AUDIT ENGAGEMENT LETTER

(Date)

Name of Auditee
Address

Dear ________________

We are pleased to confirm our understanding of the services we are to provide you with under this
engagement.

Audit Scope. USAID’s applicable scope of work that was part of your RFP will be included or
referenced to.

Audit Objectives. The objective of our audit is the expression of opinions as to whether your basic
financial statements are fairly presented, in all material respects, in conformity with U.S. generally
accepted accounting principles, the objective also includes reporting on:

 Internal control related to the financial statements and compliance with laws, regulations, and
the provisions of contracts and grant agreements, noncompliance with which could have a
material effect on the financial statements, in accordance with Government Auditing Standards.

 Internal control related to major programs and an opinion (or disclaimer of opinion) on
compliance with laws, regulations, and the provisions of contracts and grant agreements that
could have a direct and material effect on each major program in accordance with the Single
Audit Act Amendments of 1996 and OMB Circular A-133, Audits of States, Local Governments,
and Non-Profit Organizations.

Our audit will be conducted in accordance with generally accepted auditing standards established by the
Auditing Standards Board (United States); the standards for financial audits contained in Government
Auditing Standards, issued by the Comptroller General of the United State; the Single Audit Act
Amendments of 1996, the provisions of OMB Circular A-133, and will include tests of accounting
records, a determination of major program(s) in accordance with OMB Circular A-133, and other
procedures we consider necessary to enable us to express such opinions and to render the required
reports.

If our opinions on the financial statements or the Single Audit compliance opinions are other than
unqualified, we will fully discuss the reasons with you in advance. If, for any reason, we are unable to
complete the audit or are unable to form or have not formed opinions, we may decline to express
opinions or to issue a report as a result of this engagement. Should such situation arise, we will notify
you.

We will use professional judgment in determining the standards that apply to the work to be conducted.
If this engagement will not satisfy the requirements of all audit report users, laws, and regulations, we will
notify you as soon as this comes to our attention. We will then submit another engagement letter for
your approval that complies with the applicable requirements and will seek approval of the Legislative
Auditor for the engagement. We will consider all standards that may apply, but in particular, we will
determine whether a different type of engagement is needed based on:
 Audit requirements of Government Auditing Standards.
 Office of Management and Budget Circulars
 Other contractual requirements.
Management’s Responsibilities Management is responsible for the basic financial statements and all
accompanying information, as well as all representations contained therein. As part of the audit, we will
prepare a draft of your financial statements, schedule of expenditures of federal awards, and related
notes. You are responsible for making all management decisions and performing all management
functions relating to the financial statements, schedule of expenditures of federal awards, and related
notes, and for accepting full responsibility for such decisions. You will be required to acknowledge in the
management representation letter that you have reviewed and approved the financial statements,
schedule of expenditures of federal awards, and related notes prior to their issuance, and have accepted
responsibility for them. Further, you are required to designate an individual with suitable skill,
knowledge, or experience to oversee any nonaudit services we provide and for evaluating the adequacy
and results of those services and accepting responsibility for them.

Management is responsible for establishing and maintaining internal controls, including monitoring
ongoing activities; for the selection and application of accounting principles; for the fair presentation in
the financial statements of the respective financial position of the governmental activities, the business-
type activities, the aggregate discretely presented component units, each major fund, and the aggregate
remaining fund information, and the respective changes in financial position and, where applicable, cash
flows in conformity with U.S. generally accepted accounting principles; and for federal award program
compliance with applicable laws and regulations and the provisions of contracts and grant agreements.

Management is responsible for making all financial records and related information available to us,
including identifying significant vendor relationships in which the vendor has responsibility for program
compliance, and for the accuracy and completeness of that information. Your responsibilities include
adjusting the financial statements to correct material misstatements, and confirming to us in the
representation letter that the effects of any uncorrected misstatements aggregated by us during the
current engagement and pertaining to the latest period presented are immaterial, both individually and in
the aggregate, to the financial statements taken as a whole.

