ICAEW.com works better with JavaScript enabled.

Agreed-upon procedures

During an agreed-upon procedures engagement a qualified accountant will discuss with you and agree a set of procedures to perform that are based on your requirements.

Download leaflet

Assurance: Agreed-upon procedures leaflet

Download now
The procedures and tests should be sufficiently detailed so as to be clear and unambiguous, and discussed and agreed in advance with the engaging parties so that the factual findings are useful to them and, depending upon the engagement, others to whom the report is made available. The practitioner’s report does not express a conclusion, and therefore it is not an assurance engagement in the technical sense.

It does not provide recommendations based on the findings. The report is worded so as to restrict access and/or reliance on it to those parties that have agreed to the procedures to be performed since others, unaware of the reasons for the procedures, may misinterpret the findings. The specified parties review the procedures and findings in the practitioner’s report and use the information to draw their own conclusions

The value of AUP comes from the practitioner objectively carrying out procedures and tests with relevant expertise thus saving the engaging party carrying out the procedures and tests themselves. AUP are most effective where the engaging parties are knowledgeable enough to identify the area or matter to focus on, discuss and agree the procedures to be performed, and interpret the findings in their own decision making.

AUP can also be a powerful tool where a client initially seeks a practitioner’s support for assertions for which sufficient work cannot be performed or evidence obtained. For example, management or users of forecast information may ask the practitioner to issue a conclusion concerning the future performance of the client; the practitioner cannot support a conclusion on this subject by any amount of work.

Issuing such unsupportable conclusions may give rise to misunderstandings such that the practitioner may potentially become the equivalent to insurers or guarantors of the client’s obligation to third parties. Instead, the practitioner may effectively propose an AUP engagement on forecasts, testing relevant control procedures and agreeing committed future transactions to source documentation.

Although the practitioner will not be able to draw a conclusion on how such procedures may affect future performance, informed users may find the AUP engagement useful to form their own conclusion based on the findings reported by the practitioner. The practitioner’s involvement in supporting and challenging management’s determination of the procedures to be performed can enhance the robustness of the information by guiding management to consider the extent to which information ought to be internally consistent and/or derived from evidence.

Critical considerations

When performing an agreed-upon procedures engagement on historical financial information, practitioners should, as a minimum, comply with ISRS 4400 Engagements to Perform Agreed-Upon Procedures Regarding Financial Information. ISRS 4400 also provides useful guidance for engagements regarding non-financial information.

ISRS 4400 requires compliance with the applicable requirements of the Code of Ethics for Professional Accountants issued by the IESBA. The ethical principles that apply to agreed-upon procedures engagements are the professional responsibilities for integrity, objectivity, professional competence and due care, confidentiality, professional behaviour and technical standards.

Independence is however not a requirement for agreed-upon procedures engagements. The specific terms of an engagement may however require the practitioner to refer to the independence requirements of IESBA’s Code of Ethics for Professional Accountants. Equally, ISQC1 will apply to all services that the practitioner provides under ISRS 4400. Therefore, being able to assert compliance with the standard is a quality mark for a chartered accountant.

As a result of either a client’s request or the need to comply with legal and regulatory requirements, a practitioner may perform an agreed-upon procedures engagement in accordance with specific requirements or standards other than ISRS 4400. Where the practitioner is unable to follow ISRS 4400 in full, for example, because of a specific regulatory or other requirement, he should not refer to the engagement as having been conducted in compliance with the standard. For many such engagements, irrespective of whether the practitioner performs the agreed-upon procedures engagement in accordance with legal and regulatory requirements, the practitioner should make as much use of ISRS 4400 as is possible.

This is because ISRS 4400 provides a clear set of principles for carrying out agreed-upon procedures engagements.

