Insights

Dec 12, 2025

Mackisen

Audit vs Review vs Compilation: Understanding the Levels of Assurance

Montreal’s small and medium-sized businesses (SMEs) face crucial choices when it comes to financial reporting. Between satisfying bankers, investors, and government agencies like the Canada Revenue Agency (CRA) and Revenu Québec, company owners often hear terms like “audit,” “review,” or “compilation.” These refer to different levels of assurance a Chartered Professional Accountant (CPA) can provide on your financial statements. Choosing the right one is essential for compliance, financing, and peace of mind. In this article, we break down what each engagement involves, when your business might need each one, and how they differ in cost and depth. We’ll also explore what lenders and regulators expect, internal benefits of assurance reports, and risks of choosing the wrong level. Finally, we’ll highlight the role of a CPA in providing independent assurance, and how Mackisen’s CPA-auditor team helps Quebec and Canadian SMEs make the best choice.

1. What Are Financial Assurance Engagements?

Financial assurance engagements are services performed by CPAs to enhance the credibility of a company’s financial statements for the benefit of users like lenders, investors, or regulators. In Canada, there are three main levels of engagement a CPA can provide, each governed by professional standardscpans.ca:

  • Compilation Engagement (Notice to Reader): The CPA compiles financial information into statements without providing any assurance that the figures are accurate. In fact, the old “Notice to Reader” report (a term now phased out under new standards) explicitly states the statements are unaudited and that the CPA offers no assurance on themrobeycpa.cacpans.ca. The accountant simply takes the numbers provided by management and formats them according to an appropriate accounting framework. No verification work is done, and readers are cautioned that the statements may not be appropriate for their purposescpans.ca. In short, a compilation engagement is about proper presentation, not validation, of financial data.

  • Review Engagement: In a review, the CPA performs limited checks to conclude whether the financial statements are plausible or appear credible. A review provides a low (limited) level of assurance, meaning the CPA doesn’t guarantee perfection, but issues a negative assurance conclusion that “nothing has come to our attention that causes us to believe the statements are not, in all material respects, fair”robeycpa.ca. The procedures mainly involve analysis and inquiry: the CPA will perform analytical reviews, ask management questions, and apply knowledge of the business to see if the figures make sensegevorgcpa.com. For example, they might compare current and prior year results or industry benchmarks. The CPA does not delve into extensive testing of transactions as in an audit. Because of this narrower scope, a review’s assurance is limited – there’s a risk that material errors could remain undetected. The review report explicitly states it’s not an audit, to set user expectations appropriatelycpans.ca.

  • Audit Engagement: An audit is the most comprehensive examination, resulting in a high (reasonable) level of assurance on the financial statements. The auditor obtains evidence to verify amounts and disclosures, aiming to conclude whether the financial statements are free of material misstatementcpans.ca. Audit procedures build upon those of a review and go much deeper. In addition to inquiry and analytics, an audit involves substantive procedures – for example, inspecting invoices and contracts, sending confirmation letters to banks and customers, physically observing inventory counts, and evaluating the company’s internal controlsrobeycpa.carobeycpa.ca. The auditor gathers sufficient appropriate evidence to support an independent opinion on the financial statements. The audit report provides a positive assurance opinion, typically stating: “In our opinion, the financial statements present fairly, in all material respects, the financial position and results of operations…”gevorgcpa.com. This is the highest assurance a private company can obtain, although even an audit isn’t an absolute guarantee (reasonable assurance acknowledges a small risk some issues might go undetectedcpans.ca). Audited statements carry significant credibility due to the rigorous verification behind them.

It’s important to note that only a licensed CPA can perform these engagements and issue the corresponding reportscpans.ca. If someone who isn’t a CPA prepares your financial statements, they cannot attach an official audit, review, or compilation report – those would just be considered internal statements with no CPA assurancecpans.ca. By law, phrases like “Notice to Reader” can only be used by authorized professionals and have actually been retired under updated CPA Canada standardscpans.ca. The new Compilation engagement standard (CSRS 4200) now requires a formal Compilation Engagement Report and a note disclosure of the basis of accounting usedcpans.ca, further clarifying the limits of this service.

➡️ How This Helps: Understanding these three engagement types gives you the vocabulary to discuss your financial reporting needs with stakeholders and advisors. You now know a compilation is the most basic service (no assurance), a review offers a check for plausibility, and an audit provides a deep-dive verification. This clarity helps you avoid over- or under-estimating what your financial statements represent. When a bank or investor asks for a review or audit, you’ll recognize they’re seeking additional comfort in the numbers – and you’ll be better prepared to comply. In short, knowing the assurance “tier” of your statements ensures everyone is on the same page about how much trust to place in the figures.

2. When Does a Business Need an Audit, Review, or Compilation?

Not every company needs an audit, and very small businesses might not even require a review. The appropriate level often depends on who will be using the financial statements and for what purpose. Here are common scenarios for each level:

  • Compilation (Notice to Reader) – small or owner-managed situations: If your financial statements are only for internal use or basic tax filing, and no outside party (like a bank or investor) is demanding assurance, a compilation may suffice. Compilations are typically appropriate for businesses seeking only initial or low levels of financing where formal assurance isn’t yet requiredaicpa-cima.comaicpa-cima.com. For example, an owner-managed retail shop with no external shareholders might choose a compilation just to have structured financial statements for year-end taxes. The compiled statements can help in preparing tax returns or tracking performance, but since no one else relies on them, the business saves cost by not undergoing a review or audit.

