El Sayed El Ayouty & Co (Moore KSA)

Client Acceptance & Continuance Policy

Prepared/
Approved
Version Issue Date Reviewed by by
[1]

1
Chapter I - Acceptance and continuance policy

S. No. Description
1 Introduction
2 Objectives
3 Client acceptance
4 Client continuance
5 Engagement acceptance
6 Responsibilities of engagement managers
7 Documentation
8 Special considerations for high-risk clients
9 Monitoring procedures

2
1 Introduction

International Quality Management Standards state that the firms shall establish policies and
procedure for acceptance and continuance of client relationship and specific engagements,
designed to provide the Firm with a reasonable assurance that it will only undertake or
continue relationships and engagements where the Firm:
● Is capable of carrying out the engagement and has the time and resources to do so;
● Can adhere to relevant ethical standards; and
● Has assessed the integrity of the client and does not have any information that would
lead it to believe that client lacks integrity.

These policies and procedures will require the firm to gather such information as it deems
appropriate in the circumstances prior to accepting a new client engagement, deciding
whether to continue an existing engagement, and when considering acceptance of a new
engagement with an existing client

If a potential conflict of interest is discovered when accepting a new or current client, the
firm must decide whether or not to accept the engagement. If issues have been identified,
and the firm decides to accept or continue the client relationship or a specific engagement,
the firm has to document how the issues were resolved.

The Firm shall develop policies and procedures on continuing an engagement and
maintaining a client relationship, including how to handle situations when the firm discovers
information that would have prompted it to decline the engagement if that information had
been accessible earlier. These policies and procedures must take into account:

● The firm’s professional & legal obligations under the circumstances, including whether it
is required to report to the person or persons who made the appointment or, in some
cases, to regulatory authorities; and
● The possibility of withdrawing from the engagement or from both the engagement and
the client relationship..

Moore has designed the Client Acceptance & Continuance Policy (the Policy) to comply
with the above requirements of International Quality Management Standards.

2 Objectives

The objectives of this policy are to:

● obtain information to enable the firm to determine to accept or continue with a client;
● determine if there are potential conflicts of interest or independence issues; and
● document identified issues and how the firm decided to accept or continue with the
client.

3
● Assess if the firm will be subject to any risk if it chooses to accept or continue with a
client.

3 Client Acceptance

The first step in the client acceptance or continuance process is to assess Moore’s ability to
perform the engagement, and the specific engagement related risks involved.

The engagement leader (including partners and directors having engagement leader role)
shall be satisfied that appropriate procedures regarding the client acceptance and
continuance have been performed appropriately. Following are the three broad categories
of assessments that Moore is required to assess before accepting any new client.

A. Competence, Capabilities & Resources

Engagement leader shall assess whether:

⮚ Moore has sufficient and competent resources with the required skills, qualification
and knowledge to execute the engagement while maintaining appropriate
engagement quality.
⮚ Moore staff/teams have relevant experience of working in similar industries/business
sectors.
⮚ Moore has the ability to complete the engagement within the reporting deadlines.

⮚ There is a partner available to perform the responsibilities of engagement quality

control reviewer, where needed and applicable.

B. Relevant Ethical Requirements

⮚ Can Moore comply with ethical and independence requirements while serving this
client?
⮚ Where conflicts, lack of independence or other similar threats are identified, whether
appropriate safeguards are in place to reduce the magnitude of threat?

C. Integrity of client

Is the engagement leader satisfied about:

4
⮚ The identity and business reputation of the client’s principal owners, key
management, and those charged with governance.
⮚ The nature of the client’s operations, including its business practices and locations.

⮚ Information about the attitude of client’s shareholders, key management and those
charged with governance is available and is acceptable to the engagement partner.
⮚ Whether the client is aggressively concerned with maintaining the Firm’s fees as low
as possible.
⮚ Any indication of an inappropriate limitation in the scope of work?