You are responsible for the design and implementation of programs and controls to prevent and detect
fraud, and for informing us about all known or suspected fraud or illegal acts affecting the government
involving (a) management, (b) employees who have significant roles in internal control, and (c) others
where the fraud or illegal acts could have a material effect on the financial statements. Your
responsibilities include informing us of your knowledge of any allegations of fraud or suspected fraud
affecting the government received in communications from employees, former employees, grantors,
regulators, or others. In addition, you are responsible for identifying and ensuring that the entity
complies with applicable laws, regulations, contracts, agreements, and grants. Additionally, as required
by OMB Circular A-133, it is management’s responsibility to follow up and take corrective action on
reported audit findings, and to prepare a summary schedule of prior audit findings and a corrective action
plan. The summary schedule of prior audit findings should be available for our review on (Date).

Management is responsible for establishing and maintaining a process for tracking the status of audit
findings and recommendations. Management is also responsible for identifying for us previous audits or
other engagements or studies related to the objectives discussed in the Audit Objectives section of this
letter. This responsibility includes relaying to us corrective actions taken to address significant findings
and recommendations resulting from those audits or other engagements or studies. You are also
responsible for providing management’s views on our current findings, conclusions, and
recommendations, as well as your planned corrective actions.

Audit Procedures—General An audit includes examining, on a test basis, evidence supporting the
amounts and disclosures in the financial statements; therefore, our audit will involve judgment about the
number of transactions to be examined and the areas to be tested. We will plan and perform the audit to
obtain reasonable rather than absolute assurance about whether the financial statements are free of
material misstatement, whether from (1) errors, (2) fraudulent financial reporting, (3) misappropriation of
assets, or (4) violations of laws or governmental regulations that are attributable to the entity or to acts
by management or employees acting on behalf of the entity. Because the determination of abuse is
subjective, Government Auditing Standards do not expect auditors to provide reasonable assurance of
detecting abuse.

Because an audit is designed to provide reasonable, but not absolute assurance, and because we will
not perform a detailed examination of all transactions, there is a risk that material misstatements or
noncompliance may exist and not be detected by us. In addition, an audit is not designed to detect
immaterial misstatements or violations of laws or governmental regulations that do not have a direct and
material effect on the financial statements or major programs. However, if during the course of our audit
we become aware of such errors, fraud, or illegal acts, we will bring them to your attention and also
notify the Legislative Auditor in writing. Furthermore, should we become aware of fraud or illegal acts;
we shall also notify the appropriate enforcement agency. Our responsibility as auditors is limited to the
period covered by our audit and does not extend to any later periods for which we are not engaged as
auditors.

Our procedures will include tests of documentary evidence supporting the transactions recorded in the
accounts, and may include tests of the physical existence of inventories, and direct confirmation of
receivables and certain other assets and liabilities by correspondence with selected individuals, funding
sources, creditors, and financial institutions. We will request written representations from your attorneys
as part of the engagement, and they may bill you for responding to this inquiry. At the conclusion of our
audit, we will require certain written representations from you abut the financial statements and related
matters.

Audit Procedures—Internal Controls Our audit will include obtaining an understanding of the entity
and its environment, including internal control, sufficient to assess the risks of material misstatement of
the financial statements and to design the nature, timing, and extent of further audit procedures. Tests
of controls may be performed to test the effectiveness of certain controls that we consider relevant to
preventing and detecting errors and fraud that are material to the financial statements, and to preventing
and detecting misstatements resulting from illegal acts and other noncompliance matters that have a
direct and material effect on the financial statements. Our tests, if performed, will be less in scope than
would be necessary to render an opinion on internal control and, accordingly, no opinion will be
expressed in our report on internal control issued pursuant to Government Auditing Standards.

As required by OMB Circular A-133, we will perform tests of controls over compliance to evaluate the
effectiveness of the design and operation of controls that we consider relevant to preventing or detecting
material noncompliance with compliance requirements applicable to each major federal award program.
However, our tests will be less in scope than would be necessary to render an opinion on those controls
and, accordingly, no opinion will be expressed in our report on internal control issued pursuant to OMB
Circular A-133.

