S3:E4 – SSAE No. 21 | Direct Examination Engagements
With compounded unique insight into the evolution of SSAE No. 21, listen in as CRI Partners Jimmy Woodall and Chad Singletary address and interpret the criteria involved with implementing this attestation standard. Get to know the potential impacts your organization may face, evaluate your current information, and prepare for the application of SSAE No. 21.
From Carr, Riggs & Ingram, this is It Figures: The CRI Podcast, an accounting, advisory and industry-focused podcast for business and organization leaders, entrepreneurs, and anyone who is looking to go beyond the status quo.
All right, good afternoon, everybody. Welcome to another episode of CRI’s podcast, It Figures. My name is Jimmy Woodall. I am the consulting service line leader here at CRI. And joining me today is Chad Singletary. Chad is a partner in our Montgomery office, and he’s going to talk to us about something called direct examinations. Chad, how you doing today?
I’m doing well. How are you, Jimmy?
I’m doing great, great. This is an exciting topic that we’ve got. And we’re thrilled to have Chad with us. Chad was actually on the Auditing Standards Board for the AICPA and was on the Attestation Standards Task Force for five years, just rolled off that. So Chad had a lot to do with writing and developing this new standard that came out on direct examination. So, a little background, last fall as part of their convergence efforts, the ASB came up with the statement on standards for attestations number 21, and primarily has to do with this thing called direct examinations. So let’s just get right into it. Chad, tell us a little bit about what a direct examination is. And how is that different from the other type of examinations that clients might be able or currently are getting from their CPAs?
I think it’s probably important for everybody to understand that we’re over in the SSAEs for this type of service, which is a statement on standards for attestation engagements. So typically the information we’re working with is not historical financial statement information. In the past, we had a section called AT-C 205, which was examinations. That has been modified now to be assertion-based examinations. And the reason for that tweak is the introduction of AT-C 206, which is now direct examinations. It really represents a completely new service that CPAs will be able to offer to clients with regard to non-historical financial statement information. And the primary differences between A-TC 205 and the new 206, really just a couple of significant differences.
The first is that in the new direct engagements, we no longer have to obtain an assertion from management with regard to the information or the calculations or things of that nature. The other thing that’s different is that in an old style examination, you’ll hear me say this a couple times today, management was required to go first. That means that they needed to take the underlying data, transactions, or whatever the case may be, and apply calculations or various things to it, and then present that information in accordance with criteria. They had to do that first, and then they would then they would make an assertion about it to the practitioner, and then the practitioner would perform the examination and have an opinion with regard to that information. So big difference here, in this new service, no longer have to get an assertion from the client, and the client does not have to go first, which we’ll talk about in a little bit, but that’s a big change, and is structurally a big part of what the ASB was trying to do, introducing this new service.
Yeah, interesting that you say that there, Chad. Give us a little bit more background on terms of how SSAE 21 came about. What all was the ASB thinking, and what was their intent in trying to create this, trying to get away from or to create the distinct, separate service from what is assertion-based and then this new direct examination? What was the thought process there?
Well, a couple things there that came together. I started to say converge because that’s actually one of the big pieces or one of the drivers here. For those out there who may be listening who are not intimately familiar with standard setting process in the US, especially with the ASB, a lot of times the ASB is monitoring and observing what is going on internationally, particularly with the IAASB, the International Auditing and Assurance Standards Board. So basically what goes on, they participate in that board too as well, but what goes on there, the ASB monitors and then takes a look at standards that come from there and says, “Okay, is this applicable in the US environment? Do we need to tweak our standards? Do we need new standards to align with or to converge,” is the word that is often used.
And in this case, the IAASB issued ISAE, International Standard on Assurance Engagements 3000. And so that’s really where it started. The, the ASB was taking a look at 3000 and determining which 3000 is really direct engagements in the international setting. And so the ASB started looking at it and trying to determine if that was needed in the US. It did not exist. So it was determined there was a need. So really one big driver here was convergence. And that is true with almost all standards that the ASB works with.