⮚ Indications that the client might be involved in money laundering or other criminal
activities.
⮚ The reasons for the proposed appointment of Moore and non-reappointment of the
previous auditors.
⮚ The identity and business reputation of related parties.

⮚ Where conflicts, lack of independence or other similar threats are identified, whether
appropriate safeguards can reduce the magnitude of threat?

D. Client Acceptance Procedures

Once the Risk & Quality department and the engagement leader have performed
assessment of above factors, following detailed client acceptance procedures shall be
performed by engagement team:

⮚ Obtain relevant information and documents (e.g. certificate of commercial

registration, articles of association, By-laws, list of related parties including BoD
members, latest audited financial statements, etc),
⮚ Run background checks through following steps and communicating results to the
engagement partner:
o World check
o Google search
o Conflict check (using Moore Global tools) - Copernicus
⮚ Complete the client acceptance forms and determine the expected risk.

⮚ Obtain the partner's approval on the client acceptance forms.

5
⮚ Obtain negative independence confirmation from all partners and the allocated team
in Moore.
⮚ Obtain professional clearance from predecessor auditors of the client.

⮚ Ensure that the assigned engagement team has past experience of practice in the
similar industry.

Proposal for any services shall not be submitted to a client, unless the above-mentioned
background check has been performed.

No client shall be accepted until the professional clearance letter has been obtained from
the predecessor auditors.

If issues / risks have been identified during the acceptance or continuance process, and the
firm decides to accept or continue the client relationship, an approval shall be obtained from
the risk management partner.

In certain cases, where the deadline to submit an audit proposal is very strict and the
engagement team does not have sufficient time to perform and complete the
aforementioned acceptance procedures, the engagement leader can authorize to submit
the proposal with disclaimer that the appointment of the Firm as auditors is subject to
satisfactory completion of the acceptance procedures and in case of any conflict or
independence issue, the Firm has a right to withdraw the proposal.

4 Client Continuance

All above assessments shall be performed at the time of client continuance if there are any
significant changes in the client’s circumstances, e.g. change in business model of the
client, change in managing partner, change in shareholding, etc.

5 Engagement Acceptance

No engagement shall be accepted without performing client acceptance and / or

continuance procedures.

Engagement partner is responsible for ensuring that:

⮚ Moore has relevant resources, expertise and experience to perform the engagement
within stipulated timelines.
⮚ Moore understands the financial reporting framework and has prior experience of
issuing similar deliverables.

6
⮚ There are no implicit and / or explicit scope limitations imposed by management or
those charged with governance.

No engagement letter shall be signed until engagement acceptance has been approved by
the engagement leader.

No audit engagement shall commence until client acceptance, engagement continuance

and engagement letter sign-offs have been completed.

6 Responsibilities of engagement managers

Engagement managers shall ensure that:

⮚ Client acceptance procedures are performed and signed off before submitting a
proposal. Client continuance procedures are performed and signed off before
signing an engagement letter with the client and before mobilizing an engagement
team.
⮚ Client continuance procedures are performed and signed off at least 3 months
before the client’s year end.
⮚ Client acceptance and continuance procedures are revisited and reperformed if
there are any significant changes in the circumstances, e.g. new managing partner,
change in ownership structure of the client, etc. during the course of the audit.

7 Documentation

Engagement manager shall, as part of client acceptance and continuance procedures,

complete and sign the following templates developed by Moore.

⮚ Client acceptance and retention forms (Appendix Forms 4A, 4B, 4C, 4D, 4E).

The above templates should be attached in the CaseWare file of the engagement and
signed off by the engagement leader.

The engagement manager shall run a World Check for which Moore has started using the
services of the relevant third party application.

7
In addition to the above forms, the engagement manager shall perform a conflict check (for
listed clients, public interest entities and group audits) by sending a request to Moore
Global. Moore Global has an internal system called Copernicus and at the same time, we
have to send an email to Moore Global team with a prescribed form (refer attached
Appendix 1). The conflict check request will include information like name of entity, group
structure (if applicable), territories where check is required, names of related parties,
country of registration, entity size, main operations, etc.

