Statements on Standards for Accounting and Review Services
Learn what statements on standards for accounting and review services mean and how they impact your financial reporting compliance today.
SSARS standards shape how we handle compilation and review services for clients. At My CPA Advisory and Accounting Partners, we see firsthand how misunderstanding these standards creates compliance problems and client friction.
This guide walks you through what SSARS requires, where firms typically stumble, and how to implement these standards correctly.
SSARS standards govern three specific types of engagements: preparation of financial statements, compilation services, and review services. The AICPA codified these standards in AR-C format, with the most recent updates effective as of December 22, 2025. This matters because many accounting firms treat SSARS as optional guidance when it’s actually mandatory for any nonpublic entity engagement involving financial statements. The standards apply whether your client is a small LLC, a family partnership, or a mid-market business. SSARS 21 restructured the entire framework to align with audit standards, which means the language and structure will feel familiar if you work with GAAS.
The key distinction: SSARS covers nonattest services where you provide no assurance, limited assurance, or prepare statements without any assurance at all. If your firm touches financial statements for a nonpublic entity, SSARS applies. Period.
SSARS protects both your firm and your clients through clear communication. When you issue a compilation report, readers understand they’re receiving no assurance on the numbers. When you issue a review report, they know you’ve performed limited procedures. This clarity prevents clients from misrepresenting your involvement to lenders or investors. The standard requires specific language in your reports and engagement letters to make this distinction crystal clear. Without proper SSARS compliance, you expose your firm to peer review failures and quality control issues. Many smaller practices overlook SSARS 27, issued in April 2025, which clarified when preparation standards apply to consulting engagements. The standard excludes consulting work where financial statements are incidental to the primary objective, meaning you might not need to apply full preparation standards if the engagement is primarily advisory. This distinction saves time and reduces unnecessary compliance burden for firms offering advisory services.
SSARS standards and audit standards (GAAS) serve completely different purposes. An audit provides reasonable assurance under GAAS and requires extensive testing, internal control evaluation, and independence. A review under SSARS provides limited assurance through inquiries and analytical procedures only. A compilation under SSARS provides no assurance at all. The independence requirement also differs: audits require strict independence, while compilations and preparations require no independence, though you must disclose any lack of independence in your report. Documentation requirements vary significantly. For a compilation or preparation, your engagement letter and the report itself constitute your primary documentation. For an audit, you maintain extensive workpapers supporting every conclusion. SSARS engagements typically require fewer hours and lower fees than audits, making them attractive for clients who need some credibility but operate with tight budgets. The effective date of SSARS 27 is December 15, 2026, for financial statements for periods ending on or after that date, though early adoption is permitted.
Understanding these foundational distinctions sets the stage for the real challenge: knowing when to apply each service type and how to structure your engagements correctly. The next section examines compilation and review services in detail, showing you exactly what each engagement requires and where firms typically make mistakes.
Compilation and review engagements represent the two most common SSARS services firms perform, yet many practitioners misclassify them or apply the wrong procedures. The distinction matters tremendously because a compilation provides zero assurance while a review provides limited assurance, and that difference shapes everything from your procedures to your reporting language to your engagement letter requirements. A compilation simply assembles financial information provided by management and presents it in statement format with no verification or procedures performed. You rely entirely on what the client gives you. A review goes further by requiring you to perform analytical procedures and make inquiries of management to identify whether material departures from the applicable framework exist.
Compilations represent the majority of SSARS engagements for smaller practices because clients need credible financial statements for internal decision-making or basic lender requirements without the cost of a full audit. Reviews occupy the middle ground when a client needs more confidence than a compilation provides but cannot justify audit fees. The critical decision point is your client’s actual need. If they require statements solely for internal management use and have no external stakeholder pressure, a compilation suffices and saves significant fees. If a lender, investor, or creditor will rely on the statements, a review becomes necessary because those external parties need the assurance that you performed procedures beyond simply assembling numbers.
Many firms incorrectly default to reviews when compilations would serve the client’s actual purpose, inflating costs unnecessarily. The engagement letter determines this classification, so clarifying the client’s intended use of the financial statements before issuing that letter prevents costly reclassification later. The cost difference is real but manageable: a compilation typically requires 8 to 12 hours for a small business; a review requires 15 to 25 hours depending on complexity.
Documentation and reporting requirements differ sharply between these services, and this is where compliance failures occur most frequently. For a compilation engagement, your engagement letter must specify the scope of your services and clarify that no assurance is provided. The compiled financial statements themselves must include a prominent statement that no assurance is provided on the information. You do not issue a separate compilation report in all cases; sometimes the no-assurance language appears directly on the statements.
For a review engagement, you issue a formal review report that communicates the limited assurance you obtained through your inquiry and analytical procedures. The engagement letter still defines scope and responsibilities, but the reporting is more formal and structured. SSARS 21 requires specific language in both scenarios to prevent readers from misinterpreting your involvement. A common mistake firms make is issuing compiled statements without the required no-assurance language, or issuing review reports that lack sufficient detail about the procedures performed.
The documentation supporting a compilation is minimal compared to a review. For compilations, your engagement letter and the financial statements with the no-assurance disclaimer constitute your primary documentation. For reviews, you maintain working papers showing the analytical procedures performed, the inquiries made, and your conclusions about whether material departures exist. The effective date for SSARS 27 updates is December 15, 2026, which clarified preparation standards but also reinforced these compilation and review distinctions.
