We are a Dallas, Texas CPA firm specializing in audit, review, compilation, and agreed upon procedures services for Texas businesses in a wide range of industries and sizes.
"If law or regulation prescribes a specific layout, form, or wording of the auditor's report that significantly differs from the requirements of GAAS, the auditor should evaluate
whether users might misunderstand the auditor's report and, if so,
whether the auditor would be permitted to reword the prescribed form to
be in accordance with the requirements of GAAS or attach a separate
report.
If the auditor determines that rewording the prescribed form or attaching a separate report would not be permitted or would not mitigate the risk of users misunderstanding the auditor's report, the auditor should not accept the audit engagement unless the auditor is required by law or regulation to do so. An audit performed in accordance with such law or regulation does not comply with GAAS. Accordingly, for such an audit, the auditor should not include any reference to the audit having been performed in accordance with GAAS within the auditor's report."
If a law or regulation prescribes the structure and wording of the auditor's report and it's not in accordance with GAAS, the Auditor needs to decide whether users might misunderstand the report; if the Auditor thinks they would, he should reword it to be in accordance with GAAS, or refuse to accept the engagement. If he does decide to issue that report, he should not reference GAAS, because the report is not in compliance with GAAS.
".14 The auditor should not agree to a change in the terms of the audit engagement when no reasonable justification for doing so exists. (Ref: par. .A35– .A37) .15 If, prior to completing the audit engagement, the auditor is requested to change the audit engagement to an engagement for which the auditor obtains a lower level of assurance, the auditor should determine whether reasonable justification for doing so exists. (Ref: par. .A38–.A39) .16 If the terms of the audit engagement are changed, the auditor and management should agree on and document the new terms of the engagement in an engagement letter or other suitable form of written agreement. .17 If the auditor concludes that no reasonable justification for a change of the terms of the audit engagement exists and is not permitted by management to continue the original audit engagement, the auditor should
withdraw from the audit engagement when possible under applicable law or regulation,
communicate the circumstances to those charged with governance, and
determine whether any obligation, either legal, contractual, or otherwise, exists to report the circumstances to other parties, such as owners, or regulators."
Management might request a change in terms of an audit engagement for the following reasons:
a change in circumstances affecting the need for the service
a misunderstanding about the nature of an audit as originally requested
a restriction on the scope of the audit engagement
The Auditor should consider the implications of a change to terms of the engagement and particularly the restriction on the scope of the audit. The above listed reasons might be acceptable, but the request to reduce the scope of the audit might not be acceptable if it's due to the Auditor finding misstatements or not being able to obtain sufficient appropriate audit evidence.
If the Auditor is requested to reduce the level of assurance of the engagement (e.g., from an audit to a review), the Auditor should assess the reasons for doing so. If the Auditor accepts the change, the Auditor should narrow his work and documentation and report to the terms of the new engagement. For example, in the final report, the Auditor should not make reference to:
the original audit engagement
any procedures that were performed in the original engagement
"On recurring audits, the auditor should assess whether circumstances require the terms of the audit engagement to be revised. If the auditor concludes that the terms of the preceding engagement need not be revised for the current engagement, the auditor should remind management of the terms of the engagement, and the reminder should be documented."
A recurring audit engagement is an audit engagement for an existing audit client for whom the auditor performed the preceding audit. Each year the Auditor performs the engagement he should determine whether the terms of the engagement should be revised. Typical factors that weigh into his decision might be:
Any indication that management misunderstands the objective and scope of the audit
Any revised or special terms of the audit engagement
A change of senior management
A significant change in ownership
A significant change in the nature or size of the entity's business
A change in legal or regulatory requirements
A change in the financial reporting framework adopted in the preparation of the financial statements
A change in other reporting requirements
If there are no changes to the terms of the engagement, the auditor should remind the client what the terms are, in either written or oral form. If orally, the Auditor should document with whom the discussion took place, when, and the significant points discussed.
".11 Before accepting an engagement for an initial audit, including a reaudit engagement, the auditor should request management to authorize the predecessor auditor to respond fully to the auditor's inquiries regarding matters that will assist the auditor in determining whether to accept the engagement. If management refuses to authorize the predecessor auditor to respond, or limits the response, the auditor should inquire about the reasons and consider the implications of that refusal in deciding whether to accept the engagement. .12 The auditor should evaluate the predecessor auditor's response, or consider the implications if the predecessor auditor provides no response or a limited response, in determining whether to accept the engagement."
When considering accepting a new audit engagement, the Auditor must speak with the predecessor auditor regarding matters that will help him decide whether to accept the client or not. Typically, the Auditor will submit a proposal to the potential client, but this proposal will include a statement that the proposal is not final until the Auditor has held discussions with and evaluated the responses of the predecessor auditor. If management refuses to allow the Auditor to hold discussions with the predecessor auditor, the Auditor should consider the implications of that refusal when deciding whether to accept the engagement.
