Marco Project

Auditee Acceptance and Initial Audit Planning45

Auditee Acceptance

The first step in the audit process is for the auditor to determine if they want to take on the audit

or not, or, if the auditee is a continuing auditee, whether they want to keep the auditee or not.

Auditing standards contain significant details on the auditee acceptance process and how auditee

acceptance is document. Audit firms need to be selective about the auditees that they accept

because of the risk of incorrectly certifying the auditee's financial statements as being accurate

when they aren't. In addition, the example in the prior chapter of how the audit risk model is used

and what happens to detection risk when an auditee has a weak financial reporting process also

illustrates that getting involved with auditees whose systems are so weak that the audit becomes

prohibitively expensive. Keep in mind that auditors are for-profit businesses and attempting to

audit a weak auditee can become a money-losing proposition. Auditors are required to gather

enough evidence to support their opinion regardless of the cost. They can select from less

expensive procedures, but they cannot use cost as a reason to gather insufficient evidence to

support their conclusions.

For example, Sarbanes-Oxley increased the amount of audit work that auditors had to do to

execute an audit and, therefore, increased the fees auditors charged. After Sarbanes-Oxley, audit

fees of the major firms jumped about 35% in one year. However, since auditors face a substantial

risk if they do a sloppy job of auditing, audit firms couldn't just hire enough new, untrained staff

to meet the new demand. Thus, the four largest audit firms (Big 4 - PricewaterhouseCoopers

(PWC), Deloitte Touche Tohmatsu, Ernst and Young, and KPMG Peat Marwick) turned away

new business and resigned from existing auditees. PWC resigned from 20% of their existing

auditees because they could not handle the increase in demand for their services. As you might

expect, they resigned from the 20% that were their weakest auditees and kept the strong ones.

Our point is that taking on, or keeping, an auditee is a serious decision that audit firms carefully

consider. Some of factors that the auditor will consider are:

Financial health of the potential client - auditees that are in financial distress represent a

much higher inherent risk for material misstatements than healthy auditees because some

material misstatements may result from the intentional efforts by the auditee's management

to hide the true financial state of the auditee from the investors and potential investors. In

45 The auditing literature uses the term "client" when describing the "client acceptance" process.

We use the term "auditee" to remind us that we are only focused on audit clients in this course

and no other type of clients.

97

addition, the client is less likely to pay the auditors if the client is having financial

problems.

Nature of the potential client's industry - Different industries have different special

accounting and business issues that affect the auditor's ability to perform a good audit. If

the auditor has no experience with the potential auditee's industry and the industry has

some unique features, the auditor may decline the auditee as opposed to spending time

training himself or herself in that industry. This criterion may not apply to continuing

auditees and to a large firm, like the Big 4, since large firms have enough experience to do

business in most industries.

Integrity of the potential auditee's management - While auditors are supposed to

provide an opinion on the auditee's financial statements based on objective evidence, they

inherently must rely on the auditee's management to provide them with information for the

audit. However, the auditee's management has control over the auditee's financial reporting

process and, therefore, the quality of information in it. Therefore, if the auditee's

management were intent on deceiving the auditor, an auditor would have a very difficult

time detecting the deception. If the auditor feels that the prospective auditee's management

is dishonest, that would greatly increase the inherent risk associated with the audit and

undermine the auditor's ability to do a competent audit.

Whether there is a conflict of interest in auditing the auditee - Auditors must remain

independent of their auditees and so, if the audit firm has a relationship with the

prospective auditee that would impair their independence, they should not take on the

auditee. For example, if a senior partner in the audit firm owned stock in the prospective

auditee, the auditor should probably decline the auditee.

The auditor would use a variety of information sources to determine whether to take on the

auditee. Some of these include:

The prospective auditee's prior auditor. Auditing standards require that a new auditor

communicate with the prior auditor. However, due to confidentiality requirements in the

Code of Conduct, the new auditors can't contact the old auditor without the auditee's

permission. Auditors are always required to contact the prior auditor before taking on a

new auditee. A previous auditor is a good source of information about unique features of

the auditee as well as the integrity of the auditee's management.

Trade business publications for stories about the prospective auditee. These sorts of

publications can provide information about the status of the auditee's industry and their

competitive position in it as well as the integrity of the auditee's management.

The prospective auditee's prior financial statements. Financial statements will indicate

the current financial status of the auditee and may highlight particular risk areas. For

example, an auditee that is struggling to make profits and cash flows would present a

greater risk of management manipulation of the financial statements.

Third parties like the prospective auditee's vendors, bankers, lawyers, and customers.

Note that the auditor may need to get the prospective auditee's permission to talk to some

of these people because of privacy and confidentiality concerns.

98

An internal review within the audit firm to ensure that the auditee has the necessary

technical skills to audit the prospective auditee. Normally, audit firms have strong skills

in the basic steps of auditing, but may lack knowledge of the prospective auditee's industry

or other special circumstances that might undermine their ability to complete a good audit.

An internal review within the audit firm to determine if they are independent of the

prospective auditee. Not all employees of the audit firm need to be independent of the

auditee. However, the audit firm needs to determine if they can assemble an audit team that

is qualified to execute the audit that consists of employees that are independent of the

auditee.

Signing the Engagement Letter

Auditors refer to an audit as an engagement. Like most service providers, auditors want a signed

agreement before they begin work. Auditors call the agreement an engagement letter. Auditors

use engagement letters for all types of engagements, not just audits. The audit engagement

letter's purpose is to clarify with the auditee what work the auditor is going to do; what auditee

management's responsibilities are in regards to the audit; and what the auditor is going to charge.

