4

AUDIT ENGAGEMENT LETTER: INTEGRATED AUDIT

[Prepared on auditor’s letterhead]

[Insert date]
[Insert name and address of client]

Dear [insert the appropriate representative of those charged with governance]:

You have requested that we audit the financial statements of [Entity Name], which comprise the balance sheet as of
[insert date], and the related statements of income, changes in stockholders’ equity, and cash flows for the year then
ended, and the related notes to the financial statements. As part of our engagement, we will audit [Entity Name]’s
internal control over financial reporting. We are pleased to confirm our acceptance and our understanding of this
audit engagement by means of this letter. Our audit will be conducted with the objective of our expressing an
opinion on both the effectiveness of internal control over financial reporting and the financial statements
(“integrated audit”).1

Auditor Responsibilities

We will conduct our audit in accordance with auditing standards generally accepted in the United States of America
(U.S. GAAS). Those standards require that we plan and perform the audit to obtain reasonable assurance about
whether the financial statements are free from material misstatement, whether caused by error or fraud, and whether
effective internal control over financial reporting was maintained in all material respects. Accordingly, there is some
risk that a material misstatement of the financial statements or a material weakness in internal control over financial
reporting would remain undetected. Although not absolute assurance, reasonable assurance is a high level of
assurance. Also, an integrated audit is not designed to detect error or fraud that is immaterial to the financial
statements or deficiencies in internal control over financial reporting that, individually or in combination, are less
severe than a material weakness. If, for any reason, we are unable to complete the audit or are unable to form or
have not formed an opinion, we may decline to express an opinion or decline to issue a report as a result of our
engagement.

An audit also includes evaluating the appropriateness of accounting policies used, and the reasonableness of
significant accounting estimates made by management, as well as evaluating the overall presentation of the financial
statements. If appropriate, our procedures will therefore include tests of documentary evidence that support the
transactions recorded in the accounts, tests of the physical existence of inventories, and direct confirmation of cash,
investments, and certain other assets and liabilities by correspondence with creditors and financial institutions. As
part of our audit process, we will request written representations from your attorneys, and they may bill you for
responding. At the conclusion of our audit, we will also request certain written representations from you about the
financial statements and related matters.

We are responsible for (1) the evaluation of the effectiveness of the entity’s internal control over financial reporting
using the same suitable and available criteria as used by management for its assessment and for the integration of the
audit of internal control over financial reporting with the audit of financial statements, and (2) determining that the
“as of date” specified in management’s assessment about the effectiveness of internal control over financial
reporting corresponds to the balance sheet date (or period ending date) of the period covered by the financial
statements.

Because of the inherent limitations of an audit, together with the inherent limitations of internal control, an
unavoidable risk that some material misstatements (whether caused by errors, fraudulent financial reporting,
misappropriation of assets, or violations of laws or governmental regulations) may not be detected exists, even
though the audit is properly planned and performed in accordance with U.S. GAAS. In making our risk assessments,
we consider internal control relevant to the entity’s preparation and fair presentation of the financial statements in
order to design audit procedures that are appropriate in the circumstances but not for the purpose of expressing an

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 1 of 8
opinion on the effectiveness of the entity’s internal control. However, we will communicate to you in writing
concerning any significant deficiencies or material weaknesses in internal control relevant to the audit of the
financial statements that we have identified during the audit. Our responsibility as auditors is, of course, limited to
the period covered by our audit and does not extend to any other periods.

Management Responsibilities

Our audit will be conducted on the basis that [management and, when appropriate, those charged with governance]
acknowledge and understand that they have responsibility:

a. For the preparation and fair presentation of the financial statements in accordance with accounting
principles generally accepted in the United States of America;
b. For the design, implementation, and maintenance of effective internal control over financial reporting
relevant to the preparation and fair presentation of financial statements that are free from material
misstatement, whether due to fraud or error;
c. To provide us with:
i. Access to all information of which [management] is aware that is relevant to the preparation and fair
presentation of the financial statements and to management’s assessment of internal control over
financial reporting, such as records, documentation, and other matters;
ii. Additional information that we may request from [management] for the purpose of the audit; and
iii. Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit
evidence.2
d. For including the auditor’s report in any document containing financial statements that indicates that such
financial statements have been audited by the entity’s auditor;
e. For identifying and ensuring that the entity complies with the laws and regulations applicable to its
activities;
f. For adjusting the financial statements to correct material misstatements and confirming to us in the
management representation letter that the effects of any uncorrected misstatements aggregated by us during
the current engagement and pertaining to the current year period(s) under audit are immaterial, both
individually and in the aggregate, to the financial statements as a whole;
g. For maintaining adequate records, selecting and applying accounting principles, and safeguarding assets;
h. For the evaluation of the effectiveness of the entity’s internal control over financial reporting using suitable
and available criteria;
i. For providing us with management’s written assessment about the effectiveness of the entity’s internal
control over financial reporting; and
j. For supporting management’s assessment about the effectiveness of the entity’s internal control over
financial reporting with sufficient evaluations and documentation (e.g., policy or accounting manuals,
narrative memoranda, flowcharts, decision tables, procedural write-ups, or completed questionnaires).

