This includes executive directors, non-executive directors and members of the audit committee.

What: tender process

Why: for public interest entities (PIEs), specifically defined by the FRC, with audit committees, there is a legal requirement to carry out a selection procedure (Companies Act 2006 Section 485A and Article 16 (3) of the Audit Regulation). The audit committee conducts a tendering process and makes recommendations to the board. For PIEs, the audit must be put out to tender at least every 10 years (Companies Act 2006, section 494ZA).

What does this mean: when a company needs an auditor, it usually invites different audit firms to ‘bid’ for the audit. This can involve written proposals, interviews and presentations. For PIEs, the tendering process is a legal requirement. For others, it may simply be custom. For larger companies, it is often the audit committee that oversees this process, and they report back to the board.

How: written proposal document, verbal discussions with management, oral presentation.

What: auditor’s declaration of independence

Why: the auditor is required to confirm annually that the firm, along with its partners, senior managers and managers involved in the audit, maintain independence from the audited entity. (ISA (UK) 260 17-1)

What does this mean: each year, for PIEs, the auditor is required to confirm that no one on the audit team is involved with the audited entity in any way that could jeopardise their independence for the audit (for example, family/friend connections).

How: annual confirmation in writing. Discussion on any threats identified and safeguards applied that may need to be in writing.

This includes executive directors, non-executive directors and members of the audit committee.

What: auditor reappointment

Why: companies legislation requires that auditors are appointed for each financial year.

What does this mean: for public companies, an auditor must be formally reappointed each year, regardless of whether a retender process is taking place. This typically occurs at the annual general meeting by shareholder vote. For private companies, auditors may be deemed to be reappointed.

How: ordinary resolution at a meeting of the company’s members

What: terms of the audit engagement

Why: to agree the objective and scope of the audit, the respective responsibilities of the auditor and management, the financial reporting framework and the form and content of reports to be issued by the auditor. (ISA (UK) 210)

What does this mean: an audit engagement letter is essentially a formal agreement between the auditor and the company being audited. It ensures that both parties are on the same page about what the audit will involve and what is expected from each side.  

How: written agreement

What: a copy of the audit engagement letter

Why: to facilitate review and agreement by the audit committee and ensure any change in circumstances has been reflected. (ISA (UK) 260 A9-1 and per the FRC Guidance on Audit Committees).

What does this mean: the audit committee is responsible for agreeing the terms of engagement of the external auditor.

How: written letter

This includes executive directors, non-executive directors and members of the audit committee.

What: planned scope and timing of the audit

Why: to help those charged with governance to better understand the implications of the auditor's work, engage in discussions regarding risk and materiality, and pinpoint areas where they may request the auditor to perform additional procedures.  

What does this mean: audit planning typically requires various communications with those charged with governance and management. Some communications, like the audit plan, are more formal, while others, such as discussing business changes over the year, are more informal.

How: either verbally or in writing for entities that are not PIEs. See reporting and completion section below for examples of specific requirements that need to be made in writing for PIEs.

What: obtaining information relevant to the audit, including a detailed understanding of the business

Why: to help the auditor better understand the entity and its environment. (ISA (UK) 260) 

What does this mean: auditors need to understand the business, its industry, and any changes during the year. These factors can affect the risk assessment, help the auditor design tests effectively, help the auditor set materiality and impact the overall audit approach.

How: not specified. 

What: to discuss audit fieldwork queries and any controls issues identified.
(The use of internal auditors to provide direct assistance is prohibited in an ISAs (UK) audit (ISA (UK) 610)

Why: internal auditors help to ensure the systems and controls are in place to maintain the integrity of the financial statements and have a good understanding of how they work.

What does this mean: internal auditors know the company’s accounting systems very well. By working with them, external auditors can better understand how things work, get answers to queries and help make sure any suggested improvements are put into practice.

How: discussions during all stages of the audit.

What: identifying appropriate sources of audit evidence and providing constructive challenge on specific transactions or estimates

Why: management has responsibility for the conduct of the entity’s operations and for the preparation of the financial statements.

What does this mean: auditors typically give management a list of required audit evidence at the outset and may update this list as the audit progresses. Depending on the audit firm, requests for information can be made through a secure system, email, or in hard copy format. Frequent communication with management during the audit allows for a constructive working relationship. The auditor is required to exercise professional scepticism and should be prepared to appropriately challenge management, for example, assessing the appropriateness of assumptions used.

How: verbal discussions and written exchanges.