8 Special considerations for high-risk clients

The managing partner will hold the ultimate responsibility for maintaining a process to
assess engagement risks before accepting and continuance of engagements. The
managing partner’s approval is sought for accepting engagements with fees exceeding
SAR 150,000 (for audit services) and SAR 75,000 (for non-audit services) as well as high
profile clients and public interest entities. The Risk & Quality department is responsible for:

⮚ arranging panel meetings to seek approval of the managing partner on

accepting/continuing such engagements;
⮚ participation in the panel discussions, providing its input and challenging proposal
team’s judgments;
⮚ maintaining minutes of the panel discussions including the conclusions reached; and

⮚ disseminating updates, as needed.

9 Monitoring processes

9.1 Acceptance and continuance

On 15 December every year, a member of the Risk and Quality department will obtain a
complete list of active clients from the client management system. Based on inquiries from
respective engagement teams, he/she will update the list with the following information:

● Name of client
● Year-end

8
● Name of engagement leader
● Name of engagement director, if applicable
● Name of engagement manager
● Date of A&C approval by the engagement leader
The Risk and Quality department will compare the year-end dates with the dates of A&C
approval to identify any A&Cs approved after 3 months before the year-end date and
generate an exception report which will be circulated to the managing partner.

9.2 High-risk clients

On a half-yearly basis, a pipeline report will be prepared and shortlist all opportunities that
exceed the monetary threshold of fees documented above. A member of the Risk & Quality
department will identify all opportunities where a panel discussion was not held and will
write to the respective engagement team to obtain reasons for the exceptions. Based on
the responses, exceptions will be reported to the managing partner.

9
Chapter II - Client Termination and Engagement Withdrawal Policy & Procedures

S. No. Description
1 Introduction
2 Proposed procedures
3 Withdrawal from engagement
4 Internal & external communication of the decision
5 Communication with successor auditors
6 Documentation of the withdrawal
7 Termination of engagement
8 Additional considerations for high-risk clients
9 Terminated clients tracker

10
1. Introduction

International standards on quality management – ‘requires that all audit firms should
define the process to be followed when it has been determined that withdrawal from an
engagement is necessary. This process will normally include:

Consideration of the professional, regulatory, and legal requirements and any mandatory
reporting which must be made as a result;

● Communicating with the client’s management and those charged with governance
to discuss the facts and circumstances leading to the withdrawal from engagement
and / or terminating the relationship with client; and

● Documenting the significant matters which led to the withdrawal including the
results of any consultation, the conclusions reached, and the basis for these
conclusions.

These policies and procedures have been developed with the objective to guide functional
area leaders / engagement teams about procedures to be followed when terminating
relationships with clients either as a result of the Firm’s decision or by client.

Termination of client relationship, appointment and engagement can occur in either of the
following situation:

● Initiation by client to terminate the relationship prematurely;

● Completion of regulatory period (rotation period) as prescribed in the Companies

Law

● Termination by non-renewal of recurring engagement; or

● Moore voluntarily terminates the relationship due to any of the circumstances as

mentioned in section 3 below.

2. Proposed procedures

In order to ensure compliance with professional standards, the engagement leader shall
take the following course of action:

● Ensure that withdrawal is carried exactly in accordance with terms of engagement

letter, professional, regulatory and other relevant standards and local regulations.

11
● Consult with the Risk & Quality department and describe the reasons for suggested
withdrawal, details of communication with client along with potential risks faced by
Moore if the engagement is continued.

● Consult with the managing partner and ensure that all reasons for the potential
termination are communicated with sufficient details.

● If the client terminates the engagement prematurely as a result of a complaint

relating to services performed by Moore, the matter shall be referred to the Risk &
Quality department as well as the managing partner.

