Audit Engagement Letters: Audit Terms, Templates, & How to Prep (2024)

Most people have some degree of familiarity with contracts, but the nuances of contractual requirements related to an audit engagement are not always understood. If you are looking to engage an auditor, or if you have an existing engagement letter with an auditor, it is important to understand these nuances and the requirements for audit engagement terms. This article will cover the circ*mstances under which an engagement letter should be issued, how an audit engagement letter is written, who prepares the engagement letter, and the required and recommended audit engagement terms to include.

What is an Audit Engagement?

An audit engagement is an agreement between a client and an independent third-party auditor to perform an audit of some element of the client’s business, such as accounting records, financial statements, internal controls, regulatory compliance, information systems, operational processes, etc. More information on what auditors do and the different types of audit engagements can be found in a previous post.

The purpose of engaging a third-party auditor is to obtain an unbiased and independent opinion on the organization’s ability to achieve the specified audit criteria. Your auditor should be a subject matter expert who provides value in delivering conclusions on the effectiveness of business processes and controls, while alerting the company of any risks identified.

Audit Engagement Letters: Audit Terms, Templates, & How to Prep (1)

Is an Engagement Letter Required For an Audit?

Why is the engagement letter necessary before the start of an audit? In any business arrangement, a contractual agreement is needed to specify the terms of engagement. For audit engagements, the contractual agreement is referred to as an engagement letter. The engagement letter is a legally binding document and the purpose of the engagement letter is to:

  • Specify the parties of the audit engagement.
  • Define the scope of the audit, including the in-scope services and systems.
  • Specify the timeline of the audit and related deliverables.
  • Define the fee arrangement for the audit.
  • Communicate the limitations of the services provided.
  • Outline the auditor’s and management’s responsibilities.
  • The expected duration of the audit, and often the expected completion date of the audit.

The engagement letter will also describe the limitations of the audit engagement, and it should include the terms and conditions of the agreement. As with all contracts, engagement letters are used to mitigate risk related to the business arrangement and the relationship between the parties involved in the arrangement, including the risk of misunderstandings between the parties.

Who Prepares an Audit Engagement Letter?

Audit engagement letter templates are issued by the American Institute of Certified Public Accountants (AICPA). As the governing body for public accounting, the AICPA has developed standards for audit engagements, including guidance for the terms of engagement and the required terms under which an audit engagement must be performed. Your designated audit firm will prepare the specific terms of engagement using the appropriate AICPA-issued engagement letter template.

It should be noted that there are many terms for audit engagements that are deemed required by the AICPA and therefore unable to be negotiated. Such requirements include terms specifying management’s obligation to submit assertions and representations relative to the control environment, inherent limitations of an examination engagement, responsibilities of each of the engaging parties, etc. Be aware that your company’s legal counsel may not be able to request that the engagement letter be prepared on the company’s own paper, and counsel may be limited in negotiating the terms of engagement.

What are the Major Elements of an Audit Engagement Letter?

The content of the engagement letter will vary based on the audit engagement, but all engagement letters will, at a minimum, include the scope of services and related deliverables, the fee arrangement, and terms and conditions. For a SOC 2 audit, the scope of services will define the systems that comprise the services to be audited, as well as the relevant Trust Services Criteria to be included in the assessment.

Similarly, a SOC 1 engagement letter will define the system scope, as well as the Control Objectives to be included in the audit, including any financial, processing, or transaction-related control objectives. Because specific engagement letter content will vary by the audit engagement scope, it is recommended that organizations consult the AICPA’s website to review the available templates, ensuring your audit engagement letter has defined the terms of engagement and includes sufficient details relative to how the engagement will be executed.

Audit Engagement Letters: Audit Terms, Templates, & How to Prep (2)

What Terms of Engagement Should be Included?

