Engagement Terms And Engagement Letters
Help Questions
CPA Auditing and Attestation (AUD) › Engagement Terms And Engagement Letters
A CPA is asked to perform an issuer integrated audit (financial statements and internal control over financial reporting) under PCAOB standards. Management wants the engagement letter to state that management is responsible only for providing access to records, while the auditor will be responsible for internal control. What is required to be included in the engagement letter for an issuer audit under PCAOB standards?
A statement that the audit will be conducted in accordance with International Standards on Auditing (ISA) without reference to PCAOB standards.
A statement that the auditor will provide assurance that the company will remain a going concern for at least 12 months.
A statement that management is responsible for the financial statements and for establishing and maintaining effective internal control over financial reporting.
A statement that the auditor will design, implement, and operate the company’s internal controls during the audit.
Explanation
PCAOB AS 2101 requires the engagement letter for an issuer integrated audit to state management's responsibilities for the financial statements and for establishing and maintaining effective internal control over financial reporting. Management's desire to shift internal control responsibility to the auditor contradicts standards, as the auditor does not assume this role. Choice A aligns with AS 2101 by correctly stating management's responsibilities. Choice B is incorrect as the auditor does not design or operate controls per AS 2101; choice C is incorrect because auditors do not provide going concern assurance in the engagement letter under AS 2415. Choice D is incorrect as PCAOB audits must reference PCAOB standards, not solely ISA, per AS 2101. Auditors should confirm responsibilities in writing to establish clear terms. This framework prevents misunderstandings and ensures compliance with regulatory requirements.
In a nonissuer financial statement audit, the audit documentation includes extensive copies of client invoices and contracts, but it does not clearly document the auditor’s conclusions on key assertions for revenue and the linkage to the procedures performed. The engagement partner is evaluating documentation sufficiency. Which documentation is necessary to support audit conclusions under AICPA standards?
Documentation that clearly shows the objectives of the procedures, the work performed, the results, and the auditor’s conclusions, including significant judgments.
Only a final sign-off checklist, because checklists replace the need to document conclusions.
A separate memo for each transaction tested, because standards require one memo per item selected.
Copies of all client source documents, because quantity of documents alone demonstrates sufficient documentation.
Explanation
AICPA AU-C Section 230 requires documentation that shows procedure objectives, work performed, results, and conclusions, including significant judgments, to support audit opinions. The extensive copies without conclusion linkages fail to meet sufficiency for revenue assertions. Choice A aligns with AU-C 230 by requiring clear documentation of objectives, work, results, and judgments. Choice B is incorrect as quantity does not ensure sufficiency; choice C is incorrect because checklists do not replace conclusions. Choice D is incorrect as standards do not mandate per-transaction memos. Auditors should link documentation to assertions and judgments. This rule ensures comprehensive and defensible audit files.
A CPA is considering accepting a nonissuer financial statement audit engagement. The client had a predecessor auditor who resigned after disputes over proposed adjustments. The prospective auditor has obtained permission from management to contact the predecessor auditor. Under AICPA standards, under what circumstances should the auditor communicate with the predecessor auditor before acceptance?
Only if the client is an issuer, because predecessor communications are required only under PCAOB standards.
Only if the predecessor auditor agrees to reperform the audit procedures for the successor auditor.
Before acceptance, to inquire about management integrity, disagreements, and reasons for the change in auditors.
Only after the prospective auditor has issued the first audit report, because communications are part of the subsequent events review.
Explanation
AICPA AU-C Section 210 requires the prospective auditor to communicate with the predecessor auditor before accepting the engagement to obtain information on management integrity, disagreements, and reasons for the change. The predecessor resigned due to disputes over adjustments, which raises potential integrity or scope issues that must be inquired about prior to acceptance. Choice B aligns with AU-C 210 by specifying communication before acceptance to gather this critical information. Choice A is incorrect as communications must occur before acceptance, not after the first report, per AU-C 210; choice C is incorrect because predecessor communications are required for nonissuers under AICPA standards, not just PCAOB. Choice D is incorrect as the predecessor is not required to reperform procedures under AU-C 210. Auditors should assess predecessor information to inform acceptance decisions and plan accordingly. This judgment framework helps identify risks early and ensures ethical engagement acceptance.
