Web assurance seals--are they all alike?: A look at WebTrust and other web assurance seals.

Joseph, Gilbert W. ; Bostick, Lisa N. ; Slaughter, Lanford T., Jr. 等

CASE DESCRIPTION

The primary subject matter of this case concerns the CPA's requirements and responsibilities for performing a WebTrust attestation service engagement. Additionally, this case provides a framework for discussion on the control issues with information systems. This case has a difficulty level of three, appropriate for junior-level courses. This case is designed to be taught in one class hour and is expected to require ten hours of outside preparation by students.

CASE SYNOPSIS

Patricia Greene, CPA is approached by Bill Miller, president of E-commerce.com, who is inquiring about web assurance seals. Mr. Miller wants to know what web seal programs are available and what requirements does his company have to meet to display a seal on its website. Ms. Greene, CPA has the task of identifying and comparing the various web seal programs. Additionally, she needs to investigate the requirements and responsibilities for performing a WebTrust engagement. Finally, she needs to communicate her findings to Mr. Miller.

INTRODUCTION

Bill Miller, president of E-commerce.com is concerned about his revenue stream. Ecommerce. com's revenues are below what had been forecasted. Mr. Miller conducts business that can be categorized as both retail business-to-business (B2B) and retail business-to-consumers (B2C). Therefore, Mr. Miller decides to meet with Patricia Greene, CPA to obtain advice on ways to improve his revenues. Ms. Greene has not had previous business dealings with Mr. Miller or his company, E-commerce.com. Ms. Greene is aware of WebTrust, but does not know what the specific responsibilities and requirements are of this type of engagement. She informs Mr. Miller that ecommerce-based businesses have begun to display web assurance seals on their websites. The web seal programs are supposedly oriented to give e-commerce consumers a sense of confidence that when they deal with Internet merchants that the consumer's personal data will be handled in a secure and confidential manner. She tells him about the WebTrust seal offered by the AICPA. Mr. Miller asks Ms. Greene to provide him with information on alternative web assurance seals. Specifically, he wants to know what web assurance seals are available and what requirements does his company, E-commerce.com, have to meet to be able to display a seal on its website. Additionally, he wants to know if web seal programs are all alike. Ms. Greene tells Mr. Miller that she will provide this information to him.

Between her own background and the technical support available through the staff in her office, Ms. Greene knows that she has the technical competence to evaluate the internal controls over financial reporting. However, she has never personally performed an engagement on web seal programs and needs to know the technical skills required for such an engagement. To undertake this task, Ms. Greene designed a four step process:

* Step 1: In the first step, she does some background research and investigates what types of assurances merchants should be giving to e-commerce consumers. She builds a short questionnaire that she will use to evaluate the different merchants she intends to review. She goes to the websites of many merchants and analyzes the customer security and privacy statements posted on the commercial websites. She also observes what type(s) of web assurance seals were found on those web sites. Her purpose is to see how comprehensive the stated customer policies are for many merchants and whether better policies are associated with specific web seal programs.

* Step 2: In the second step, using the background she had already developed on the types of assurances merchants should be giving to consumers, Ms. Greene builds another questionnaire aimed at investigating the different web seal programs themselves. Ms. Greene selects a few of the most commonly found web seals and goes to their websites. Her purpose is twofold: (1) to find out how comprehensive the web seal program is at providing a full set of consumer assurances; and (2) to find out how difficult it is for a merchant to obtain, display, and renew the web seal. She is also interested in knowing whether her services as a CPA would be required for a merchant, such as Mr. Miller, to obtain each web seal. From her findings she will be able to select those web seal programs that seem more comprehensive and appropriate for Mr. Miller's business, and for her services as a CPA.

