Compilation vs Review vs Audit: The Essential CPA Firm Guide to 3 Assurance Levels

Compilation vs Review vs Audit: Why the Distinction Defines Your Firm's Risk

Every CPA firm that handles financial statements faces the same question from clients: what level of service do I actually need? The answer changes the work, the staff, the liability, and the fee. At BusAcTa Advisors, we support CPA practices across compilation, review, and audit work, and the firms that manage assurance engagements most efficiently are the ones that have defined exactly what each level requires from their team before the engagement begins, not during fieldwork.

This post is general information for CPA professionals about assurance engagement standards. It does not substitute for the full AICPA pronouncements or your firm's own quality control policies.

The three levels sit under the Statements on Standards for Accounting and Review Services (SSARS) for compilations and reviews, and Generally Accepted Auditing Standards (GAAS) for audits. They differ in the level of assurance provided, the procedures required, and the expertise your team must bring to the engagement. Understanding compilation vs review vs audit at a practical level is the starting point for deciding which engagements your firm should take, how to staff them, and where an offshore audit support team adds real capacity.

Compilation Engagements: Assistance Without Assurance

A compilation is the lowest level of financial statement service a CPA firm provides. Under AR-C Section 80 of the SSARS, the CPA reads the financial statements and considers whether they appear appropriate in form. The CPA does not verify the underlying data, perform analytical procedures, or obtain representations from management.

The compilation report explicitly states that no assurance is provided. The CPA is not expressing an opinion or any form of conclusion on the financial statements. That distinction matters for your clients and for your firm's liability exposure.

Who needs a compilation? Clients who need financial statements in a formal format for internal management decisions, for early-stage lender conversations, or for situations where a bank or investor hasn't yet required a higher standard. Many small businesses use compiled statements for years without ever needing a review or audit.

From a staffing perspective, compilations are the most accessible assurance engagement for your team. Independence is not required, though the report must disclose any lack of independence. Your offshore accountants can handle the preparation and formatting work, with a licensed CPA completing the review and signing the report. That division keeps your senior staff's time on the judgment calls, not the workpaper mechanics.

Review Engagements: Limited Assurance Through Inquiry and Analysis

A review sits one level above a compilation. Under AR-C Section 90 of the SSARS, the CPA performs analytical procedures on the financial statements and makes inquiries of management. The objective is to obtain limited assurance that no material modifications are needed for the statements to conform with the applicable financial reporting framework.

The review report uses negative assurance language: the CPA states that nothing came to their attention to indicate the statements are not presented fairly. That phrasing is specific and carries legal significance. It is not an audit opinion. It does not involve verification of account balances, testing of transactions, or evaluation of internal controls.

What triggers a review? Many regional banks and SBA lenders require reviewed financial statements for loan amounts in the $500,000 to $2 million range, where an audit isn't yet mandated but compiled statements aren't sufficient. Private equity investors in early-stage companies often require reviews before committing capital. Some state licensing boards and franchise agreements also specify reviewed statements.

Independence is required for a review engagement. Your licensed CPA must have no financial interest in the client and must meet the AICPA independence standards under the AICPA Code of Professional Conduct. The fieldwork itself, including preparing the comparative analytics, drafting management inquiry letters, and assembling workpapers, can be handled by an experienced offshore accountant under your supervision, freeing your CPA to focus on the analytical review and client communication.

Audit Engagements: Reasonable Assurance and a Positive Opinion

An audit is the highest level of assurance a CPA firm can provide on financial statements. Under GAAS, the auditor obtains reasonable assurance that the statements are free from material misstatement, whether from error or fraud. The audit report expresses a positive opinion, stating that the financial statements present fairly, in all material respects, the financial position of the entity.

Reasonable assurance is not absolute assurance. Audits involve risk assessment, evaluation of internal controls, substantive testing of account balances and transactions, and professional judgment throughout. The engagement requires planning, fieldwork, and reporting phases, each with specific documentation requirements under AU-C standards.

Who requires an audit? Public companies require PCAOB-standard audits. Private companies may face audit requirements from lenders for loans above a certain threshold, from private equity investors, from grant requirements (particularly federal awards above the Single Audit threshold), from nonprofit boards, or from regulatory bodies in specific industries such as healthcare, financial services, and government contracting.

Audits are the most resource-intensive assurance engagement your firm takes on. They demand licensed, experienced staff at every decision point. But a significant portion of audit work, including lead schedule preparation, workpaper formatting, initial analytical procedures, and confirmations tracking, can be handled by a dedicated offshore audit support team. The firms that scale audit capacity without proportional headcount growth are almost always the ones that have separated the judgment work from the preparation work and staffed each accordingly.

Under AU-C Section 700, an unmodified audit opinion states that the financial statements present fairly, in all material respects, in accordance with the applicable financial reporting framework. That standard requires documented evidence, not just a professional read of the statements. (AICPA AU-C 700)

The Three Levels Side by Side

Staffing Assurance Engagements Without Burning Out Your Licensed Team

What does your current assurance workflow actually look like? If your licensed CPAs are spending meaningful hours on lead schedules, workpaper mechanics, and confirmations tracking rather than on risk assessment and professional judgment, your firm is using its most expensive resource on work that doesn't require it.

That misallocation is the most common capacity problem we see in CPA practices that take on assurance work. The solution isn't hiring more licensed staff for every engagement. It's separating the work that requires a CPA's judgment from the work that requires a trained accountant's time, and staffing each appropriately.

A dedicated offshore audit manager or support team handles the preparation layer: assembling workpapers, formatting lead schedules, tracking confirmations, preparing draft analytics, and maintaining the engagement binder. Your licensed CPA reviews, exercises judgment, signs, and manages the client relationship. That model scales. Hiring a licensed CPA for every additional engagement does not.

CPA firms that separate audit preparation work from audit judgment work consistently complete more engagements per licensed staff member without increasing error rates or review time. The key is documented workflows that define exactly what each role owns.

Conclusion: The Right Level of Assurance Starts With the Right Firm Setup

Compilation vs review vs audit is not just a technical question about SSARS and GAAS. It's a staffing question, a liability question, and a growth question for your firm. Getting the three levels clearly defined in your practice, with documented workflows and appropriate delegation, is what separates firms that grow their assurance practice profitably from those that treat every engagement as a custom project that drains senior staff time.

If your firm wants to build or expand its assurance capacity without proportional headcount growth, schedule a call with BusAcTa Advisors. We'll show you how our offshore audit support team integrates into your existing workflow and where we can absorb the preparation work so your licensed CPAs stay focused on what only they can do.