The predecessor auditor is not required to speak to every proposing audit firm; instead the potential client should accept a single Audit firm, so that the predecessor auditor only has to speak to one Auditor regarding the engagement.
Professional standards require an Auditor to keep confidential any information about the client or the engagement unless given authorization from management. As such, the new Auditor will prepare a letter for management to sign and send to the predecessor auditor that gives the predecessor auditor permission to provide information to the new Auditor; and the new Auditor should hold those discussions in confidence.
Professional standards require auditors to cooperate with each other, which provides the basis for the predecessor auditor being expected to cooperate with the inquiries. If he is not able to because of litigation or other matters, he must specifically say that the response is limited and for what reasons.
Typical talking points of the discussion between the predecessor auditor and the new auditor include:
Information that might bear on the integrity of management
Disagreements with management about accounting policies, auditing procedures, or other similarly significant matters
Communications to those charged with governance regarding fraud and noncompliance with laws or regulations by the entity
Communications to management and those charged with governance regarding significant deficiencies and material weaknesses in internal control
The predecessor auditor's understanding about the reasons for the change of auditors
".09 The auditor should agree upon the terms of the audit engagement with management or those charged with governance, as appropriate. (Ref: par. .A20–.A21) .10 The agreed-upon terms of the audit engagement should be documented in an audit engagement letter or other suitable form of written agreement and should include the following: (Ref: par. .A22–.A26)
The objective and scope of the audit of the financial statements
The responsibilities of the auditor
The responsibilities of management
A statement that because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with GAAS
Identification of the applicable financial reporting framework for the preparation of the financial statements
Reference to the expected form and content of any reports to be issued by the auditor and a statement that circumstances may arise in which a report may differ from its expected form and content."
Depending on the size and complexity of the organization, the Auditor should agree on the terms of the engagement with management or those charged with governance, or both. The agreement on these terms includes the agreement by management of its responsibilities laid out in AU-C Section 210.06. This is required even if the audit is contracted by a third party.
An engagement letter or agreement should be put into place so that both parties understand their responsibilities, and it reduces the risk that management relies on the Auditor to perform the duties that are management's responsibilities.
The engagement letter must make reference to the following items:
Elaboration of the scope of the audit, including reference to applicable legislation, regulations, GAAS, and ethical and other pronouncements of professional bodies to which the auditor adheres
The form of any other communication of results of the audit engagement
Arrangements regarding the planning and performance of the audit, including the composition of the audit team
The expectation that management will provide written representations
The agreement of management to make available to the auditor draft financial statements and any accompanying other information in time to allow the auditor to complete the audit in accordance with the proposed timetable
The agreement of management to inform the auditor of events occurring or facts discovered subsequent to the date of the financial statements, of which management may become aware, that may affect the financial statements
The basis on which fees are computed and any billing arrangements
A request for management to acknowledge receipt of the audit engagement letter and to agree to the terms of the engagement outlined therein, as may be evidenced by their signature on the engagement letter
The engagement letter should also include the following items when relevant:
Arrangements concerning the involvement of other auditors and specialists in some aspects of the audit
Arrangements concerning the involvement of internal auditors and other staff of the entity
Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit
Any restriction of the auditor's liability when not prohibited
Any obligations of the auditor to provide audit documentation to other parties
Additional services to be provided, such as those relating to regulatory requirements
A reference to any further agreements between the auditor and the entity
If the entity under audit includes both a parent and a component, the Auditor might need to get a separate engagement letter from the component if:
the component engaged the auditor
if a separate auditor's report is being issued on the component
it's is required for legal reasons
if the parent doesn't own a substantial piece of it
if the parent's management is generally independent of the management of the component
"If management or those charged with governance of an entity that is not required by law or regulation to have an audit impose a limitation on the scope of the auditor's work in the terms of a proposed audit engagement, such that the auditor believes the limitation will result in the auditor disclaiming an opinion on the financial statements as a whole, the auditor should not accept such a limited engagement as an audit engagement. If management or those charged with governance of an entity that is required by law or regulation to have an audit imposes such a scope limitation and a disclaimer of opinion is acceptable under the applicable law or to the regulator, the auditor is permitted, but not required, to accept the engagement."
As such, if the Auditor expects to disclaim an opinion on the audit, there is no use accepting the audit in the first place. Some scope limitations that would not preclude the Auditor from accepting the engagement include:
a management-imposed restriction that results in only a qualified opinion (i.e., not a disclaimer)
a restriction beyond management's control
Audits of employee benefit plans are those that require a disclaimer of opinion due to a scope limitation, but the law/regulation requires them and accepts them. As such, the Auditor can decide whether or not to accept this type of engagement.