* Step 3: In the third step, Ms. Greene investigates the American Institute of Certified Public Accountants (AICPA) Professional Standards for guidance relative to performing an engagement for Mr. Miller designed to qualify his business (E-commerce.com) for an appropriate web seal program. She knows that she would be conducting a study of the client's website, using written website performance standards (criteria) developed by a web seal program. She would then report her findings to the client and the web seal program, wherein she would have to state her opinion about how well the client met the web seal program's demands. The representative for the web seal program would then make a judgment about awarding the seal. On a notepad, Ms. Greene sketches out a diagram of the different services a CPA practitioner could provide to clients. Overlap sometimes occurs between the different types of services when aspects of each service exist in an engagement. Figure 1 shows what she has sketched. This is obviously not a tax engagement. She knows that this will not be an audit engagement, because it does not relate to an audit of financial statements. That leaves only the possibility that the engagement would be either a consulting services or attestation engagement. However, she is unsure which type of engagement would be appropriate. If it is an attestation engagement, she is unsure which of the specific attestation standards will govern her activities while performing the engagement for Mr. Miller. She is particularly interested in knowing (1) what type of report can be issued, (2) whether there are restrictions on report distribution, (3) if the appropriate standard indicates that special training or certification is needed for her to properly conduct such an engagement, and (4) what the standards state about the issue of her independence from the client in order to perform the engagement. Ms. Greene builds a questionnaire she will use to summarize the guidance from the different professional standards she will review.

* Step 4: In the fourth step, Ms. Greene will communicate her findings to Mr. Miller of Ecommerce. com. She will compare and contrast the differences between a WebTrust assurance seal and the other web seal programs that are available for e-commerce businesses to display.

Having designed the process and developed the questionnaires to guide someone through the process, Ms. Greene then turned-over the task to a junior level CPA in her firm and gave the following instructions to the accountant. You are that junior level CPA.

STEP 1: WEBSITE POLICIES AND WEB ASSURANCE SEALS

To familiarize yourself with the popularity of web assurance seals and to determine what seals e-commerce businesses are using, visit several popular commercial websites. You are also interested in the completeness of business policies that are posted on the commercial web sites. Use the questionnaire appearing in Exhibit 1 to perform this task. Requirement. In reality, Ms. Greene would have her employee research many different websites, but you are limited to only five different websites that display web assurance seals. Reproduce five copies of Exhibit 1 to use in this step of the project. Visit many websites that sell products or services and find five such websites that display one or more web assurance seals. Note that sometimes websites do not display the seals on the main page of the website but may display them in link pages where their business policy statements are also displayed. After you have found five websites that display web assurance seals, complete one questionnaire for each website. Record the company name and the Uniform Resource Locator (URL), for example, "www.business.com". Pay particular attention to any information about how a customer of the website would be protected. For example:

* Which website seal(s) are displayed announcing that the website is certified as a protected site?

* Can you gain access via the website to statements about its customer policies? If you can print the policies, attach them to your assignment. Were all the customer policies in one place (e.g., all on one web page) so that you were sure that you had a complete set of their policies?

* What forms of protection do they promise you? Do they promise not to sell or trade customer personal information?

* What security procedures do they provide for transmission of personal data between you and the website? Is the data encrypted?

* Did the website give you a "cookie" (put a program on you computer that will capture and transmit data to the company about your activities)? If the "cookie" is necessary to complete the customer's transaction (e.g., to fill the shopping basket), and can be removed afterward, that is ok. However, if the "cookie" stays on your system and tracks what you do later, that is an invasion of privacy. Do they promise not to do this?

When you have completed gathering data about any single website, arrive at a judgment about how thoroughly you feel the customer / security policies address consumer concerns. Check only one box on the questionnaire for each website to reflect your overall impression.

STEP 2: SEAL PROGRAM ASSURANCES AND MERCHANT REQUIREMENTS Ms. Greene wants to learn more about the requirements of the various web assurance seals that you observed in step 1. In reality, Ms. Greene would probably have her employee research most (if not all) of the web seal programs. You are limited to only four different seals (see the list below). Using the questionnaire that Ms. Greene developed (see Exhibit 2), find out more specific details about the protections promised by the web seal programs and the process a merchant goes through to qualify and renew the seal program. Reproduce four copies of Exhibit 2 to use in this step.