If your client’s statements will be distributed externally to third parties like banks or investors, compilations carry higher risk because external users may misinterpret the lack of assurance. In those situations, a review is the safer choice even if the client initially balked at the cost. That additional time protects both your firm from liability and your client from misrepresentation of the financial statements’ credibility.
The next critical step involves understanding the specific documentation requirements that SSARS mandates for each engagement type, and how quality control failures in this area expose your firm to peer review issues and client disputes.
The gap between what SSARS requires and what firms actually implement is where most compliance problems originate. Many practitioners understand the standards intellectually but struggle with consistent execution across multiple engagements. The issue isn’t that SSARS is unclear-it’s that firms skip steps to save time, fail to document properly, or misclassify engagements because they didn’t have a direct conversation with the client about intended use. When a lender calls your office asking questions about financial statements you compiled, and your client suddenly claims they told you the statements would be used externally, you’ve already lost.
The engagement letter is your first line of defense, yet firms routinely issue engagement letters that lack specificity about the level of assurance provided or the intended users of the financial statements. SSARS requires your engagement letter to describe the nature and limitations of the services you’ll provide. A vague engagement letter that simply says you’ll prepare financial statements without clarifying whether that’s a compilation, review, or preparation under the consulting standards creates ambiguity that leads directly to disputes.
Many firms also fail to update engagement letters when client circumstances change mid-year, which means a client who initially needed statements for internal use suddenly distributes them to a bank without your firm’s knowledge or agreement. Your documentation must reflect what was actually performed versus what was promised. If your engagement letter states you’ll perform a review but your working papers show only a compilation-level effort, you’ve created evidence of non-compliance that a peer reviewer will flag immediately.
Documentation failures represent the single largest reason firms fail peer review on SSARS engagements. The AICPA’s quality control standards require that your working papers support the procedures you claimed to perform and the conclusions you reached. For a review engagement, your working papers must show the analytical procedures performed, the specific inquiries made of management, and your assessment of whether material departures from the applicable framework exist. Many firms maintain minimal working papers for reviews, documenting perhaps one or two analytical procedures while claiming they performed comprehensive inquiry and analytical work. When peer review examines your files, the disconnect between your review report and your working papers becomes obvious.
For compilation engagements, the documentation requirement is lighter but still mandatory. Your engagement letter must be in the file, and the compiled financial statements must include the no-assurance language. Yet firms frequently issue compiled statements without this required language or without a signed engagement letter on file. The cost of fixing this after the fact is substantial-you either issue corrected statements or explain to the client why their financial statements lack the required disclaimer.
Quality control failures compound documentation problems. If your firm lacks a documented quality control process that reviews engagements before they’re issued, compliance issues slip through undetected. Many firms operate with no peer review preparation process, no engagement letter review checklist, and no working paper templates. Without these controls, each engagement becomes a solo effort dependent on one person’s memory of what SSARS requires rather than a standardized process that ensures compliance across the firm.
Non-compliance shows itself through specific patterns if you know where to look. Engagement letters that lack a clear statement about the level of assurance provided represent the first red flag.
If your engagement letter doesn’t explicitly state that no assurance is provided for a compilation, or that limited assurance is provided for a review, you’ve created ambiguity.
Second, review files that lack documented inquiry procedures indicate a compilation was performed but reported as a review. Third, compiled financial statements without the no-assurance language visible on the face of the statements signal non-compliance. Fourth, engagement files missing a signed engagement letter altogether represent a clear documentation gap. Fifth, situations where the client’s actual use of the financial statements differs from the intended use documented in the engagement letter suggest either a misclassified engagement or a client who exceeded the scope without your firm’s knowledge.
Sixth, working papers that show minimal analytical procedures for a review engagement suggest the work performed didn’t match the engagement type. If you perform a quick review with two or three analytical procedures and minimal inquiry, you’ve performed a compilation-level engagement and should report it as such. The procedures you document must match the engagement type you’re reporting.
Many firms also fail to address material departures from the applicable framework in their compilations and reviews. If you identify a departure (say, the client recorded a related-party transaction at an amount that departs from GAAP), your documentation must show how you addressed it. For compilations, departures appear directly on the statements. For reviews, departures must appear in the review report or the financial statements themselves. This distinction matters because external users rely on your report to understand what you found and what it means for the financial statements’ reliability.
SSARS standards exist to protect your firm and your clients through clear communication about what you’ve actually done with their financial statements. The statements on standards for accounting and review services aren’t bureaucratic overhead-they’re the framework that prevents misunderstandings, protects your reputation, and keeps your firm out of peer review trouble. Three core practices separate compliant firms from those that struggle with quality control issues: your engagement letter must specify the level of assurance and intended users, your working papers must document the procedures you actually performed, and your firm needs a documented quality control process that reviews engagements before they’re issued.
Start now by reviewing your last ten engagements against the standards we’ve discussed. Look for engagement letters that lack specificity, compiled statements without the no-assurance language, and review files with minimal documentation. These gaps are fixable, but they require intentional effort, and the effective date for SSARS 27 updates (December 15, 2026) gives you time to audit your current processes and make adjustments.
If your firm needs help implementing these standards or structuring your quality control processes, My CPA Advisory and Accounting Partners offers accounting services and business advisory support designed to strengthen your financial management and compliance practices. The investment in getting SSARS right pays dividends through reduced peer review risk, stronger client relationships, and genuine confidence that your engagements meet professional standards.
Privacy Policy | Terms & Conditions | Powered by Cajabra