Client Portal
Client Portal
contact us
SSL ASSOCIATES LTD.
SSAE 19 for Agreed-Upon Procedures (AUP) Engagements
Client Portal
Client Portal
contact us
Back to the menu
SSL ASSOCIATES LTD.
SSAE 19 for Agreed-Upon Procedures (AUP) Engagements

SSAE 19 for Agreed-Upon Procedures (AUP) Engagements

Updated:
By
Susan S. Lewis

Table of Contents

What Is an AUP Engagement?

An agreed-upon procedures (AUP) engagement is when a practitioner performs specific tasks and reports what they found, without giving any formal opinion. Three parties are involved: the practitioner who does the work, the party who hires them, and the people who will use the results.

Key benefits of AUP engagements include:

  • Practitioners can get comfortable with certain types of transactions through targeted procedures.
  • The engaging and responsible parties can focus on specific areas that need attention.
  • Limited assurance needs can be met without full attestation engagements.
  • Practitioners can leverage their expertise for consulting engagements within defined parameters.

Modernizing Attestation: SSAE 19’s Major Updates

SSAE 19 Updates

SSAE 19 significantly enhances the flexibility of agreed-upon procedures engagements. The new agreed-upon procedures standard introduces changes that streamline how practitioners help clients. Early implementation was permitted, with full adoption needed for AUP reports dated after July 15, 2021.

Here are some key modifications:

  • No explicit assertion request: The auditor no longer needs the client to formally state what they are claiming.
  • Flexible procedure development: Procedures can be designed and even developed during the audit itself.
  • Client responsibility for procedure appropriateness: The client now takes responsibility for ensuring the audit procedures are ideal for their intended use, documented in a representation letter. This removes the auditor’s direct responsibility to the report’s users.
  • Flexibility in report distribution: Reports can now be issued for general use, but the auditor can still restrict their distribution if deemed necessary.
  • User awareness: The report must now include disclosures to warn users about potential misinterpretations of its findings.


These changes aim to make agreed-upon procedures engagements more flexible and efficient while maintaining the audit process’s integrity.

Streamline Your Business Operations with AUP Services from SSL Associates

Streamline Your Business Operations with AUP Services from SSL Associates

Trust SSL Associates, Ltd. to deliver targeted assurance solutions for your business needs.

Schedule Consultation
Aspect SSAE 18 SSAE 19
Assertion Requirements Required formal assertions from responsible parties. No formal assertions required from responsible parties.
Report Distribution Limited distribution; users must accept responsibility for procedures. Broader distribution permitted; no user responsibility required.
User Involvement Users must participate in procedure determination and accept responsibility. No user participation required in procedure determination.
Procedure Development Fixed procedures established at engagement start. Dynamic, collaborative development throughout engagement.
  • Assertion requirement eliminated: The new standard removes the need for practitioners to obtain or reference formal assertions from responsible parties about the subject matter under review. This is especially beneficial when responsible parties are unable or unwilling to provide formal evaluations of the subject matter.
  • Broader report distribution permitted: Reports can now be distributed to a wider audience since report users no longer need to accept responsibility for the appropriateness of procedures performed. While reports include disclaimers about procedure suitability for different purposes, practitioners can still restrict distribution when warranted.
  • User responsibility for procedures eliminated: Under SSAE 18, specified users had to participate in determining procedures and accept responsibility for their appropriateness. This created complications when procedures needed modification or new parties joined engagements. SSAE 19 eliminates this requirement.
  • Dynamic procedure development allowed: The new standard enables collaborative procedure development between practitioners, clients, and intended users throughout the engagement period. Procedures can evolve as the engagement progresses, with only the engaging party needing to approve their appropriateness before the report is issued. This significantly increases engagement flexibility.

SSAE 19 Requirements for Documentation and Reporting

Under SSAE 19, AUP reports must incorporate eight foundational components, including:

  1. A complete mapping of participants in the engagement and the focus area under review.
  2. Documentation verifying the alignment between procedures and business objectives.
  3. Clear boundaries regarding report application.
  4. A transparency statement about potential limitations, encouraging users to evaluate relevance.
  5. A detailed breakdown of work performed and what was discovered.
  6. A clarification that this differs from traditional examination services.
  7. An explicit disclaimer regarding professional judgments.
  8. Verification of the practitioner’s ethical standing and objectivity.


Beyond the core report, practitioners must maintain a comprehensive engagement file that contains:

  • A signed agreement validating the chosen methodology.
  • A detailed log of engagement activities, including when and how procedures were executed.
  • A repository of engagement outcomes and supporting materials.