As part of our audit process, we will request from [management and, when appropriate, those charged with
governance], written confirmation concerning representations made to us in connection with the audit.

Reporting

[Insert appropriate reference to the expected form and content of the auditor’s report. Example follows:]

We will issue a written report upon completion of our audit of [Entity Name]’s financial statements and its internal
control over financial reporting. Our report will be addressed to the board of directors of [Entity Name]. We cannot
provide assurance that an unmodified opinion will be expressed. Circumstances may arise in which it is necessary
for us to modify our opinion, add an emphasis-of-matter or other-matter paragraph(s), or withdraw from the
engagement.

We also will issue a written report on [insert appropriate reference to other auditor’s reports expected to be issued]
upon completion of our audit.

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 2 of 8
Other

[Other relevant information—insert other information, such as fee arrangements, billings, and other specific terms,
as appropriate. Examples follow:]

We understand that your employees will prepare all confirmations we request and will locate any documents or
support for any other transactions we select for testing.

If you intend to publish or otherwise reproduce the financial statements and make reference to our firm, you agree to
provide us with printers’ proofs or masters for our review and approval before printing. You also agree to provide us
with a copy of the final reproduced material for our approval before it is distributed.

During the course of the engagement, we may communicate with you or your personnel via fax or e-mail, and you
should be aware that communication in those mediums contains a risk of misdirected or intercepted
communications.5

The timing of our audit will be scheduled for performance and completion as follows: [insert dates]

Begin Complete

Document internal control and preliminary tests

Observe physical inventories

Mail confirmations

Perform year-end audit procedures

Issue audit report

[Insert name of firm representative] is the engagement partner for the audit services specified in this letter. [His/Her]
responsibilities include supervising [insert name of firm]’s services performed as part of this engagement and
signing or authorizing another qualified firm representative to sign the audit report.

Our fees are based on the amount of time required at various levels of responsibility, plus actual out-of-pocket
expenses. Invoices will be rendered every two weeks and are payable upon presentation. We estimate that our fee
for the audit will be between $[insert amount] and $[insert amount]. We will notify you immediately of any
circumstances we encounter that could significantly affect this initial fee estimate. Whenever possible, we will
attempt to use [Entity Name]’s personnel to assist in the preparation of schedules and analyses of accounts. This
effort could substantially reduce our time requirements and facilitate the timely conclusion of the audit.

During the course of the audit, we may observe opportunities for economy in, or improved controls over, your
operations. We will bring such matters to the attention of the appropriate level of management, either orally or in
writing.

The audit documentation for this engagement is the property of [insert name of audit firm] and constitutes
confidential information. However, we may be requested to make certain audit documentation available to [insert
regulator(s)’s name(s)] pursuant to authority given to it by law or regulation, or to peer reviewers. If requested,
access to such audit documentation will be provided under the supervision of [insert name of audit firm]’s
personnel. Furthermore, upon request, we may provide copies of selected audit documentation to [insert regulator’s
name]. The [insert regulator’s name] may intend, or decide, to distribute the copies of information contained therein
to others, including other governmental agencies.5

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 3 of 8
You agree to inform us of facts that may affect the financial statements of which you may become aware during the
period from the date of the auditor’s report to the date the financial statements are issued.

Please sign and return the attached copy of this letter to indicate your acknowledgment of, and agreement with, the
arrangements for our audit of the financial statements including our respective responsibilities.

We appreciate the opportunity to be your certified public accountants and look forward to working with you and
your staff.

Respectfully,

[Insert name and address of audit firm]

***************************************************************

RESPONSE:

This letter correctly sets forth our understanding.

