A banker emails you on a Tuesday afternoon: "We need CPA-issued financials within 60 days of year-end to renew your line of credit." Your controller forwards the email and asks the obvious question — does that mean an audit, a review, a compilation, or something else? The wrong answer can cost you $30,000 in fees you didn't need to spend, or it can blow up the loan renewal when the bank rejects what you submitted.
This confusion is everywhere. Most owners of private companies have never heard of AR-C 70, AR-C 80, or AR-C 90, the three engagement sections in the AICPA's Statements on Standards for Accounting and Review Services (SSARS) framework. They know "the CPA does our financials." They don't know there are three legally distinct service levels with wildly different procedures, assurance levels, and prices — and that lenders, sureties, and investors all have strong preferences that they rarely spell out clearly.
This guide walks through what each engagement actually does, when each one is the right fit, and how to negotiate with stakeholders so you don't pay for assurance you don't need.
The Three SSARS Engagements at a Glance
The AICPA's Auditing Standards Board codified the entire framework for non-audit financial statement services into three sections of the Clarified Statements on Standards for Accounting and Review Services:
- AR-C Section 70 — Preparation of Financial Statements. A nonattest, nonassurance service. The CPA acts as a skilled bookkeeper, taking your trial balance and arranging it into formatted financial statements. No report is issued. Every page of the statements must carry a legend like "No assurance is provided on these financial statements."
- AR-C Section 80 — Compilation Engagements. Still no assurance, but the CPA must issue a formal compilation report. The CPA reads the statements to confirm they appear appropriate in form and free from obvious material misstatement, but performs no verification procedures.
- AR-C Section 90 — Review of Financial Statements. The CPA performs inquiry and analytical procedures and issues a review report expressing limited assurance that no material modifications are required for the statements to conform with the applicable financial reporting framework (typically U.S. GAAP).
Note that audits are not covered by SSARS — they live under Statements on Auditing Standards (SAS), specifically AU-C sections, and require an entirely different level of evidence-gathering, including external confirmations and substantive testing.
Preparation Engagements (AR-C 70): The Lightest Touch
A preparation engagement exists for one practical reason: many private companies want CPA-formatted financials but don't need a report, and they don't want to pay for procedures that won't add value. AR-C 70 lets the CPA do the formatting work without crossing into attest territory.
What the CPA actually does
The accountant takes the records you provide — trial balance, general ledger, supporting schedules — and arranges them into financial statements that follow the framework you've chosen (GAAP, cash basis, tax basis, or a special-purpose framework). They will discuss accounting policies with you, propose adjusting entries you might consider, and apply professional judgment in formatting and disclosure. But they don't audit, review, or verify any of the underlying data.
The "no assurance" legend
This is the defining feature of an AR-C 70 engagement. The standard requires that each page of the financial statements display a statement indicating no assurance is provided. If for any reason the CPA can't include that legend on every page, they must issue a disclaimer instead. This protects users (and the CPA) from inferring more than was performed.
Independence and use cases
Because preparation is a nonattest service, the CPA is not required to be independent of the client. This makes the engagement attractive when your outside CPA also does your bookkeeping, payroll, or tax work — situations that would impair independence under stricter engagements.
Preparation is appropriate when:
- You need formatted financials for internal management or board review only.
- A small lender or vendor wants to see CPA-formatted statements but doesn't require assurance.
- The CPA already does your bookkeeping and you don't want to pay a second CPA to come in cold.
- You're preparing tax-basis financials to attach to a return or for owner planning.
What preparation does not cover
If a banker, surety, regulator, or investor says they need "CPA financials," there's a real risk they actually mean a compilation, review, or audit, not a preparation. Preparation engagements don't include a CPA report, and many users won't recognize the engagement letter as a substitute. Always confirm in writing what the user actually requires before scoping the engagement.
Compilation Engagements (AR-C 80): The Formal Report Without Assurance
Compilations look similar to preparations from the outside — the CPA isn't verifying anything — but they carry an important difference: there is a signed CPA report attached to the financials, and the engagement is documented as an attest service.
What the CPA does
In a compilation, the CPA reads the financial statements to consider whether they appear appropriate in form and free from obvious material misstatement. They consider the entity's accounting principles, but they don't:
- Make inquiries of management about the accuracy of the data
- Perform analytical procedures to look for unusual fluctuations
- Verify items by inspecting documents or confirming with third parties
- Test internal controls
If they become aware of departures from the financial reporting framework, they must disclose them — either by modifying the report or by getting the issue corrected.
The compilation report
The CPA issues a one-page report that clearly states:
- They did not audit or review the financial statements
- Accordingly, they do not express an opinion, a conclusion, or any assurance
- Management is responsible for the financial statements
Because this report carries the CPA firm's name, it carries weight with users who simply want a CPA to have looked at the numbers, even at the lightest level.
