What are agreed-upon procedures (AUPs)?
Agreed-upon procedures (AUPs) are a standard a company or client outlines in an engagement letter or other written agreement when it hires an external party to perform an audit on a specific test or business process. The procedures, which are called audit standards, are designed and agreed upon by the entity conducting the audit and any appropriate third parties.
Agreed-upon procedure audits can be helpful for organizations that don't require a formal financial audit but instead need a factual report based on specific procedures performed.
The auditor's report on the findings is usually restricted to those parties who developed the agreed-upon procedures because of the specificity of the desired results. For example, agreed-upon procedures might be developed by one entity that's considering purchasing another business. The purchasing entity would likely develop the agreed-upon procedures to help determine specific monetary or other information about the business it hopes to acquire.
In an audit conducted under agreed-upon procedures, the auditor provides only factual findings and doesn't offer opinions, conclusions or assurances in the final report. Instead, the auditor's report presents the facts, with the audit facilitators drawing their own conclusions from the findings.
What's the difference between an audit and an agreed-upon procedure?
At face value, there might not seem to be much difference between an audit and an agreed-upon procedure. Both are about compliance with professional standards, both are performed by independent professionals, and both are evidence-based and analytical in nature.
However, an agreed-upon procedure differs from an audit in several ways. Where the goal of an audit is to provide an overall assurance of compliance, integrity and authenticity, an AUP isn't intended to provide this level of assurance; it's a fact-gathering exercise intended to address a specific area of concern. Put another way, an AUP is more limited in scope.
What steps are involved in an agreed-upon procedure?
The following key steps define an AUP:
- The procedure to be executed and the format of the report it will produce are documented in detail. The agreement is a written document that also defines the scope of the agreed-upon process and the specific responsibilities of the certified public adjuster (CPA) or other qualified and responsible party who will execute it.
- The CPA creates a plan for executing the agreed-upon procedure with supporting documentation. This generally includes any necessary financial statements or similar documents and any definition of processes to be included in the AUP.
- The agreed-upon procedure is executed, which can include extensive reviews of historical data, data analysis, issue identification, summaries of conclusions and any other specific procedures called out in the overall AUP.
- The CPA prepares a report that reviews the processes included in the agreed-upon procedure and presents the results. Limitations of the analysis or scope of the results are generally clarified. The intended users of the report draw their conclusions based on this information.
What types of information should a report on agreed-upon procedures contain?
As mentioned above, the final practitioner's report should clarify the processes executed, presentation of results, and a statement of limitations to define its scope. In addition, an AUP often contains sensitive disclosures or other confidential subject matter, intended to be seen by a limited number of people, who might or might not be specified in the report. The AUP report might also include specifics about events or circumstances that made it necessary and also specify the implications of the results provided they're objective and not expressions of opinion.
Examples of agreed-upon procedures
AUPs are commonplace and are employed in many industries and a broad range of contexts. The following are several examples:
- Due diligence reviews required before acquisitions or other major contracts.
- Testing of internal controls, security procedures and fraud detection processes.
- Evaluation of compliance procedures and adoption of industry standards.
What are the benefits of an agreed-upon procedure?
AUPs provide the following benefits:
- Flexibility. The inherent flexibility grants the party conducting the agreed-upon procedure considerable autonomy in its planning and execution. Put another way, AUPs are highly customizable, whereas audits tend not to be.
- Cost-effectiveness. AUPs deliver focused and actionable results at much less expense than an audit.
- Focused results. Because they're limited in scope, AUPs can often be executed quickly, and the results can have focused strategic decision-making value for stakeholders. An audit's primary result might be limited to assigning a level of confidence to an organization's financial operation.
Drawbacks of an agreed-upon procedure
An AUP's limited scope is a double-edged sword. As an exercise devoted exclusively to fact-finding, with no level of confidence attached to the results beyond the competence of the analysis itself, an agreed-upon procedure serves no purpose beyond data analysis; the overall quality of the financial system within which it occurs isn't evaluated. Its limited scope and the lack of confidence measures also mean that an agreed-upon procedure must never be construed as a stand-in for an audit. Other drawbacks include the following:
- High customizability. This makes an AUP less compelling than a process based on well-understood standards.
- Limited assurance. Since an AUP focuses only on specific areas, it doesn't offer insight into an organization's financial health.
- Information can be ineffective. If the AUP isn't well-designed, the information presented will be of limited value.
A data privacy review can help an organization assess how it handles personal information. Learn what benefits a data privacy audit provides and the steps required to perform this comprehensive review.