This includes executive directors, non-executive directors and members of the audit committee

What: significant audit findings, including significant deficiencies in internal control identified by the auditor during the audit

Why: to assist those charged with governance in fulfilling their oversight responsibilities (ISA (UK) 260 and 265).

What does this mean: while carrying out audits, auditors might find problems with a company’s internal controls. When this happens, they let those in charge know. These problems are usually found either by testing how the controls work or by noticing mistakes that show the controls didn’t work properly. 

How: significant findings should be communicated in writing, if in the auditor’s professional judgement, oral communication would not be adequate (ISA (UK) 260.) Significant deficiencies in internal control should be communicated in writing (ISA (UK) 265). Other matters can be communicated orally or in writing (ISA (UK) 260).

What: if the entity reports on how it has applied the UK Corporate Governance Code, or why it has not, the auditor should communicate information regarding the audit committee’s responsibilities under the Code in relation to audit, risk and internal control; and the rationale and evidence behind significant judgements made during the course of the audit.

Why: the auditor has a responsibility to inform those charged with governance of important observations from the audit that are pertinent to their role in overseeing the financial reporting process, and promote effective two-way communication between the auditor and those charged with governance (ISA (UK) 260 9d, 16-1).

What does this mean: The UK Corporate Governance Code requires some listed companies to explain how they have complied with the Code. Auditors provide the audit committee with:

• any information that might help the board or audit committee with their responsibilities under the Code, such as the auditor’s views on significant accounting policies, business risks, materiality, and similar topics; and
• details about the information the auditor relied upon to make important judgements and ultimately form their opinion.

How: significant findings should be communicated in writing, if in the auditor’s professional judgement, oral communication would not be adequate (ISA (UK) 260). Other matters can be communicated orally or in writing (ISA (UK) 260). The auditor is usually invited regularly to audit committee meetings. The audit committee will meet the auditor without management present at least annually.

What: additional report including the results of the audit, the methodology used, the valuation methods applied, significant deficiencies in internal controls and more

Why: this is an ISA requirement. The content of the report is detailed in ISA (UK) 260 paragraph 16-2 and the format in paragraph 20-1. ISA (UK) 260 further requires that the additional report to the audit committee states whether or not significant deficiencies in controls have been resolved by management.

What does this mean: for PIEs, an additional report is required to be submitted to the audit committee explaining the results of the audit. This report is very detailed, and the exact contents are set out in auditing standards.

How: written report followed by discussion of key matters in the report if requested.

What: financial statement adjustments; significant matters arising

Why: management has responsibility for the conduct of the entity’s operations and for the preparation of the financial statements. The auditor is required to communicate all misstatements found during the audit with management (ISA (UK) 450.The auditor is required to communicate deficiencies in internal control to management and those charged with governance (ISA (UK) 265). 

What does this mean: The auditor categorises adjustments as material or not material. Material adjustments are typically made, while immaterial ones are accumulated to assess their aggregate impact. Both types are reported to management and those charged with governance. A 'management letter' is usually sent to management detailing the deficiencies found in internal controls during the audit.

How: verbal discussions and written exchanges.

What: the auditor’s opinion on whether the annual accounts give a true and fair view; have been properly prepared in accordance with the relevant financial reporting framework; and have been prepared in accordance with the requirements of the Companies Act 2006

(See Deconstructing the audit report for more details). 

Why: under section 475 of the Companies Act 2006, it is a legal requirement for a company’s annual accounts to be audited unless exempt. Section 495 requires a company’s auditor to report to the company’s members and provides details of the contents of the report. The International Standard on Auditing (ISA) (UK) 700 outlines the auditor’s responsibility to form an opinion on the financial statements and specifies that the report should be in writing.

What does this mean: this is the main 'product' of the audit. It is the way in which the auditor can communicate the work they have done and the results they have found. The extended audit report was introduced in 2013 as a means of delivering more informative audit reports and sparking conversations with investors. Three main requirements were introduced in relation to information on key audit matters, materiality and audit scope.

How: the written independent auditor’s report. The auditor's report is also sent to Companies House as part of the filing of the annual report and is publicly available.

This includes executive directors, non-executive directors and members of the audit committee.

What: notice of resignation sent to the company

Why: Companies Act 2006, section 516 requirement.

What does this mean: companies legislation requires auditors to send a letter of resignation to the company when they resign. A section 519 statement may also be required (see below in Companies House section)

How: written letter.