit of the borrower’s financial statements. Similarly, regulators might seek an AUP report to ensure compliance with grant requirements or confirm that funds were used appropriately.

Parties involved in mergers and acquisitions frequently use AUPs during due diligence to verify details such as revenue streams or compliance with contractual terms, avoiding the cost and time of a full audit. Business owners might also initiate an AUP to investigate suspected irregularities in areas like payroll or expense reimbursements. Entities like not-for-profit organizations or family offices also find these engagements useful for testing controls or verifying compliance with internal policies.

Distinction From Audits and Reviews

Agreed-Upon Procedures engagements differ significantly from both audits and reviews in their objectives, scope, and the level of assurance provided. An audit represents the highest level of assurance, where an auditor expresses an opinion on whether financial statements are presented fairly according to a reporting framework like Generally Accepted Accounting Principles (GAAP). This involves extensive testing, including internal controls assessment and substantive procedures, governed by Generally Accepted Auditing Standards (GAAS).

In contrast, an AUP engagement, conducted under Statements on Standards for Attestation Engagements (SSAEs), provides no assurance or opinion.¹AICPA. Statement on Standards for Attestation Engagements No. 19 The practitioner performs only specific procedures agreed upon with the engaging party and reports the factual findings. The scope is limited solely to these procedures, which can cover financial or nonfinancial information. Users of the AUP report must draw their own conclusions.

Review engagements offer limited assurance, falling between an AUP and an audit. Governed by Statements on Standards for Accounting and Review Services (SSARS), reviews primarily involve analytical procedures and inquiries of management.²University of Mississippi Libraries. Proposed Statement on Standards for Accounting and Review Services Unlike an audit, a review doesn’t involve testing internal controls or detailed transaction verification. An AUP differs markedly as it provides no assurance, focusing only on reporting findings from predetermined procedures, whereas a review results in a report expressing limited assurance.

Scope and Responsibilities

The scope of an Agreed-Upon Procedures engagement is precisely defined by the specific procedures the practitioner and the engaging party agree upon. This tailored approach means the work performed varies based on the engaging party’s needs, focusing solely on executing these steps and reporting the factual findings. Procedures can address diverse subject matter, including financial data like expense testing or nonfinancial areas like verifying compliance with contract terms.

The practitioner’s main responsibility is to perform the agreed-upon procedures with professional competence and due care, adhering to standards like the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements No. 19.³Journal of Accountancy. More Flexibility for Agreed-Upon Procedures This involves executing the procedures as described and objectively reporting the findings. The practitioner must maintain independence and ensure procedures are clearly described to yield consistent, verifiable results.

The engaging party holds the responsibility for defining the engagement’s purpose and the specific procedures required. Under SSAE No. 19, the engaging party must explicitly agree to the procedures and acknowledge, typically before the report is issued, that they are appropriate for the intended purpose. This places the burden of determining procedural adequacy squarely on the engaging party, although the practitioner may assist in developing them. The engaging party and other report users must then assess the findings and form their own conclusions.

Results and Report Structure

The outcome of an Agreed-Upon Procedures engagement is the practitioner’s report, documenting the specific procedures performed and the resulting factual findings. These findings are objective descriptions of the outcomes, such as counts, comparisons, or exceptions noted.

A key characteristic of the AUP report is the absence of any assurance, opinion, or conclusion regarding the subject matter. The report explicitly states the engagement was not an audit or review and that no opinion is expressed. Users are expected to draw their own conclusions based on the procedures and findings presented.

The report’s structure follows professional standards for clarity. It typically includes:

• A title indicating independence
• Identification of the engaging party, subject matter, and responsible party
• A clear list of procedures performed and corresponding findings
• Statements clarifying the procedures were agreed to by the engaging party and the engagement followed attestation standards
• Language alerting users that the procedures may not suit their purposes and they are responsible for assessing appropriateness

Reflecting changes from SSAE No. 19, effective for reports dated on or after July 15, 2021, AUP reports are generally permitted for general use, though restriction is still possible.⁴Thomson Reuters. AICPA Issues Standards for Agreed-Upon Procedures Engagements The report must also state the practitioner’s independence and adherence to ethical requirements, ensuring it provides valuable factual information while clearly communicating the engagement’s nature and limitations.

• 1
  AICPA. Statement on Standards for Attestation Engagements No. 19
• 2
  University of Mississippi Libraries. Proposed Statement on Standards for Accounting and Review Services
• 3
  Journal of Accountancy. More Flexibility for Agreed-Upon Procedures
• 4
  Thomson Reuters. AICPA Issues Standards for Agreed-Upon Procedures Engagements