  • Review Engagement – moderate growth and outside interest: As a business grows and starts to deal with larger loans or outside investors (short of going public), the need for more credible financial statements increases. A review engagement is often suitable when an SME seeks a higher level of financing or has shareholders who are not involved day-to-dayaicpa-cima.com. For instance, if your Montreal startup is courting some angel investors or a bank loan of a few hundred thousand dollars, the investors/bank may insist on at least a review of your latest financials. Similarly, if you have non-managing partners or shareholders, they might want the comfort of a review each year. In practice, many Canadian businesses adopt review engagements once their scale reaches a point where completely unaudited statements are viewed as too risky by stakeholders. The review provides a middle ground: more assurance than a bare compilation, at a lower cost than a full audit.

  • Audit Engagement – high stakes financing, investors, or regulatory requirements: An audit is often required (or strongly preferred) in more complex or high-stakes situations. If you’re seeking substantial financing (e.g. a major bank loan, venture capital funding, or private equity investment), preparing to sell the business or go public, or operating in a regulated industry, audited financial statements may be expectedaicpa-cima.com. Many lenders and professional investors view an audit as a prerequisite for deals – it’s a sign that an independent expert has vetted the books. Audits are also mandated by law in certain cases (more on that in Section 5). For example, a manufacturing company aiming for a multi-million dollar financing round would likely need audits for the past few years to satisfy due diligence. Public companies, by law, must have annual audits. In summary, once your company’s financial reporting impacts a broader audience – beyond just you and the tax authorities – that’s a trigger to consider an audit for maximum credibility.

It’s worth mentioning that many private corporations start with compilations in their early years, graduate to reviews as they attract more stakeholders, and only undertake audits when they become large or have specific requirements. This progression balances cost and benefit at each stage of growthaicpa-cima.com. Also, keep in mind that moving from a compilation to a review or audit may require catching up on accounting policies or adjustments that weren’t looked at previously, so plan ahead if you anticipate needing a higher level of assurance in the near future.

➡️ How This Helps: Identifying when your business needs each type of engagement prevents both under-compliance and overkill. If you’re only dealing with routine matters and no one else relies on your statements, you won’t waste money on unnecessary audit procedures. Conversely, if you’re planning to seek a significant loan or investor, you can proactively upgrade to a review or audit so that your financials meet their expectations – avoiding last-minute scrambles. Understanding these inflection points helps you plan financially (since reviews and audits cost more and take longer) and strategically (since assured financial statements can open doors to funding and partnerships). In short, you’ll engage the right level of service at the right time, aligning with your company’s needs and stakeholder demands.

3. Key Differences: Audit vs Review vs Compilation (Depth, Cost, Process)

While audits, reviews, and compilations all result in a set of financial statements with a CPA’s report, the scope of work and level of assurance differ dramatically. Here are the key differences broken down by major factors:

  • Level of Assurance: Audit provides reasonable assurance – a high but not absolute level of confidence that the financial statements are free of material misstatementgevorgcpa.comcpans.ca. Review provides limited assurance, meaning the CPA concludes nothing material has come to their attention (a negative assurance)gevorgcpa.com. Compilation provides no assurance at all; the CPA’s report explicitly disclaims any opinion or reliability of the statementsrobeycpa.cacpans.ca.

  • Procedures Performed: Audit involves in-depth procedures: examination of source documents, confirmation with third parties (e.g. sending bank confirms), testing transactions and balances, and evaluating internal controlsgevorgcpa.comrobeycpa.ca. The auditor gathers evidence through inspection, observation, and re-performance as needed. Review procedures are generally limited to analysis and inquiries: the CPA will perform ratio analysis, compare financial data to expectations, and ask management questions, but typically won’t independently verify information with outside sourcesgevorgcpa.comrobeycpa.ca. Compilation involves essentially no audit/review procedures: the CPA’s role is to organize the information into proper financial statement format and ensure arithmetic accuracy, not to test or probe the numbersgevorgcpa.com.

  • Depth of Insight: Because of the work done, an audit may uncover internal control issues, errors, or fraud indicators that management wasn’t aware of. Auditors also often provide a Management Letter to management or directors highlighting any significant findings or recommendations (e.g. weaknesses in accounting processes)robeycpa.ca. A review might identify obvious anomalies or errors through analytical review, but it’s not designed to dig into systems or detect fraud – it provides moderate confidence in consistency and plausibility. A compilation will not ordinarily reveal any issues – if the numbers provided by management are wrong, they may simply be compiled wrong, since the CPA doesn’t verify them. Essentially, the audit gives the deepest “x-ray” of your finances, a review gives a basic check-up, and a compilation is just a formal packaging of information.

  • Cost and Time: Audit is the most time-consuming and costly level of engagement. It can take several weeks or even months for a full audit of an SME, depending on complexity, because of the detailed testing and evidence gathering required. Consequently, audit fees are the highest. Review engagements generally cost less – roughly 50% (or less) of the effort of an audit in many cases – because the procedures are far fewer (no extensive tests or confirmations). They might take a couple of weeks to complete. Compilation is the quickest and cheapest service, often just a few days of work to compile the statements once the accounting records are finalized. One CPA guide bluntly notes that audits require extensive work and are more expensive than other engagements, while reviews require less effort/timegevorgcpa.comgevorgcpa.com. For business owners, the key is that you pay for assurance: a higher level of scrutiny entails higher professional fees.

  • Independence Requirement: For audits and reviews, the CPA must be independent of the company (not an owner or otherwise in a conflict of interest). Independence is a cornerstone of providing assurance – the value comes from an unbiased outsider’s viewpoint. For compilations, interestingly, the CPA does not have to be independentaicpa-cima.com. A CPA who also provides bookkeeping services to a client, for example, can still issue a compilation report as long as any lack of independence is disclosed in the notes. This is because no assurance is being given. However, users (like banks) may be wary of financials compiled by someone with a stake in the company, so often an independent accountant is preferred even for compilations.