[Entity Name]

Acknowledged and agreed on behalf of [Entity Name] by:6

Name: ______________________________________________________________

Title: _____________________________________________________________________

Date: _____________________________________________________________________

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 4 of 8
ADDITIONAL GUIDANCE AND PRACTICE POINTS
The auditor should customize this engagement letter for the unique circumstances of the client and engagement. In
addition, the auditor should ensure that this letter contains, at a minimum, those items in Appendix A.

1. If supplementary information in relation to the financial statements as a whole is presented, the engagement
letter should describe the nature of the supplementary information. Language such as the following may be
added:

“The [identify accompanying supplementary information] will be presented for

purposes of additional analysis and is not a required part of the financial
statements. Such information will be subjected to the auditing procedures
applied in the audit of the financial statements and certain additional procedures,
including comparing and reconciling such information directly to the underlying
accounting and other records used to prepare the financial statements or to the
financial statements themselves, and other additional procedures in accordance
with auditing standards generally accepted in the United States of America. Our
auditor’s report will provide an opinion on the supplementary information in
relation to the financial statements as a whole.”

2. If supplementary information in relation to the financial statements as a whole is presented, and the auditor is
engaged to report on the supplementary information, the auditor is required to obtain the agreement of
management as to their responsibility for the supplementary information, and the following paragraph should be
added:

“With regard to the supplementary information referred to above, you

acknowledge and understand your responsibility: (a) for the preparation of the
supplementary information in accordance with the applicable criteria; (b) to
provide us with the appropriate written representations regarding supplementary
information; (c) to include our report on the supplementary information in any
document that contains the supplementary information and that indicates that we
have reported on such supplementary information; and (d) to present the
supplementary information with the audited financial statements, or if the
supplementary information will not be presented with the audited financial
statements, to make the audited financial statements readily available to the
intended users of the supplementary information no later than the date of
issuance by you of the supplementary information and our report thereon.”

3. In accordance with ET Section 1.150, Use of a Third-Party Service Provider, the auditor should inform
management, preferably in writing, if the auditor intends to share confidential information about the entity with
a third-party service provider, such as an independent contractor engaged by the auditor to assist in performing
professional services for the entity. In order to satisfy this requirement, the following wording may be used:

“Our firm may transmit confidential information that you provided us to third
parties in order to facilitate delivering our services to you. For example, such
transmissions might include, but not be limited to [identify examples]. We have
obtained confidentiality agreements with all our service providers to maintain
the confidentiality of your information and we will take reasonable precautions
to determine that they have the appropriate procedures in place to prevent the
unauthorized release of confidential information to others. We will remain
responsible for the work provided by any third-party service providers used
under this agreement. By your signature below, you consent to having
confidential information transmitted to entities outside the firm. Please feel free
to inquire if you would like additional information regarding the transmission of
confidential information to entities outside the firm.”

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 5 of 8
4. If the auditor performs nonattest services (e.g., tax return preparation) for an audit client, the auditor should
document his or her understanding with management regarding the nonattest services to be performed. Such
documentation can be either in the audit documentation or in the engagement letter. In order to satisfy the
documentation requirement, the auditor may add the following additional language to the engagement letter,
following the description of the non-attest services engagement:

“With respect to any nonattest services we perform, [Entity Name]’s

management is responsible for (a) making all management decisions and
performing all management functions; (b) assigning a competent individual to
oversee the services; (c) evaluating the adequacy of the services performed; (d)
evaluating and accepting responsibility for the results of the services performed;
and (e) establishing and maintaining internal controls, including monitoring
ongoing activities.”

5. The auditor may wish, and in some cases may be required by law, regulation, or audit contract, to confirm in
writing with management that the auditor may be required to provide a regulator access to the audit
documentation. In such circumstances, the auditor may use the sample language in the engagement letter.
.
6. Depending on the entity’s structure, the agreement may be with management, those charged with governance,
or both. When the agreement on the terms of engagement is only with those charged with governance, the
auditor is required to obtain management’s agreement that it acknowledges and understands its responsibilities.
Under these circumstances, the auditor should obtain management’s acknowledgement and agreement on the
terms of the engagement.

The auditor should refer to Chapter 3, “Preliminary Engagement Activities and Audit Planning,” for further
guidance on preliminary engagement activities and audit planning.

