What is the Difference Between an Audit and an Attestation?

Whether you are a CPA, finance, or accounting student, understanding the audit process, assurance engagement, and attestation is important for you.

Besides, the businesses also need to understand the concept of audit and attestation.

As a CPA accountant, you must know the difference between audit and attestation engagements to help your clients understand the meaning of each service.

The most common question asked is the difference between audit and attestation. The terms sound similar, but both are different regarding technicalities, procedures, and importance for a business.

In this article, we will discuss the difference between audit and attestation. Besides, we will also discuss everything about audit and attestation.

So let’s get into it.

Everything About Attestation

Attestation is often seen in the context of auditing and assurance engagement. We will try to give a clear perspective of attestation for business and non-business purposes.

1. Definition

Attestation can be defined as,

A legal acknowledgment to verify the authenticity of any document. It also includes verification that proper procedures and processes have been followed to get the document.

We can also define attestation as the definition of Merriam-Webster Dictionary,

“An official verification of something as true or authentic is called attestation.”

 Attestation is also called the act of witnessing to sign a formal document and verifying that the formal document has been obtained by following the rightful procedures.

The individual or authority who verifies the authenticity of a document is called the attester.

There is another perspective of attestation as well. Yes, we are talking about auditing and assurance engagement. Attestation can be defined in the perspective of auditing as,

When a certified Public Accountant(CPA) draws a conclusion about a company’s financial statements’ reliability and expresses it formally, it is called attestation. The attestation services have three levels, with financial audit as the most intensive one.

From this definition, we can say that audit is a part of attestation, and attestation is a broad concept.

2.  Attestation Standards

Regarding attestation standards, there are eight broader categories to make up attestation engagement. The standards are as follows:

1.      Compliance

Compliance is a standard that ensures that all standards and procedures are followed that are mandatory for a specific engagement.

It deals with insurance that all required standards and how to incorporate every procedure have been considered.

Besides, compliance is also about alternative measures to meet the requirements of an engagement if standard procedures are not followed.

2.      Acceptance

Then comes the acceptance that explains the need to document everything regarding an engagement. More specifically, it implies the acceptance and willingness to work with a certain client on different engagements.

Related article  Current audit files - How is it different from a permanent audit file?

3.      Preconditions

The next standard before you provide attestation services is preconditioned. Preconditions must be disclosed and communicated before the acceptance of attestation. In general, the preconditions are as follows:

  • No dependency/independence assurance
  • The completeness and accuracy of the subject matter that is to be attested depend on the client, and he is responsible for it.
  • Appropriate and sufficient evidence should be available to draw a conclusion or make a judgment.

4.      Engagement

All standards, procedures, and processes must be understood and communicated to the firm taking on the attestation engagement.

5.      Engagement Changes

If there are any changes to be made to standards and procedure of attestation engagement or audit, they must be made clear.

Besides, the changes should only be made if necessary to complete the scope of engagement.

6.      Use of Other Practitioner’s Work

The attestor/CPA should have proper due diligence to ensure that the practitioner meets the professional standards of other accounting firms or professionals providing similar services.

If that is confirmed, other practitioners’ work can be used.

7.      Quality Control

The attestation engagement partner’s responsibility is to check that all auditors’ work is according to quality control standards and protocols.

8.      Professional

The purpose of any attestation engagement or audit is to provide assurance. Similarly, the standard of attestation is that there must be a healthy amount of skepticism about planning and execution of attestation engagement as per standards.

3.    Explanation And Examples

We know that attestation means checking the validity of data and internal controls regarding auditing. Since we are comparing attestation with auditing, it will be appropriate if we explain it in that context only.

So it’s established that CPAs execute attestation in the assurance engagement. But it’s not the only job of CPAs as they are also responsible for audit reporting on business financial statements.

Regarding attestation engagement, it collects data and information and checks its validity by comparing it with agreed-upon procedure engagements.

We already mentioned that the attestation service might not necessarily be for financial data or information. A professional might be hired to attest to the compliance procedures, internal controls, projections, pro forma data, etc.

For instance, if a company wants to check if the operations comply with the set of government regulations established for the industry.

The audit will be performed to find the gaps in actual and expected procedures. However, the company will need an attestation service to verify the audit report.