ISRS 4400 requires clear agreement of the following with the engaging parties:

  • The nature of the engagement including the fact that the procedures performed will not constitute an assurance engagement and that accordingly no assurance conclusion will be expressed.
  • A stated purpose for the engagement.
  • The identification of the information to which the agreed-upon procedures will be applied.
  • The nature, timing and extent of the specific procedures to be applied.
  • The anticipated form of the report of factual findings.
  • The limitations on the use and distribution of the report of factual findings.

It is fundamental that users relying on the report take responsibility for the sufficiency and appropriateness of the procedures for their purposes.

AUPs for the preparer’s use (private reports)

For an entity which has no external requirement for an audit of formal assurance opinion in accordance with assurance standards, agreed-upon procedures over specific risks in financial or non-financial information can be a cost-effective way of obtaining comfort for the preparer. This can be supplemented with professional views, though not with a formal assurance opinion if the scope of work is AUPs.

Examples of AUPs for the preparer’s use only 

Subject matter Risk AUPs Professional views
Stock Existence.
Fraud.
Tests of controls.
Sample counts.
Three-way matching.
Observations on age and condition of stock.
Robustness of client’s own count process including competence of employees.
Control recommendations
Fixed assets Existence
Fraud
Vouching physical existence at remote sites, including serial numbers.
Evidence of utilisation of assets.
Consideration of any lease terms restricting use.
Control recommendations
Payroll Accuracy.
Completeness.
Compliance with law and regulations.
Checking calculation.
Agreeing pay to contracts and timesheets.
Checking evidence of employee existence.
Unusual trends in timesheets/absences.
Control recommendations.

AUPs for third-party use

Agreed-upon procedures can also provide comfort to a third party of an entity’s compliance with regulatory or contractual requirements. Practitioners will need to consider the increased risk associated with the third party’s interest in the report and may, for example, prefer to agree a scope of work which fits clearly within ISRS 4400, rather than agreeing to provide subjective professional views. The practitioner should also consider what terms and conditions should be attached to the third party’s use of the report.

Examples of AUPs for the use of a third party

Requirements Subject matter Procedures
Licensing contract Royalties payable Completeness and accuracy of sales recorded as under licence.
Arithmetical accuracy of royalty calculations.
Grant terms* Grant return Vouching eligible costs to supporting documentation including payroll records.
Arithmetical accuracy of calculations.
Lending agreement Covenant compliance certificate Agreed-upon procedures in accordance with AAF 04/06.

*some grant terms require the provision of a formal assurance opinion. It is important to read the grant offer letter and discuss the requirements with management of the grant recipient.

Third-party agreements may use the term "audit" to refer to assurance requirements, even when the intended or most appropriate scope of testing is AUPs. The practitioner’s priority will be to achieve clarity in discussions with management and in the engagement letter over whether the scope of work is assurance or AUPs, even if continued use of the term "audit" is the simplest approach.

Where a client is assessing a business with a view to buying it, providing grant or loan funding or transacting with it, AUPs over specific areas can provide additional comfort. For example, if the book value of the business of the potential target for purchase or funding lies in its working capital, AUPs over the existence of stock and age of debtors may be worthwhile. AUPs engagements in such circumstances are sometimes referred to as "due-diligence lite".

Our page on possible solutions notes that many engagements lie on a spectrum between AUPs and consultancy services such as due diligence. However a scope of work providing a relatively low level of comfort, such as AUPs may not be appropriate for a scenario bearing a relatively high level of risk such as an acquisition or investment decision.

The practitioner should consider whether the nature of the engagement is suitable to the circumstances. Such considerations should include:

  • The intended use of the report – AUPs reports may be suitable for internal use, but are unlikely to meet the needs of providers of finance for a transaction, who may be expecting full acquisition due diligence.
  • The level of sophistication of the user – before providing a limited scope of work such as AUPs in the context of a transaction, the practitioner should be satisfied that management have the skills and experience to use the findings in the context of their own due diligence, rather than placing an inappropriate degree of reliance on the report.
  • The overall level of risk and related reward.

ICAEW's assurance resource

This page is part of ICAEW’s online assurance resource, which replaces the Assurance Sourcebook.

Find out more.