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 6 of 8
APPENDIX A
AU-C Section 210, Terms of Engagement, provides that the understanding with the client regarding an audit of the
financial statements (i.e., the engagement letter) generally includes, but is not limited to, the following matters:

1. The objectives and scope of the engagement. Essentially, the primary objective of the audit is to express an
opinion on the financial statements.
2. Management’s responsibilities. Management is responsible for:
a. The preparation of the entity’s financial statements in accordance with the applicable financial
reporting framework, including where relevant their fair presentation;
b. The internal control as determined necessary to enable the preparation of financial statements that are
free from material misstatement, whether due to fraud or error;
c. Making all financial records and related information available to the auditor;
d. Providing additional information that may be requested for the purposes of the audit; and
e. Unrestricted access to persons within the entity from whom the auditor determines it is necessary to
obtain audit evidence.
3. The auditor’s responsibilities. The auditor is responsible for:
a. Establishing the following preconditions for an audit are present:
(1) The financial reporting framework applied in the preparation of the financial statements is
applicable; and
(2) Obtaining the agreement of management that it acknowledges and understands its responsibilities,
as noted above.
b. Conducting the audit in accordance with generally accepted auditing standards;
c. Obtaining reasonable, rather than absolute, assurance about whether the financial statements are free of
material misstatement, caused by error or by fraud; and therefore whether a material misstatement may
remain undetected;
d. Determining whether to decline to express an opinion or to issue a report on the financial statements, in
the event that the auditor is unable to complete the audit or is unable to form an opinion; and
e. Ensuring that those charged with governance are aware of any significant deficiencies in internal
control that come to the auditor’s attention.
4. Identification of the applicable financial reporting framework. The financial reporting framework adopted
by management and, where appropriate, those charged with governance that is acceptable in view of the
nature of the entity and the objective of the financial statements, or that is required by law or regulation.
5. Reference to the expected form and content of any reports to be issued. A description of the expected form
and content of the reports must be included in the engagement terms and must include a statement that
there may be circumstances in which a report may differ from the expected form and content.
6. Limitations of the engagement. An audit conducted in accordance with generally accepted auditing
standards is not designed to:
a. Detect error or fraud that is immaterial to the financial statements; or
b. Provide assurance on internal control or to identify significant deficiencies.

If the auditor believes that an understanding with the client has not been established, he or she should decline to
accept or to perform the engagement, unless required by law or regulation to do so.

In addition to the required matters previously discussed, generally accepted auditing standards indicate that an
understanding with the client also may include other matters, such as:

• An understanding of the entity and its environment, including its internal control, sufficient to assess the
risks of material misstatement of the financial statements and to design the nature, timing, and extent of
further audit procedures to be performed.
• An elaboration of the scope of the audit, including reference to applicable legislation, regulations, SASs,
and ethical and other pronouncements of professional bodies to which the auditor adheres.
• The form of any other communication of results of the audit engagement.

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 7 of 8
 • The fact that because of the inherent limitations of an audit, together with the inherent limitations of
internal control, there is an unavoidable risk that some material misstatements may not be detected, even
though the audit is properly planned and performed in accordance with generally accepted auditing
standards.
• Arrangements regarding the planning and performance of the audit, including the composition of the audit
team.
• The expectation that management will provide written representations.
• The agreement of management to make available to the auditor draft financial statements and any
accompanying other information in time to allow the auditor to complete the audit in accordance with the
proposed timetable.
• The agreement of management to inform the auditor of facts that may affect the financial statements, of
which management may become aware during the period from the date of the auditor’s report to the date
the financial statements are issued.
• The basis on which fees are computed and any billing arrangements.
• A request for management to acknowledge receipt of the audit engagement letter and to agree to the terms
of the engagement outlined therein.
• Arrangements regarding involvement of specialists or internal auditors.
• Arrangements involving a predecessor auditor.
• Any restriction of the auditor’s liability when such possibility exists.
• Conditions under which access to audit documentation may be granted to others.
• Additional services to be provided relating to regulatory requirements.
• Arrangements regarding nonattest services to be provided in connection with the engagement (e.g.,
preparation of tax returns) and the client’s responsibility for those services.
• Client written permission if the auditor intends to share confidential information about the client with a
third-party service provider.

Additionally, if the auditor of an entity will also be auditing a component of the entity, the existence of the following
factors may influence the decision of whether the auditor should send a separate audit engagement letter to the
component:

• Who appoints the component auditor;

• Whether a separate auditor’s report is to be issued on the component;
• Legal requirements in relation to audit appointments;
• Degree of ownership by parent; and
• Degree of independence of the component management from the parent entity.

© 2016 CCH Incorporated and/or Its Affiliates. All Rights Reserved. COR-201A Page 8 of 8