● Ensure that the termination is appropriately communicated to the client and those
charged with its governance (e.g. the audit committee) and to ensure that regulatory
reporting requirements, if any, are met.

● Documenting the matters which led to the withdrawal including the results of any
consultation, the conclusions reached (minutes of meeting), and the basis for these
conclusions.

● Ensuring that the withdrawal process is approved by both parties (Moore & the
client) and does not breach any instruction by the regulators.

● Engagement manager should ensure every year that if the client has completed the
mandatory rotation period or not before signing the audit engagement letter as part
of the client acceptance and continuance process.

3. Withdrawal from engagement

It is not possible to list all possible circumstances when Moore should resign from an
engagement, however, certain circumstances are defined under different auditing
standards which require auditors to withdraw from an audit engagement, which are as
follows:

● Threats to independence that became known after commencement of engagement

and it is not possible to reduce the threats to an acceptable level through applying
safeguards.

● Moore is unable to obtain sufficient appropriate audit evidence and the possible
effects of undetected misstatements on financial statements could be material and
pervasive.

● Moore is unable to accept change in terms of audit engagement after accepting the
engagement which limits the scope of audit.

12
● As a result of misstatement resulting from fraud or suspected fraud and those
charged with governance are not taking appropriate remedial action.

● Client’s management and those charged with governance are not taking any
corrective action that Moore considers appropriate for non-compliance with laws
and regulations.

● Client’s management does not allow Moore audit team to have clear and two-way
communication with those charged with governance.

● When there are concerns about competency, integrity or ethical values of those
charged with governance or management and their commitment.

● Revision of other information included in the document containing the financial

statements and audit report thereon, where other information is not consistent with
the financial statements and management refuses to make necessary amendments.

● Significant disagreement with management over accounting principles or financial

statements disclosures (management & those charged with governance refuse to
accept Moore’s views).

● Availability of information subsequent to the acceptance of engagement, availability

of which would have necessitated Moore to decline the engagement.

● When Moore provides other services to the client which are material to the financial
statements, Moore should consider withdrawing from audit engagement.

● Major change in any of the following:

● Nature of the client’s business;
● Client’s ownership, management or directors;
● Client’s financial condition;
● Scope and nature of the services of engagement;
● Attitude of client’s management;
● Availability of specialist resources to undertake the engagement; or
● Reasons that compromise auditors’ independence or objectivity.

There are several factors that must be considered before deciding to withdraw from an
audit engagement, which are as follows:

● Significance / magnitude of the reason leading to withdrawal from engagement.

13
● Does the local legal and regulatory environment allow withdrawal from engagement
under specific circumstances. If not, the engagement team shall complete the
procedures and shall issue a disclaimer of opinion.

● When Moore provides (or has a prospect to provide) other services to the client
which are material to the financial statements, Moore should consider withdrawing
from audit engagement.

Further, another important consideration is whether Moore is withdrawing from a particular

engagement without impacting the relationship with the client or terminating the
relationship as well.

Once it has been decided to terminate an engagement, the existing client relationship
should be carefully considered and the withdrawal should be appropriately carried out in
accordance with the contract terms, professional standards and regulatory requirements. It
may be appropriate to obtain legal advice from a local legal expert or the Risk & Quality
department, especially in those cases where work has begun but a deliverable has not
been issued to the client.

4. Internal & external communication of the decision

When Moore withdraws from an engagement and / or terminates the relationship with any
client, the decision shall be communicated to all lines of services within Moore along with
the reason for the withdrawal.

If another line of service is providing services to the client, the audit engagement lead
partner will discuss the matter with the other line of service leader and consult with the
Risk & Quality department to determine the appropriate course of action.

The engagement partner shall determine the requirements about communication of the
withdrawal decision to the highest level of authority in the client and / or requirement to
communicate the decision to external stakeholders e.g. shareholders, regulators etc.

A clear and unambiguous withdrawal letter shall be written to those charged with
governance along with reasons of withdrawal (in case of an entity with public interest,
letter shall be written to the general assembly of shareholders).

