Accepting new audit engagements (ISA 210): What are needed to consider?
Updated: Aug 18, 2020
The external auditors provide different types of audit and non-audit services to their clients. For many company’s audits, they are responsible to examine the company’s financial record and report back to the shareholders. The audit report is generally given in the form of an opinion that the external auditors provide based on their findings during the audit process.
Having new clients is good for any audit firm. However, before agreeing to provide external audit services to a new client, the external auditors must consider some factors.
This is because the auditors will not have prior experience with the management or those charged with governance of new client business. They probably don’t fully understand of the business, its nature, transactions, and the risks associated with the business that affect its financial statements.
The international auditing standard that deals with agreeing on the terms of new audit assignments is 'ISA 210 - Agreeing the Terms of Audit Engagements'. This standard provides various guidelines on accepting new engagements. However, before considering the standard for the various guidelines, an audit firm must evaluate any ethical issues with accepting the new audit engagement.
What does IFAC’s code say on accepting new clients?
Before considering the provisions of the ISA 210, auditors must determine if accepting the engagement will pose any threats to the independence and objectivity of the auditors.
These threats are defined in the International Ethics Standards Board for Accountants (under International Federation of Accountants) Code of Ethics.
The types of threats that may exist are self-interest threat, self-review threat, advocacy threat, intimidation threat, and familiarity threat.
For example, if the audit partner in the audit firm owns shares of the client business, a company, then the audit firm is posed to a self-interest threat. The audit partner may not disclose any misstatements within the financial statements of the client business if they believe that disclosing the misstatements may result in the share prices of the company being affected negatively.
If such threats can be identified for the engagement, then the external auditors must either eliminate the threat or reduce the threat to an acceptable level.
So, for the above example, the audit partner may consider selling all of their shares of the company or at least selling enough shares of the company that the auditing process is not disrupted by it.
The audit firm may also consider assigning a different partner to the assignment, one that does not have connections to the company.
After considering all the threats faced by the audit firm by accepting a new engagement, if some threats cannot be eliminated or reduced to a minimum level, either because the threat is too significant or appropriate safeguards cannot be applied, then the auditor should not accept the new audit and assurance engagement. If the engagement has already been accepted, then the auditors should resign from the audit engagement.
Guidelines from ISA 210 on conditions to accept a new client
As we mentioned above, the international auditing standard that deals with accepting new engagements is the ‘ISA 210 - Agreeing the Terms of Audit Engagements’. This standard only deals with the aspects of audit that are within the control of the auditor. Regarding accepting new engagements, the standard states:
The objective of the auditor is to accept or continue an audit engagement only when the basis upon which it is to be performed has been agreed, through:
(a) Establishing whether the preconditions for an audit are present; and
(b) Confirming that there is a common understanding between the auditor and management and, where appropriate, those charged with governance of the terms of the audit engagement.
Preconditions for an audit
One of the two prerequisites when determining whether to accept a new audit and assurance engagement is establishing whether the preconditions for the audit are met by the client. Regarding the preconditions for an audit, ISA 210 states:
Preconditions for an audit – The use by management of an acceptable financial reporting framework in the preparation of the financial statements and the agreement of management and, where appropriate, those charged with governance to the premise on which an audit is conducted.
According to the standard, the preconditions of an audit engagement require the auditor to:
Determine whether an acceptable financial reporting framework has been used in the preparation of the financial statements of the business.
Obtain an agreement from the management of the business that they acknowledge and understand their responsibilities towards:
Preparation of the financial statements of the business in accordance with the applicable financial reporting framework (often the IFRS) which includes the fair representation of these financial statements when relevant.
Establishing internal control necessary for the financial statements of the business to give a true and fair view.
Providing the auditors any information that is relevant to the preparation of the financial statements or the purpose of audit, and provide them access to individuals within the business, from whom auditors deem necessary to obtain audit evidence.
If any of the preconditions of an audit are not met, then the auditor must discuss the matter with the management of the business. In case the issue is not resolved, the auditor must not accept the engagement.
Audit engagement terms agreement
Once the preconditions of audit are met, the auditor should agree on the terms of the audit engagement with the management of those charged with governance. The terms that should be agreed including:
The objective and scope of the audit.
The responsibilities of the auditor and the management.
The identification of the applicable financial reporting framework for the preparation of the financial statements.
Reference to the expected form and content of any reports to be issued by the auditor.
A statement that the expected form and content of the report may be different in some circumstances.
If the audit engagement terms are already defined by law or regulation, then the agreement will only contain a reference to the law and may not contain all the information above. Any terms that are not prescribed by law and regulation but may be required by the standard should be explicitly mentioned in the agreement.
Procedures for accepting non-audit engagements
Sometimes, auditors may also be approached to provide non-audit services by a client business. These services may include tax planning, bookkeeping, advisory, forensic investigations, etc.
Before accepting non-audit engagements, auditors must also consider any ethical issues that will be raised if they accept the assignments.
Auditors must also determine the effect, if any, that accepting the assignment will have on their audit engagement with the client business.
If non-audit engagements pose threats to the objectivity and independence of the auditor, then the auditor must eliminate the threats or reduce them to an acceptable level. For example, the firm may choose to provide non-audit services through a different team than the one providing the auditing services.
It is the responsibility of the audit engagement partner to assess the level of threat, the effectiveness of safeguards, and is ultimately responsible for the documentation of the decision regarding acceptance.
The audit committee of the client, under an entity’s corporate governance, is required to be involved in the decision regarding obtaining non-audit services from the auditors. This means when accepting non-audit assignments, auditors should discuss the matter with those charged with governance of the client business and its audit committee before deciding on whether the engagement should be accepted.
If you find this article is helpful and you want to help others too, just share it in any social media (such as Facebook, LinkedIn).