The other was this perception and feedback from practitioners about clients need for practitioners to help them, as I mentioned just a few minutes ago, this concept of management going first. Well, sometimes clients or management have a need for an attestation or an opinion on certain types of information, but they may not have the expertise or the experience to perform that first calculation and they need the assistance of a practitioner to do so. So that’s really the crux of what this new standard allows, is it allows the practitioner, we’ll talk a little bit more about this as we move along, the practitioner to get down in the weeds a little bit with the client with regard to the actual calculations. And I’m using calculation, but it could be other forms also.
Let’s talk about independence. So on attestation engagements, the AICPA requires that their CPAs are independent. Do they still have to be independent for direct examinations, or has any of that changed?
That was really the interesting part of being on the task force, Jimmy. In fact, it was almost just a stopgap because one of the gold standards of our profession is independence, and obviously integrity and objectivity, but independence. When it comes to opining on information, independence is paramount.
So when you start discussions of the CPA maybe getting involved with a client in helping them with certain calculations or measurements, then a lot of folks in the rooms eyes open up wide and they go, “Wait just a minute. What about independence? If a CPA does that sort of thing, aren’t they going to trip up independence and therefore basically their opinion might not be as good if they’re not independent?”
So in this new A-TC 206, a couple of really, really important concepts were established. And these concepts come from ISAE 3000, the international standard. And there’s a little bit of nuance here, and getting used to this terminology even took me a bit of time. But once you think about it, it makes sense. And there’s two words here that are introduced in this new standard. The first is underlying subject matter. And the second is subject matter information. Pause for a second because a lot of people are probably sitting there going, “Well, that sounds like the same thing to me.” But differentiate them in this way. Underlying subject matter, think about raw data, transactions, narrative memos, things of that nature. Subject matter information, think about calculations, evaluations, perhaps tables or report or presentations related to that underlying subject matter.
I can illustrate it by using things that we see in the historical financial statement world, so think about deferred taxes. CPAs help clients with deferred tax calculations quite often. In that scenario, the underlying subject matter might be the tax return, the depreciation schedule, various schedules and general ledger accounts that give rise to all the components of deferred tax. That would be the underlying subject matter. And then the subject matter information would be the actual deferred tax calculation, the entries to the GL and the disclosures associated with that.
So it’s really important to draw the distinction between those two, underlying subject matter, subject matter information. And the reason for that is because where independence gets preserved is that in this engagement, someone other than the CPA must accept responsibility for the underlying subject matter. Typically, that’s going to be your client. They are responsible for the data, the transaction, the narratives, the things underlying the calculation. So to perform an A-TC 206 direct engagement, somebody has to assume responsibility for the underlying subject matter information. That is really the primary thing that preserves independence.
Yeah, agree. So very, very important for companies out there, wondering if they’re trying to get one of these direct examinations, that they know the distinction between that underlying subject matter and that subject matter information, and being able to help maintain independence in that, because that’s what makes those reports so valuable, like you said. So along those same lines, let’s say that I’m a CFO or I’m a COO or someone in management of a company, and I’m looking to get a direct examination from my CPA. What are some types of direct examinations that a CPA might perform? And then what are some examples of engagements that would not be done under this new and would revert back to the old standard or some other type of guidance?
Well, I’ll talk a little bit about two that are actually mentioned in the standard. They’re mentioned by way of illustrative reports, example reports. And then I’ll mention one that’s not in the standard, but you can sort of start drawing conclusions about how it might be applied. And when I talk about them, I will first go back to these concepts of underlying subject matter and then subject matter information. So the first would be if a CFO needs a CPA to express assurance with regard to their investment return, okay, for a period or periods of time so that they might provide that to, let’s say, shareholders or financial institutions that they do business with, or you can dream up a number of scenarios that might be needed.
So in that example, the client’s underlying subject matter would be mostly investment transactions, okay, detail investment transactions executed over a period of time, whether that be a day a month or a year or a quarter, any period of time. So underlying subject matter investment transactions. Subject matter information might be … There’s a number of ways you could probably present this, but the CPA might perform calculations of ROI daily, monthly, quarterly, annually, by security type, by industry segment area. And then they might present a table of ROI based on those variables that I just talked about. So the transactions might be USM. The resulting calculations and report or tables might be the SMI in that scenario.