A PCAOB-registered firm is performing an issuer financial statement audit. The engagement team performed walkthroughs and identified a control deficiency but did not document the basis for concluding it was not a material weakness. The engagement partner is evaluating documentation sufficiency under PCAOB standards. Which documentation is necessary to support the conclusion?
A legal letter from the company’s counsel opining on control deficiency severity.
A statement in the audit report that the deficiency is not material, because the report itself is sufficient documentation.
Documentation of the severity evaluation, including likelihood and magnitude considerations, and the evidence supporting the conclusion.
Only the client’s remediation plan, because management’s plan determines severity.
Explanation
PCAOB AS 2201 requires documentation of the evaluation of control deficiency severity, including likelihood and magnitude, to support conclusions on material weaknesses in issuer audits. The lack of basis for the non-material conclusion necessitates documented evidence and rationale. Choice A aligns with AS 2201 and AS 1215 by requiring severity evaluation documentation. Choice B is incorrect as the audit report does not substitute for internal documentation per AS 1215; choice C is incorrect because severity is auditor-determined, not solely by remediation. Choice D is incorrect as legal opinions are not required for severity per AS 2201. Auditors should document evidence-based conclusions on deficiencies. This framework ensures defensible ICFR opinions.
An auditor is drafting an engagement letter for a nonissuer financial statement audit of a manufacturing company. Management requests that the letter state the auditor will “detect all fraud” and “certify the accuracy” of the financial statements. Which engagement letter term is most appropriate under AICPA standards?
State that the auditor will provide absolute assurance and certify that the financial statements are accurate in all respects.
State that the auditor’s responsibility is to express an opinion and that the audit provides reasonable assurance, not a guarantee, regarding material misstatement due to fraud or error.
State that management is not responsible for internal control because the auditor will design and maintain controls during the audit.
Omit any discussion of fraud because fraud responsibilities are implied by the issuance of an audit report.
Explanation
AICPA AU-C Section 210 requires engagement letters to clearly state the auditor's responsibility to express an opinion based on reasonable assurance, not absolute assurance or a guarantee against misstatements. Management's request for statements on detecting all fraud and certifying accuracy misaligns with standards, as audits provide reasonable but not absolute assurance. Choice B correctly reflects AU-C 210 and AU-C 240 by stating the auditor's responsibility for an opinion with reasonable assurance regarding material misstatements due to fraud or error. Choice A is incorrect as auditors do not provide absolute assurance or certification under AU-C 200; choice C is incorrect because management retains responsibility for internal control per AU-C 210. Choice D is incorrect as fraud responsibilities must be explicitly addressed in the engagement letter per AU-C 210, not omitted. Auditors should use professional judgment to draft letters that accurately reflect responsibilities and manage client expectations. This framework ensures mutual understanding and reduces engagement risks.
In an issuer financial statement audit under PCAOB standards, the engagement team documents significant findings in separate memos but does not include cross-references to the underlying evidence in the workpapers. The engagement partner is evaluating whether documentation is sufficient to enable an experienced auditor to understand the work performed. Which documentation approach best meets PCAOB documentation sufficiency expectations?
Include cross-references or other clear links from significant findings and conclusions to the supporting evidence and procedures in the workpapers.
Document only review notes resolution, because that demonstrates sufficient engagement quality.
Maintain memos without cross-references, because experienced auditors can infer the evidence from the conclusion.
Rely on oral explanations from team members during inspection rather than written cross-references.
