What is an Audit Engagement Letter?
ISA 210.10 requires the auditor to agree the terms of the audit engagement with management or those charged with governance in writing. The engagement letter is the standard vehicle for recording that agreement, though ISA 210.A22 acknowledges other forms of written agreement may be acceptable depending on jurisdiction.
The letter must cover the applicable financial reporting framework, the objective and scope of the audit, the auditor's responsibilities, and management's responsibilities. Management's responsibilities include preparation of the financial statements under the applicable framework, internal control sufficient to prepare financial statements free from material misstatement, providing the auditor with unrestricted access to all relevant information, and providing written representations as required under ISA 580.
ISA 210.13 requires the auditor to reassess whether terms need revision on recurring engagements. This is not optional — any change in scope, financial reporting framework, governance structure, or regulatory environment should trigger a new letter. The reassessment itself must be documented even when the conclusion is that no changes are needed.
The engagement letter is not a formality. It is the document both parties rely on in disputes about what the auditor was engaged to do, what access was promised, and which responsibilities sit where.
Key Points
- Must be in place before audit work begins — late signing is one of the most frequent regulatory findings.
- Content is prescribed by ISA 210.10: framework, objective, scope, responsibilities of both parties.
- Recurring engagements require annual reassessment under ISA 210.13 — document the assessment even when nothing changes.
- Not a formality — it is the document relied on in disputes about scope and responsibilities.
Why it matters in practice
The most frequent finding across European regulators is late or missing engagement letters. Files show fieldwork beginning weeks or months before the letter is signed. ISA 210.10 is clear: the agreement must be in place before the audit commences.
On recurring engagements, firms routinely skip the annual ISA 210.13 reassessment. The file either contains no evidence of reassessment or carries forward the prior-year letter without considering whether circumstances changed. A new group structure, a change in reporting framework, or a regulatory event may each require revised terms.
ISA 210.11 addresses situations where law or regulation prescribes the terms. Even then, the auditor must confirm that management acknowledges its responsibilities. The legal mandate to be audited does not substitute for management's agreement on access and representations.
Key standard references
- ISA 210.10: Content requirements for the engagement letter — framework, objective, scope, responsibilities.
- ISA 210.11: Situations where law or regulation prescribes the terms of the engagement.
- ISA 210.13: Reassessment of terms on recurring engagements.
- ISA 210.A22: Acceptable forms of written agreement beyond a traditional letter.
Related terms
Frequently asked questions
When must the engagement letter be signed?
ISA 210.10 requires the agreement to be in place before the audit commences. Signing the letter after fieldwork has begun is one of the most frequent findings across European regulators, including the FRC and AFM.
Is a new engagement letter needed every year?
Not necessarily. ISA 210.13 requires the auditor to assess whether circumstances require revised terms each year. Any change in scope, framework, governance, or regulatory environment should trigger a new letter. The assessment itself must be documented even when no changes are needed.