Summary: Many organizations, especially non-profits assume that a “clean” opinion on an audit indicates that there is no fraud, waste, or embezzlement. However, audits are not designed to detect fraud and abuse, only to give an opinion regarding the correctness of the financial statements and notes. An alternative to the audit are Agreed-Upon Procedures, which can be tailored to what the organization wants to have tested. Agreed-Upon Procedures are a fraction of the cost of an audit, and many times is a better alternative than an audit.
In an audit, the auditor obtains outside evidence regarding the correctness of financial accounts. For example, the auditor may request a confirmation of the ending bank balance directly from the bank, and then verify this amount to the organization’s bank reconciliation.
Likewise, the auditor may request confirmation from customers or clients regarding the amount they owe the organization, and then trace the responses back to what is recorded on the organization’s books.
Additionally, the auditor is required to document the system of internal control (how the organization uses procedures and policies to mitigate the risk of preparing incorrect financial statements), and plan specific audit steps based on this analysis. This is only one of the myriad of checklists and programs that an auditor must follow, and the typical audit file can contain well over 100 pages of these types of checklists and forms. This is why the average audit costs more than $10,000 for even the smallest non-profit. More complex non-profits can have an audit fee many times the amount above.
In some cases, especially where the audit is not necessary for banking or other 3rd party purposes (such as grant reporting), agreed-upon procedures may be a better alternative.
In an agreed-upon procedures engagement, the organization determines what aspect of their organization they want to have tested, often with the assistance of the CPA, and determines the specific steps to follow. This is easier than it sounds. The easiest way to start is to simply state what the board or management is concerned about, and the CPA can help to put together specific procedures and testing steps. For example, a common question is “are the bank accounts reconciled mathematically correctly each month?” The resulting procedure would be for the CPA to examine each bank reconciliation for the year, check its mathematical accuracy, and trace the balance to the bank statements. This is typically not done in an audit, as only the end of year bank reconciliation is typically tested.
There is virtually no limit to what can be tested under an agreed-upon procedures engagement, however the procedure must result in items that can be objectively tested. In the example above, it is easy to objectively determine if the bank reconciliations have been performed monthly, are mathematically correct, and agree to the bank statement – it’s a simple yes or no answer. However, a question such as “are we spending our money efficiently” cannot be objectively tested, as the term “efficiently” may have a different meaning among different organizations and even different board members of the same organization. However, even in this case, it may be possible to break the question down into objectively-verifiable parts to be tested (for example, are at least 3 vendor bids obtained for any purchase over a certain amount).
The report from an agreed-upon procedures engagement is very different than an audit. In an audit, the CPA renders an “opinion” regarding the correctness of the financial statements and notes. In an agreed-upon procedures report, the CPA will list the procedure or area to test (i.e., the “question”), the particular steps performed (e.g., “a sample of 6 months of bank reconciliations were obtained and tested for mathematical accuracy and agreed to the bank statements”), and the result of testing, called a “finding”. A finding doesn’t denote a negative outcome, but simply the result of the procedures applied.
The main differences between an audit and an agreed-upon procedures engagement are:
- The CPA’s audit report contains an “opinion”, the gold-standard for providing assurance to outside parties such as lenders and grantors regarding the correctness of the financial statements and notes.
- The use of the CPA’s audit report is not restricted, it can be relied upon by any party.
- Because of the required planning procedures and hundreds of pages of checklists and programs, an audit requires more time to complete than an agreed-upon procedures engagement, and costs from $10,000 at a minimum to well over $40,000 for even reasonably simple operating organizations.
- An audit report does not discuss procedures performed, items tested, or the results of testing.
- The agreed-upon procedures report does not contain an “opinion”, only a listing of the procedures to test, the testing performed, and the results of that testing.
- The use of an agreed-upon procedures report is restricted to those requesting the agreed-upon procedures, and if made available to outside parties, those parties should understand the context of the work performed and have the ability to comment on or add to the procedures performed.
- An agreed-upon procedures engagement typically costs a fraction of a full financial audit. Agreed-upon procedures engagements may range from several hundred dollars to a few thousand dollars.
- An agreed-upon procedures report will list the procedure, the method of testing and specific steps performed, and the results of that testing.
Because the auditor does not need to document and perform the procedures required in an audit, the cost of an agreed-upon procedures engagement is typically a fraction of the cost of a financial audit, and frequently provides information to the board that is considered more useful than an audit opinion.
For more information on agreed-upon procedures and how this may be of benefit to your organization, feel free to contact us.