Agreed-Upon Procedures (AUP): Scope, Standards & How It Differs from an Audit
What Are Agreed-Upon Procedures (AUPs)?
An Agreed-Upon Procedure (AUP) is a professional engagement where an independent practitioner performs specific procedures that have been mutually agreed upon by the client and stakeholders.
- The practitioner reports factual findings only.
- No opinion, conclusion, or assurance is provided.
- Users interpret the results themselves based on their purpose.
Is an Agreed-Upon Procedure an Audit?
No, an agreed upon procedure is not an audit. The below table explains the how AUP and audit differ:
| Basis | Agreed Upon Procedure | Audit |
| Objective | Perform specific agreed procedures and report findings | Express an opinion on financial statements |
| Scope | Narrow and defined by agreement | Broad and governed by auditing standards |
| Assurance | No assurance provided | Reasonable assurance |
| Reporting Format | Factual findings only | Opinion based report |
| Intended Users | Restricted to specified parties | Intended for general users (e.g. shareholders) |
When Are Agreed-Upon Procedures Used?
Typically, organisations use AUPs when investors and/or lenders require specific financial metrics that are not intended to provide complete financial assurance. Examples of typical engagement types are:
- Confirmation of a specific financial metric for use in a transaction, such as an investor or lender approval of financing related to an acquisition.
- To make a submission to a regulatory authority that requires confirmation of certain data points.
- Testing of certain financial metrics for a specific purpose, such as revenue or expenses.
- Testing internal controls associated with specific processes.
- Confirm transactions or activity between related parties.
- Determine whether funds from a grant or other source have been spent according to the terms of the grant or funding source.
Who Defines the Procedures in an AUP Engagement?
Procedures in an AUP engagement are defined by:
- The client
- Any third parties involved
The practitioner’s role is to:
- Evaluate appropriateness of procedures
- Perform them independently and objectively
- Report factual results without assurance
What Does an Agreed-Upon Procedures Report Contain?
An AUP report usually consists of the following:
- Description of agreed procedures
- Detailed factual findings
- Statement clarifying no opinion or assurance
- Limitations on report usage
Standards Governing Agreed-Upon Procedures
AUP engagements are regulated by two professional guidelines:
- ISRS 4400 (Revised): An international standard on related services from the IAASB that revised AUP guidance and clarified the responsibilities of practitioners.
- AT-C Section 215 (formerly AT Section 201) in the U.S.A: Is part of the AICPA attestation standards framework that governs AUP engagements.
Agreed-Upon Procedures vs Audit vs Review
| Feature | Agreed-Upon Procedures | Audit | Review |
| Assurance Level | None | Reasonable assurance | Limited assurance |
| Scope | Predefined and specific | Comprehensive | Analytical and inquiry based |
| Opinion Provided? | No | Yes | Conclusion |
| Users | Specified parties | General users | General users |
| Purpose | Targeted verification | Overall financial statement reliability | Plausibility check |
Limitations of Agreed-Upon Procedures
Although engagement of an AUP provides utility, there are serious limitations:
- It is not appropriate for statutory assurance where law requires an audit
- It poses a risk that users may misinterpret the report based on an assumption of assurance
- It is not designed for general-purpose reporting
- Due to the limited scope of an AUP, there may be other financial or operational risks on a wider scale that could be overlooked
How Firms Use Agreed-Upon Procedures
Professional firms often use AUPs for:
- Description of agreed procedures
- Detailed factual findings
- Statement clarifying no opinion or assurance
- Limitations on report usage
