Most compilation files have an identity crisis
A client sends over bank statements and a spreadsheet that passes for a trial balance (TB). You compile the financial statements (FS), issue the report, move on. Simple work. And that simplicity is precisely what makes it go wrong.
On at least half the compilation files that surface during monitoring visits, the practitioner did more than compile. They asked why a balance looked odd. They ran a quick ratio. They recalculated depreciation "just to check." Every one of those steps is evaluation, not compilation. Once you evaluate information rather than assemble it, you have crossed into review territory under ISRS 2400, with different reporting obligations and independence requirements you never agreed to. Most practitioners don't notice they've crossed that line until an inspector draws it for them.
I think the core problem is psychological, not technical. A compilation engagement under ISRS 4410 (Revised) asks you to apply accounting expertise to help management prepare financial information and then stop. You do not test. You do not verify. You compile. The report states explicitly that no audit or review was performed and no assurance is expressed (ISRS 4410.36). But stopping is hard when you can see the numbers are probably wrong. Compilation is the only engagement type that rewards you for doing less, and that sits badly with anyone whose training says be sceptical.
Key points
- No assurance attaches to compiled FS. The report must say so explicitly (ISRS 4410.36).
- You compile from management's records without independent verification (ISRS 4410.24). The file should tell a story of what management gave you and what you did with it, not what you investigated.
- When something looks incomplete or wrong, request corrected information from management (ISRS 4410.27). Do not fill gaps yourself.
- Independence is not required by ISRS 4410 itself (see .A22), but national codes may impose it. Check yours.
What the standard actually requires
ISRS 4410.14 requires you to understand the client's business and the applicable financial reporting framework before you start. This is not risk assessment. You need enough context to compile correctly, not enough to evaluate whether the numbers are right.
That understanding requirement is where scope creep starts. You learn the business, you see something that doesn't add up, and professional instinct says dig in. Resist. You compile using records, documents, and information management provides (ISRS 4410.24). When something appears incomplete or incorrect, ISRS 4410.27 says you request additional or corrected information from management. You do not go find the answer yourself.
If management can't or won't provide what you need, you have three options: compile with whatever they do give you and note the limitation, decline to complete the engagement, or propose upgrading to a review. What you cannot do is quietly fill the gap by doing your own testing and still call the result a compilation.
Scope creep in practice
Here is what actually happens. A sole practitioner compiles annual accounts for Bergmann Handels GmbH, a small private company with EUR 2.1M revenue. The bookkeeper sends over a TB with receivables up 40% year on year. The practitioner knows this client, suspects a misposting, and starts tracing invoices to find the cause.
That is no longer a compilation. That is ticking and bashing.
Once you perform inquiry and analytical procedures to evaluate information, you have stepped into ISRS 2400 review territory. Most scope creep on compilations is well-intentioned. Practitioners do more because they care about getting the numbers right. But the engagement letter says compilation, the fee reflects compilation, and the report says no assurance. If those numbers later turn out to be wrong, the question becomes: did you provide assurance you were never engaged to provide?
The economics make this worse. Compilation fees for a small entity are often under EUR 2,000. Time budgets are tight. But the client expects you to "make sure everything is correct" because they do not understand how compilation differs from review. So the practitioner absorbs the gap. They do extra work without documenting it and without changing the engagement type. I'd argue this is the single most common compliance failure in related services. It persists because the client has no incentive to pay for a review, the practitioner has no incentive to refuse the work, and regulators only catch it retroactively.
Why the no-assurance statement is not boilerplate
ISRS 4410.36 requires the compilation report to state that no audit or review was performed and no assurance is expressed. Practitioners sometimes treat this the way they treat terms and conditions on a software update. It is there, nobody reads it, everyone clicks through.
That attitude misreads who the statement actually protects. A bank lending officer reviewing compiled FS may assume a professional checked the numbers. They didn't. When the loan goes bad, the liability argument starts with "but an accountant prepared these statements." The no-assurance statement is your primary defence against that claim.
Reasonable practitioners disagree about whether it is enough. One view: the statement provides sufficient legal protection, full stop. If users didn't read it, that is their problem. Another view (and I lean this direction) is that the statement protects you in court but not in practice, because most users of compiled FS never read the practitioner's report at all. They look at the numbers. If you compiled figures you suspected were wrong and your only defence is a paragraph nobody read, that shield is thinner than it appears in the standard.
This creates a second-order problem. Because the no-assurance statement is often ignored by users, practitioners feel pressure to do more verification "just in case." That extra verification pushes the engagement toward review territory. The report disclaimer that was supposed to limit your responsibility ends up expanding your actual work. I've seen this cycle on enough files to believe it is structural, not accidental.
Independence and national rules
ISRS 4410.A22 is clear: independence is not required by the standard itself. Do not stop reading there.
In the Netherlands, NBA regulations require practitioners to consider objectivity even on non-assurance engagements. In the UK, ICAEW's ethical framework applies regardless of engagement type. We have seen practitioners read "no assurance" as "no independence requirement" and skip the ethics evaluation entirely. That is a misreading. The international standard does not require independence. Your national code might, and in many European jurisdictions, it does. We cannot cover every jurisdiction here (check your professional body's requirements), but the principle holds: read your local rules, not just ISRS 4410.
Key standard references in practice
- ISRS 4410.14 (understand the business and framework): spend 20 minutes reviewing the prior year file and confirming which GAAP applies. For a small private entity, this is rarely complicated. For a first-year engagement, add another hour.
- ISRS 4410.24 (compile from management's records): take the TB, supporting schedules, and whatever the bookkeeper sends. Format it into FS. Do not trace, do not test. If something looks wrong, go to .27.
- ISRS 4410.27 (request additional or corrected information): email the client, explain what you need, wait. If they cannot or will not provide it, decide whether you can complete the engagement. Do not fill the gap yourself.
- ISRS 4410.36 (disclaim assurance in the report): use the template wording and do not modify it. Every word in that disclaimer carries legal weight.
Related terms
Related reading
Frequently asked questions
Does a compilation provide any assurance?
No. ISRS 4410.36 requires the report to state that no audit or review was performed and no assurance is expressed. You compile from what management provides. You do not verify it.
Is independence required for a compilation engagement?
Not under ISRS 4410 itself (see ISRS 4410.A22), but national rules may impose it. In the Netherlands, NBA regulations require practitioners to consider objectivity even on non-assurance work. Check your own professional body's requirements.
What happens if I accidentally cross into review territory?
If you perform inquiry and analytical procedures to evaluate information (rather than compile it), you have moved into ISRS 2400 review territory. That triggers different reporting and independence obligations. The safest approach: if you find yourself investigating rather than compiling, stop and discuss with the client whether a review engagement is more appropriate.