Acceptance decisions for audit and assurance engagements

Relevant to ACCA Qualification Paper P7

The syllabus for Paper P7, Advanced Audit and Assurance includes Professional Appointments (syllabus reference C4). The learning outcomes include the explanation of matters that should be considered and procedures that should be followed by a firm before accepting a new client, a new engagement for an existing client, or agreeing the terms of any new engagement. The engagement may be an audit, or it may be a non-audit or assurance engagement. Acceptance decisions are crucially important, because new clients and/or engagements can pose threats to objectivity, or create risk exposure to the firm, which must be carefully evaluated. One of the current issues being debated in the profession is whether there should be an outright ban on the provision of non-audit services to audit clients. In addition, new International Standard on Auditing (ISA) requirements compel the firm to establish whether preconditions for an audit are present when faced with a potential new audit engagement. All of these factors mean that acceptance decisions must be taken with care.


Accepting new audit clients

IFAC’s Code of Ethics for Professional Accountants states: ‘Before accepting a new client relationship, a professional accountant in public practice shall determine whether acceptance would create any threats to compliance with the fundamental principles. Potential threats to integrity or professional behaviour may be created from, for example, questionable issues associated with the client (its owners, management or activities).’ This means that when approached to take on a new client, the firm should investigate the potential client, its owners and business activities in order to evaluate whether there are any questions over the integrity of the potential client which create unacceptable risk. These investigative actions are usually performed as ‘know your client/customer’ or ‘customer due diligence’ procedures, which are also carried out in order to comply with anti-money laundering regulations.

Once a client has been accepted, the firm should consider the suitability of the specific engagement it has been asked to perform. In particular there may be ethical threats which mean that the engagement should not be accepted, in particular whether there are any threats to objectivity. Potential threats could arise for example, if members of the audit firm hold shares in the client or there are family relationships. If threats are discovered, it may not mean that the client must be turned down, as safeguards could potentially reduce the threats to an acceptable level.

There may be other ethical matters to evaluate in relation to a potential new engagement, for example, whether any conflict of interest or confidentiality issues could arise, and if so, whether appropriate safeguards can be put in place. Also, the firm’s competence to perform the potential work should be evaluated, especially if the potential client operates in a specialised industry, or if the client has a complex structure. A self-interest threat to professional competence and due care is created if the engagement team does not possess, or cannot acquire, the competencies necessary to properly carry out the engagement. Practical matters such as the resources needed to perform the work, the deadline for completion, and logistics like locations and geographical spread will have to be looked into as well.

Obviously, these matters need to be evaluated in the specific context of the potential engagement, and should be fully documented. Different types of potential engagement will give rise to different matters that should be evaluated. For example, if the firm is asked to perform the audit of a large group of companies with operations in many countries, then resourcing the audit may be the most significant issue. The fee may be large, leading to a self-interest threat of fee dependence. On the other hand, if asked to perform the audit of a small owner-managed company, fee dependence is less likely to be an issue, but threats potentially created by the auditor appearing to make management decisions could be significant. In answering requirements on client and engagement acceptance, candidates are warned that their comments must be made specific to the scenario presented to them in order to pass the requirement.

Commercially, an engagement should be profitable to make it worthwhile for the firm. But the firm must take care that commercial considerations do not outweigh other matters to be considered.

IFAC’s Code makes it clear that acceptance decisions are not to be treated as a one-off matter. The Code states: ‘It is recommended that a professional accountant in public practice periodically review acceptance decisions for recurring client engagements.’ Changes in the circumstances of either the client, or the audit firm may mean that an engagement ceases to be ethically or professionally acceptable or creates a heightened level of risk exposure. Therefore, client continuance assessments are important and should be fully documented.
 

Preconditions for an audit

Once a firm has decided to go ahead with an audit engagement, it must comply with the requirements of ISA 210, Agreeing the Terms of Audit Engagements. ISA 210 was revised as part of the International Auditing and Assurance Standards Board’s Clarity Project, with new requirements to perform specific procedures in order to establish whether the preconditions for an audit are present.