Requirement. Visit the website for each of the four seal programs listed below. Evaluate how comprehensive the web seal program is at providing a full set of consumer assurances.

* Questionnaire for Step 2, Section A: Complete Section A of the questionnaire shown in Exhibit 2 for each of the four seal programs. The five e-commerce assurance concerns that you will evaluate are (1) data security, (2) business policies, (3) transaction integrity, (4) data privacy, and (5) seal program activities (these ecommerce assurance concerns were adapted from Greenstein and Vasarhelyi [2001] and then modified.). A quality seal would address all (or most) of these concerns. Determine which of the seals may be of greatest value to a firm as a way of gaining the greatest retail customer confidence (that is, identify which seals address most or all of the five e-commerce assurance concerns).

* Questionnaire for Step 2, Section B: Then, using section B of the questionnaire shown in Exhibit 2, research the requirements that must be met to initially display and then to renew that particular web seal. When performing your research, emphasize the specific requirements that a firm must meet in order to display the seal (e.g., what specifically must the firm do to be authorized to show the seal on its web site and to renew the seal? How complex or comprehensive is the process?).

You should investigate the following four website certification programs. All the information you need may not appear on a single web page of the seal program's website. You may have to view / print several related web pages to accumulate all the information needed to complete this assignment, such as the main page, frequently asked questions (FAQ), program requirements, dispute resolution processes, how to join / apply, terms of membership, press releases, program principles, oversight, self-assessment applications, consumer protections, disclaimers, and others.

* BBBOnline Reliability seal program at http://www.bbbonline.org , a seal offered by the Better Business Bureau (BBB) subsidiary BBBOnline, Inc., a non-profit organization. BBBOnline offers two seals. You will be investigating the reliability seal program.

* TRUSTe seal program at http://www.truste.org, a seal offered by a non-profit organization founded by Electronic Frontier Foundation (a non-profit civil liberties organization) and CommerceNet (a commercial organization to promote Internet sales). TRUSTe offers three seal programs. You will be investigating the Privacy Seal Program.

* WebTrust seal program at http://www.aicpa.org or, more specifically, at http://www.cpawebtrust.org, a seal offered by the American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). Both are non-profit professional organizations. Also, you will find it very useful to download or print a document titled "Suitable Trust Services Criteria and Illustrations". You can find this document by the following steps: go to http://www.aicpa.org/assurance/index.htm, link to "Find Out About Services--WebTrust", at this site link to "WebTrust". At this website you will be able to review the Trust Services Principles (link is titled "New!Download Trust Services Principles V 1.0"). Locate within this document the types of attest-level engagements for trust services.

* ePublicEye seal program at http://www.epubliceye.com, offered by this for-profit organization.

After having evaluated each of the web seal programs, make a judgment about how thoroughly the web seal program addresses the e-commerce assurance objectives. Also determine whether each seal would require a CPA practitioner to perform an engagement to determine if the merchant meets all seal program criteria. This last piece of knowledge would, of course, be most useful to Ms. Greene because she could charge clients, such as Mr. Miller, for this service.

STEP 3: INVESTIGATING PROFESSIONAL GUIDANCE

Ms. Greene wants to know about the requirements a CPA must meet (if any) before she decides to accept a WebTrust or other engagement that requires a CPA to evaluate whether a client meets a seal program's criteria. To make these determinations, she wants you to research existing AICPA Professional Standards that might relate to such an engagement. Ms. Greene is unsure if this should be a consulting services engagement or an attestation engagement. If it is an attestation engagement, she wants to know which specific attestation standard will govern her activities.