Related article  Audit Procedures: Definition | Types | Example | List | Preparation

Everything About Audit

Let’s jump to the audit and how it works.

1.    Definition

There are many definitions of audit, with the definition of financial audit being the popular one. So let’s start with it.

We can define a financial audit as,

Examine an organization’s financial record to determine the accuracy and completeness of information with an unbiased judgment.

According to the Merriam-Webster dictionary, an audit is defined as,

“A formal examination of an organization’s or individual’s accounts or financial situation” or a methodical examination or review”

Another definition of financial audit is:

An objective examination and evaluation of a company’s financial statements to ensure that the information presented in financial records is an accurate and fair representation of all economic affairs and transactions claimed by the entity.

Or we can generically define audit as,

Evaluation and investigation of a business entity regarding financial information, workplace dangers, IT risks, etc.

We can sub-categorize audits like financial, compliance, operational, IT procedures, etc. Besides, the categorization can go along the more popular way like internal, external, etc.

2.    Importance Of Auditing

Why is audit important for any business entity?

If you are a public limited company, a financial audit of your financial statements is not an option but a mandatory requirement.

Besides, the importance of auditing in accounting and finance can also not be overlooked. The purpose of the audit is to ensure accuracy and fairness in financial reporting.

Therefore, an audit is crucial for all financial statements, be it income or cash flow statements.

An audit is also important for the external users of a company’s financial statements. The prospective investors planning to invest, shareholders, creditors, suppliers, etc., need to know whether the company’s financial position is accurate or not.

Besides, an audit is necessary to report the compliance of GAAP (Generally Accepted Accounting Principles) or IFRS (International Financial Reporting Standards) when preparing the statements.

3.    Types Of Audit

Let’s discuss the types of audits. As mentioned earlier, the audit can be divided into different types based on purpose and execution. We will discuss each segregation.

Let’s start with purpose. There can be the following types of audit depending on the required outcome:

  • A process/product audit
  • Compliance audit
  • Internal control audit as prescribed by Sarbanes-Oxley Act
  • Financial Audit
  • IT Procedure Audit
  • HR audit

And following are the types when it comes to the execution of the audit:

1.    External Audit

External audits are usually the mandatory audits that are performed by independent bodies who are not salaried employees of the company being audited.

Related article  Review Engagement (Limited Assurance): Definition and Example

The external audit is very useful as they are the perfect way to alleviate any discrepancies or bias in financial reporting.

The auditor expresses his opinion on the financial statements, reported information, procedures, etc.

The auditor’s opinion is very important as it adds confidence to whether the financial statements are accurate and complete. Most external parties make decisions based on the audited financial statements and audit reports.

2.    Internal Audit

On the other hand, an internal audit is conducted by any company to improve the internal control procedures and ensure that the standard procedures are used, and the financial statements are accurate.

However, bias might remain as often the auditor is an internal employee of the company. However, companies can choose to hire a consultant auditor who is not an employee.

3.    Government Audit

Usually, the audits conducted by the IRS are called government audits. The purpose of these audits is also to verify the accuracy of taxpayers’ financial reporting.

The government audit aims to verify if the tax reported, assets, declared, and deductions claimed by the taxpayer are accurate and true or not.

Depending on the subject matter, the outcome of government audits can be the same tax liability, a change accepted by the taxpayer, or a change not accepted by the taxpayer.

Difference Between Audit And Attestation

Now to the most important discussion of audit vs. attestation:

We can conclude the difference between the two engagements by the definition of audit and attestation as given by Boynton and Johnson.


“A systematic process designed to obtain and evaluate evidence about the degree of correspondence with established criteria.”


“A written communication by CPA firms to express a conclusion about the reliability of a written assertion that is the responsibility of another party.”

What does it imply?

When the audit is a structured procedure of verifying the accuracy of the financial statements by evaluating the evidence to support the information reported.

On the other hand, attestation engagement aims to express the conclusion on the accuracy of the document/procedure/standards, etc.


In principle, attestation is a broader term, while an audit is just one type of attestation. In an audit, the auditor checks the evidence, verifies it, and expresses their opinion in a written audit report.

In contrast, attestation is a broad concept that can be applied to anything besides financial data or internal controls.