  • Report provided: An audit report is typically addressed to the shareholders (or board) and expresses the auditor’s opinion on the financial statements’ fairness in accordance with accounting standards. A review report provides a conclusion (not an opinion) which states that the CPA is not aware of any material modifications needed for the statements to be in accordance with the frameworkgevorgcpa.com. It clearly mentions that it’s a review, not an audit, to set the expectationcpans.ca. A compilation report (under the new standards) simply states that the financial information is compiled from information provided by management, that no audit or review was performed, and that readers should be aware the statements may not be appropriate for their purposescpans.ca. Under the previous Notice to Reader format, the one-paragraph report explicitly said “We have compiled the balance sheet of Company X…We have not audited or reviewed these financial statements and express no assurance”robeycpa.ca. In all cases, the CPA will attach the appropriate report to the statements so that readers know what level of checking (if any) was done.

In summary, an audit is a thorough investigation with a high assurance opinion, a review is a limited check-up with a “nothing adverse noted” conclusion, and a compilation is a basic assembly of data with no comment on its accuracy. Each has its place depending on needs, as we’ll explore in the following sections.

➡️ How This Helps: Knowing the detailed differences between compilations, reviews, and audits allows you to weigh the pros and cons for your business. You can now appreciate why an audit costs more – it delivers a deeper level of scrutiny – and conversely, why a compilation, while cheap, carries more risk of undetected errors. This understanding empowers you to make an informed decision: for example, you might choose a review engagement for a moderate level of assurance when an audit’s added cost isn’t justified. You’ll also be able to explain to a skeptical investor or lender that a review, while not as in-depth as an audit, still involves a professional assessment and thus adds credibility beyond in-house numbers. In essence, understanding these trade-offs helps you balance cost, effort, and the assurance needs of those relying on your financial statements.

4. What Lenders, Investors, and Regulators Expect

If you’re seeking financing or courting investors, it’s crucial to know what financial statement level they will demand. Banks, in particular, often have specific requirements written into loan agreements about the type of financial statements you must provide.

Banks and Lenders: Traditional lenders like banks generally require at least CPA-prepared financial statements for business loans. For smaller loans, a Compilation (Notice to Reader) by a CPA might suffice, but as the loan amount grows, banks usually insist on a Review or Audit. For example, many banks will require reviewed or audited statements for loans above a certain threshold (often around $250,000)mackisen.com. In one Mackisen analysis, the question “Do I need audited statements?” was answered: “Often, yes — especially for loans above $250,000.”mackisen.com. The reasoning is simple: the bank wants confidence that your financial picture is reliable. In fact, a 2019 court case (Royal Bank v. Canada) highlighted that a major bank denied financing to firms that lacked CPA-audited financial statementsmackisen.com. This underscores that if you’re asking for significant credit, an independent audit can be a de facto requirement. For moderate credit lines or mortgages, banks might accept a review engagement or even a Notice to Reader for very small loans, but they will typically draw the line based on risk. A finance industry article notes that at minimum, many lenders want a three-year history of earnings and will “likely insist that the prior financial statements be reviewed by a CPA firm, or at least that an accounting firm has issued a Notice to Reader” on themkrp.ca. Moreover, once financing is in place, banks include covenants: for instance, requiring annual financial statements within 120 days of year-end, accompanied by a review engagement report or NTR from a CPA firmkrp.ca. Failure to provide this can put your loan in default. The takeaway is that engaging a CPA to produce the level of statement the bank expects is not optional – it’s part of the cost of getting and keeping the funds.

Investors (Equity Financing): Investors, such as venture capitalists or private equity firms, typically expect even higher assurance. Many serious investors won’t even consider a deal without audited financial statementssmecpa.com, because they need confidence in the numbers before valuing the company or handing over capital. Audited statements provide true and fair accounts of the company’s finances, giving investors fewer doubtssmecpa.com. For early-stage or angel investors, a review engagement might be acceptable (especially if the investment is relatively small), but as the investment size grows or multiple investors come on board, the pressure for audits increases. If you plan an IPO or to raise public funds, audited financial statements are mandatory under securities laws. Even for private companies, the presence of outside shareholders means there’s a legal right to audited statements unless all shareholders waive it (more on that in the next section). In practice, providing at least annual reviewed or audited financials to investors is viewed as good governance – it shows transparency and instills confidence that management is not hiding issues. A professionally verified set of books can also speed up the due diligence process when new investors or acquirers examine your company.

Regulators and Compliance: Government regulators may require certain levels of assurance depending on your situation. For tax purposes, neither CRA nor Revenu Québec mandates audits for privately held corporations’ annual filings – you can file corporate tax returns with internally prepared statements. However, they do expect that your records are accurate and verifiablemackisen.com. If your figures seem questionable, tax authorities can audit your filings and challenge balances that aren’t supported by independent evidencemackisen.com. In Quebec, notably, the provincial Taxation Act actually requires audited or CPA-reviewed financial statements for corporations exceeding certain size thresholdsmackisen.com. (This often applies to larger companies – if your revenues or assets cross a high threshold, Revenu Québec wants the additional assurance that comes from a professional’s involvement.) Failing to meet this could delay your tax assessments or trigger closer scrutiny. In one Quebec case, for example, courts upheld Revenu Québec’s authority to question and adjust a company’s tax filings when the underlying financial statements were not independently verifiedmackisen.com. Outside of tax, if your business falls under specific regulators – say, a licensed financial institution, or a public company under securities commissions – audits become compulsory. Federal law (Canada Business Corporations Act) and provincial laws also have default audit requirements: by default, corporations must appoint an auditor and provide audited annual financial statements to shareholders, unless every shareholder agrees to waive the audit each yearmomentumlaw.ca. This means that even if you as the majority owner don’t think an audit is needed, a minority shareholder or partner can insist on one. Many SMEs routinely waive the audit requirement via unanimous shareholder consent, but keep this in mind if ownership becomes more dispersed or if a new investor wants formal audits.