An audit is not designed to provide assurance on internal control or to identify significant deficiencies.
However, during the audit, we will communicate to management and those charged with governance
internal control related matters that are required to be communicated under AICPA professional
standards, Government Auditing Standards, and OMB Circular A-133.

Audit Procedures—Compliance As part of obtaining reasonable assurance about whether the

financial statements are free of material misstatement, we will perform tests of compliance with
applicable laws and regulations and the provisions of contracts and agreements, including grant
agreements. However, the objective of those procedures will not be to provide an opinion on overall
compliance and we will not express such an opinion in our report on compliance issued pursuant to
Government Auditing Standards.

We also plan to obtain reasonable assurance about whether the auditee has complied with applicable
laws and regulations and the provisions of contracts and grant agreements applicable to major
programs. Our procedures will consist of tests of transactions and other applicable procedures
described in the OMB Circular A-133 Compliance Supplement for the types of compliance requirements
that could have a direct and material effect on each of the major programs. The purpose of these
procedures will be to express an opinion on compliance with requirements applicable to each of its major
programs in our report on compliance issued pursuant to OMB Circular A-133.

Audit Administration, Fees, and Other Immediately upon completion of the engagement, the auditor
shall send a copy of the reporting package to (Auditee’s Name). The reporting package will consist of:
1. An opinion (or disclaimer of opinion) as to whether the financial statements are presented fairly in all
material respects in conformity with accounting principles generally accepted in the United States
and, when applicable, an opinion (or disclaimer of opinion) as to whether the schedule of
expenditures of federal awards is presented fairly in all material respects in relation to the financial
statements taken as a whole.

2. A report on internal control and compliance with laws and regulations material to the financial
statements and, when applicable, major federal programs. This report shall describe the scope of
testing of internal control and compliance, the results of the tests, and, where applicable, refer to the
separate schedule of findings and questioned costs.

3. A report on internal control and compliance with laws, regulations, and the provisions of contracts or
grant agreements, noncompliance with which could have a material effect on major federal
programs.

4. A summary schedule of findings and questioned costs.

5. A summary schedule of the current status of any prior findings.

6. Management’s corrective action plans, which you will prepare.

7. A management letter to convey suggestions and recommendations not suitable for the foregoing
reports.

Our audit will include a review of any prior-year suggestions and recommendations and will indicate the
extent to which the summary schedule of prior year audit findings is fairly stated. As to any current-year
recommendations and suggestions, we will afford you the opportunity to respond to such matters and will
include your response(s) in management’s corrective action plan.

Subsequent to the issuance of the report, should it be necessary to alter or reissue the report and/or any
management letter, CPA Firm’s Name shall distribute such reissued report and/or management letter in
the same manner as the original report and management letter.

We expect to begin our audit on approximately (Date) and to issue our reports no later than (date).

(Name of Engagement Partner) is the engagement partner and is responsible for supervising the
engagement and signing the report.

Our fees for all services are related to our standard hourly rates in effect at the time services are
performed. Our standard hourly rates vary according to the degree of responsibility involved and the
experience level of the personnel assigned to your engagement. Our fee for this engagement will be
$____ from which XXX% will be paid upon YYY and XX% upon ZZZ.

If a multi-year engagement is entered into, all outstanding invoices for work performed during any prior
engagement will be paid in full before work commences on the current engagement.

During the course of our audit, it is possible that we may observe opportunities for economies of
operation and for improved internal administrative and accounting controls, or we may observe variances
with applicable laws and regulations or other matters that should be brought to your attention. Our
comments and recommendations concerning such matters, if any, will be conveyed to you in writing.

Under the provisions of Government Auditing Standards, our ability to provide nonattest services may
result in an impairment of our independence, and therefore may be limited for the duration of this
engagement and for the period covered by this engagement.

Approval. We appreciate the opportunity to be of service to you, and believe this letter accurately
summarizes the significant terms of our engagement. If these comments and arrangements meet with
your approval, please sign below and return the agreement to us.

We look forward to a pleasant association and the opportunity to provide the services included in this
engagement. If you have any questions, please let us know.

