Audit Engagement Letter

What is an audit engagement letter?

At most firms, the engagement letter (EL) is treated as a procurement artefact. Client signs, the file gets a PDF, fieldwork starts. That habit is exactly what European regulators keep citing: files where fieldwork begins weeks before the EL is countersigned, or where last year's letter is rolled forward without anyone looking at whether circumstances changed.

ISA 210.10 requires the auditor to agree the terms of the audit engagement with management or those charged with governance in writing. The EL is the standard vehicle for recording that agreement, though ISA 210 .A22 acknowledges other forms of written agreement may be acceptable depending on jurisdiction.

Content is prescribed. The letter must cover the applicable financial reporting framework, the objective and scope of the audit, the auditor's responsibilities, and management's responsibilities. Management's responsibilities include preparation of the financial statements (FS) under the applicable framework, internal control sufficient to prepare FS free from material misstatement, providing the auditor with unrestricted access to all relevant information, and providing written representations as required under ISA 580 .

ISA 210.13 requires the auditor to reassess whether terms need revision on recurring engagements. This is not optional (any change in scope, reporting framework, governance structure, or regulatory environment should trigger a new letter). The reassessment itself must be documented even when the conclusion is that no changes are needed.

We find the EL gets taken seriously only when something goes wrong. It is the document both parties rely on in disputes about what the auditor was engaged to do, what access was promised, and which responsibilities sit where. Treating it as a tick box exercise is how firms discover, in a dispute, that the scope they thought was agreed was never actually written down.

Why it matters in practice

Across European regulators, the most frequent finding is late or missing ELs. Files show fieldwork beginning weeks or months before the letter is countersigned. ISA 210.10 is clear that the agreement must be in place before the audit commences, and inspectors do not accept "we had a verbal understanding" as a substitute. This is the finding that generates the most review notes, and nobody enjoys writing the response.

When a scope limitation surfaces mid-engagement (management withholds records, a subsidiary is suddenly out of scope), the first thing the engagement partner (EP) asks for is the EL. If the letter is stale or never signed, the firm is arguing from a weaker position with the client and, later, with the reviewer.

On recurring engagements, firms routinely skip the annual ISA 210.13 reassessment. The file either contains no evidence of reassessment or carries forward the prior-year letter without considering whether circumstances changed. A new group structure, a change in reporting framework, or a regulatory event may each require revised terms. In our experience, the assessment takes ten minutes if anyone actually does it; what takes hours is reconstructing it after an inspection request.

ISA 210.11 addresses situations where law or regulation prescribes the terms. Even then, the auditor must confirm that management acknowledges its responsibilities. A legal mandate to be audited does not substitute for management's agreement on access and representations.

Key standard references

• ISA 210.10 . Content requirements for the EL: framework, objective, scope, responsibilities.
• ISA 210.11 . Situations where law or regulation prescribes the terms of the engagement.
• ISA 210.13 . Reassessment of terms on recurring engagements.
• ISA 210 .A22. Acceptable forms of written agreement beyond a traditional letter.

Related terms

Related reading

Related tools

Frequently asked questions