➡️ How This Helps: By understanding what banks, investors, and regulators expect, you can proactively align your financial reporting to meet those expectations. This foresight has practical benefits: your loan application process will be smoother if you’ve already engaged a CPA for a review or audit that the bank requires. You’ll negotiate from a position of strength with investors when you can hand them a clean audit report, short-circuiting some due diligence concerns. And you’ll stay on the right side of regulatory requirements, avoiding penalties or last-minute scrambles to hire auditors because a law or shareholder suddenly demanded it. In essence, knowing these expectations lets you plan (and budget) for the appropriate level of assurance before it becomes an urgent condition for a deal or compliance – a much less stressful situation for you and your finance team.

5. CRA and Revenu Québec Requirements

Business owners often ask: does the tax authority require my financial statements to be audited or reviewed? For most private companies, the answer is no – neither the CRA (federal) nor Revenu Québec (provincial) outright require an independent audit for regular corporate tax filings. However, there are important caveats and thresholds to know:

  • General Tax Filings: When you file your T2 corporate tax return with CRA (and the CO-17 in Quebec), you must include financial statements or at least a financial summary (General Index of Financial Information). These can be prepared by management and do not need a CPA’s signature. Many small businesses file taxes with only internally compiled statements. There is no blanket rule forcing private companies to obtain an audit or review for tax purposes. That said, the Income Tax Act and Taxation Act require that your books and records be reliable. If CRA audits your company’s tax return, they will examine your underlying records in detailcanada.ca. Having audited or professionally reviewed financial statements can facilitate a smoother CRA audit because the numbers have already been vetted to some extent. Conversely, if your statements are riddled with errors, CRA agents will find them, and you could face reassessments or penalties.

  • Thresholds for Large Corporations: Both federal and Quebec tax authorities do impose stricter requirements on larger corporations. For example, Quebec’s Taxation Act (Section 34) mandates that corporations over a certain revenue or asset size must file audited (or at least CPA-reviewed) financial statements with their provincial tax returnmackisen.com. While smaller private companies are exempt, if your company grows past those “reporting thresholds” (for instance, a threshold could be a few million in revenue – exact figures can change with regulations), you suddenly have a legal obligation to include a higher-assurance financial statement when filing in Quebec. Federally, CRA does not have an explicit audit requirement tied to size in the Income Tax Act for regular corporations, but there are specific instances in tax law where an auditor’s report might be needed (for example, certain scientific research and experimental development (SR&ED) claims or other tax credit programs may require an auditor to sign off on schedules if the claim is large). Also, public companies and financial institutions obviously must file audited financials in accordance with securities law, but we focus on SMEs here.

  • Non-profits and Charities: If your business is a non-profit organization or charity, be aware that different rules can apply. The CRA Charities Directorate does not require audits for all charities, but charities above a certain gross income may need an audit under provincial laws or their own bylaws. For instance, the Canada Not-for-Profit Corporations Act specifies audit or review engagement requirements based on the charity’s annual revenue (e.g. a federal non-profit with revenue above $250,000 cannot dispense with an audit without special permission)caseware.com. In Quebec, some incorporated NPOs above certain revenue must have an audit. These rules ensure accountability for funds that often come from public donations or government grants. If you run an NPO, check the specific audit thresholds that apply to your situation.

  • CRA’s Perspective on Assurance: While CRA doesn’t require an audit, having one can indirectly benefit you. CRA’s primary concern is that you pay the correct amount of tax. Audited or reviewed financial statements lend credibility to the figures on your tax return. In court cases, CRA has successfully challenged companies with poor or non-independent financial records – for example, using the absence of an audit as a factor to question the reliability of a company’s expenses or revenuesmackisen.com. On the flip side, if you ever find yourself in a tax dispute, being able to show that your statements were professionally prepared by a CPA (following GAAP and assurance standards) can support your position that you exercised due diligence and that the numbers are sound. It doesn’t make you immune to CRA adjustments, but it provides a layer of defense. Additionally, when government programs (like COVID-19 relief funds or other grants) become available, they sometimes stipulate that figures be verified by a CPA – another scenario where a prior review or audit can be helpful.

In summary, for typical owner-managed SMEs, audits are not mandated by tax law unless you cross into a larger corporate category or have a specific regulatory circumstance. But staying alert to when you might tip into “large company” territory in the eyes of RQ or CRA is important – you don’t want to inadvertently miss a new requirement. And even when not required, many businesses voluntarily opt for a review or audit periodically as a best practice, which can pay dividends in credibility with the taxman and other stakeholders.

➡️ How This Helps: Knowing the tax-related requirements (or lack thereof) for assurance engagements ensures you remain compliant with the law and prepared for growth. You won’t spend money on an audit “just for the CRA” if it’s not actually needed, saving you resources. At the same time, you’ll be attuned to thresholds in Quebec or elsewhere that could trigger new obligations as your company expands – meaning no nasty surprises of a sudden required audit after you’ve already grown (forewarned is forearmed!). Additionally, understanding CRA’s perspective highlights a hidden benefit: even when not required, having robust financial statements can make interactions with tax authorities easier and lower the risk of disputes. Essentially, you can make a conscious, informed decision about assurance in the tax context, balancing cost against the peace of mind and credibility that come with a CPA-backed statement.

6. Internal Uses of Assurance Reports (For Management and Directors)

Up to now we’ve focused on external users of financial statements, but what about inside your company? Even if you’re not required to get an audit or review, there are internal governance reasons to consider doing so.

For Boards of Directors and Owners: Remember that in many SMEs, especially family businesses or partnerships, the directors and owners themselves have a duty to ensure proper financial reporting. In Canada, directors have a fiduciary responsibility to oversee financial affairs, and can even be held personally liable for certain tax debts if the company’s records and remittances are neglected (as highlighted by director liability laws)mackisen.com. While a compilation engagement provides no assurance, a review or audit can be a valuable tool for the board to fulfill its oversight role. By having an independent CPA examine the books, directors gain confidence that the financial information management presents is accurate. It reduces the risk that errors or irregularities go unnoticed. In the unfortunate case where something is wrong, an audit can catch it early or at least provide evidence that the directors exercised due diligence in trying to get reliable information. Essentially, an assurance engagement is an added layer of accountability – management knows that an outside party will be looking at the numbers, which often by itself encourages discipline and accuracy in the finance team’s work.

