Key Points
- The firm sets quality objectives and policies for acceptance and continuance; the engagement partner confirms they were followed on each engagement.
- ISQM 1 requires acceptance and continuance decisions to be revisited whenever new information surfaces that would have caused the firm to decline the engagement originally.
- The FRC's 2024 inspection cycle identified acceptance and continuance as a recurring area where smaller firms lacked formalised procedures.
- Declining or withdrawing from an engagement triggers documentation obligations under both ISQM 1.33 and the firm's ethical code.
What is Acceptance and Continuance?
ISQM 1.30 requires every firm to establish quality objectives for acceptance and continuance. The firm's policies must address whether the firm has the competence, capabilities, and resources to perform the engagement. They must also address whether the firm can comply with relevant ethical requirements (including independence) and whether the firm has considered the integrity of the client's principal owners, key management, and those charged with governance.
At the engagement level, ISA 220.22 places responsibility on the engagement partner. The partner determines that the firm's acceptance and continuance policies have been followed and that conclusions reached are appropriate. ISA 220.23 goes further: if the engagement partner obtains information that would have caused the firm to decline the engagement had that information been available earlier, the partner communicates it to the firm so the firm can take the necessary action. This feedback loop between firm-level policy and engagement-level execution is where the system either works or breaks down.
The practical effect is a two-tier gate. The firm decides whether to accept or continue. The engagement partner confirms that decision holds for the specific engagement, taking into account what has emerged since the original decision. ISQM 1 treats acceptance and continuance as one of eight components of the quality management system, and the firm must design responses (policies or procedures) to address the quality risks it identifies within this component.
Worked example
Client: German engineering company, FY2025, revenue EUR 28M, HGB reporter. Hoffmann approaches the firm in October 2025, requesting an audit for FY2025. The company switched auditors after a dispute over the prior-year going concern paragraph. Revenue has declined 18% year-on-year. The sole shareholder also owns a construction business that has been the subject of press reports alleging undisclosed related-party transactions.
Step 1 — Firm-level acceptance evaluation
The firm's acceptance committee reviews the engagement against its ISQM 1 policies. The committee assesses four factors: the reason for the auditor change, the firm's competence in HGB manufacturing audits, available staff capacity for a Q1 2026 deadline, and the integrity concerns arising from the press reports about the shareholder's construction business.
Documentation note: record the acceptance committee's assessment of each factor. Document the predecessor auditor communication under ISA 300.13(a) and the professional clearance response received. File the press articles and note how management addressed the allegations when asked.
Step 2 — Risk identification and conditions
The acceptance committee identifies two quality risks: first, that the shareholder may resist disclosure of related-party transactions between Hoffmann and the construction business; second, that the prior auditor's going concern paragraph suggests financial difficulty that could pressure the firm to soften its conclusions. The committee approves acceptance subject to conditions. Hoffmann must provide full access to the intercompany transaction ledger before engagement letter signing. The firm assigns a senior manager with HGB experience as engagement manager.
Documentation note: record the quality risks identified per ISQM 1.31, the conditions attached to acceptance, and the date on which each condition was satisfied. Reference the firm's acceptance and continuance policy by section number.
Step 3 — Engagement partner confirmation
The engagement partner reviews the acceptance file before signing the engagement letter. ISA 220.22 requires the partner to determine that the firm's policies were followed. The partner notes the predecessor auditor's response, confirms the intercompany ledger was received on 12 November 2025, and reviews the staffing plan. The partner documents agreement with the acceptance conclusion.
Documentation note: record the engagement partner's review, the date of the review, and the specific items examined. Cross-reference to the acceptance committee's approval memorandum. Note the partner's confirmation under ISA 220.22.
Step 4 — Continuance trigger during the engagement
In February 2026, during interim fieldwork, the team discovers that Hoffmann made a EUR 1.4M payment to the shareholder's construction business with no supporting contract. The engagement partner communicates this to the firm per ISA 220.23, because the information raises integrity concerns that would have affected the original acceptance decision. The firm's acceptance committee reconvenes, reviews the new information, and decides to continue the engagement with an expanded scope for related-party procedures and a direct discussion with those charged with governance.
Documentation note: record the engagement partner's communication to the firm under ISA 220.23, the acceptance committee's reconvened assessment, the decision to continue with expanded procedures, and the rationale for continuing rather than withdrawing. Document the discussion with governance per ISA 550.27.
Conclusion: the acceptance and continuance process produced a documented audit trail from initial evaluation through a mid-engagement reassessment, defensible because each decision point rests on identified quality risks with specified responses, and the feedback loop between engagement partner and firm operated as ISQM 1 intends.
Why it matters in practice
- The FRC's 2024 inspection findings for Tier 2 and Tier 3 firms identified acceptance and continuance as an area where smaller firms lacked formalised procedures. Firms frequently relied on informal partner discussions rather than documented policies that address the specific quality risks ISQM 1.31 requires. Without a structured process, the firm cannot demonstrate that it considered competence, capacity, ethical requirements, and client integrity before accepting an engagement.
- Teams treat acceptance and continuance as a one-time gate at engagement inception and neglect the ongoing obligation. ISA 220.23 requires the engagement partner to communicate information that would have caused the firm to decline the engagement. On multi-year recurring audits, continuance decisions are often rubber-stamped without reassessing changes in client risk profile, management integrity, or the firm's own capacity. ISQM 1.32 requires the firm to address this in its policies.
Acceptance vs. continuance
| Dimension | Acceptance (new client or engagement) | Continuance (existing client or engagement) |
|---|---|---|
| Trigger | Prospective client approaches the firm, or the firm is invited to tender | Annual or periodic reassessment before the next engagement begins |
| Key inputs | Predecessor auditor communication, background checks, independence assessment, competence evaluation | Prior engagement experience, changes in client risk profile, updated independence assessment |
| Common documentation gap | Failing to obtain or document the predecessor auditor communication before signing the engagement letter | Treating the continuance decision as automatic without reassessing changed circumstances |
| ISQM 1 reference | ISQM 1.30(a) — the firm's financial or operational priorities do not lead to inappropriate judgments about acceptance | ISQM 1.32 — the firm addresses information obtained that would have caused it to decline the engagement |
The distinction is practical, not theoretical. Acceptance involves evaluating an unknown quantity. Continuance involves reassessing a known one, with the added risk that familiarity breeds complacency. Firms that apply rigorous acceptance procedures but treat continuance as a formality expose themselves to the exact risks ISQM 1.32 was designed to catch.
Related terms
Frequently asked questions
What happens if new information surfaces after accepting an audit client?
ISA 220.23 requires the engagement partner to communicate the information to the firm promptly. The firm then decides whether to continue the engagement, impose additional conditions, or withdraw. If the firm decides to withdraw, ISA 220.24 requires the engagement partner to take appropriate action, including considering legal and regulatory obligations around reporting. The decision and its basis must be documented.
Does acceptance and continuance apply to non-audit engagements?
Yes. ISQM 1.30 applies to all engagements within the scope of the firm's quality management system, not only audits. Review engagements under ISRE 2400, agreed-upon procedures under ISRS 4400, and compilation engagements under ISRS 4410 all fall within scope. The depth of the evaluation varies with engagement risk, but the firm must have policies covering every service line.
How do I document the decision to decline or withdraw from an engagement?
Record the specific facts that triggered the decision, the quality risks identified, the alternatives considered (such as imposing conditions rather than withdrawing), and the final conclusion. ISQM 1.33 requires the firm to address withdrawal in its policies. Where local law imposes reporting obligations on withdrawal (as in the Netherlands under the Wta), document compliance with those requirements separately.