Requirement. In step 2, you identified the web assurance seals that might require a CPA practitioner to perform an evaluation of a client's website transaction system. Using AICPA Professional Standards, Volumes 1 and 2, determine which professional standard would apply to an engagement where the CPA practitioner evaluates a client's website for purposes of the client obtaining a web assurance seal. Use the questionnaire developed by Ms. Greene shown in Exhibit

3. Your will be investigating eight different professional standards, therefore reproduce eight copies of the questionnaire shown in Exhibit 3.

In AICPA Professional Standards Volumes 1 and 2, read and summarize key points about the following eight professional standards:

When reading the professional standards, if the current professional standard you are reading says that guidance that appears in another professional standard also applies to the current professional standard, then treat the current standard as if the guidance were also printed there. In other words, a reference by one professional standard to another is interpreted as if the printed words appear in both professional standards.

Questionnaire for Step 3, Section A: Complete one copy of Ms. Greene's questionnaire for each of the eight professional standards reviewed, writing the standards number and title in section A of the questionnaire, along with a brief summary of when the standard is appropriate guidance to follow.

Questionnaire for Step 3, Section B: First, determine whether this specific professional standard governs Ms. Greene's activities while performing a web assurance seal engagement. Second, Ms. Greene wants to know whether other types of Trust Services engagements can be done for Mr. Miller. Specifically, she wants to know whether she can issue a report on certain principles related to Trust Services (refer to Suitable Trust Services Criteria and Illustrations document). Determine whether this specific professional standard applies to this type of engagement. If you can determine early (that is, in this section B of the questionnaire) that the professional standard does not apply to either of these types of engagements, then you do not have to complete the rest of the questionnaire and your task is greatly simplified. If it appears that the professional standard could apply to either or both of these types of engagements, then complete the remainder of the questionnaire.

Questionnaire for Step 3, Section C: Identify the characteristics required of the engagement in order to use this professional standard. Who is responsible to provide assertions or to define the subject matter that the CPA practitioner will investigate? In order for the CPA practitioner to test assertions, there must be criteria against which the assertions or the subject matter can be tested--where can those criteria come from? Sometimes there are alternative types of investigations that have greater or lesser involvement. What types of alternative investigations does the AICPA indicate are governed by this professional standard? (HINT: when completing sections D and E of this questionnaire, place check marks only after the types of alternative investigations identified here in section C.)

Questionnaire for Step 3, Section D: The normal result of any engagement is for the CPA practitioner to write a report about the engagement. Ms. Greene is concerned about what type of report she will be allowed to write depending on the type of investigation being conducted. For the type(s) of investigation(s) permitted under that specific professional standard (you indicated that in section C above), tell Ms. Greene what type of report is allowed (or required). What type of opinion / conclusion / findings does the practitioner give for that type of engagement? (Note: When the professional standard permits different types of investigations, there may be a different type of report associated with each type of investigation being conducted.)

Questionnaire for Step 3, Section E: Ms. Greene does not want to make a mistake and give a copy of the report to inappropriate people or organizations. For the type(s) of investigation(s) permitted under that specific professional standard (you indicated that in section C above), tell Ms. Greene if there are any restrictions in the professional standard as to how broadly the report can be distributed. (Note: When the professional standard permits different types of investigations, there may be different distribution rules depending on the type of investigation being conducted.)

Questionnaire for Step 3, Section F: Finally, Ms. Greene has two tasks for you regarding two things that might be required by the professional standard: (1) would she or her staff have to obtain some special training in order to properly conduct the engagement; and (2) would her CPA firm have to be independent from the client (i.e., would she be restricted from performing other services for the client while performing this engagement)? HINT: To accomplish the first task, look in the professional standard for any "General Standards" and compare the specific wording to the alternatives in the questionnaire. Ms. Greene is aware that the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA) jointly developed the WebTrust seal program that is targeted directly at this issue of website assurance. Therefore, as a final consideration for the first task about special training, also look more closely at the WebTrust internet site identified earlier.

