Special Reports are types of practitioner reports that are prepared in accordance with Generally Accepted Auditing Standards (GAAS). These reports elaborate and describe more information on accounts of items outside of a routine F/S engagement.
Related post: List of All Special Reports
Special reports can be on specified accounts, compliance/regulatory items, internal controls, historical financials, and so on. Understanding the different reports and which ones are most effective to choose under specific conditions will help you achieve C/CD in the Assurance elective module and Day 2 Audit role during the CFE.
Use SAPPY template
To achieve C/CD, you must address the different elements of the AO. For example, types of reports, assurance levels, user preferences, etc. To remember all the elements, use the “SAPPY” template.
SAPPY stands for: special reports, assurance levels, preferences of users, pros/cons, your recommendation.
Identify the special reports
First, you must list the special reports relevant for the company. For example:
- CSAE 3530 – Attestation engagements to report compliance
- CSAE 3531 – Direct engagements to report compliance
- CAS 805 – Audits of single F/S and specific elements, accounts or items of a F/S
- CSRS 4400 – Agreed-upon procedures engagement
You must know the different types of special reports to be able to list them. I suggest using the CPA Canada’s Learning eBook (Knotia) as a study resource. Knotia has common special reports with pros/cons of each. The following GevorgCPA article also provides a list of all special reports to know for CPA exams. For most AOs, listing 2 to 3 reports is sufficient for C.
Secondly, speak about the assurance levels. If it is a compilation, it provides no assurance. A review provides negative/limited assurance, and an audit provides positive/reasonable assurance. In your notes, make a list of special reports and their level of assurance from Knotia, and memorize them.
Pros and cons for each report
The next step is to discuss the pros/cons of each report. The most common factors to consider are the type of procedures performed, the level of work to be prepared (including timing), and the costs. Be sure to integrate case facts to make your response user-specific and discuss why it is an advantage or disadvantage.
- Procedures – An audit requires an understanding of the control environment and providing the strength of this environment, whether a reliance on control testing or a combined approach for procedures should be used. While an audit can use all types of substantive testing, a review engagement has only inquiry and analytical procedures.
- Level of effort – An audit will require a significant number of hours to complete since there are more procedures to be performed. On the other hand, a review engagement requires substantially fewer hours and testing performed due to the limited assurance level. Discuss the level of efforts and how much time the auditor has for the engagement. This is why outlining the timeline as part of your case planning is critical.
Preferences of the users
Most students don’t reach C/CD in special report AOs because they don’t talk about the users. Make sure to list the users and their preferences, just like when you’re writing the materiality section of the Audit Planning Memo.
For example, due to the increase in work performed and effort to complete the engagement, audits are more expensive. The users may not want this. The users may be struggling to collect their A/R from clients and may prefer a review for lower costs. On the other hand, the bank may require audit-level assurance to maintain the company’s loan. In this case, you need to list both users (company and the bank), and discuss which user’s preference takes priority (probably the bank).
Provide your recommendation
Based on your analysis, suggest the report that best fits the users and their preferences. Think back to the pro/cons, the users, the timeline and financial constraints. These factors drive your recommendation. For example, when the users want a review of controls of the company, then the special report CSAE 3416: Reporting on Controls at a Service Organization should be recommended.
Special Reports Example
Issue: The shareholders of Company ABC are requesting an independent party to validate the CFO’s calculation of management bonus and issue a report with some type of assurance over the calculation amounts.
Step 1: Special reports
- CAS 805: Audits of Single F/S and Specific Elements, Accounts, Items
- CSAE 3530: Attestation Engagements to Report on Compliance
- CSAE 3531: Direct Engagements to Report Compliance
- CSRS 4400: Agreed-upon Procedures Engagement (Tip: CSRS 4400 used to be called “Section 9100: Results of applying specific audit procedures to financial info”, until it was replaced with CSRS 4400 in Jan. 2022. In 2022 PEP and CFE exams, you can still speak about Section 9100. From Jan 1, 2023, and onwards, you must speak about CSRS 4400).
Step 2: Assurance level
- CAS 805: Audit level
- CSAE 3530: Reasonable and limited (Tip: Reasonable level is the same as audit level. Limited level is the same as review level).
- CSAE 3530: Reasonable and limited
- CSRS 4400: None
Step 3: Pros and cons
(Tip: Consider general benefits to each report as well as pros/cons against the other reports. Notice below how I used transition words, like “which makes” and “which meets” to link each point to impact on the company).
- CAS 805
- Appropriate as it would provide assurance on the values of the accounts used in the annual bonus calculation based on divisional profit margin growth.
- High level of assurance which makes this engagement costly as more work conducting procedures is needed to achieve this.
- CSAE 3530/3531
- Concludes whether CFO’s statement/assessment of compliance is fairly stated, which meets the shareholders expectations.
- Provides both reasonable and limited assurance, which is appropriate because shareholders want assurance over annual bonus amount.
- It is less costly than CSRS 4400, because management’s statement can be used by the auditors.
- Both the management and the practitioner could be required to assess the entity’s compliance, which makes it more time consuming for the company and therefore more costly.
- CSRS 4400
- Auditors would not perform all procedures that would be necessary in CSAE 3530/3531. They would perform only those procedures requested, which means the shareholder have input on the specific procedures, which would save time and money
- Cost effective because it does not take as much time due to limited work performed.
- Auditors would report the results of the procedures, but would not provide opinion/assurance, which is against your preferences
- It would be up to you to interpret the results of the findings and conclude on the schedule, while you may not have the expertise.
Step 4: Preferences of uses
- Shareholders: Concerned with the accuracy of the annual employee bonus.
- CFO: Concerned that the calculations comply with bonus standards and are valued correctly.
- Management: Concerned with receiving accurate bonus from Company ABC.
Step 5: Your recommendation
Recommendation: Based on the users and their preferences, CAS 805 seems most appropriate, given that it provides assurance over values and it has high level of assurance. Although CAS 805 is more costly than CSRS 4400, the company is in a strong cash position and can afford it.
(Tip: There is no right or wrong recommendation. As long as your recommendation links to users and their preferences, you can recommend whichever report makes most sense).
(Important note: Please don’t copy the above example and submit as your answer to a CPA case. You will be flagged for plagiarism and expelled from the CPA program.)
CSAE 3530/3531 vs CSAE 3000/3001
I often get asked from students what is the difference between CSAE 3530/3531 and CSAE 3000/3001.
CSAE 3530 provides assurance on a statement of compliance prepared by the management, whereas a report under CSAE 3531 provides assurance on company’s compliance directly (rather than on a statement of compliance prepared by the management). In CSAE 3530, the management prepares a report and the auditors review it. In CSAE 3531, the auditors prepare the report themselves. For both CSAE 3530/3531, the level of assurance can be either moderate (limited) or high (reasonable), depending on the user preferences.
The difference between CSAE 3000 and 3001 is the same as the difference between 3530/3531. CSAE 3000 is based on the statement of compliance prepared by the management, while CSAE 3001 is based on the statement prepared directly by the auditors.
The difference between CSAE 3000/3001 and CSAE 3530/3531 is that CSAE 3000/3001 are high-level standards that include requirements that are not in CSAE 3530 or 3531. For example, planning, performing, documentation and reporting. I provide detailed breakdown of these special reports in my CAS Summary notes.
To get C/CD in special report AOs, you need to fully understand who the client is and who they will be reporting to. Sometimes the requireds may be unclear and confusing. Take the time to understand user needs and the different reports available to ensure your analysis hits depth. I coach special reports in-depth in my courses Assurance Lessons and CFE Review.