Explanation
PCAOB AS 1215 requires audit documentation to include clear links from findings and conclusions to supporting evidence via cross-references, enabling an experienced auditor to understand the work. The separate memos without references fail to meet this linkage requirement. Choice B is correct as it emphasizes cross-references to evidence, aligning with AS 1215. Choice A is incorrect because lack of references hinders understanding; choice C is incorrect as written links are required over oral. Choice D is incorrect as review notes alone do not suffice. Auditors should use cross-references for traceability. This framework facilitates inspections and quality control.
A CPA is drafting an engagement letter for a nonissuer financial statement audit of a private equity fund. The fund administrator will prepare the financial statements, and management requests that the auditor accept responsibility for drafting the statements and related disclosures. Which engagement letter term is most appropriate under AICPA standards?
State that management is responsible for the preparation and fair presentation of the financial statements in accordance with the applicable framework.
State that responsibility for the financial statements is shared equally by management and the auditor.
Omit responsibility language because it is understood in practice and not required in an engagement letter.
State that the auditor is responsible for preparing the financial statements and disclosures as part of the audit.
Explanation
AICPA AU-C Section 210 requires the engagement letter to state management's responsibility for the preparation and fair presentation of financial statements in accordance with the applicable framework. The request to shift drafting responsibility to the auditor contradicts standards, as management retains this duty. Choice B is correct as it accurately states management's responsibility per AU-C 210. Choice A is incorrect because auditors do not prepare statements as part of the audit; choice C is incorrect as responsibilities are not shared equally. Choice D is incorrect as responsibility language is required in letters per AU-C 210. Auditors should clarify roles to avoid conflicts. This framework establishes accountability and reduces risks.
In a nonissuer financial statement audit, the auditor performed sampling for accounts payable and concluded completeness was fairly stated. The documentation lists the sample size but does not identify the specific items selected or how they were selected. The partner is deciding whether documentation is sufficient. Which documentation is necessary to support this audit conclusion under AICPA standards?
Identification of the population, sampling method, and the specific items selected (or other means to identify the items tested), along with results.
Only the sample size and a statement that sampling risk was considered, because item identification is not required.
A list of all vendor invoices for the year, because including the entire population replaces the need to document the sample.
A memo stating that the auditor used professional judgment, without describing the items tested, because judgment is sufficient support.
Explanation
AICPA AU-C Section 230 requires documentation for sampling to identify the population, method, specific items selected, and results to support conclusions. The lack of item identification and selection details undermines sufficiency for the completeness conclusion. Choice A aligns with AU-C 230 and AU-C 530 by specifying required sampling documentation. Choice B is incorrect as item identification is required per AU-C 530; choice C is incorrect because full populations do not replace sample documentation. Choice D is incorrect as judgment alone without details is insufficient. Auditors should ensure sampling documentation allows procedure replication. This rule supports reliable testing conclusions.
A CPA is preparing an engagement letter for a nonissuer financial statement review under AICPA SSARS. Management asks the accountant to describe the engagement as providing “audit-level assurance.” Which engagement letter language is most appropriate?
State that the accountant will express an opinion on the financial statements and will confirm receivables.
State that a review provides reasonable assurance and includes obtaining an understanding of internal control and tests of details.
Omit a description of the level of assurance to avoid confusing users.
State that a review provides limited assurance primarily through inquiry and analytical procedures and does not express an audit opinion.
Explanation
AICPA AR-C Section 90 requires review engagement letters to describe the limited assurance provided through inquiry and analytical procedures, without expressing an audit opinion. Management's request for 'audit-level assurance' misrepresents the review's scope, which is less than an audit. Choice B aligns with AR-C 90 by correctly stating the limited assurance and procedures. Choice A is incorrect as reviews do not provide reasonable assurance or include internal control understanding per AR-C 90; choice C is incorrect because reviews do not express opinions or require confirmations. Choice D is incorrect as the level of assurance must be described per AR-C 90. Accountants should clarify service scope in letters to manage expectations. This framework aids in distinguishing assurance levels and avoiding liability.