ISA 210 defines preconditions for an audit as follows: ‘The use by management of an acceptable financial reporting framework in the preparation of the financial statements and the agreement of management and, where appropriate, those charged with governance to the premise on which an audit is conducted’. This means that the auditor must do two things. First, the auditor must determine the acceptability of the financial reporting framework to be applied in the preparation of the financial statements. This includes evaluating whether law or regulation prescribes the applicable financial reporting framework, considering the purpose of the financial statements, and the nature of the reporting entity (for example, whether a listed company or a public sector entity). In most cases this will simply be a matter of confirming with the client that the financial statements will be prepared under International Financial Reporting Standards, or other national reporting framework.

Second, the auditor must obtain the agreement of management that it acknowledges and understands its responsibility:

  • For the preparation of the financial statements in accordance with the applicable financial reporting framework.
  • For internal controls to enable the preparation of financial statements which are free from material misstatement, whether due to fraud or error.
  • To provide the auditor with access to all information necessary for the purpose of the audit.

In relation to the final bullet point, if management impose a limitation on the scope of the auditor’s work in the terms of a proposed audit engagement, the auditor should decline the audit engagement if the limitation could result in the auditor having to disclaim the opinion on the financial statements. The engagement should also be declined if the financial reporting framework is unacceptable, or if management fail to provide the agreement outlined above. (ISA 580, Written Representations also requires that management provide written representations regarding its responsibilities in relation to the preparation of financial statements.)


Accepting non-audit assignments

It is very common for audit clients to approach their auditor for the provision of additional services, ranging from audit related services such as tax planning and bookkeeping, to other engagements such as due diligence and forensic investigations. The audit firm must again carefully consider whether it is ethically and professionally acceptable to take on the additional service.

The main ethical threat created by the provision of non-audit services is the threat to objectivity. The threats created are most often self-review, self-interest and advocacy threats and if a threat is created that cannot be reduced to an acceptable level by the application of safeguards, the non-audit service shall not be provided. The UK Auditing Practices Board’s (APB) Ethical Standard 5, Non-audit services provided to audit clients contains similar principles, and emphasises the ‘management threat’ which exists when the audit firm makes decisions and judgments that are properly the responsibility of management.

Both the Code and ES 5 outline a principles-based approach to determining the acceptability of a non-audit service to an audit client. With a few exceptions, if safeguards can reduce threats to an acceptable level then the service may be provided. Safeguards could include using separate teams to provide the various services to the client, and the use of second partner review or Engagement Quality Control Review. ES 5 specifies that it is the audit engagement partner who should evaluate the level of threat, the effectiveness of safeguards, and is ultimately responsible for the documentation of the acceptance decision.

The provision of non-audit services to audit clients continues to be debated by the profession. Many argue in favour of outright prohibition as being the only measure which can totally safeguard auditor’s objectivity. However, it is accepted that audit firms are best placed to provide audit clients with additional services due to the knowledge of the business which they already possess, leading to a lower cost and higher quality service than that would be provided by a different firm. In 2010 the APB issued a feedback and consultation paper The provision of non-audit services by auditors , which prompted continued discussion of these issues and recommended a number of measures to:

  • Increase the rigour with which auditors assess threats to their independence
  • Introduce a new non-audit services disclosure regime and
  • Increase the role of Audit Committees in overseeing the retention of a company’s auditors to undertake non-audit services.

The final bullet point is important as it links to corporate governance. Under many codes of corporate governance, including the UK Corporate Governance Code , the client’s audit committee should be involved with any decision as to whether the audit firm can be engaged to provide a non-audit service. Therefore, when approached to provide a non-audit service to an audit client, there should be full discussion with those charged with governance, including the audit committee, with a view to seeking approval for the engagement to go ahead.

As well as considering independence and objectivity, audit firms should remember that the fundamental ethical principles apply to non-audit services, just as they apply to audits. Therefore, when considering whether to provide a non-audit service, the firm should evaluate its competency to perform the work, whether confidentiality is an issue, and that it is able to comply with all relevant laws and regulations.

As discussed above, in answering requirements to do with non-audit services, candidates’ answers must apply knowledge to the specific scenario provided in order to score well.


Conclusion

The evaluation of new engagements is a crucial part of successful practice management. The current debate over the acceptability of auditors providing non-audit services to their audit clients indicates that ethical matters will continue to play an important part in acceptance decisions.

Written by a member of the Paper P7 examining team