The AICPA requires that all audit engagements are to be governed with respect to their terms of engagement. You must review your engagement letter carefully to make sure it includes the terms of engagement. Engagement letter contents will differ based on the scope of services. For a SOC 1 / SOC 2 audit, the engagement letter should include the following, at a minimum, as specified by the AICPA as per Paragraph .08 of AT-C section 205:

  • “The objective and scope of the engagement
  • The responsibilities of the service auditor
  • A statement that the engagement will be conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants
  • The responsibilities of the responsible party and the responsibilities of the engaging party, if different
  • A statement about the inherent limitations of an examination engagement
  • Identification of the criteria for the measurement, evaluation, or disclosure of the subject matter
  • An acknowledgment that the engaging party agrees to provide the service auditor with a representation letter at the conclusion of the engagement”

The following considerations are also important to include in the engagement letter:

  • Scope of services, including the suitable criteria the organization will be audited against
  • Relevant systems that support the services under audit
  • Fee arrangements and contract term (single year vs. multi-year)
  • Whether the audit engagement includes a pre-audit readiness assessment
  • Audit engagement timeline and associated deliverables
  • Process for scope adjustments and associated incremental fees
  • General Terms and Conditions for Liability Limitation, Confidentiality Commitments, Dispute Resolution, Electronic Data Management, etc.

Your audit engagement letter should be written with enough specificity and clarity to support an effective audit engagement, and while many of the terms are non-negotiable, you should push your auditor for more detail if any engagement terms are unclear or lacking.

Audit Engagement Letters: Audit Terms, Templates, & How to Prep (3)

Who Signs the Engagement Letter for an Audit?

As with any contract, it is important that the appropriate signatories are tasked with executing the engagement letter. The engagement letter is required to be signed by those that are deemed authorized representatives of the engaging party. For an audit firm, the engagement letter should be signed by one of the partners of the firm. Management’s signatory should be someone with sufficient authority and insight into the company’s internal controls. Often, the management signatory will be the Chief Executive Officer, Chief Technology Officer, Chief Information Security Officer, or Chief Financial Officer.


You would never engage a critical vendor without first defining the terms of your business arrangement; likewise, the terms of engagement with your auditor are foundational to a successful audit engagement and business relationship. It’s not ideal to get to the end of your audit engagement and learn your audit report excludes one of the systems you assumed was included in the report scope, or is missing one of the Trust Services Criteria. Likewise, you don’t want to be surprised by additional audit engagement fees or expenses.

Surprises like these can result in strained business relationships and leave your clients disappointed. The worst-case scenario is an outright rejection of an audit report by your clients if the audit criteria or scope does not align with expectations. The AICPA has vast resources for composing audit engagement letters, and can help you navigate the process and identify the appropriate terms of engagement for your audit. Please contact us if you would like to learn more about our many audit services.

This article was originally published on 8/25/2020 and was updated on 3/29/2023.

Audit Engagement Letters: Audit Terms, Templates, & How to Prep (4)

Maggie Cheney (Partner | CRISC)

Maggie spent nearly 10 years in KPMG’s IT Advisory and Attestation practice before joining a financial technology company as the Risk and Compliance Director. She has overseen numerous SOC 1 / SOC 2 audits and other IT Compliance audits and has vast experience implementing risk management and IT compliance solutions. She is Certified in Risk and Information Systems Control (CRISC) and obtained a Bachelor of Science in Business Administration, Finance, from the University of Colorado at Boulder.

Related Posts:

  • Defining Suitable Criteria in an Audit Engagement
  • Board of Directors - Is One Required For a SOC 2 Audit?
  • Why Is Internal Audit Planning Critical To An Effective Audit?
  • Management Responsibility in an Audit - Who Does What in a SOC Audit?
Audit Engagement Letters: Audit Terms, Templates, & How to Prep (2024)


What should be included in an audit engagement letter? ›

The engagement letter documents and confirms the auditor's acceptance of the appointment, the objective and scope of the audit, the extent of the auditor's responsibilities to the client and the form of any reports.

What are the terms of audit engagement? ›

An audit engagement is an agreement between a client and an independent third-party auditor to perform an audit of some element of the client's business, such as accounting records, financial statements, internal controls, regulatory compliance, information systems, operational processes, etc.

How do you prepare for audit engagement? ›

Preparing for an Audit Engagement?
  1. Plan ahead. ...
  2. Ensure ease of access of accounting records. ...
  3. Prepare internal financial analysis. ...
  4. Seek assistance for complex accounting. ...
  5. Review prior year adjusting entries. ...
  6. Ensure books are kept accurate throughout the year. ...
  7. Self-review for quality control. ...
  8. Communicate with auditors.
Sep 17, 2019

What are the 4 steps engagement audit? ›

Engagement audit planning process has to address the four phases of an audit engagement: the initial planning, the preliminary survey, the fieldwork, the report. The main steps in the planning process are the same whether the internal auditor is undertaking an assurance or consulting mission.