Very truly yours,

Certified Public Accountants

By______________________

RESPONSE:

This letter correctly sets forth the understanding of (Auditee’s Name)

By_______________________________________________

Title______________________________________________

Date________________________________________ _____
 Audit Process

Although every audit process is unique, the audit process

is similar for most engagements and normally consists of
four stages: Planning (sometimes called Survey or
Preliminary Review), Fieldwork, Audit Report and Follow-
up Review. Client involvement is critical at each stage of
the audit process. As in any special project, audits require
a certain amount of time being diverted from your
department’s personnel. One of the key objectives is to
minimize this time and avoid disrupting ongoing activities.
 Planning

During the planning portion of the audit, the auditor notifies

the client of the audit, discusses the scope and objectives
of the examination in a formal meeting with organization
management, gathers information on important processes,
evaluates existing controls (when existing narratives and
flow charts are available) and plans the remaining audit
steps.
 Announcement Letter (Planning Memo)

The client is informed of the audit through an

announcement or engagement letter from the Internal
Audit Director. This letter communicates the scope and
objectives of the audit, the auditors assigned to the project
and other relevant information.
 Opening Conference

Internal Audit discusses the IA process and the plan for

completing the audit. During this meeting, the client
describes the unit or system to be reviewed, the
organization, available resources (personnel, facilities,
equipment, funds) and other relevant information. The
internal auditor meets with the senior officer directly
responsible for the unit under review and any staff
members s/he wishes to include. It is important that the
client identify issues or areas of special concern that
should be addressed.
 Preliminary Survey/Questionnaire

In this phase the auditor gathers relevant information

about the unit in order to obtain a general overview of
 operations. S/He meets with key personnel to reviews
reports, files and other sources of information.
 Internal Control Design

The auditor will review the unit’s internal control structure,

a process which is usually time-consuming. In doing this,
the auditor uses a variety of tools and techniques to gather
and analyze information about the operation. The review
of internal controls helps the auditor determine the areas
of highest risk and design tests to be performed in the
fieldwork section. CSU Internal Audit has adopted flow-
charting and Risk/Control Matrices as the tools to evaluate
the design effectiveness of the Internal Control structure.
Copies are given to the client for their use, future
reference and training needs.
 Prepared by Client (PBC) Listing

This is a document that is prepared by Internal Audit which

documents the items that are needed to complete the
audit.  Items such as reports, vouchers, meeting minutes,
policies and procedures are just a few that would be on
this listing.
 Audit Program

Preparation of the audit program concludes the

preliminary review phase. This program outlines the
fieldwork necessary to achieve audit objectives.
 Fieldwork

The fieldwork concentrates on transaction testing and

informal communications. It is during this phase that the
auditor determines whether the controls identified during
the preliminary review are operating effectively and in the
manner described by the client. The fieldwork stage
concludes with a list of significant findings from which the
auditor will prepare a final draft of the audit report.
 Transaction Testing

After completing the preliminary review, the auditor

performs the procedures in the audit program. These
procedures usually test the major internal controls and the
accuracy and propriety of the transactions. Various
 techniques including sampling are used during the
fieldwork phase.
 Audit Working Papers

Working papers are a vital tool of the audit profession.

They are the support for the audit observations. They
connect the client’s accounting records and financials to
the auditor’s opinion. They are comprehensive and serve
many functions.
 Advice and Informal Communications

As the fieldwork progresses, the auditor discusses any

significant findings with the client. This allows the client the
ability to offer insights and work with the auditor to
determine the best method of resolving the finding.
Usually these communications are oral. However, in more
complex situations, memos and/or e-mails are written in
order to ensure full understanding by the client and the
auditor. Our goal: No Surprises.
 Audit Summary

Upon completion of the fieldwork, the auditor summarizes

the audit findings, conclusions and recommendations
necessary for the audit report discussion draft.
 Internal Audit Report

Our principal product is the final report in which we

document our audit observations and recommendations
for improvements. This also includes management’s
response and implementation plan, the time frame for
completion and responsible individual(s).  To facilitate
communication and ensure that the recommendations
presented in the final report are practical, Internal Audit
discusses the rough draft with the client prior to issuing the
final report.
 Audit Report Discussion Draft