Another one that’s mentioned in the standard is daycare safety policies. So imagine that a daycare organization has various narratives, policies, manuals representing their safety policies. That’s the underlying subject matter. And they’re asking a CPA to opine on whether or not those policies are in accordance with the criteria of some national think tank for daycare facilities, okay? So in this case, the narratives and the various policies are underlying, and then the report that would determine if they are in compliance would be subject matter information that the CTA generates as a result of the engagement.
Third, quickly, another example is buildings, square footage, mappings of departments, and what square footage was dedicated to certain efforts in, let’s say, a not-for-profit. That might be our underlying subject matter, which the client’s responsible for. And then let’s say we need to opine on how much square footage is dedicated to or being used for certain programs or grant programs. Then the CPA might take that underlying subject matter information, they might perform those calculations, allocations, and present that in a format that would be the subject or information that indicates and that is opined on that those facilities are being dedicated to the programs as they should be, based on certain grants.
So for me, there’s about three examples, but this is a new standard, obviously, a new service. And who knows where practitioners may take this as they meet needs of clients for assurance on that type of information? As far as prohibited direct engagements, if you’re familiar with the SSAEs, there are some special sections in there in the SSAEs. And this was a little bit of … a lot of people were really hoping that this would not be the case, it would not be prohibited. Some of these things are not prohibited in the international standard, but they are in the US standard.
That is things like you’re not allowed to perform a direct engagement on compliance attestation. You’re not allowed to perform a direct engagement on a service organization, like SOC work, okay? And there are a few others, but I mention those two because the task force, and really ultimately ASB, felt like management’s assertion with regard to compliance, and management’s assertion regard to internal controls in a sock setting, for example, were just far too important to the engagement to allow direct engagements in those two cases. So just be aware, there are a few, about five areas, that direct engagements are specifically prohibited in the standard.
Very, very, very interesting. It also sounds like, Chad, is that maybe some engagements that a CPA might have previously done under AUPs, sounds like they’ve got a new avenue to do some work here where those calculations that you mentioned, they might be able to do that and help their clients out a bit more and give them a little bit more than would’ve been restricted under the old AUP guidance. Is that fair?
Yeah, that’s fair, especially, too, when might be similar to an AUP, but seeking a higher level of assurance.
So, that could be a good fit. Again, a new standard that … And this was the intent, where CPAs can fit the standard to the client need within the parameters of the standard.
All right. So can you tell us when SSAE 21 goes into effect?
So SSAE, the effective date is … and since it’s new exams, it does matter. Reports issued under A-TC 206 direct examinations would need to comply with this standard on or after June 15th, 2022. And a lot of CPAs and other financial people are familiar with the standard-setting process and effective dates. So an important note here is that early implementation is okay, all right? So it’s not like we have to wait another year in order to use this service. It’s just that reports issued have to comply after that date, but early implementation … If today, if CPAs are interested in exploring the service, learning more about it, discussing it with their clients for unique situations where it might fit, then that’s they’re good to go, because early implementation is permitted.
Awesome. All right. Well, Chad, we appreciate your time today. We appreciate your expertise in telling us about SSAE 21, and all that you’ve been through in terms of helping the ASB with that implementation and drafting that. And certainly, like I said, we’re glad to have your expertise and experience on that out there telling our folks, our practitioners and our clients out there about the service. We’re excited about it. We think it’s going to, again, offer a new level of service and opportunities for our clients to get some assurance that may have been handcuffed on a little bit in the past. So we certainly appreciate that. With that, we’re going to wrap things up. We appreciate everybody and your time today this afternoon, and everybody take care. And with that, we’ll go.
If you want more CRI insights or are interested in learning about our firm, please visit our website at cricpa.com. Thanks for listening to this episode of It Figures: The CRI Podcast. You can subscribe to It Figures on iTunes, Spotify, or where you prefer to listen to your podcasts. If you liked what you heard today, please leave us a review.
S3:E7 – The Transaction Timeline: The 5 Stages of Selling Your...
S3:E6 – Common ACFR Errors
S3:E5 – Heads up, Grant Professionals!
S3:E4 – SSAE No. 21 | Direct Examination Engagements
S3:E3 – Panic! At the IRS Disco
S3:E2 – Count Yourself in to a Career in Tax Accounting
S3:E1 – Fill Me in On NIL (Name, Image, Likeness)
Join Our Conversation
Subscribe to our e-communications to receive the latest accounting and advisory news and updates impacting you and your business.