Obtaining an engagement letter is not a requirement of generally accepted auditing standards, but it makes good business sense. This document defines responsibilities between auditors and their clients, which helps to eliminate misunderstandings, and decreases the vulnerability of accountants to malpractice claims.
An engagement letter should include the following information.
Scope of the Audit
The scope of the audit is a critical element of the audit planning process, as it helps ensure that you obtain sufficient evidence to form an opinion on the financial statements. The auditor should discuss the scope of the audit with the client in advance, preferably at the commencement of the engagement. This discussion should also include an explanation of the limitations on the scope of the audit, including a description of any procedures that cannot be performed due to limited resources.
Other elements that should be addressed in the engagement letter include the deadlines for the completion of the audit, and whether or not a member of the client’s staff will assist with preparation of schedules or retrieval of documents from files. In addition, the Audit Engagement Letter should identify any restrictions on the use of the information gathered during the audit, and address the need to maintain confidentiality and comply with data protection regulations.
The engagement letter should be sent to the individual retaining the firm and, where appropriate, to third-party users of the report who are intended to rely on the information. A draft of the report is usually included as an appendix to the engagement letter. The AICPA Task Force on Accountant Liability has recommended that engagement letters should include language to limit legal liability for the practitioner to nonclients who may rely on reviews or compilations.
Audit Fees and Billing Arrangements
In addition to defining the scope of the audit, the engagement letter should include provisions for fees and payment terms. It should also identify the person in management (e.g., the board chairman, CEO or CFO) that retains the firm and approves the engagement. It is a good practice to discuss the content of the engagement letter with the client before it is sent.
It is also necessary to establish the role of the client in the audit. Depending on the nature of the engagement, the client’s responsibilities may include providing access to information, records and personnel; preparing the financial statements in accordance with generally accepted accounting principles; maintaining an effective system of internal control; or otherwise contributing to an efficient and effective audit.
The engagement letter should also establish the rotation requirements for the firm’s partners engaged in the audit, review or compilation. For example, if a “lead” or “concurring” partner is assigned to the audit, that partner would normally be required to rotate off the engagement after a maximum of five years on that assignment. The same applies to non-lead and concurring partners.
The scope of the engagement letter should specify the name of the entity being audited, the fiscal year end and a brief description of the type of financial statements to be reviewed or audited. It should also specify any other services that the firm will be rendering for the client, such as tax preparation or a peer review of the client’s financial statements.
Limitations of the Audit
While an audit is designed to provide assurance that a client’s financial statements are free from material misstatement, the auditor cannot guarantee this. However, an effective audit can enhance an organization’s credibility, help reduce the risk of fraud, and increase trust between stakeholders.
An engagement letter serves to solidify audit arrangements between your firm and the client. It clarifies the responsibilities on both sides and helps to eliminate misunderstandings and mitigate the vulnerability of accountants to legal risks.
Specifically, the letter defines the scope of the audit, including the financial statements and periods to be reviewed, the applicable financial reporting framework, and the objectives of the audit. It also outlines the responsibilities of the client, such as providing access to information, records and personnel, and maintaining an effective system of internal control.
The letter should also list any services that lie outside the current agreement, which may be added as needed, and cite how much these additional services will cost. As a best practice, the letter should be sent soon after your appointment as auditor and, in any event, before the commencement of the first audit assignment. It is also a good idea to obtain an engagement letter for any recurring service engagements, management advisory services, unique matters, or special engagement services that you perform for clients.
Confidentiality and Data Protection
Generally, the audit engagement letter specifies that the data gathered during the course of an audit will be confidential. It should also contain a provision that the client must notify you in advance of any plans to share audit findings with third parties. For example, if you intend to write a report that includes specific financial statements from a company, it would be helpful to have the engagement letter state that the company agrees to share such reports only with a limited number of parties selected by you.
In addition to specifying the audit’s scope and responsibilities, an engagement letter should clarify responsibilities for both the practitioner and the client. This helps reduce misunderstandings and decreases the vulnerability of practitioners to legal liability. In fact, many malpractice insurance companies offer lower premiums to firms that regularly use engagement letters.
Among other things, the audit engagement letter should stipulate that you won’t be available to work on any other company’s books until you complete this audit. This is called a “cooling off period,” and it is common in the audit industry. You should also include a provision that states the client won’t hire anyone on your team who was involved in this audit. This is to prevent potential conflicts of interest. Finally, you should indicate the nature of information and access to records that are required for your work, including whether the information will be accessible in electronic format.