AU-C Section 210.06b says: "The auditor should...obtain the agreement of management that it acknowledges and understands its responsibility:
for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework;
for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; and
to provide the auditor with
access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters;
additional information that the auditor may request from management for the purpose of the audit; and
unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence."
An audit is conducted under the premise that management has the responsibility to prepare its own financial statements, design and implement its own internal control, and provide the Auditor with access to all information and personnel he needs to conduct his audit.
The Auditor can assist in preparing the financial statements using information provided by management (e.g., the trial balance, schedules, contracts, etc.); however, management must take full responsibility for the preparation of those financial statements as well as its internal controls. There are different levels of responsibility between management and those charged with governance over the financial statements and internal controls, depending on the size or complexity of the entity (e.g., the execution and review/oversight functions).
The Auditor will request written representations from management that it has fulfilled its responsibilities according to the premise. If management will not acknowledge its responsibilities, the Auditor will be unable to obtain sufficient appropriate evidence, and should consider not accepting the engagement.
Management must maintain appropriate internal control to ensure the financial statements are free from material misstatement, but internal controls will not prevent all misstatements (because of the limitations of an audit). An audit under GAAS should not be used as a substitute for proper internal controls; as such, the Auditor is required to obtain from management an agreement that it has acknowledges and understands it has responsibility to design, implement, and maintain appropriate internal controls. The internal control of the entity will reflect its needs, and need not be overly complex or costly.
"the auditor should...determine whether the financial reporting framework to be applied in the preparation of the financial statements is acceptable"
An applicable financial reporting framework gives management a criteria to use when preparing its financial statements, and it gives the Auditor a criteria to use when auditing those financial statements. Without a financial reporting framework, there is no basis against which to compare the financial statements to.
An Auditor should understand the following areas in order to determine whether the financial reporting framework is appropriate:
the nature of the entity (e.g., whether it is a for-profit, governmental, or non-profit entity)
the purpose of the financial statements (e.g., how do the users prefer to see the financial information)
the nature of the financial statements (e.g., whether they are a complete set or a single statement)
whether law or regulation prescribes the appropriate framework
In some cases, there are a wide range of users of the financial statements; therefore, a general purpose framework (such as Generally Accepted Accounting Principles) is appropriate. In some cases, the needs of the financial statement users may be more specific and may require a special purpose framework (.e.g, tax basis).
"The auditor should...establish whether the preconditions for an audit are present..."
The preconditions for an audit are the use by management of an acceptable financial reporting framework in the preparation and fair presentation of the financial statements and the agreement of
management and, when appropriate, those charged with governance, to the premise on which an audit is conducted.
The premise is that the management and those charged with governance acknowledge and understand their responsibility:
for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework;
for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; and
to provide the auditor with
access to all information of which management and, when appropriate, those charged with governance are aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters;
additional information that the auditor may request from management and, when appropriate, those charged with governance for the purpose of the audit; and
unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence.
AU-C Section 210.01-03 says: "Scope of This Section
.01 This section addresses the auditor's responsibilities in agreeing upon the terms of the audit engagement with management and, when appropriate, those charged with governance. This includes establishing that certain preconditions for an audit, for which management and, when appropriate, those charged with governance are responsible, are present.Section 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards, addresses those aspects of engagement acceptance that are within the control of the auditor. (Ref: par. .A1)
Effective Date
.02 This section is effective for audits of financial statements for periods ending on or after December 15, 2012.
Objective
.03 The objective of the auditor is to accept an audit engagement for a new or existing audit client only when the basis upon which it is to be performed has been agreed upon through
establishing whether the preconditions for an audit are present and
confirming that a common understanding of the terms of the audit engagement exists between the auditor and management and, when appropriate, those charged with governance."
In the subsequent blog posts and videos related to AU-C Section 210, Terms of Engagement, we will gain an understanding of the Auditor's responsibilities for agreeing upon the terms of the audit engagement with management and those charged with governance. This includes the determination of whether we are able to perform the engagement, as well as the responsibilities of the client's management.
AU-C Section 210 is effective for financial statements with periods ending on or after December 15, 2012, and it includes the requirements laid out in SAS 122.
The objective of the Auditor in complying with AU-C Section 210 is that the Auditor only accepts an audit engagement when an agreement is in place establishing the preconditions for the audit and confirming the terms of the engagement between the entity's management and the Auditor's firm.
Subsequent blog posts and videos will address the requirements necessary to achieve these objectives.
