Compliance Glossary


The concept of attestation dates back to the earliest historians who attempted to independently verify recorded events by obtaining statements or attestation letters from individuals who claimed to have witnessed such events. A historian would have presented a written account of an event that took place and asked witnesses to attest that the contents of this document were accurate.

In the modern world of corporate compliance, an attestation is a statement that expresses a conclusion about an organization’s compliance with regulatory standards, the effectiveness of its internal compliance controls.

What is Attestation?

At its core, an attestation is simply an affirmative expression about the validity or reliability of an assertion. The concept of attestation can be applied in different ways, depending on the context or the nature of the claim. Consider the following examples:

  • An individual witnesses a crime. They write an attestation letter detailing what they saw and sign the letter. A third party also signs the letter, attesting to the authenticity of the witness’ signature.
  • An individual is applying for a job. They write and submit a letter of attestation for good character, affirming that they have no prior criminal history.
  • A CEO is entering into a vendor agreement with a new firm. As part of its due diligence, the firm requests an attestation letter stating that the CEO’s organization meets industry-specific regulatory compliance requirements. The CEO writes and signs the attestation letter.

What is an Example of Attestation?

A Certified Professional Accountant (CPA), acting as an independent service provider, can offer assurance or attestation services to private organizations. While assurance services focus on the quality and context of information used for decision-making, attestation services produce a document that reports findings on the validity or reliability of an assertion made by another party.

In this capacity, a CPA would obtain such an assertion from a responsible party, then undergo agreed-upon procedures to validate that assertion and present their findings in a report. CPA attestation services are used to evaluate assertions about:

  • Audits of historical financial statements
  • Effectiveness of internal control over financial reporting
  • Reviews of historical financial statements
  • Compliance with specified legal or regulatory requirements
  • Effectiveness of internal control over compliance

In the healthcare industry, service providers known as First Tier, Downstream, and Related Entities (FDRs) who contract with Medicare Advantage (MA) organizations (private insurance companies) must comply with Centers for Medicare and Medicaid Services (CMS) standards. 

In fact, the MA organizations themselves are responsible for monitoring, auditing, and compliance oversight of the FDRs they do business with, which can include physicians, hospitals, pharmacies, claims processing vendors, call centers, and others. As part of their compliance monitoring efforts, MAs may require their FDR partners to complete an attestation form that expresses their compliance with the appropriate CMS standards.

What is an Attestation Letter?

An attestation letter is a document that expresses the reliability of an assertion made by another party. The individual who writes and signs the attestation letter is certifying their first-hand knowledge with regard to the assertions or claims that are made in the letter. 

Why Do We Need Attestation?

Attestation law is an important part of the checks and balances that support a thriving business community by encouraging corporations to play fair. 

Under the False Claims Act, it is illegal in the United States for an individual to falsely certify that they have complied with a statute or regulation. Under corporate law, an LLC could be held liable for misrepresenting its compliance status in the marketplace – but with the false claims act in play, that liability could fall squarely on the shoulders of the person who signed the attestation form. 

The individual liability associated with falsifying an attestation letter acts as a deterrent against fraud and encourages businesses to genuinely pursue compliance with the requirements relevant to their industry.

Blog CTA - Demo 3 (See the GAN Platform in action)