Timely Opportunities
Oct 19, 2022
4 min read

Which level of assurance is right for your organization?

Most organizations hire a CPA to issue financial statements that conform to U.S. Generally Accepted Accounting Principles (GAAP). But not all financial statements are created equal. Owners can choose from three basic options, in order of decreasing assurance level: audits, reviews and compilations. What's appropriate depends on the size of your organization, management's needs, regulatory requirements and stakeholder demands. During these turbulent times, it might be time for a company to upgrade (or downgrade) its level of assurance.

The Basics

The term "assurance" refers to how much confidence lenders and other stakeholders have that an organization's financial statements will be reliable, informative and in conformity with a particular financial reporting framework. Most domestic companies and not-for-profits use GAAP as the framework for financial reporting. But some smaller entities may use an "other comprehensive basis of accounting" (OCBOA) framework (such as tax-basis or cash-basis).  

Higher levels of assurance require more in-depth procedures performed by the CPA when evaluating an organization's financial statements. Stakeholders — including investors, lenders, bonding companies, boards of directors, donors and franchisors — may influence the level of assurance that management selects. For example, though larger companies have more sophisticated finance and accounting departments, the nature of their transactions and their reliance on outside financing often necessitate an audit.


Audits are seen by many as the "gold standard" in financial reporting. They provide reasonable assurance that the statements are free from material misstatement and conform to GAAP.

Although there's no level of assurance that provides an absolute guarantee against material misstatement or fraud, a lot of work goes into preparing audited financial statements. In addition to performing analytical procedures and conducting inquiries, auditors:

  • Evaluate internal controls,
  • Verify information with third parties (such as customers, lenders and attorneys),
  • Observe inventory counts,
  • Physically inspect assets, and
  • Assess other forms of substantive audit evidence.

Public companies are required by the Securities and Exchange Commission to have their financial statements audited. In addition, many lenders require larger private companies to be audited. Some organizations voluntarily choose to have an audit, even when it's not required by an outside body, to demonstrate responsible financial stewardship and transparency. But audits aren't necessary for everyone.


Reviews provide limited assurance that the statements are free from material misstatement and conform to GAAP. They start with internal financial data. Then, accountants apply analytical procedures to identify unusual items or trends in the financial statements. They also inquire about any anomalies and evaluate the company's accounting policies and procedures.

Reviewed statements require footnote disclosures and a statement of cash flows. But the accountant isn't required to evaluate internal controls, conduct substantive testing and confirmation procedures, or physically inspect assets.

AICPA Statement on Standards for Accounting and Review Services (SSARS) No. 21 calls for review reports to contain emphasis-of-matter (and other-matter) paragraphs when CPAs encounter significant disclosed (or undisclosed) matters that are relevant to stakeholders.


Compiled financial statements provide no assurance that they're free from material misstatement or that they don't require material changes to conform to GAAP. Here, an accountant simply puts management's data into a financial statement format that conforms to GAAP (or another framework). Footnote disclosures and cash flow information are optional in compiled financial statements.

SSARS 21 reduced the length of compilation reports. Instead of the previous standard three-paragraph statement, compilation reports are now only one paragraph long, unless the company follows a special-purpose framework. In those cases, an extra paragraph is needed to define the framework used.

There's another type of service that accountants offer that provide no assurance: Prepared financial statements follow many of the same guidelines as compiled financials. The basic difference is that prepared statements don't require the CPA to include a report. Instead, they simply contain a disclaimer on every page that no level of assurance has been provided.

Accountants have been preparing financial statements for years, but SSARS 21 now provides official guidance to follow. Prepared financial statements are often used by owners who formerly relied on management-use-only financial statements, which have been eliminated under SSARS 21.

Selecting the Appropriate Level of Assurance

Internal and external conditions can have an effect on your preferred level of assurance. For example, a private business that's for sale might upgrade from a review to an audit to attract private equity investors or public company buyers. Or a stable midsize firm might decide to downgrade from an audit to a review, and then hire a CPA to perform certain agreed-upon procedures to evaluate accounts receivable and inventory on a quarterly basis. Or a not-for-profit's expenditures from federal awards might grow to the threshold that triggers a so-called "single audit" (previously known as the OMB Circular A-133 audit).

As organizations tighten their purse strings during an economic downturn, downgrading can help lower financial reporting costs. On the flip side, lenders may require distressed companies that are in violation of loan covenants to upgrade their level of assurance until they're in compliance with the loan terms.

Time for Change?

At year end, it's important to review your current level of assurance to determine whether it will suit your organization's future needs. Discuss these three options with your CPA to find the level of assurance that's right for your current situation. In today's volatile marketplace, you can't just accept the status quo — it could be time for your organization to make a change.