STEP 4: COMMUNICATING YOUR FINDINGS TO THE CLIENT

Ms. Greene needs to communicate her findings to Mr. Miller. She wants to compare and contrast the differences between a WebTrust seal and the other web assurance seals that are available for ecommerce businesses to display.

Requirement: Prepare a one page letter to Mr. Miller detailing the important aspects of this information. In your letter indicate the following things.

* In one paragraph briefly describe the investigation you went through to find this information.

* In one paragraph briefly describe the top two web assurance seal programs. These should be the web seal programs that you determine would provide the most comprehensive ecommerce assurances. Recommend one of these for Mr. Miller to pursue for his business, E-commerce.com. Explain why you are recommending this seal.

* In one paragraph briefly indicate the type of engagement that would be required of the CPA practitioner for Mr. Miller to obtain and renew the seal. Clearly indicate the characteristics of the engagement to include all of the following:

[check] Which specific professional standard must be used to govern the engagement;

[check] What type of investigation must be conducted (i.e., examination, review, agreed-upon procedures, or consulting services);

[check] What type of report Ms. Greene will be able to issue;

[check] How widely the report can be disseminated.

[check] Who should provide the assertions or subject matter that will be investigated;

[check] Where the criteria would come from that would be used to test the assertions or subject matter;

[check] What special skills Ms. Greene or members of her staff may need; and

[check] To what degree Ms. Greene must maintain professional independence;

Exhibit 1. Questionnaire for Step 1

Website #

Check (?) each
seal that appears.

(Some seals are not
on the main website
page, but rather in
the page link for
customer or security
policies.)

Company Name:
URL: e.g., www.business.com

 BBBOnline
 TRUSTe
 VeriSign
 BizRate
 ICSA
 WebTrust
 Truesecure.com
 e Safe Certified
 PayPal
 PrivacyBot
 ItSeal.com
 Gomez Certified
 AOL Certified Merchant
 ePublicEye
 Privacy Independent Accountant's Report
 Cyberprocess Certification
 Betterweb
 Privacy Secure Inc. (by BBB Online)
 UTAC (Health Web Site Accreditation)
 VIPPS (Verified Internet Pharmacy Practice Site)
 PositionPro

Is some other seal displayed
that is not identified above?
Write the seal's name:

 Doesn't
Customer policies: Check the webpage link to Yes No Say
the customer / security policies (the
specific name may vary by the website). If
you can print the policies, attach them to
this exhibit. Based on the customer /
security policies, answer the following
questions, by checking only one answer.

* Were the policies easy to find? Were they
all together? Were they in one place (e.g.,
all on one web page) so that you did not
have to piece the policies together from
various places?

* Do they address whether the business
clearly, understandably, and consistently
displays its policies (e.g., shipping,
billing, payments, returns, and sales tax
collections)?

* Do they release or use personal data only
as agreed to by the customer?

* Do they address if transactions are
processed in a timely manner, using agreed--to
shipping and pricing data?

* Do they address if the firm resolves
problems in a prompt manner?

* Do they keep transaction and personal
information about customers confidential?

* Do they address security of information
being transmitted to the web site from the
customer and data that appears on the web
site that will be used by the consumer to
make transaction decisions?

* Do they allow customers to verify or
correct their personal data stored at the
firm?

* Do they address whether the firm will
properly process transactions only after
gaining customer agreement?

* Do they protect the customer from unknown
viruses or from Internet "cookies" invading
their computers?

How thoroughly do you feel Very Good Good Fair Poor Very Poor
that the customer /
security policies address
consumer concerns? (Check
one answer)

EXHIBIT 2. QUESTIONNAIRE FOR STEP 2

Web Seal Program Name:

Section A. e-commerce assurance concerns of the web assurance seal
program.

Data Security: Does the seal program Yes No Doesn't
require the merchant to provide data Say
security that does following?