For Management and Decision-Making: Company managers can also benefit from the process and outcome of assurance engagements. The CPA’s work may uncover misstatements or inefficiencies that internal staff overlooked. For instance, during an audit the auditors might find that certain revenue was improperly recognized or that an expense accrual was missing – management can then correct these and improve the accuracy of internal reports. Auditors often issue a Management Letter alongside the audit report, which provides an evaluation of the company’s internal controls and practical recommendationsrobeycpa.ca. This feedback is like a mini-consultation on your finance operations, highlighting areas to tighten up (e.g. “segregate duties in cash handling” or “implement a better inventory tracking system”). Even a review engagement, while less exhaustive, might point out unusual trends that prompt management to investigate an issue (for example, if the gross margin has suddenly dropped compared to prior year, a reviewer will flag that in discussions). Moreover, having annual reviewed or audited statements can be helpful for internal planning – these statements are often needed if you seek insurance coverage (some insurers ask for financials), or when valuing the business for a buy-sell agreement among partners. They provide a trusted baseline of financial performance that management can use for budgeting and forecasting with more confidence.

Fraud Prevention and Error Reduction: While no audit or review can guarantee to catch fraud, the mere presence of independent oversight has a deterrent effect. Employees or partners who know the books will be examined by an outsider have less incentive to manipulate accounts. And if there’s no malfeasance, errors are still common in any bookkeeping system – an assurance engagement increases the likelihood those errors are caught and fixed. For a small business without an in-house accountant, having a CPA come in for a review can serve as a periodic check-up on the health of your accounting. Think of it as a second pair of eyes on your finances. Many SME owners sleep better at night knowing a professional has validated their numbers.

Finally, if your company might one day be sold or passed to the next generation, maintaining a history of clean, CPA-reviewed or audited financial statements can significantly ease that transition. Buyers or successors will have more trust in what they’re taking over, and you’ll have less hassle assembling records during due diligence because you kept things in good order all along.

➡️ How This Helps: Engaging in a review or audit isn’t just about satisfying outsiders – it’s also about strengthening your own house. By leveraging independent assurance internally, you as an owner or director gain greater confidence in the financial data steering your decisions. This means fewer nasty surprises and more informed strategy (since you know the numbers are right). It also demonstrates professionalism and good governance, which can enhance your reputation with employees and business partners. In terms of risk management, you’re actively reducing the chances of undetected errors or fraud, and protecting directors by showing they exercised due care in financial oversight. In short, an assurance engagement can be an investment in the integrity and effectiveness of your management, not just a compliance expense.

7. Risks of Choosing the Wrong Level

Choosing the appropriate level of assurance is not just a matter of cost – there are risks both in overshooting and undershooting what you need. Here are some of the risks to be mindful of:

  • If you opt for too low a level (under-assurance): The primary risk is that stakeholders who rely on your financial statements may find them insufficient or unreliable, causing problems for your business. For example, if a bank expected a review engagement but you only provided compiled statements, they might delay or deny your loan, or attach more onerous conditions. Failing to meet a lender’s covenant for financial reporting (e.g. providing only an NTR when the agreement calls for a review) could even put you in technical default of a loankrp.ca. Likewise, an investor might walk away from a deal if they don’t get the comfort of an audit – they could question your credibility or assume you have something to hide. Even if no third party is requiring a higher level, using only internal/compiled statements means greater risk of errors going undetected, which can lead to bad decisions or compliance issues. Inaccurate financial reporting has real consequences: it can result in poor business and investment decisions, regulatory fines, and reputational damagenetsuite.com. In short, skimping on assurance to save costs can backfire if it leaves your company flying blind or fails to satisfy key stakeholders when it counts.

  • If you opt for too high a level (over-assurance): The old saying “don’t use a sledgehammer to crack a nut” applies here. Going for a full audit when a compilation or review would suffice means unnecessary cost and effort. Audits are not cheap, and the extra work will consume management’s time (preparing schedules, answering auditors’ questions) that could be spent elsewhere. Particularly for small businesses, an audit can be overkill – if you have no external users who require it, you might be draining resources for minimal added benefit. One Canadian legal commentary even noted that mandatory audits for all small corporations can be “disproportionate” and many closely held companies choose not to incur that expensemomentumlaw.ca (hence why laws allow audit waivers by owner consent). Over-assurance can also create complexity; for instance, audited statements must adhere strictly to accounting standards (ASPE or IFRS). If you’re a small business using income-tax basis accounting or cash accounting for simplicity, an audit would force you to conform to GAAP in full, which could complicate how you view your own books. The risk here is inefficient use of resources – paying for a Rolls-Royce level service when a reliable Honda would do the job.

  • Legal and Compliance Risks: Selecting the wrong level can have legal ramifications. If you improperly forego an audit that is actually required (by law or by your shareholders), you could face penalties or disputes. For instance, as mentioned, corporate statutes require an audit by default unless waived – if your company didn’t formally get the required shareholder waiver and also didn’t do an audit, a minority shareholder could later demand audited statements for past years. Recent case law in Ontario (Lagana v. 2324965 Ontario Inc., 2025) affirmed that a shareholder’s right to audited financials (when no waiver was given) is subject to a two-year limitation periodmomentumlaw.ca. In that case, a shareholder successfully requested audited statements that had never been prepared, albeit only for a limited look-back period. The point is, not following the formalities (either doing the audit or getting the proper waivers) can open the door to legal headaches, potentially forcing you into an expensive audit retroactively. On the flip side, there’s no law against doing more assurance than required, but you could be inadvertently misrepresenting the level of scrutiny if, say, you tell a stakeholder “we have audited financials” when in fact only a review was done. Always be clear in communication – misuse of terms can create misunderstandings that carry their own reputational risks.

