Accepting/continuing an audit engagement

An audit firm should only take on clients and work of an appropriate level of
risk. For this reason, the firm will perform 'client screening'. The firm will
consider the following matters before accepting a new engagement or client:
1. Professional clearance
If offered an audit role, the prospective audit firm must:
• Ask the client for permission to contact the existing auditor (and refuse
the engagement if the client refuses).
• Contact the outgoing auditor, asking for all information relevant to the
decision whether or not to accept appointment (e.g. overdue fees,
disagreements with management, breaches of laws & regulations).
• If a reply is not received, the prospective auditor should try and contact
the outgoing auditor by other means e.g. by telephone.
• If a reply is still not received, the prospective auditor may still choose to
accept but must proceed with care.
• If a reply is received, consider the outgoing firm's response and assess if
there are any ethical or professional reasons why they should not
accept appointment.
• The existing auditor must ask the client for permission to respond to the
prospective auditor.
• If the client refuses permission, the existing auditor should notify the
prospective auditor of this fact.
2. Independence and objectivity
If the assurance provider is aware, prior to accepting an engagement, that
the threats to objectivity cannot be managed to an acceptable level, the
engagement should not be accepted.
3. Management integrity
If the firm has reason to believe the client lacks integrity there is a greater
risk of fraud and intimidation.
 4. Money laundering (client due diligence)
The firm must comply with money laundering regulations which require
client due diligence to be carried out. If there is any suspicion of money
laundering, or actual money laundering committed by the prospective
client, the firm cannot accept the engagement.
5. Resources
The firm should consider whether there are adequate resources available
at the time the engagement is likely to take place to perform the work
properly. If there is insufficient time to conduct the work with the
resources available the quality of the work could be affected.
6. Risks
Any risks identified with the prospective client (e.g. poor performance,
poor controls, unusual transactions) should be considered. These risks can
increase the level of engagement risk, i.e. the risk of issuing an
inappropriate report.
7. Fees
The firm should consider the acceptability of the fee. The fee should be
commensurate with the level of risk.
In addition, the creditworthiness of the prospective client should be
considered as non-payment of fees can create a self-interest threat.
8. Professional competence
An engagement should only be accepted if the audit firm has the necessary
skill and experience to perform the work competently.
9. Reputation of the client
The audit firm should consider the reputation of the client and whether its
own reputation could be damaged by association.
If there are any reasons why the firm believes they may not be able to issue
an appropriate report, they should not accept the engagement.
 Preconditions for an audit (ISA 210)
ISA 210 Agreeing the Terms of Audit Engagements and the Code of Ethics and
Conduct provides guidance to the professional accountant when accepting
new work.
Before accepting (or continuing with) an engagement, the auditor must
establish whether the preconditions for an audit are present and that there is a
common understanding between the auditor and management and, where
appropriate, those charged with governance. [ISA 210, 3]
The preconditions for an audit are that management acknowledges and
understands its responsibility for:
• Preparation of the financial statements in accordance with the
applicable financial reporting framework.
• Internal control necessary for the financial statements to give a true
and fair view.
• Providing the auditor with access to all relevant information and
explanations. [ISA 210, 6b]
If the client imposes a limitation on the scope of the auditor's work to the
extent that the auditor believes it likely that a disclaimer of opinion will
ultimately be issued, then the auditor shall not accept the engagement, unless
required to do so by law. [ISA 210, 7]
Continuance
Once the engagement is complete, the audit firm must revisit the acceptance
considerations again to ensure it is appropriate to continue for the following
year. If any significant issues have arisen during the year, such as
disagreements with management or doubts over management integrity, the
firm may consider resigning.
Engagement letters
Purpose
The engagement letter specifies the nature of the contract between the firm
and client. The letter will be sent before the audit commences. Its purpose is
to:
• Minimise the risk of any misunderstanding between the practitioner and
client
• Confirm acceptance of the engagement
• Set out the terms and conditions of the engagement.
Changes to the engagement letter
The engagement letter should be reviewed every year to ensure that it is up to
date but does not need to be reissued every year unless there are changes to
the terms of the engagement.
ISA 210 requires the auditor to consider whether there is a need to remind the
entity of the existing terms of the audit engagement for recurring audits. Some
firms choose to send a new letter every year to emphasise its importance to
clients.
The auditor should issue a new engagement letter if the scope or context of
the assignment changes after initial appointment, or if there is a need to
remind the client of the existing terms.
Reasons for changes would include:
• Changes to statutory duties due to new legislation
• Changes to professional duties, for example, due to new or updated
ISAs
• Recent changes in senior management
• A significant change in ownership. [ISA 210, A30]
The contents of the engagement letter
The auditor will agree the terms of the audit engagement with management or
those charged with governance, as appropriate. [ISA 210, 9]
The terms are recorded in a written audit engagement letter and should
include:
 • The objective and scope of the audit of the financial statements
• The responsibilities of the auditor
• The responsibilities of management.
• Identification of the applicable financial reporting framework for the
preparation of the financial statements
• Reference to the expected form and content of any reports to be issued
by the auditor. [ISA 210, 10]
In addition, the following items will be included:
• Reference to professional standards, regulations and legislation
applicable to the audit
• Limitations of an audit
• Expectation that management will provide written representations
• Basis on which the fees are calculated
Agreement of management to notify the auditor of subsequent events after
the auditor's report is signed
• Agreement of management to provide draft financial statements in time
to allow the audit to be completed by the deadline
• Form (and timing) of any other communication during the audit. [ISA
210, A24]
Other matters that the engagement letter may cover include:
• Arrangements concerning the involvement of internal auditors and other
staff of the entity
• Limitations to the auditor’s liability
• Any obligations to provide audit working papers to other parties. [ISA
210, A26]
The content of the engagement letter should be agreed with the client before
any engagement related work commences.
