Agreed-Upon Procedures Engagements

Compliance with Standards

Requirement: Compliance with Standards

7.78

GAGAS establishes requirements for agreed-upon procedures engagements in addition to the requirements for agreed-upon procedures engagements contained in the AICPA’s SSAEs. Auditors should comply with the additional GAGAS requirements, along with the applicable AICPA requirements, when citing GAGAS in their agreed-upon procedures engagement reports.

Licensing and Certification

Requirements: Licensing and Certification

7.79

Auditors engaged to conduct agreed-upon procedures engagements in the United States who do not work for a government audit organization should be licensed CPAs, persons working for licensed certified public accounting firms, or licensed accountants in states that have multiclass licensing systems that recognize licensed accountants other than CPAs.

7.80

Auditors engaged to conduct agreed-upon procedures engagements of entities operating outside of the United States who do not work for a government audit organization should meet the qualifications indicated in paragraph 7.79, have certifications that meet all applicable national and international standards and serve in their respective countries as the functional equivalent of CPAs in the United States, or work for nongovernment audit organizations that are the functional equivalent of licensed certified public accounting firms in the United States.

Noncompliance with Provisions of Laws, Regulations, Contracts, and Grant Agreements

Requirement: Noncompliance with Provisions of Laws, Regulations, Contracts, and Grant Agreements

7.81

Auditors should extend the AICPA requirements concerning consideration of noncompliance with laws and regulations to include consideration of noncompliance with provisions of contracts and grant agreements.59

Reporting Auditors’ Compliance with GAGAS

Requirement: Reporting Auditors’ Compliance with GAGAS

7.82

When auditors comply with all applicable GAGAS requirements for agreed-upon procedures engagements, they should include a statement in the agreed-upon procedures engagement report that they conducted the engagement in accordance with GAGAS.60

Application Guidance: Reporting Auditors’ Compliance with GAGAS

7.83

Because GAGAS incorporates by reference the AICPA’s attestation standards, GAGAS does not require auditors to cite compliance with the AICPA standards when citing compliance with GAGAS. GAGAS does not prohibit auditors from issuing a separate report conforming only to the requirements of the AICPA or other standards.

7.84

Because agreed-upon procedures engagements are substantially less in scope than audits and examination engagements, it is important not to deviate from the required reporting elements contained in the attestation standards incorporated by reference in GAGAS, other than including the reference to GAGAS. For example, a required element of the report on agreed-upon procedures is a statement that the auditors were not engaged to and did not conduct an examination or a review of the subject matter, the objective of which would be the expression of an opinion or a conclusion, respectively, and that had the auditors performed additional procedures, other matters may have come to their attention that would have been reported.61 Another required element is a statement that the sufficiency of the procedures is solely the responsibility of the parties specified in the report and a disclaimer of responsibility for sufficiency of those procedures.62 Including only those elements that the AICPA reporting standards for agreed-upon procedures engagements require or permit helps ensure that auditors comply with the AICPA standards and that users of GAGAS reports understand the nature of the work performed and the results of the agreed-upon procedures engagement.

Distributing Reports

Requirement: Distributing Reports

7.85

Distribution of reports completed in accordance with GAGAS depends on the auditors’ relationship with the audited organization and the nature of the information contained in the reports. If the subject matter or the assertion involves material that is classified or contains confidential or sensitive information, auditors should limit the report distribution. Auditors should document any limitation on report distribution.

  1. An audit organization in a government entity should distribute reports to those charged with governance, to the appropriate audited entity officials, and to the appropriate oversight bodies or organizations requiring or arranging for the engagements. As appropriate, auditors should also distribute copies of the reports to other officials who have legal oversight authority and to others authorized to receive such reports.

  2. A public accounting firm contracted to conduct an agreed-upon procedures engagement in accordance with GAGAS should clarify report distribution responsibilities with the engaging party. If the contracting firm is responsible for the distribution, it should reach agreement with the party contracting for the engagement about which officials or organizations will receive the report and the steps being taken to make the report available to the public.


  1. See para. .42 of AT-C section 215 (AICPA, Professional Standards).↩︎

  2. See paras. 2.16 through 2.19 for information on the GAGAS compliance statement.↩︎

  3. See para. .35(j) of AT-C section 215 (AICPA, Professional Standards).↩︎

  4. See para. .35(g) of AT-C section 215 (AICPA, Professional Standards).↩︎