Agreeing the terms of audit engagements in an ISA audit

Why is it important?

The objective of the auditor is to accept or continue an audit engagement only when the basis upon which it is performed has been agreed, by:

• establishing whether the preconditions for an audit are present; and
• confirming that there is a common understanding between the auditor and management and, where appropriate, those charged with governance, of the terms of the audit engagement [ISA 210.3].

Requirements and challenges

What are the preconditions for an audit?

• the use by management of an acceptable financial reporting framework in the preparation of the financial statements; and
• the agreement of management and, where appropriate, those charged with governance to the premise on which an audit is conducted [ISA 210.4].

What is an acceptable financial reporting framework?

ISA 210 includes a lengthy analysis of what constitutes an acceptable financial reporting framework, and also deals with situations where applicable (national) law or regulation includes supplementary or conflicting accounting requirements.

Accounting standards established by authorised or established organisations, such as the International Accounting Standards Board, for example, are presumed to be acceptable for general purpose financial statements. Other frameworks may not be so clear and may require more documentation of how the auditor has concluded that they are acceptable.

What might be unacceptable?

There are two key issues that flow from the acceptable financial reporting framework precondition. The first issue arises where auditors find themselves auditing entities that are incorporated elsewhere. In such cases, they will need to have a proper, documented understanding of whatever is prescribed in local legislation and regulation regarding the form, content, presentation and basis of preparation of the financial statements. If this entails the application of an unacceptable financial reporting framework (say historic cost accounting without any impairments), the engagement should be declined unless:

• there is agreement at the outset to providing additional disclosures of the issue; and
• the engagement letter refers to:
• the expectation of an emphasis of matter paragraph in the auditor’s reports highlighting these disclosures; and
• the opinion which will not be given in “true and fair” or “presents fairly” terms.

If the auditor is required to undertake the engagement then the likely effect on the audit opinion must be assessed, documented and included in the engagement letter [ISA 210.19 and 20].

The second issue arises where local legislation determines the form and content of the audit report. The impact of the legal obligation should be assessed. An engagement to carry out an audit in accordance with the ISAs should be declined if the statutory audit report cannot be modified sufficiently to mitigate possible misunderstandings relating to the relevant auditing standards. Where the statutory audit report cannot be modified, the overall audit, and not just the audit report, will not have complied with the ISAs and the auditor is not permitted to refer to the audit being conducted in accordance with ISAs [ISA 210.21].

For audits of accounts that are not general purpose financial statements, such as the audit of post-transaction completion accounts, or service charge audits for tenants, the auditor will not agree to conduct an ISA audit leading to a “true and fair” or “presents fairly” opinion, or report compliance with ISAs, where the preconditions for an audit are not present.

What is the premise on which an audit is conducted?

The premise on which an audit is conducted is defined at length in ISA 200.13(j). In essence, the premise is a requirement that management and, where appropriate, those charged with governance understand and acknowledge that an ISA-compliant audit can only be conducted if they accept their responsibilities for the accounts and for making an audit possible. Their responsibilities are for:

• the preparation of acceptable financial statements (as defined);
• the maintenance of adequate accounting records and whatever further procedures and controls are necessary for the preparation of materially accurate financial statements from those records; and
• providing the auditor with:
• access to all relevant information;
• such additional information as the auditor needs; and
• unrestricted access to such persons as the auditor needs to address.

ISAs 210 and 200 recognise that some or all of these responsibilities, or close approximations to them, may be set down in law or regulation, and acknowledge specifically that ISAs do not override the law.

Regardless of how well these responsibilities have been enacted in national legislation, the ISA 210 requirement is for the auditor to obtain the agreement of management and those charged with governance, that they acknowledge and understand their responsibilities. This means that the auditor should discuss them and include them in the engagement letter.

It will also be wise to discuss at this stage:

• ISA 260 Communication with those charged with governance and the requirement for the auditor to monitor the adequacy of the two-way communication process; and
• ISA 580 Written representations under which the auditor will require confirmation that the directors have fulfilled their responsibilities for the preparation of the financial statements and for providing all relevant information.

If management or those charged with governance seek to impose a limitation of scope on an audit that will result in the auditor disclaiming an opinion, the appointment should be declined [ISA 210.7].

What happens when the preconditions for an audit are not met?

Apart from the special situation of an unacceptable financial reporting framework that can be dealt with in the manner described above, the auditor must not accept an appointment where the preconditions are not met.

There may very occasionally be a difficult judgement call to be made if, from past experience, the auditor feels that management and those charged with governance are only giving lip service to their acceptance of responsibilities as preparers of financial statements.

How do auditors confirm the terms?

ISA 210.11 admits the possibility of a shortened engagement letter referring to the applicability of legislation that prescribes the audit in sufficient detail. However, it requires that management’s acknowledgement of its responsibilities is documented. If the wording of legislation that spells out their responsibilities is equivalent to those set out in the ISA, it may be used instead of the ISA wording. Cross-referencing to legislation without including it would be unhelpful; the best practical approach is to set out the terms of engagement in a self-contained letter, and to evidence the agreement by having directors sign a copy.

The key elements of the agreement are set out in the requirements section of the ISA, although generally not in words that can be “pasted” into a model engagement letter (except for management’s responsibilities, as noted earlier). The application material contains further guidance on the contents of engagement letters.

The model letter included in ISA 210 needs to conform to local requirements. Accordingly, firms need to draft their own letters or seek guidance from their usual sources of audit material.

How many letters are needed in a group situation?

Whether or not the parent auditor needs to write separately to each group component auditor is left to the auditor’s judgement. Relevant criteria are set out in the application material but there is a need to consider who appoints the component auditor, whether a separate auditor’s report is to be issued on the component, legal requirements for audit appointments, the degree of ownership by the parent and the degree of independence of the component’s management from the parent entity.

Is a new letter needed every year?

Again, auditor judgement is needed here. The application material gives some guidance on the factors which may make it appropriate to revise the terms of the audit engagement or to remind the entity of existing terms. These include indications that there is some misunderstanding about the objective and scope of the audit, revised or special terms, a recent change of senior management or a significant change in the ownership, nature or size of the entity’s business. The ISA also highlights external factors such as changes in legal or regulatory requirements, a change in the financial reporting framework adopted or a change in other reporting requirements which may also trigger a need to revise the terms of the audit engagement or to remind the entity of existing terms [ISA 210.A30].

What about changes in the terms?

This section of the ISA is clear:

• the auditor shall not agree to a change in the terms of the audit engagement where there is no reasonable justification for doing so;
• if, prior to completing the audit engagement, the auditor is requested to change the audit engagement to one that conveys a lower level of assurance, the auditor shall determine whether there is reasonable justification for doing so; and
• if the terms of the audit engagement are changed, the auditor and management shall agree on and record the new terms of the engagement in an engagement letter or other suitable form of written agreement.

If the auditor is unable to agree to a change of the terms of the audit engagement and is not permitted by management to continue the original audit engagement, the auditor shall:

• withdraw from the audit engagement, where possible, under applicable law or regulation; and
• determine whether there is any obligation, either contractual or otherwise, to report the circumstances to other parties, such as those charged with governance, owners or regulators [ISA 210.14-17].