What are the 4 types of audit opinions? ›

A – The four major types of audit opinion are Unqualified, Qualified, Adverse, and Disclaimer. Of these, unqualified is the most sought after as it expresses the auditor's satisfaction with the entity's financial reporting. The qualified opinion presents an opinion highlighting certain issues.

What are the typical contents of a letter of engagement? ›

The letter is intended to briefly but accurately describe the services to be delivered, the terms and conditions, the deadline or deadlines, and the compensation. A letter of engagement is a legal document and binding in a business deal. An engagement letter also serves to limit the scope of the company's services.

What are the 3 C's of auditing? ›

The 3 C's of Internal Auditing: Communication, Culture, and Coordination - SafetyChain Software.

Who prepares the audit engagement letter? ›

An engagement letter is sent by an auditor to his client after the receipt of the communication regarding his appointment, but preferably before the commencement of the engagement, spewing out the extent of his responsibilities to avoid any misunderstanding concerning his engagement and documents and confirming the ...

What are the five elements of external audit engagement? ›

The five elements:
  • A three-party relationship, involving: the practitioner, a responsible party and intended users.
  • Appropriate subject matter.
  • Suitable criteria.
  • Sufficient, appropriate evidence to support the conclusion.
  • A conclusion contained within a written report.

What is the first step in an audit engagement? ›

The first stage is the planning stage. In this stage, a corporation engages with the auditing firm to establish details, such as the level of engagement, procedures, and objectives.

What are the 7 audit objectives? ›

Performance aspects include: economy, efficiency, effectiveness, compliance, accuracy, completeness, and timeliness. Here is a tricked out audit objective that includes a finite subject mat- ter (seven performance measures), a performance aspect (accuracy), and documented criteria (Comptroller's Guidance).

What are the 7 steps in the audit process? ›

  • Preparing for an Audit. Have all requested materials/records ready when requested. ...
  • Step 1: Planning. The auditor will review prior audits in your area and professional literature. ...
  • Step 2: Notification. ...
  • Step 3: Opening Meeting. ...
  • Step 4: Fieldwork. ...
  • Step 5: Report Drafting. ...
  • Step 6: Management Response. ...
  • Step 7: Closing Meeting.

What is process audit checklist? ›

A process audit checklist aims to evaluate the efficiency of company processes, providing evidence from the audit to make suggestions for improvement.

What is the timeline for audit engagement? ›

Audits are typically scheduled for three months from beginning to end, which includes four weeks of planning, four weeks of fieldwork and four weeks of compiling the audit report. The auditors are generally working on multiple projects in addition to your audit.

Which of the following must not be included in an audit engagement letter? ›

Answer and Explanation:

The overview of the audit procedures should not be included in the engagement letter.

What is least likely included in an audit engagement letter? ›

Identification of specific audit procedures that the auditor needs to undertake .

What are the key factors to consider in an engagement acceptance form? ›

  • Answer:
  • he purpose of the engagement;
  • specifically what the CPA “will and won't do” (the scope);
  • client instructions and responsibilities;
  • reliance on facts the client gives the CPA;
  • known adverse or negative conditions or circ*mstances;
  • billing rates and estimates;
  • ETC.

What should be included in an engagement letter quizlet? ›

It should state what services will be provided, whether any restrictions will be imposed on the auditor's work, deadlines for completing the audit, and assistance to be provided by client personnel. The engagement letter may also include the auditor's fees.

Top Articles
Latest Posts
Article information

Author: Velia Krajcik

Last Updated:

Views: 5587

Rating: 4.3 / 5 (54 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Velia Krajcik

Birthday: 1996-07-27

Address: 520 Balistreri Mount, South Armand, OR 60528

Phone: +466880739437

Job: Future Retail Associate

Hobby: Polo, Scouting, Worldbuilding, Cosplaying, Photography, Rowing, Nordic skating

Introduction: My name is Velia Krajcik, I am a handsome, clean, lucky, gleaming, magnificent, proud, glorious person who loves writing and wants to share my knowledge and understanding with you.