Audit engagement letters usually include the following sections:

Services the auditor will provide - This section lists the periods the auditors will audit

and clarifies the objectives and scope of the audit.

The auditor's responsibilities and limitations - This section discusses the obvious - that

an audit isn't perfect and that the auditor's job is to follow generally accepted audit

standards and execute due professional care in executing the audit. Thus, this section

usually states that the auditor will execute due professional care, but cannot guarantee that

they will find all the material misstatements.

Management's responsibilities - This section reminds management that they are

responsible for turning out accurate financial statements and maintaining adequate internal

controls. It also states that management is responsible for providing auditors with the

documents and other information they need to perform the audit and to do so on a timely

basis. This section also states that if the auditee publishes or files the financial statements

that include the auditor's report, they must notify the auditor so that the auditor can review

those documents or filings. This is a new requirement under Sarbanes-Oxley. Auditors

now are required to review any document or electronic filing that contains their opinion to

ensure that the opinion is still valid and the auditee is not misusing the report. Management

is required to tell the auditor whenever they use the audit opinion so that the auditor can

fulfill this responsibility.

Identification of applicable financial reporting framework - In most cases, audits of US

registered firms will use US GAAP as the framework. However, for international firms it

could be International GAAP. There are other financial reporting frameworks as well, but

this text focuses on US GAAP.

Description of the form and content of the report - In most cases, the form and content

of the report will conform to the standards discussed previously in this text. Auditors can

also issue other specialized reports. However, this text's coverage is limited to the basic

99

types of reports covered above. This section also includes a statement that the auditor

cannot guarantee the nature of the report or opinion they will eventually issue.

Timing and fees - This section discusses the timeline the auditor intends to use to

complete the audit and how they will calculate their fees.

The auditors prepare the engagement letter and signs it. They then present the engagement letter

to the auditee for the auditee's signature. Once signed, the engagement letter represents a contract

between the two parties.

The following is an example of an audit engagement letter for an audit of general purpose

financial statements prepared in accordance with accounting principles generally accepted

in the United States of America, as promulgated by the Financial Accounting Standards

Board. This letter is an example and not authoritative. It is intended to be a guide that may

be used in conjunction with the considerations outlined in this Statement on Auditing

Standards. The letter will vary according to individual requirements and circumstances and

is drafted to refer to the audit of financial statements for a single reporting period. The

auditor may seek legal advice about whether a proposed letter is suitable.

To the appropriate representative of those charged with governance of ABC Company:

[The objective and scope of the audit] You have requested that we audit the financial

statements of ABC Company, which comprise the balance sheet as of December 31,

20XX, and the related statements of income, changes in stockholders' equity, and cash

flows for the year then ended, and the related notes to the financial statements. We are

pleased to confirm our acceptance and our understanding of this audit engagement by

means of this letter. Our audit will be conducted with the objective of our expressing an

opinion on the financial statements.

[The responsibilities of the auditor] We will conduct our audit in accordance with auditing

standards generally accepted in the United States of America (GAAS). Those standards

require that we plan and perform the audit to obtain reasonable assurance about whether

the financial statements are free from material misstatement. An audit involves performing

procedures to obtain audit evidence about the amounts and disclosures in the financial

statements. The procedures selected depend on the auditor's judgment, including the

assessment of the risks of material misstatement of the financial statements, whether due to

fraud or error. An audit also includes evaluating the appropriateness of accounting policies

used and the reasonableness of significant accounting estimates made by management, as

well as evaluating the overall presentation of the financial statements. Because of the

inherent limitations of an audit, together with the inherent limitations of internal control, an

unavoidable risk that some material misstatements may not be detected exists, even though

the audit is properly planned and performed in accordance with GAAS. In making our risk

assessments, we consider internal control relevant to the entity's preparation and fair

presentation of the financial statements in order to design audit procedures that are

appropriate in the circumstances but not for the purpose of expressing an opinion on the

effectiveness of the entity's internal control. However, we will communicate to you in

writing concerning any significant deficiencies or material weaknesses in internal control

relevant to the audit of the financial statements that we have identified during the audit.

100

[The responsibilities of management and identification of the applicable financial reporting

framework] Our audit will be conducted on the basis that [management and, when

appropriate, those charged with governance]46 acknowledge and understand that they have

responsibility

a. for the preparation and fair presentation of the financial statements in accordance

with accounting principles generally accepted in the United States of America; b. for

the design, implementation, and maintenance of internal control relevant to the

preparation and fair presentation of financial statements that are free from material

misstatement, whether due to fraud or error; and

c. to provide us with

i. access to all information of which [management] is aware that is relevant to

the preparation and fair presentation of the financial statements such as

records, documentation, and other matters;

ii. additional information that we may request from [management] for the

purpose of the audit; and

iii. unrestricted access to persons within the entity from whom we determine it

necessary to obtain audit evidence.

As part of our audit process, we will request from [management and, when appropriate,

those charged with governance], written confirmation concerning representations made to

us in connection with the audit.

[Other relevant information] [Insert other information, such as fee arrangements, billings,

and other specific terms, as appropriate.]

[Reporting] [Insert appropriate reference to the expected form and content of the auditor's

report. Example follows:] We will issue a written report upon completion of our audit of

ABC Company's financial statements. Our report will be addressed to the board of

directors of ABC Company. We cannot provide assurance that an unmodified opinion will

be expressed. Circumstances may arise in which it is necessary for us to modify our

opinion, add an emphasis-of-matter or other-matter paragraph(s), or withdraw from the

engagement. We also will issue a written report on [Insert appropriate reference to other

auditor's reports expected to be issued.] upon completion of our audit.

46 "Those charged with governance" usually means the audit committee of board of directors.