* Merchant must provide security for data
transmitted from the consumer to the web site
(i.e., have a secure server transaction system).

* Merchant must provide security for data that
appears on the web site that will be used by the
consumer to make transaction decision.

Business Policies: Does the seal program require
the merchant to have business policies that
provide the following?

* Merchant must display understandable and
consistent policies on the website (e.g.,
shipping, billing, payments, returns, sales
tax).

* Merchant must adopt business policies
previously established by the seal program
rather than develop his / her own policies.

* Merchant is allowed to write his / her own
business policies if the policies comply with
principles approved by an acceptable body.

* Merchant is required to maintain a history of
adhering to its own policies.

* Merchant must demonstrate a history of not
changing these policies frequently.

Transaction Integrity: Does the seal program
require the merchant to provide transaction
processing integrity?

* Merchant must properly process all
transactions only after gaining the consumer's
agreement.

* Merchant must respond to consumer inquiries /
complaints in a timely manner.

* Merchant must use agreed-to shipping and
pricing data.

* Merchant must resolve all customer problems in
a prompt manner.

* Merchant must provide a means for consumers to
communicate with the merchant regarding
inquiries, follow-up, or complaints.

Data Privacy: Does the seal program require the
merchant to provide data privacy that does the
following?

* Merchant must display understandable and
consistent policies on the website (e.g.,
consumer data privacy principles).

* Merchant must keep transaction and personal
information about the consumer confidential.

* Merchant must adopt privacy policies
previously established by the seal program
rather than develop his / her own policies.

* Merchant is allowed to write his / her
own privacy policies if the policies
comply with principles approved by an
acceptable body.

* Merchant must allow the consumer to verify
or correct his / her personal data that is
maintained on the merchant's computer.

* Merchant must release or use data only as
agreed to by the consumer, except as needed to
complete the transaction.

* Merchant must protect the consumer's computer
from viruses or "cookies", except as needed to
complete the
transaction.

Seal Program Activities: Does the seal program
perform activities on behalf of consumers in the
following areas?

* Merchant must allow consumers to voluntarily
document their experiences via the seal program
website.

* Merchant must let the seal program summarize
or rank consumer experiences with the merchant's
history of honoring its policies.

* Merchant must agree to arbitration, let the
web seal program intervene on the customer's
behalf, or have a similar resolution process.

* Proof of having conducted business for a
specified period of time.

* Agree to abide by the seal program's
requirements.

* Pay a license fee.

* Install the seal or consumer links to the seal
program website.

* Purchase or install security software or
hardware provided by the seal program.

* Profess that the merchant has full online
ordering capability.

Independent Evaluations: Does the seal program
require merchants to have an initial evaluation
as follows?

* Let a third party confirm the existence of the
merchant.

* Let seal program representatives confirm the
merchant's existence via an on-site visit.

* Let seal program representatives determine if
the merchant fully discloses policies, without
testing actual merchant performance.

* Let seal program representatives conduct tests
to see if the merchant adheres to stated
policies and meets performance criteria.

* Engage an independent auditor to determine if
the merchant fully discloses policies, without
testing actual merchant performance.

* Engage an independent auditor to conduct tests
to see if the merchant adheres to stated
policies and meets performance criteria.

Renewal Requirements: Are specific actions by
merchants required to renew their ability to
display the seal?

* Pay a renewal license fee.

* Not have significant consumer complaints about
failure to follow its own stated policies or to
quickly resolve consumer problems.

* Let seal program representatives determine if
the merchant fully discloses policies, without
testing actual merchant performance.

* Let seal program representatives conduct tests
to see if the merchant adheres to stated
policies and meets performance criteria.

* Engage an independent auditor to determine if
the merchant fully discloses policies, without
testing actual merchant performance.

* Engage an independent auditor to conduct tests
to see if the merchant adheres to stated
policies and meets performance criteria only if
severe violations were noted in previous
merchant performance

* Engage an independent auditor to conduct tests
to see if the merchant adheres to stated
policies and meets performance criteria.