This approach has significant differences from prior standards as it emphasizes transparency and usability while maintaining professional rigor. The documentation requirements create a clear audit trail that supports the engagement’s findings and shows adherence to professional standards.

Meeting Professional Standards in AUP Engagements

SSAE engagements demand strict adherence to the AICPA Code of Professional Conduct to maintain attestation independence. The ethics division helps guide concepts common to these engagements.

Below are the requirements:

  • Maintaining due professional care throughout the engagement.
  • Ensuring the engaging party agrees to procedure appropriateness.
  • Following professional standards for consistent findings.
  • Documenting all findings gathered during the performed procedures.

An Example of Well-Structured AUP Documentation

  • Procedure: We obtained the March 2023 accounts receivable aging report and corresponding customer payment records. We traced invoice numbers AR-2301, AR-2315, AR-2329, AR-2342, and AR-2350, verifying payment dates and amounts against bank deposits.
  • Findings: All items were traced without discrepancy.

A Problematic Example

  • Procedure: We reviewed the company’s receivables and discussed collections with the Controller. Everything appeared reasonable except for some minor discrepancies.
  • Findings: Based on our general review, the receivables process seems adequate.

 

The point is that vague terms not only reduce the value of the findings but could also lead to misinterpretation by intended users. When procedures and findings lack specificity, they fail to provide meaningful insights and could expose practitioners to professional risk.

SSAE 19 Language Guidelines

The standard emphasizes precise terminology in procedure descriptions.

According to paragraph A27, practitioners should not use terms like:

  • Note
  • Review
  • General review
  • Limited review
  • Evaluate
  • Analyze
  • Check
  • Test
  • Interpret
  • Verify
  • Examine


Acceptable words include:

  • Inspect
  • Confirm
  • Compare
  • Agree
  • Trace
  • Inquire
  • Recalculate
  • Observe
  • Mathematically check

Transform Your Business Today: Schedule Your AUP Consultation

SSAE 19 has revolutionized how organizations can benefit from agreed-upon procedures and engagements. At SSL Associates, Ltd., our CPAs are ready to help you leverage these enhanced standards for your specific needs. Our trusted team embodies expertise and professionalism, and we’re proud to deliver exceptional results to our valued clients. Whether you’re looking to verify financial data, assess compliance, or investigate specific business areas, <a href=”https://sslassociates.garnachasolutions.website/” style=”color: #1E4E60; text-decoration: underline;”>contact us</a> today for the precise insights you need.

Susan S. Lewis

Susan Lewis is a seasoned CPA and financial advisor with over 35 years of experience. She founded SSL Associates, offering personalized financial guidance and tailored solutions to help businesses achieve financial excellence.

Yes, agreed-upon procedures fall under the Statement on Standards for Attestation Engagements (SSAE). Specifically, they are governed by SSAE 19, which provides the professional standards and guidelines that CPAs must follow when performing AUP engagements.
SSAE 19 is the current professional standard for agreed-upon procedures engagements, issued by the AICPA Auditing Standards Board. It introduced significant changes to make AUP engagements more flexible and practical, including removing the need for assertions from responsible parties and allowing broader report distribution. The standard became effective for reports dated after July 15, 2021.
Take the First Step Towards Financial Success - Contact Us Today!

Let’s Transform Your Finances Together. Schedule a Consultation to Unlock Your Path to Success with our Certified Public Accountants.

Schedule Consultation
  • (630) 819-6040

Similar Posts

What is HOA accounting software?

Learn about Yellow Book Audits, when they’re required, and who needs them. If you need a Yellow Book Audit, contact our CPAs to ensure compliance.

Updated:
By:Susan S. Lewis
What is the chart of accounts for HOA?

Learn about Yellow Book Audits, when they’re required, and who needs them. If you need a Yellow Book Audit, contact our CPAs to ensure compliance.

Updated:
By:Susan S. Lewis
How to do a balance sheet for an HOA?

Learn about Yellow Book Audits, when they’re required, and who needs them. If you need a Yellow Book Audit, contact our CPAs to ensure compliance.

Updated:
By:Susan S. Lewis
What is the best accounting method for an HOA?

Learn about Yellow Book Audits, when they’re required, and who needs them. If you need a Yellow Book Audit, contact our CPAs to ensure compliance.

Updated:
By:Susan S. Lewis
How often should an HOA be audited?

Learn about Yellow Book Audits, when they’re required, and who needs them. If you need a Yellow Book Audit, contact our CPAs to ensure compliance.

Updated:
By:Susan S. Lewis
Simple Ways to Keep HOA Dues on Track

Learn about Yellow Book Audits, when they’re required, and who needs them. If you need a Yellow Book Audit, contact our CPAs to ensure compliance.

Updated:
By:Susan S. Lewis