  • Opportunity Cost: Consider also the risk of missed opportunities. If your competitor obtains a review engagement and uses those statements to win over a big investor, while you stuck to bare-bones statements and failed to attract interest, that’s a lost opportunity. Similarly, if your lack of an audit disqualifies you from bidding on a government contract or grant (some public tenders require audited financials as part of the qualifying criteria), you’ve foregone potential business. The decision of assurance level can thus indirectly affect the strategic opportunities available to your company.

In practice, most of these risks can be mitigated by carefully matching your company’s situation with the appropriate level of assurance (which we’ll discuss next). It’s also wise to revisit the decision periodically – what was appropriate three years ago may not be adequate now if your business has grown or conditions have changed.

➡️ How This Helps: Being aware of these risks ensures you don’t take the decision of audit vs review vs compilation lightly. You can avoid the pitfall of under-assurance – for example, by not trying to get by with just a Notice to Reader if you know your bank or investors really expect more. You can also avoid overkill, saving money and time by not volunteering for an audit that nobody needs. In short, this knowledge helps you choose wisely and avoid costly mistakes, whether financial (unneeded fees), operational (diverted management effort), or relational (upsetting stakeholders or shareholders). Ultimately, selecting the right level of assurance means you’re covering your bases without wasting your resources – it’s a Goldilocks approach that fits “just right.”

8. Case Examples from Quebec SMEs

Sometimes the importance of choosing the correct assurance level becomes crystal clear through real-world examples. Here are a few illustrative scenarios from Quebec-based SMEs that highlight the impact of audit, review, and compilation decisions:

  • Case 1: The Loan that Needed an AuditA Montreal construction firm was seeking a substantial line of credit (around $1 million) to expand its projects. Initially, the owner submitted internally prepared financial statements to the bank, which were essentially Notice to Reader level. The bank was not comfortable – in fact, this was similar to the situation in Royal Bank v. Canada (2019) where financing was denied to firms without CPA-audited statementsmackisen.com. Taking the cue, the Montreal company engaged a CPA-auditor to perform an audit of the latest fiscal year. The result? Once audited statements were presented, the $1M credit line was approved, giving the business the capital it needed to growmackisen.com. The audit report provided the lender with the confidence that the numbers were solid, and the company learned that for sizable loans, an audit can make the difference between yes and no.

  • Case 2: From Compilation to Review – Earning Better RatesA Quebec retail chain had always operated with Notice to Reader statements, since the owners were the only stakeholders and the business was moderately sized. When they decided to renegotiate their financing, however, their bank offered relatively high interest rates and lower leverage, reflecting higher perceived risk. The company then opted to step up its financial reporting: they engaged a CPA for a review engagement on their annual statements to give the bank more assurance of their financial health. With reviewed statements showing improved accuracy (the CPA helped adjust some inventory valuations) and an independent conclusion attached, the retailer was able to renew its financing at a lower interest ratemackisen.com. The bank’s risk assessment improved thanks to the added credibility of a CPA review. This case shows that moving up the assurance ladder can actually save money through better terms, not to mention the insights gained from the CPA’s analysis of their business.

  • Case 3: Smooth Sailing with ComplianceA family-owned manufacturing company in Quebec was approaching the threshold that would legally require a review engagement for tax purposes (due to its growing revenue). Rather than wait to be forced, the owners preemptively engaged a CPA for a review even while still under the limit. Over the next couple of years, the company indeed crossed the threshold, but they were already prepared. In one instance, the CRA conducted a routine review of the company’s tax filings and requested backup for certain items. The CPA-reviewed financial statements were provided, and the CRA accepted them without any adjustments – the external review had caught and corrected minor errors before the statements were filedmackisen.com. Meanwhile, a similar company in their industry that lacked such oversight ended up with several CRA audit adjustments and had to pay penalties. This example highlights the value of being proactive: by choosing the right level of assurance early, the company navigated regulatory scrutiny smoothly and maintained a clean compliance record.

Each of these cases underscores a common theme: matching the assurance level to your business’s needs and stakeholder expectations yields tangible benefits, whether it’s unlocking financing, reducing costs of capital, or avoiding regulatory troubles. They also show that upgrading your assurance level is not just a box-ticking exercise – it often results in better financial management and outcomes.

➡️ How This Helps: Learning from real SME experiences helps you envision how these concepts play out in practice. You can see that an audit or review isn’t just an abstract requirement – it can be the key to securing a deal or saving money. Conversely, relying on low-assurance statements in situations that demand more can hold your business back. By reflecting on these case examples, you can better assess your own company’s position: Are you, like the construction firm, aiming for a big loan that might warrant an audit? Or are you in the retailer’s shoes where a review could pay for itself through interest savings? Perhaps you’re nearing a size where compliance will demand a review anyway. Understanding these stories helps take the guesswork out of the decision and illustrates the real-world payoff of getting the assurance level right. In essence, it prepares you to make a choice that’s not only compliant, but strategically smart for your business’s success.

9. How to Decide What’s Right for Your Business

With all this information about audits, reviews, and compilations, the pressing question is: How do you decide which one your business needs? The decision should be guided by a combination of your company’s circumstances, stakeholder requirements, and cost-benefit considerations. Here’s a step-by-step approach to make an informed choice:

1. Identify Your Financial Statement Users and Their Needs: Start by listing who will be using your financial statements. Is it just you and your accountant for tax filing? Do you have a bank loan, outside investors, or a board of directors? The users of your financial statements largely drive the needed assurance levelaicpa-cima.com. For instance:

  • If the only user is CRA (via your tax return) and yourself, and no one is asking for assurance, a compilation might be sufficient.