How thoroughly do you feel that the website seal
program addresses e-commerce assurance
objectives? (Check one answer for each of the
assurance concerns)

* Data Security

* Business Policies

* Transaction Integrity

* Data Privacy

* Seal Program Activities

Would this web seal program require a CPA Yes No
practitioner to make statements that the
merchant met all the web seal program's criteria
in order to obtain, display, or renew the web
assurance seal? (Check one answer)

EXHIBIT 3. QUESTIONNAIRE FOR STEP 3

Section A. Identify the professional standard you are reviewing.

Identify the Standard by number (e.g., AT101, AT201, CS100,
etc.) and write the exact title.

Briefly summarize the stated purpose of the standard
(e.g., when it is appropriate to use this specific standard).

Section B. With regard to this specific Don't
professional standard, can this standard be used Yes No Know
by a CPA practitioner to support an engagement
designed to accomplish the following purpose?

To perform an attest level engagement for the
purpose of obtaining a web assurance seal to
display on the client's website.

To perform an attest level engagement on certain
procedures related to the Trust Services
principles.

If you answered "No" to BOTH of the questions above, SKIP THE REMAINING
SECTIONS of this questionnaire.

If you answered "Yes" to ONE OR BOTH questions above, complete the
remaining sections of this questionnaire.

Section C. Identify the characteristics required
of the investigation.

Does the professional standard require that a
"responsible party" be identified who will
provide the assertions or who is responsible for
the subject matter being investigated?

For a web assurance The management of
engagement, who would the client who
be the "responsible engages the CPA
party" if one is practitioner to
needed? evaluate the web site

 The organization
 that administers the
 web seal program

 The CPA practitioner
 who was hired to
 conducting the
 investigation

Where could the The client or party
criteria come from responsible for the
that will be used to subject matter being
evaluate the investigated
assertions or the
subject matter being A body designated by
evaluated? the AICPA governing
 council Groups
 composed of experts
 who follow due
 process procedures

 Industry associations

 Other groups who do
 not follow due
 process procedures

What type(s) of Examination
investigation(s) can be
performed under this Review
standard? (Use your
answer here to guide Agreed-Upon
your answers to Procedures
Sections D, E & F
below.) Consulting Services
 Engagement

Section D. Report Type: For only each type of
investigation checked in Section C above,
indicate the type of report that can be issued.

You checked an The AICPA places NO
EXAMINATION restrictions on the
investigation in content of the report.
Section C above.
 Report must express
 a positive opinion
 about the assertions
 or subject matter
 conforming to the
 evaluation criteria
 (unqualified,
 qualified, adverse,
 or disclaimer).

 Report must state
 that is was a lesser
 investigation,
 express no opinion,
 and express only
 negative assurances.

 Report must identify
 the test(s) performed
 and the specific
 findings (express no
 opinion or negative
 assurances).

You checked a REVIEW The AICPA places NO
investigation in restrictions on the
Section C above. content of the
 report.

 Report must express
 a positive opinion
 about the assertions
 or subject matter
 conforming to the
 evaluation criteria
 (unqualified,
 qualified, adverse,
 or disclaimer).

 Report must state
 that is was a lesser
 investigation,
 express no opinion,
 and express only
 negative assurances.

 Report must identify
 the test(s) performed
 and the specific
 findings (express no
 opinion or negative
 assurances).

You checked an The AICPA places NO
AGREED-UPON PROCEDURES restrictions on the
investigation in content of the
Section C above. report.

 Report must express
 a positive opinion
 about the assertions
 or subject matter
 conforming to the
 evaluation criteria
 (unqualified,
 qualified, adverse,
 or disclaimer).

 Report must state
 that is was a lesser
 investigation,
 express no opinion,
 and express only
 negative assurances.