At the conclusion of fieldwork, the auditor prepares a

“draft” report. Audit management thoroughly reviews the
audit working papers and the discussion draft before it is
presented to the client for comment. This discussion draft
is prepared for the unit’s operating management and is
 submitted for the client’s review before the exit
conference.
 Exit Conference

When audit management has approved the discussion

draft, Internal Audit meets with the unit’s management
team to discuss the findings, recommendations and text of
the draft. At this meeting, the client comments on the draft
and the groups work to reach an agreement on the audit
findings and report content.
 Client Response

The client has the opportunity to respond to the audit

findings prior to issuance of the final report which can be
included or attached to our final report. However, if the
client decides to respond after we issue the report, the first
page of the final report is a letter requesting the client’s
written response to the report recommendations. In the
response, the client should explain how report findings
should be resolved and include an implementation
timetable. In some cases, managers may choose to
respond with a decision not to implement an audit
recommendation and to accept the risks associated with
an audit finding. The client should copy the response to all
recipients of the final report if s/he decides not to have
their response included/attached to Internal Audit’s final
report.
 Formal Draft

The auditor prepares a formal draft, taking into account

any revisions resulting from the exit conference and other
discussions. When the changes have been reviewed by
audit management and the client, the final report is issued.
 Final Report

Internal Audit distributes the final report to the unit’s

operating management, the unit’s reporting supervisor, the
Vice President for Administration, the University President,
Controller, Audit Committee Chairman and other
appropriate members of senior University management.
This report is primarily for internal University management
use. The approval of the Chief Internal Auditor
is required for the release of the report outside the
University.
  Auditee/Client Comments

Finally, as part of Internal Audit’s self-evaluation program,

we ask auditee personnel to comment on Internal Audit’s
performance. This feedback has proven to be very
beneficial to us and we have made changes in our
procedures as a result of clients’ suggestions.
 Aging Process

After each audit report is comp-lete, we keep track of all

audit observations and the timeing of implementation.  We
follow-up on each audit point to determine the status.  We
prepare aging reports to present to management and the
Board of Trustees.  Management is accountable for
ensuring that recommendaed implementations arw acvted
upon in completed in a timely manner.
 Follow-Up Review

The client response documentation is reviewed and the

actions taken to resolve the audit report findings may be
tested to ensure that the desired results were achieved. All
unresolved findings will be discussed in the follow-up
report.
 Follow-UP Report

The review will conclude with a follow-up report which lists

the actions taken by the client to resolve the original report
findings. Unresolved findings will also appear in the follow-
up report and will include a brief description of the finding,
the original audit recommendation, the client response, the
current condition and the continued exposure to CSU. A
discussion draft of each report with unresolved findings is
circulated to the client before the report is issued. The
follow-up review results will be circulated to the original
report recipients and other University officials as deemed
appropriate.
 Internal Audit Quarterly Report to the Board

In addition to the distribution discussed earlier, the

contents of the audit report, client response and follow-up
report may also be communicated to the Board as part of
the Internal Audit Quarterly Report.
The Process: A Collaborative Effort
As pointed out, during each stage in the audit process, audit clients have the
opportunity to participate. There is no doubt that the process works best when
client management and Internal Audit have a solid working relationship based on
clear and continuing communication. Many clients extend this working
relationship beyond the particular audit. Once the audit department has worked
with management on a project, we have an understanding of the unique
characteristics of your unit’s operations. As a result, we can help evaluate the
feasibility of making further changes or modifications in your operations.
 

Internal Audit
 Role of Internal Audit
 Meet the Staff
 External Audits
 Organization & Authority
 Mission & Purpose
 Audit Process
 Risk Management
 Audit Types
 Audit Preparation
 COSO & COBIT
 Links
Types of Audit Engagements
 External Audit.
 Internal Audit.
 Forensic Audit.
 Public Sector Audit.
 Tax Audit.
 Information System Audit.
 Environmental & Social Audit.
 Compliance Audit.