The client's acknowledgement of the terms of the letter should be formally
documented in the form of a director's signature.
Further explanation of engagement letter contents
To the Board of Directors of Murray Co...
• Although the auditor's report is issued to the shareholders, the
engagement letter is addressed to and signed by the directors of a
company.
The responsibilities of the auditor... The responsibilities of management...
• It is important to set out the directors' and auditor's responsibilities for
clarity and to reduce any expectation gap.
• The responsibilities of the auditor include the scope of the audit, i.e. the
process by which the auditor will form their opinion. The same
description of the scope of an audit is included in the auditor's report.
We will report to the members of Murray Co as a body...
• It is important to define who the intended users of the report are, i.e.
who can place reliance on it.
Confirmation of your agreement...
• Both the client and the auditor must sign and retain a copy of the
engagement letter for reference and to support the contract
agreed.
Quality control (ISA 220)
ISA 220 Quality Control for an Audit of Financial Statements requires the firm
to establish a system of quality control to ensure the firm complies with
professional standards and issues reports that are appropriate in the
circumstances. [ISA 220, 6]
Policies and procedures should be established which address:
• Leadership responsibilities for quality within the firm
• Relevant ethical requirements ( In ethics document)
• Acceptance and continuance of client relationships and specific
engagements
• Human resources
• Engagement performance
• Monitoring. [ISA 220, A1]

1. Leadership
The engagement partner takes responsibility for the overall quality of the
engagement. [ISA 220, 8]
The engagement partner should emphasise the importance of:
• Performing work that complies with professional standards.
• Complying with the firm’s quality control policies and procedures.
• Issuing auditor’s reports that are appropriate in the circumstances.
• The engagement team’s ability to raise concerns without fear of
reprisal. [ISA 220, A3a]
2. Acceptance and continuance of client relationships
The firm should ensure only clients and work of an acceptable level of risk are
accepted. This requires consideration of:
• Integrity of management
• Competence of the engagement team
• Compliance with ethical requirements
• Significant matters that have arisen during the current or previous audit
engagement and their implications for continuing the relationship. [ISA
220, A8]
 3. Human resources
The engagement partner should ensure that the engagement team collectively
have the competence and capabilities to perform the audit in accordance with
professional standards. This includes knowledge of professional standards,
knowledge of relevant industries in which the client operates, the ability to
apply judgment and an understanding of the firm's quality control policies and
procedures. [ISA 220, A11]
4. Engagement performance
Engagement performance comprises direction, supervision and review of the
engagement.
Direction involves informing team members of:
• Their responsibilities
• Objectives of the work to be performed
• The nature of the business
• Risks
• Problems that may arise
• The detailed approach to the performance of the engagement. [ISA 220,
A14]
Supervision includes:
• Tracking the progress of the audit to ensure the timetable can be met
• Considering the competence of the team
• Addressing significant matters arising and modifying the planned
approach accordingly
• Identifying matters for consultation. Consultation may be required
where the firm lacks appropriate internal expertise. [ISA 220, A16]
Review responsibilities include consideration of whether:
• The work has been performed in accordance with professional
standards
• Appropriate consultations have taken place
• The work performed supports the conclusions reached
• The evidence obtained is sufficient and appropriate to support the
auditor's report.
 • The objectives of the engagement procedures have been achieved. [ISA
220, A18]
The engagement partner should perform a review of critical areas of judgment,
significant risks and other areas of importance throughout the audit. The
extent and timing of the partner's reviews should be documented. [ISA 220,
A19]
5. Engagement Quality Control Review
Listed entities and other high risk clients should be subject to an engagement
quality control review (EQCR). [ISA 220, 19] This is also referred to as a pre-
issuance review or 'Hot' review.
High risk clients include those which are in the public interest, those with
unusual circumstances and risks, and those where laws or regulations require
an EQCR.
An EQCR includes:
• Discussion of significant matters with the engagement partner.
• Review of the financial statements and proposed auditor’s report.
• Review of selected audit documentation relating to significant
judgments and conclusions reached. This includes:
– Significant risks and responses to those risks
– Judgments with respect to materiality and significant risks
– Significance of uncorrected misstatements
– Matters to be communicated to management and those charged with
governance, and where applicable, other parties such as regulatory bodies.
• Evaluation of conclusions reached in forming the audit opinion. [ISA
220, 20]
For listed entity audits, the EQCR should also consider:
• Independence of the engagement team.
• Whether appropriate consultation has taken place on contentious
matters or differences of opinion.
• Whether documentation reflects the work performed in relation to
significant judgments. [ISA 220, 21]
6. Eligibility criteria
The engagement quality control reviewer:
• Should have the technical qualifications to perform the role, including
the necessary experience and authority, and
• Should be objective. To be objective the reviewer should not be
selected by the engagement partner and should not participate in the
engagement. [ISA 220, 7c]
Note: An engagement quality control reviewer may also be referred to as
an independent review partner.
7. Monitoring
Quality control policies alone do not ensure good quality work. Firms
should carry out post-issuance or 'cold' reviews to ensure that quality
control procedures are adequate, relevant and operating effectively. [ISA
220, 23]