When compilations are the right choice
Compilations are common for:
- Smaller private companies whose lenders require some form of CPA report but accept the lowest tier
- Surety bonds for small contractors with bonding programs under roughly $1 million in aggregate
- Internal use by management who want CPA-formatted statements with a formal report on file
- Buy-sell agreements where partners agreed in advance to use compiled statements for periodic valuations
Compilations cost more than preparations because of the report and the documentation requirements, but materially less than reviews. For a small business with relatively clean books, the marginal cost difference between a preparation and a compilation is often small enough that having a CPA report on file is worth the extra fee.
Review Engagements (AR-C 90): Limited Assurance, Materially Cheaper Than an Audit
A review is the highest level of assurance in the SSARS framework. Critically, it falls short of an audit — but unlike compilations and preparations, it actually requires the CPA to perform substantive work and to express a conclusion.
What the CPA actually does
In a review under AR-C 90, the CPA must:
- Be independent of the entity. SSARS No. 25 made this independence requirement explicit in the report itself. If independence is impaired, the CPA cannot perform a review.
- Determine materiality for the financial statements as a whole, and performance materiality (typically 50% to 75% of overall materiality), and document the basis for those judgments. SSARS No. 25 elevated this from prior practice, aligning review materiality more closely with audit materiality.
- Make inquiries of management about how accounting policies were applied, significant transactions, related parties, subsequent events, and known fraud or noncompliance.
- Perform analytical procedures comparing recorded amounts to expectations based on prior periods, budgets, industry data, and relationships among accounts. When unexpected variances appear, the CPA digs further.
- Read the financial statements and consider whether they appear appropriate in form and free from obvious material misstatement.
What a review does not include is substantive testing of account balances, external confirmations, observation of inventory counts, or detailed testing of internal controls. That's where audits start.
The review report
The CPA issues a report concluding whether they are aware of any material modifications that should be made to the financial statements for them to be in conformity with the applicable framework. The standard phrasing is something like: "Based on our review, we are not aware of any material modifications that should be made to the accompanying financial statements." That's the limited assurance — a negative conclusion, not a positive opinion.
If the CPA does find a material problem, SSARS No. 25 introduced the adverse conclusion option for situations where misstatements are both material and pervasive. Before SSARS No. 25, the CPA could only modify the conclusion or withdraw; now the standard converges with international and audit standards on how to communicate the worst case.
When reviews make sense
Reviews are the sweet spot for many growing private companies. They cost roughly 40% to 60% of what a comparable audit would cost, but they satisfy a meaningful share of lender and surety requirements without the burden of full audit testing.
Common review use cases:
- Mid-sized private companies with bank loans in the $1–10 million range
- Construction contractors with bonding programs in the $3 million to $75 million aggregate range, where sureties commonly accept reviewed financials before stepping up to audited
- Private companies preparing for a future audit or IPO and wanting to acclimate management to assurance scrutiny
- Investor reporting where minority shareholders or PE limited partners want third-party comfort but don't want to mandate an audit
The trade-off: SSARS No. 25's materiality and documentation requirements have made reviews more rigorous and more expensive than they were a decade ago. The gap between a review and a low-risk audit is narrower than many owners think.
How to Pick the Right Engagement: A Decision Framework
The right engagement is the one that satisfies the strictest user requirement without overpaying for unused assurance. Walk through these questions:
1. Who is the user, and what do they actually require?
Read the loan agreement, surety questionnaire, partnership agreement, or investor letter. Look for the specific phrase. "Reviewed financial statements" means AR-C 90. "Compiled" means AR-C 80. "Audited" means SAS, not SSARS at all. "CPA-prepared" or "CPA-issued" is ambiguous and worth a phone call to clarify. Don't assume.
2. What does the user actually use the financials for?
A small community bank reviewing a working-capital line for a $2 million company has different needs than a regional commercial bank syndicating a $50 million senior facility. The same word — "reviewed" — can mean very different things to different users. Ask what decisions hinge on the statements. If the answer is "covenant compliance only and we look at the trend," compilation may quietly satisfy them. If the answer is "we test working capital and accounts receivable aging," they're going to want at least a review.
3. What's the cost-benefit at each tier?
A rough order-of-magnitude estimate for a small-to-mid-sized private company in 2026:
- Preparation: $1,500–$5,000 per year on top of bookkeeping
- Compilation: $3,000–$10,000 per year
- Review: $10,000–$40,000 per year
- Audit: $25,000–$150,000+ per year
These ranges vary widely by industry complexity, internal controls quality, prior-year audit readiness, and geography. The bigger point: jumping from compilation to review is a significant cost increase, and jumping from review to audit is another large step. Make sure you're getting incremental value at each tier.
4. What's your trajectory?
If you expect to raise a Series A in 18 months, taking PE money in 2 years, or refinancing into a much larger credit facility, starting at compilation only to scramble for audited statements 6 months later is expensive. Audited financials often require two comparative years to be useful, so the lead time matters. Many CFOs deliberately overshoot for one year — running a review when only a compilation is required — to make the eventual upgrade smoother.