  • If you have a bank loan, check the loan agreement or ask the banker what they require annually (compilation, review, or audit). As noted, many lenders want at least a reviewkrp.ca.

  • If you have or plan to have investors/shareholders, consider at least a review, if not an audit. They may request it, and it’s often easier to provide it proactively.

  • If you’re subject to any regulatory oversight (for example, a licensed industry, or preparing for public markets), an audit could be mandatory.

2. Consider Legal or Ownership Requirements: Reflect on any statutory obligations or internal rules. Under corporate law, if you don’t have a unanimous shareholder audit waiver, you’re technically required to do an auditmomentumlaw.ca. Also, if any shareholder or partner has hinted they’d like more assurance, that’s a factor. If you’re incorporated federally or in certain provinces and exceed revenue thresholds for small-business audit exemption, you may need an audit unless waived caseware.com. So, be aware of those legal default settings as a baseline.

3. Assess the Complexity and Quality of Your Internal Books: Be honest about how confident you are in your bookkeeping. If your accounting is very simple, and you (or your bookkeeper) are diligent, you might not need the CPA to do much checking – a compilation could suffice. But if you suspect there might be errors, or you lack strong internal controls, opting for a review engagement can be a wise “check-up” on accuracy. Essentially, if your gut feeling about your financial records is uneasy, err on the side of a higher assurance to avoid unpleasant surprises.

4. Weigh the Costs vs. Benefits: Budget is an important consideration. Audits cost the most, reviews intermediate, compilations the leastgevorgcpa.com. Get quotes or estimates from CPA firms for each option. Then consider the benefit side: Will a higher assurance report save you money via better loan terms, investor interest, or preventing costly errors? For example, if an audit costs $15,000 but might shave a full percentage point off the interest on a $1 million loan, the interest savings could outweigh the fee. On the other hand, if you’re tight on cash and no one externally needs an audit, maybe stick to a review or compilation. Also factor in time – audits take longer, so ensure you have the bandwidth if you choose that path.

5. Think About Future Plans: Don’t just think about this year. What are your aspirations in the next 2–3 years? If you intend to sell the business or seek significant investment, having a history of audits can boost credibility with buyers/investors and speed up due diligence. If international expansion or public listing is on the horizon, audits will become necessary. It might be easier to start auditing now rather than later (when you might have to audit multiple past years at once under pressure). Conversely, if you plan to keep things small and within the family, a compilation could remain perfectly fine. Align the assurance level with your strategic trajectory.

6. Consult Your CPA (or a Trusted Advisor): Finally, don’t hesitate to get professional input. As the AICPA advises, “Consult with a CPA to understand how each option reflects the goals of the business.”aicpa-cima.com Your external accountant or a part-time CFO can provide an experienced view on what similar companies in your industry and stage are doing. They can also clarify any misconceptions and help ensure you meet any bank covenants or legal requirements. Oftentimes, the CPA who handles your bookkeeping or tax can perform the engagement needed (provided independence is maintained) and can thus seamlessly upgrade the service as requiredaicpa-cima.com. The key is to communicate openly about your needs and get their recommendation on the right balance of assurance and cost.

After walking through these steps, you should arrive at a decision that you can justify to yourself and others. Document that decision – for example, note in meeting minutes or a memo why an audit was obtained (or waived) this year, in case stakeholders ask. Remember, you’re not locked in forever; you can increase or decrease the assurance level in future years if circumstances change, though moving down (say from audit to review) might raise questions from lenders/investors.

➡️ How This Helps: Having a clear, step-by-step decision process means you won’t choose your assurance engagement on a whim or under panic. Instead, you’ll choose it deliberately, tailored to your business’s needs and goals. This approach ensures you get the most value out of the service – paying for just what you need, and getting what you pay for in stakeholder confidence. It also puts you in control of compliance and deadlines (no scrambling because you forgot the bank needed a review report by next week). By consulting advisors and looking ahead, you make a forward-thinking choice that can accommodate your future plans. Ultimately, deciding the right level of assurance becomes a strategic decision for your company’s financial management, rather than a checkbox, and that means the engagement will truly support your business’s success.

10. Role of a CPA and the Value of Independent Assurance

We’ve emphasized engaging a CPA throughout this discussion – and that’s because a CPA’s independent oversight is the cornerstone of assurance services. Here’s why a CPA (Chartered Professional Accountant) is essential and how their involvement adds value:

Professional Standards and Expertise: CPAs in Canada are governed by strict professional standards (set out in the CPA Canada Handbook – Assurance) that ensure consistency and quality in audits, reviews, and compilationscpans.ca. When you hire a CPA to do an engagement, you’re getting someone who is trained to apply these standards – whether it’s the Canadian Auditing Standards (CAS) for audits, the Canadian Standard on Review Engagements (CSRE 2400) for reviews, or CSRS 4200 for compilations. This means the process and methodology they use are designed to catch misstatements and present your financial information fairly. A non-CPA simply cannot provide the same level of credibility; in fact, as mentioned, only licensed CPAs can sign off on these reports legallycpans.ca. The CPA designation signals that the person has the education, has passed rigorous examinations, and maintains ongoing professional development in accounting and assurance. For business owners, this translates to trustworthiness – you can rely on the CPA’s work, and so can outsiders, because it’s backed by an entire profession’s standards and ethics.

Independence and Objectivity: A critical aspect of assurance is that the CPA is an independent third party. They have no stake in your company’s figures looking “good” or “bad” – their job is to tell it like it is. This objectivity is what gives assurance engagements their value. As one source puts it, all three types of engagements provide independent insights into a company’s finances, and “transparency and independence are why companies often work with an outside CPA”caseware.com. When a lender or investor sees a CPA’s signature on your financials, they know the statements weren’t just self-serving documents; an impartial professional evaluated them. Internally, this independent perspective can also be eye-opening for management, who might be too close to the day-to-day to spot certain issues. In summary, a CPA’s independence acts as a seal of integrity on your financial statements.

