Start your free trial today. Cancel anytime. --:--:--:--

Back to Blog

study tips

SSARS vs SAS on the CPA Exam: Know the Difference

Think CPA Team-June 23, 2025

One of the most commonly tested distinctions on the AUD section of the CPA exam is the difference between engagements performed under Statements on Standards for Accounting and Review Services (SSARS) and those performed under Statements on Auditing Standards (SAS). These two sets of standards govern fundamentally different types of engagements, and mixing them up on exam day can cost you points quickly. This article breaks down each engagement type, the level of assurance provided, reporting differences, and the practical exam tips that will help you answer questions confidently.

The Big Picture: Three Levels of Service

When a CPA is engaged to provide services related to financial statements, the engagement generally falls into one of three categories, each providing a different level of assurance:

  1. Compilation (SSARS) - No assurance provided.
  2. Review (SSARS) - Limited (moderate) assurance provided.
  3. Audit (SAS) - Reasonable (high) assurance provided.

The key insight is that the level of assurance corresponds directly to the amount of work performed. A compilation requires the least work and provides no assurance. An audit requires the most work and provides the highest level of assurance. A review falls in between.

Compilations Under SSARS

A compilation engagement involves the accountant assisting management in presenting financial statements without undertaking to obtain or provide any assurance that there are no material modifications that should be made. Here are the defining characteristics:

  • No assurance is expressed on the financial statements.
  • The accountant must have knowledge of the industry but is not required to verify the accuracy of the information provided by management.
  • The accountant is not required to make inquiries or perform analytical procedures.
  • Independence is not required, but if the accountant is not independent, that fact must be disclosed in the report.
  • The accountant must obtain an engagement letter and obtain management agreement that management is responsible for the financial statements.

Compilation Report Language

The compilation report states that management is responsible for the financial statements and that the accountant did not audit or review the financial statements. The report includes a specific statement that the accountant does not express an opinion or any assurance on the financial statements.

Reviews Under SSARS

A review engagement provides limited assurance that there are no material modifications that should be made to the financial statements for them to be in conformity with the applicable financial reporting framework. Key characteristics include:

  • Limited (moderate) assurance is provided, expressed in the form of negative assurance.
  • The accountant must perform inquiry and analytical procedures as the primary basis for the conclusion.
  • The accountant must be independent of the entity.
  • The accountant must obtain a representation letter from management.
  • The review is substantially less in scope than an audit.

Review Report Language

The review report uses negative assurance language, stating something along the lines of: "Based on my review, I am not aware of any material modifications that should be made to the accompanying financial statements." This is fundamentally different from the positive assurance in an audit opinion. The distinction between positive and negative assurance is heavily tested.

Audits Under SAS

An audit provides reasonable assurance that the financial statements are free of material misstatement. An audit involves the most extensive procedures:

  • Reasonable (high) assurance is provided through a positive opinion.
  • The auditor performs risk assessment procedures, tests of controls, and substantive procedures.
  • The auditor must be independent in fact and in appearance.
  • The auditor obtains written representations from management.
  • The auditor assesses the risk of material misstatement and designs procedures responsive to those risks.
  • The audit opinion states whether the financial statements are presented fairly, in all material respects.

Audit Report Language

The standard unmodified audit report for a nonissuer includes specific sections: Opinion, Basis for Opinion, Responsibilities of Management, and Auditor's Responsibilities. The opinion paragraph uses positive assurance: "In our opinion, the financial statements present fairly, in all material respects." This positive language reflects the higher level of work performed.

Side-by-Side Comparison

Here is a concise comparison across the key dimensions tested on the exam:

Standards Governing the Engagement

  • Compilation: SSARS (AR-C Section 80)
  • Review: SSARS (AR-C Section 90)
  • Audit: SAS (AU-C Sections)

Level of Assurance

  • Compilation: None
  • Review: Limited (negative assurance)
  • Audit: Reasonable (positive assurance)

Independence Required?

  • Compilation: No (but lack of independence must be disclosed)
  • Review: Yes
  • Audit: Yes

Key Procedures

  • Compilation: Reading the financial statements for appropriate form; no inquiry or analytical procedures required
  • Review: Inquiry and analytical procedures
  • Audit: Risk assessment, tests of controls, substantive testing, confirmations, and more

Who Performs Each Engagement?

All three types of engagements are performed by CPAs, but the context matters. Compilations and reviews under SSARS are typically performed for nonissuers (private companies). Audits can be performed for both nonissuers (under AICPA standards) and issuers (under PCAOB standards). On the exam, if a question references a "public company" or "issuer," think PCAOB. If it references a "nonissuer" or "private company," think AICPA standards.

It is also important to note that only an auditor in public practice can perform these engagements. An internal auditor, for example, does not issue compilation, review, or audit reports under SSARS or SAS.

When Does Each Apply?

The type of engagement depends on the needs of the financial statement users:

  • A small business owner who needs financial statements for internal use may only need a compilation.
  • A company seeking a bank loan may be required to provide reviewed financial statements.
  • A company with outside investors, or one required by regulation, will typically need audited financial statements.
  • Publicly traded companies are required to have their financial statements audited under PCAOB standards.

Common Exam Traps

The AUD section loves to test the boundaries between these engagement types. Watch out for these common traps:

  1. Confusing negative and positive assurance - A review provides negative assurance ("not aware of any material modifications"). An audit provides positive assurance ("presents fairly"). Do not mix these up.
  2. Thinking a compilation requires independence - It does not, but the accountant must disclose a lack of independence in the report.
  3. Forgetting that reviews require inquiry and analytical procedures - These are the two primary procedures in a review. The exam will test whether you know this.
  4. Applying SAS standards to a SSARS engagement - If the question describes a compilation or review, apply SSARS. Do not apply audit-level requirements to a review engagement.
  5. Ignoring the representation letter requirement - Both reviews and audits require a representation letter from management. Compilations do not.

Preparation Engagements: A Quick Note

Under SSARS, there is also a preparation engagement (AR-C Section 70) where the accountant prepares financial statements without being engaged to perform a compilation, review, or audit. In a preparation engagement, no report is required. The accountant must include a statement on each page indicating that "no assurance is provided." While this is a less common exam topic, it does appear occasionally, so be aware of it.

Exam Tips for SSARS vs SAS Questions

  • Create a comparison chart and memorize the key differences before exam day.
  • Focus on assurance levels, required procedures, and independence requirements.
  • Practice identifying the engagement type from a scenario before answering the question.
  • Remember: more work equals more assurance. This simple principle resolves many questions.

If you want to test your understanding with targeted practice questions on SSARS and SAS topics, Think CPA provides focused quizzes that mirror the style and difficulty of real exam questions. Practicing these distinctions in a realistic setting is one of the most effective ways to lock in your understanding before sitting for the AUD section.

Back to all articles