5. What does your CPA's independence picture look like?
If you've outsourced bookkeeping to the same firm that you want to perform assurance, you've got a problem. The CPA can perform a preparation engagement (no independence required) or a compilation (independence required if it's not disclosed in the report, and disclosure is awkward for many users). But they cannot perform a review or audit without an independence cure. Common cures include having a different firm perform the assurance work or strict segregation of personnel and decisions within the same firm.
Keeping Records the CPA Will Trust
Whichever engagement tier you choose, the CPA's job gets easier — and the engagement gets cheaper — when your underlying records are clean, auditable, and easy to trace. The single biggest driver of fee creep across compilation, review, and audit engagements is messy source data: bank reconciliations that don't tie out, unidentified expense allocations, missing supporting documentation for journal entries, and inconsistent chart of accounts use between years.
Three habits make a measurable difference:
- Monthly close discipline. Reconcile every bank, credit card, and loan account every month. Don't wait for year-end. CPAs charge premium rates for cleanup, and they will charge them.
- A clean audit trail for every entry. Every adjusting entry should have a memo explaining what it's for and a supporting document attached or referenced. "Owner equity adjustment" with no further context costs you money during a review.
- Version control on accounting policies. If you switched depreciation methods, started capitalizing a new category of costs, or changed revenue recognition timing, document the change, the date, and the rationale before the CPA arrives.
Plain-text accounting workflows make these habits cheaper to maintain. When your ledger is a human-readable text file under version control, every entry has a timestamped commit history, every reconciliation is reproducible, and every account balance can be traced back to the source transaction without spelunking through proprietary database backups.
Common Mistakes That Make Engagements More Expensive
Five recurring patterns drive up SSARS engagement fees and stall delivery:
- Engagement letter ambiguity. The engagement letter should specify the framework (GAAP, tax basis, special-purpose), the periods presented, the level of service, deliverables, and the independence representation. Vague letters lead to scope creep and disputes mid-engagement.
- Treating preparation like a full service. Owners sometimes assume their preparation engagement protects them in court or with lenders. It doesn't. A preparation provides no assurance and no report. If you need to give comfort to a third party, you need at least a compilation.
- Misunderstanding independence. Hiring your tax preparer to also do your review engagement without analyzing independence is a setup for a quality control problem at the CPA firm and, in the worst case, a withdrawn report.
- Sending data in waves. CPAs hate engagements that come in chunks because each chunk requires re-checking prior work. Block out time to send a complete package — trial balance, supporting schedules, prior-year working papers, key contracts, debt agreements — in one delivery.
- Letting last year's adjustments roll forward unrecorded. If the CPA proposed adjustments last year and you never booked them, this year's beginning balances are wrong. Always close the loop on prior-year adjustments before the next engagement starts.
What Changed in Recent SSARS Updates
The framework isn't static. A few updates worth knowing:
- SSARS No. 25 (effective for periods ending on or after December 15, 2021) brought materiality and adverse conclusions into review engagements. This is the biggest practical change for reviews — they now look more like mini-audits in terms of documentation and judgment, and the fee differential between a review and a low-risk audit has narrowed accordingly.
- SSARS No. 26 and subsequent guidance continued the project of converging U.S. review standards with international standards and clarifying scope edge cases around client assistance services and bookkeeping.
- Ongoing AICPA guidance on client advisory services (CAS) engagements clarifies when financial statements prepared as part of a broader CAS arrangement do or do not trigger AR-C 70 obligations. This matters for outsourced controllership and fractional CFO arrangements that have grown rapidly.
If your CPA hasn't proactively explained how these changes affect your engagement scope, ask. Standards updates are a legitimate reason for year-over-year fee changes, and they can also be a reason to revisit whether your current engagement tier still fits.
Communicating With Lenders, Sureties, and Investors
The single most underused tactic in this whole area is negotiating with the user before the engagement starts.
- Lenders. Bankers are usually willing to drop from "audit" to "review" — or from "review" to "compilation" — when the credit relationship is small, the borrower is profitable, and personal guarantees are in place. Ask. Frame it as "we'd like to keep our financial statement costs in line with the size of this facility." Get the answer in writing and reference it in the engagement letter to your CPA.
- Sureties. Surety agents care most about working capital, current ratio, profitability trend, and work-in-process accuracy for contractors. Many will accept reviewed statements up to a much higher aggregate than their marketing materials suggest, particularly with a strong WIP schedule and clean year-end cutoffs. Build the relationship with the agent and ask what they really need to support your target bond program.
- Private equity and minority investors. Investor documents often require "audited" statements by default, but it's common to negotiate that requirement down to "reviewed" for the first year or two when post-close revenue is small. The cost differential matters more to founders than the assurance differential matters to the investor.
Keep Your Financials Audit-Ready From Day One
Whether you end up with a preparation, compilation, review, or audit, the engagement is only as smooth as the underlying records. Beancount.io provides plain-text accounting that gives you transparent, version-controlled financial data — every transaction in a human-readable file, every change tracked, no black-box database to export from when the CPA arrives. Get started for free and see why finance teams use plain-text accounting to keep their books CPA-ready year-round. For dashboards and visualizations during the engagement, the hosted Fava interface gives your CPA an immediate, read-only view of the ledger.