An agreed-upon procedures (AUP) engagement is one in which a licensed CPA firm is engaged by a client to issue a report of findings based on specific, pre-defined procedures performed on a specific subject matter. The subject matter of an AUP engagement may take many different forms and focus on a point in time or cover a period of time.
Prior to testing, the relevant parties and a licensed CPA firm agree upon the procedures to be performed based on what the parties believe are appropriate. The needs of the specified parties may vary; consequently, the nature, timing, and extent of the AUP will match those needs. As a result, the specified parties assume responsibility for the sufficiency of the procedures since they best understand their own needs. The licensed CPA firm’s report on AUP reports on the test procedures and the results.
We will help organizations work with the relevant parties involved (e.g. customer, partner, vendor) to develop specific procedures to effectively meet the needs of both parties.
Once the procedures have been identified, we will execute the test procedures and report the findings. At the conclusion, we will issue a limited-distribution, attestation report (based on AT 201) to the specified parties relevant to the engagement.
CPA, QSA, ERM-57 CertifiedPresident and Co-Founder of The Cadence Group
Member of AICPA, UACPA, IIA and ISACA
As a co-founder of The Cadence Group, Gordy has worked with several large companies across a range of enterprise risk management functions. From a technical perspective, Gordy has managed various internal audit relationships, information security reviews, Sarbanes-Oxley projects, and SOC (System and Organization Control) reporting and agreed-upon procedure engagements. His core expertise is in designing and assessing IT and automated business process controls.