Moore shall seek acknowledgement of the above letter from the addressee.

In case of an entity being regulated by SAMA / CMA, a communication is also made to

SAMA / CMA.

14
Any appropriate reporting of withdrawal to SOCPA shall also be complied with by Moore
where required.

5. Communication with successor auditors

In circumstances where Moore has withdrawn from an engagement due to disagreement

with the management or those charged with governance, a standard letter of professional
clearance is unlikely to be issued, therefore, the engagement partner shall consult with the
Risk & Quality department.

As outgoing auditors, Moore has a professional responsibility to promptly respond to

incoming auditors, to their routine enquiry about any reasons as to why they should not
accept the engagement.

Moore should not communicate with the incoming auditors until they have written to Moore
seeking information which could influence their decision whether or not to accept an
appointment with the client. Moore should answer all communications from the prospective
auditors without delay. All such communications will invariably be in writing (and not oral).

If in Moore's view, there is no information as to why they should not accept the
engagement and any matter which they should be aware of, Moore should write clearly to
confirm the fact.

However, if in Moore's view, there is information which incoming auditors should be aware
of before they decide to accept the appointment, Moore should write the fact and
information clearly. The final communication to the incoming auditors should be reviewed
by Moore’s Risk & Quality Department.

6. Documentation of the withdrawal

The engagement partner shall ensure that the audit engagement file includes detailed
documentation about the reason to withdraw from engagement. The documentation shall
include following:

● Specific circumstances that led to the decision of withdrawal from the engagement.
However, the engagement team should refrain from documenting any defamatory
information;

● Details of consultation (minutes of meetings) that took place and final outcome of
the consultation;

● Details of communication with management and those charged with governance;

15
● Details of discussion among engagement partner, Risk & Quality department and
the managing partner;

● Final communication issued to the management regarding decision of the Firm to

withdraw from engagement; and

● Communication sent to regulator, if any.

7. Termination of engagement

Moore can consider terminating an engagement where:

● Any circumstances that would lead Moore to decline an invitation to accept an

engagement becomes apparent in a client; or

● There is a persistent disagreement with the client’s management on a matter of

principle and termination is considered to be in the best interest of all stakeholders.

In any of the above cases, the engagement leader should assess the matters leading to
termination of the engagement and voluntary resignation of Moore. If the termination is
with mutual consent of Moore and the client, the fact and related correspondence should
be appropriately documented.

8. Additional considerations for high-risk clients

Additional considerations apply in case of withdrawal from engagements of high-risk

clients like government entities, regulated entities, listed entities, etc. The engagement
leader should consult with the Risk & Quality department if such a high-risk client requests
Moore:

● may be removed or resign from the audit prematurely;

● should not seek reappointment under a general invitation to propose; or

● should not seek reelection at the end of the engagement contract.

16
Chapter III - Policy for deviation from standard engagement letter

S. No. Description
1 Requirements for engagement letter
2 Background
3 Circumstances of deviation from standard engagement
letter
4 Scope
5 Objective
6 Policy statement
7 Documentation
8 Monitoring and reporting

17
1. Requirements for engagement letter

2. The goal of an engagement letter is to set expectations for both parties involved in
a professional business relationship. Although less formal than a contract, an
engagement letter is nevertheless a legally binding document that can be used in court.
Therefore, the Firm needs to draft the engagement letter with due care and it should be
signed after thorough review or consultation.

Moore has developed draft templates for audit and review engagement letters (in dual
language) that are available to all team members. For all audit and review engagements,
these templates must be used. However, there may be cases where deviation from
standard engagement letters might be required.

As a best professional practice, policy for deviation from standard engagement is

mandatory to avoid building expectations that are invalid and or not true for both parties to
the engagement.

