Agreed-upon procedures (AUPs) are clearly defined tasks outlined in an engagement letter when a company hires an external party, like an auditor, to assess a specific process. The focus here is on what’s agreed upon between the auditor and the client, without the broader scope of a formal audit.
Organizations often choose AUPs when they don’t need a full financial audit but seek a straightforward, factual report on particular procedures. For instance, if one company is eyeing another for purchase, it might create AUPs to pinpoint specific financial information that could influence its buying decision.
When auditors conduct AUPs, they present factual findings without providing opinions or conclusions. This means that those who requested the procedures interpret the results themselves.
Now, let’s highlight the differences between an audit and an AUP. While both involve independent professionals and rely on evidence, their purposes diverge. An audit aims to assess overall compliance and integrity, while an AUP focuses on gathering specific information regarding a known concern. Simply put, AUPs are narrower in scope.
So, what are the key steps in an AUP?
1. The procedures and report format are outlined in a written agreement, detailing the scope and the responsibilities of the CPA or designated party.
2. The CPA crafts a plan that includes any needed financial statements and processes tied to the AUP.
3. The AUP is carried out, which might involve thorough reviews of data, identifying issues, and summarizing conclusions based on the outlined procedures.
4. The CPA generates a report that explains the executed processes and includes the results along with any limitations on scope, leaving the conclusion drawing to the intended audience.
What should the AUP report include? It should clarify executed processes, present findings, and specify any limitations. Often, AUPs involve sensitive information meant for a restricted audience. The report might also touch on the context that made the AUP necessary and state any implications derived from the findings.
AUPs find their place in many industries. Here are a few examples of when they come into play:
– Before acquiring a business or signing major contracts, companies often conduct due diligence reviews.
– Organizations may test their internal controls, security measures, and processes for detecting fraud.
– Assessing compliance with industry standards and procedures is another common use.
AUPs offer several advantages:
– Flexibility: They allow significant customization, enabling tailored planning and execution.
– Cost-effectiveness: AUPs typically provide actionable results at a fraction of the cost of a full audit.
– Focused results: Because of their narrow focus, AUPs can produce swift results that can guide strategic decisions, beyond merely validating financial operations.
However, the limited scope of AUPs comes with challenges. They don’t evaluate the overall quality of a financial system, and their findings should not be confused with an audit’s comprehensive assurance. Other drawbacks include:
– High customizability, which can reduce comparability with standard processes.
– Limited assurance about an organization’s overall financial health.
– If poorly designed, the AUP may yield information of little value.
Finally, a data privacy review serves as a vital tool for organizations aiming to understand how they manage personal information.