The auditor should restrict the use of a report when: (1) The subject matter or the presentation being reported on is based on measurement or disclosure criteria contained in contractual agreements or regulatory provisions that are not in conformity with GAAP or OCBOA; (2) The auditor’s report is a by-product of a financial statement audit and the procedures applied were designed for the audit, not to provide assurance on the subject matter of the report.
How To Identify Restricted Parties
The auditor should restrict reports based on contractual agreements or regulatory provisions to parties to the agreement or to the responsible regulatory agency. The auditor should restrict by-product reports to an entity’s audit committee, board of directors, management, or others within the organization, specified regulatory agencies, and parties to the contract for compliance with contractual agreements.
The auditor should restrict the use of a single combined restricted-use and general-use report to specified parties.
A separate restricted-use report may be included in a document that contains a separate general-use report, provided the combined report is restricted.
How To Add New Specified Parties
After the engagement is completed or in the course of such an engagement, the client may ask the auditor to add other specified parties. An auditor should not agree to add other specified parties to a by-product report.
For a subject matter or presentation type report, the auditor may agree to add other specified parties after considering such factors as identity of the other parties and intended use of the report.
If the auditor adds other specified parties, he or she should obtain affirmative acknowledgment, ordinarily in writing, from the other parties about their understanding of the engagement, measurement or disclosure criteria, and the report.
If other parties are added after issuance of the auditor’s report, the auditor may reissue the report or provide other acknowledgment that new parties have been added. If the report is reissued, the report date should not be changed. If the auditor provides written acknowledgment of the addition, the acknowledgment should state that no subsequent or new procedures have been performed.
How To Limit Report Distribution
The auditor should consider informing the client that restricted-use reports are not intended to be distributed to nonspecified parties. However, an auditor is not responsible for controlling the client’s restricted-use report distribution.
Last Important Note
The auditor should add a separate paragraph at the end of the report that
- States that the report is intended solely for the information and use of the specified parties.
- Identifies the parties.
- States that the report is not intended to be, and should not be, used by non-specified parties.