 Report must identify
 the test(s) performed
 and the specific
 findings (express no
 opinion or negative
 assurances).

You checked a The AICPA places NO
CONSULTING SERVICES restrictions on the
engagement in Section content of the
C above. report.

 Report must express
 a positive opinion
 about the assertions
 or subject matter
 conforming to the
 evaluation criteria
 (unqualified,
 qualified, adverse,
 or disclaimer).

 Report must state
 that is was a lesser
 investigation,
 express no opinion,
 and express only
 negative assurances.

 Report must identify
 the test(s) performed
 and the specific
 findings (express no
 opinion or negative
 assurances).

Section E. Report Distribution: For only each
type of investigation checked in Section C
above, indicate how the report can be
distributed

You checked an The AICPA places NO
EXAMINATION restrictions on the
investigation in distribution of the
Section C above. report.

 The report can be
 generally distributed
 unless the criteria
 used are appropriate
 or available to only
 a limited number of
 parties, or when
 reporting on subject
 matter and written
 assertions were not
 provided by the
 responsible party.

 The report must be
 restricted to
 specified readers
 who agree to accept
 the specific tests
 performed.

You checked a REVIEW The AICPA places NO
investigation in restrictions on the
Section C above. distribution of the
 report.

 The report can be
 generally distributed
 unless the criteria
 used are appropriate
 or available to only
 a limited number of
 parties, or when
 reporting on subject
 matter and written
 assertions were not
 provided by the
 responsible party.

 The report must be
 restricted to
 specified readers who
 agree to accept the
 specific tests
 performed.

You checked an The AICPA places NO
AGREED-UPON PROCEDURES restrictions on the
investigation in distribution of the
Section C above. report.

 The report can be
 generally distributed
 unless the criteria
 used are appropriate
 or available to only
 a limited number of
 parties, or when
 reporting on subject
 matter and written
 assertions were not
 provided by the
 responsible party.

 The report must be
 restricted to
 specified readers
 who agree to accept
 the specific tests
 performed.

You checked a The AICPA places NO
CONSULTING SERVICES restrictions on the
engagement in Section distribution of the
C above. report.

 The report can be
 generally distributed
 unless the criteria
 used are appropriate
 or available to only
 a limited number of
 parties, or when
 reporting on subject
 matter and written
 assertions were not
 provided by the
 responsible party.

 The report must be
 restricted to
 specified readers who
 agree to accept the
 specific tests
 performed.

Section F. General Standards: Within this
specific professional standard, indicate if the
standard CPA practitioner independence or
special training

Is independence needed The AICPA imposes no
for this engagement? independence
 restrictions on the
 CPA practitioner for
 this engagement

 The CPA practitioner
 must not do any other
 accounting or
 auditing services
 during this
 engagement

 The CPA practitioner
 must not do any other
 consulting services
 for the client during
 the engagement

 The CPA practitioner
 must maintain
 independence in
 mental attitude (be
 honest, impartial,
 unbiased)

 The CPA practitioner
 must avoid conflicts
 of interest that
 would impair the
 practitioner's
 objectivity

Is special training There are no
needed for this requirements stated
engagement? * about competence,
 technical training,
 proficiency, or
 special knowledge

 The CPA practitioner
 must possess
 additional skills to
 perform a web
 assurance engagement.

 The CPA practitioner
 must possess
 professional
 competence in the
 engagement being
 undertaken

* HINT: In addition to this specific professional standard look at the
WebTrust internet site identified earlier.

1 AT101 Attest Engagements
2 AT201 Agreed-Upon Procedures Engagement
3 AT301 Financial Forecasts and Projections
4 AT401 Reporting on Pro Forma Financial Information
5 AT501 Reporting on an Entity's Internal Control Over Financial
 Reporting
6 AT601 Compliance Attestation
7 AT701 Management's Discussion and Analysis
8 CS100 Consulting Services: Definitions and Standards