3. Background

4. a) For Audit / Review engagements

5. International Standard on Auditing ISA 210 PARA 10 states:

Subject to paragraph 11, the agreed terms of the audit engagement shall be recorded in
an audit engagement letter or other suitable form of written agreement and shall include:
(Ref: Para. A23–A27)

a) The objective and scope of the audit of the financial statements;

b) The responsibilities of the auditor;
c) The responsibilities of management;
d) Identification of the applicable financial reporting framework for the preparation of
the financial statements;
e) Year of service and fees
f) Payments terms and conditions
g) Reference to the expected form and content of any reports to be issued by the
auditor; and (Ref: Para. A24)
h) A statement that there may be circumstances in which a report may differ from its
expected form and content.
6. b) For engagements other than audit and review of historical financial
information
7. International Standard on Assurance Engagements ISAE 3000 PARA 27
states that:
The practitioner shall agree the terms of the engagement with the engaging party. The
agreed terms of the engagement shall be specified in sufficient detail in an engagement

18
letter or other suitable form of written agreement, written confirmation, or in law or
regulation. (Ref: Para. A57–A58)
Furthermore, International standards on quality management requires that:
The Firm shall establish policies and procedures designed to provide it with reasonable
assurance that:
a) Appropriate consultation takes place on difficult or contentious matters;
b) Sufficient resources are available to enable appropriate consultation to take place;
c) The nature and scope of, and conclusions resulting from, such consultations are
documented and are agreed by both the individual seeking consultation and the
individual consulted; and
d) Conclusions resulting from consultations are implemented.

Instances of deviation from standard engagement letters is also a mandatory consultation

matter.

8. Circumstances of deviation from standard engagement letter

Under certain circumstances, clients may ask for change in certain terms and conditions
as mentioned in the standard engagement letter. Although it is not possible to enumerate
all such scenarios, the following are some of them:

● Certain terms and conditions may not be agreed by the client. The engagement
team, in consultation with the Risk & Quality department needs to assess the impact
of the changes to ensure that these are not detrimental to Moore’s interests and do
not expose the Firm to any reputational, legal or other risks.
● Change in standard clause for limiting Moore’s liability. Generally, Moore’s liability is
limited to the extent of the audit fee. However, in certain cases, some clients require
to increase the liability cap in excess of the audit fee or remove the cap altogether.
This is a very serious matter which requires careful deliberation and approval of the
Risk & Quality department as well as the managing partner. Ordinarily, changes to
liability cap are not acceptable.
● Payment terms and conditions are requested by the client which are not standard
terms of Moore. Generally, any changes to the economic terms are acceptable
considering the relationship with the client.

19
9. Scope
10. This policy is applicable for all engagement letters where deviation from standard
engagement letters of the Firm is requested by a client.
11. Objective
12. This policy is designed to meet the requirements of International standards on
quality management and International Standard on Auditing 210, International Standard
on Assurance Engagements ISAE 3000, and to unify the plan of action and avoid building
invalid and false expectations for engagements where deviation from standard
engagement letter is needed.
13. Policy statement
14. The engagement team including the engagement leader, and other staff shall
ensure to put up a consultation request to the Risk & Quality department to seek their
consultation and approval on deviation from standard engagement letter.
15. Documentation
If any change in standard engagement letter is made, engagement partner shall ensure
that following is appropriately documented in engagement file:

● Need for change in engagement letter, e.g. request from the client;
● Communication with the client, and the approval from the Risk & Quality
department; and
● Engagement partner’s approval for the change to the standard terms of the
engagement letter.

16. Monitoring and reporting

The Risk & Quality department will maintain a log of all such consultations received during
the year requiring changes to the standard terms of the engagement letter. This log shall
be sent to the managing partner on an annual basis for their review. The log should
contain the following information at a minimum:

● Name of client
● Year end
● Name of engagement leader
● Name of engagement manager
● Name of Quality Review Partner (if applicable)
● Basis for requesting deviation from standard engagement letter
● Name of consultant engaged from R&Q department
● Date of consultation
● Date of response from the consultant
● Conclusion made by the consultant.

20