Value-Added Insights: Beyond the core assurance, CPAs often deliver insights and advice that can benefit your business. In performing an audit or review, they gain an understanding of your business processes, and they might observe inefficiencies, control issues, or opportunities for improvement. Many clients find that discussions with their CPA after an engagement help them run their business better – for example, an auditor might alert you that your inventory tracking system is leading to write-offs, or a reviewer might suggest better segregation of duties in accounting. These are ancillary benefits that come from the CPA’s trained eye. Additionally, CPAs stay up-to-date with accounting standards and regulatory changes, so they can advise you on how to implement new financial reporting rules or optimize your accounting policies (within the bounds of the standards). Essentially, by involving a CPA, you get a knowledgeable partner in financial matters, not just a number-checker.

Enhancing Credibility and Confidence: Perhaps the greatest value of independent assurance is the credibility it confers. It creates confidence among all parties that the financial picture is accurate. As we saw earlier, most sophisticated investors or lenders won’t even consider financial statements that lack a CPA’s reportsmecpa.com. Independently audited financials are often described as the “gold standard” for reliability. Even internally, management can take more decisive action knowing the books have been vetted. For example, you might be more comfortable investing in a new project or expanding operations if you know your balance sheet is solid per an auditor’s scrutiny, whereas if you only had rough estimates, you might second-guess the numbers. In negotiations, having CPA-backed statements gives you a stronger negotiating position – it reduces the other side’s uncertainty. In a very real sense, independent assurance can pay for itself by lowering the perceived risk in any financial relationship, thereby potentially lowering the cost of capital or increasing the value of your business in the eyes of otherscaseware.com.

Continuity and Support: Working with a CPA over the long term means they become familiar with your business, which can be immensely helpful. If an issue arises (say, a CRA audit or a due diligence request), your CPA can support you with context and historical knowledge from past engagements. They can also help ensure continuity – for instance, if a key financial staff member leaves your company, the CPA’s workpapers and knowledge can provide comfort that not all institutional knowledge is lost. They’re like an external part of your team’s memory bank for financial matters.

In conclusion, the role of the CPA in assurance engagements is central. They are not just number-crunchers; they are guardians of financial truth for your company and advisors for improvement. Engaging a reputable CPA firm, especially one experienced with SMEs in Quebec/Canada, means your financial reporting will be in good hands, meeting the highest standards of professionalism and ethics.

➡️ How This Helps: Recognizing the value of a CPA’s involvement reinforces why you shouldn’t cut corners on who handles your financial engagements. It helps you justify the cost to yourself and your board: you’re not just buying a report, you’re investing in credibility, expertise, and peace of mind. By insisting on a qualified, independent CPA, you ensure that your financial statements will stand up to scrutiny from any quarter – be it a bank, tax auditor, or investor. This confidence can be a strategic asset, allowing you to focus on growing the business rather than worrying about whether people trust your numbers. Moreover, you’ll benefit from the CPA’s insights and advice, which can lead to operational improvements and better financial management over time. In short, partnering with a CPA for audit, review, or compilation is about elevating the quality of your financial reporting to support your business’s success.

Conclusion: Every successful business reaches a stage where getting the financials right is not just a compliance exercise, but a catalyst for growth and trust. Choosing the proper level of assurance – be it a compilation for basics, a review for moderate confidence, or an audit for full verification – is a key part of that journey. If you’re at that crossroads, unsure of which way to go, consider the advantages of talking to an independent CPA firm. Mackisen’s CPA-auditor team in Montreal has decades of experience guiding SMEs through these decisions and executing the engagements efficiently. We help you evaluate your needs, whether you’re preparing for a big loan, bringing on investors, or simply tightening up your internal controls. Then we deliver the right level of service – compilation, review, or audit – through our licensed professionals who know Canadian and Quebec standards inside out. The result is financial statements that you, your stakeholders, and regulators can rely on. By having Mackisen as your partner in assurance, you’re not just meeting a requirement – you’re gaining a trusted advisor invested in your company’s transparency and success. Contact us to discuss how we can support your business in choosing and completing the right type of assurance engagement, and experience the confidence that comes with having Quebec’s SME-focused CPA team on your side. mackisen.com

Other Insights

View All Posts

Thumbnail

Principal Residence Resources

2 min

Resources

Icon
Thumbnail

Tax Resources

9 min

Resources

Icon

All-in-One Accounting, Tax, Audit, Legal & Financing Solutions for Your Business

Are you ready to feel the difference?

Have questions or need expert accounting assistance? We're here to help.

Contact us

Let’s Stay In Touch

Follow us on LinkedIn for updates, tips, and insights into the world of accounting.

Icon

Follow us on Linkedin

Mackisen Consultation Inc.
5396 Avenue du Parc, Montreal, Quebec H2V 4G7
Telephone: 514-276-0808
Fax: 514-276-2846
Email: info@mackisen.com

Menu

Terms & conditionsPrivacy PolicyService PolicyCookie Policy

© 1990–2025 Mackisen Consultation Inc. All rights reserved.

Please review our Terms of Use and Privacy Policy for full legal information.

Mackisen refers to Mackisen Global Limited (“MGL”) and its global network of member firms and associated entities collectively constituting the “Mackisen organization.” MGL, alternatively known as “Mackisen Global,” operates as distinct and independent legal entities in conjunction with its member firms and related entities. These entities function autonomously, lacking the legal authority to obligate or bind each other in transactions with third parties. Each MGL member firm and its associated entity assumes exclusive legal accountability for its actions and oversights, explicitly disclaiming any responsibility or liability for other entities within the Mackisen Organization. It is of legal significance to underscore that MGL itself refrains from rendering services to clients.