Client acceptance and continuance

Knowing when to say no.

Asking the right questions when considering either acceptance of new clients or continuance of existing
clients, is a key first step for establishing a quality relationship between the auditor and client.
Audit firms are encouraged to approach client acceptance and continuance with selectivity, taking on and
retaining only those audit clients that are consistent with their ethical obligations.
Due diligence on prospective clients is a necessary step for reducing risk, and an audit firm that fails to take
a selective approach to client acceptance may face financial losses, reputational damage and even litigation.
The Financial Markets Authority (FMA) recently released its first report on its audit quality reviews for the
year ended 30 June 2013. The report identifies acceptance and continuance procedures as one of the
weaknesses that impacted on the overall quality of some issuer audits performed. It observes that
acceptance and continuance procedures were not always documented on the audit file, or failed to take into
account all issues identified during the prior years audit, such as management fraud.
Client acceptance and continuance procedures should focus on independence considerations, possible
conflicts of interest and whether the firm is competent to perform the engagement, and has the capabilities,
including time and resources to do so. However, this weakness is not just isolated to the audits of issuers; it
is an area that practice review finds there is scope for improvement in non-issuer audits too.

What do the standards say?

In the current business environment, it not only makes good business sense to consider client due diligence,
but certain client acceptance and continuance procedures are required by the auditing and assurance
standards.
ISA (NZ) 210 Agreeing the terms of the audit engagement establishes the preconditions for accepting an
audit, which are:

an acceptable financial reporting framework has been used in the preparation of the financial
statements
those charged with governance agree that they acknowledge and understand their responsibilities.
If the preconditions for an audit are not present, the auditor must discuss the matter with those charged
with governance. Unless required by law or regulation to do so, the auditor must not accept the
engagement.
ISA (NZ) 220 Quality control for an audit of financial statements deals with those aspects of engagement
acceptance that are within the control of the auditor. The engagement partner must be satisfied that
appropriate procedures regarding the acceptance and continuance of client relationships and audit
engagements have been followed, and must determine that conclusions reached in this regard are
appropriate.
PES 3 Quality control for firms that perform audits and reviews of financial statements, and other assurance
engagements requires the firm to obtain information considered necessary in the circumstances before
accepting an engagement with a new client, and when deciding whether to continue an existing
engagement.
Information such as the following assists the engagement partner in determining whether the conclusions
reached regarding the acceptance and continuance of audit engagements are appropriate:

the integrity of the principal owners, key management and those charged with governance of the
entity

whether the engagement team is competent to perform the audit engagement and has the
necessary capabilities, including time and resources

whether the firm and the engagement team can comply with relevant ethical requirements
significant matters that have arisen during the current or previous audit engagement and their
implications for continuing the relationship.

Ethical requirements
Audit firms should expect the same commitment to quality and integrity on the part of their clients as they
do of themselves. As a result, many have developed and implemented improved processes for approving
new clients as well as reviewing relationships with existing clients.
An important part of the client acceptance process, which is required by NZICAs Code of Ethics (Revised
2013), is for the prospective auditor to communicate with the existing auditor in writing. A professional
clearance letter enquires whether there are any professional or other reasons why the engagement should
not be accepted. For example, one such reason may be a disagreement with some particular accounting
treatment the client wishes to adopt. However, before the existing auditor can pass on any information to
the prospective auditor, they must have the clients authority to discuss its affairs. If the client refuses
permission then all the existing auditor can do is advise the prospective auditor that there are matters they
would like to discuss but the client has refused permission for this, and this should speak volumes.
The practice of low-balling, in which audit fees are deliberately understated in order to win new clients, is
believed to weaken auditor independence. For this reason, this pricing behaviour is discouraged by
regulators and NZICA. Furthermore, low-balling may also tempt the auditor to reduce the amount of audit
work performed and therefore compromise audit quality, including where staff are under unreasonable
pressure to do the same work in less time. If unrealistic fees continue to be charged over the medium or
long term, this may result in decreased investment in developing the audit profession, which in turn could
result in a reduced supply of competent auditors. In summary, quality costs, but the absence of quality costs
more in the long run.

Adequate resources
Prior to acceptance or continuance of an audit engagement, the engagement partner must determine that
the audit team has the necessary technical expertise and sufficient resources such as time and access to
experts. The increasing complexity and regulation of audit requires a significant investment of practice
resources to maintain audit competence. Internal and external reviews are an important mechanism to help
practitioners decide whether they are competent and adequately equipped to perform audits.
This issue was demonstrated in the 2009 report by former Companies Registrar Neville Harris on the failed
finance companies. He cited issues that arose as to whether auditors had sufficient capability and experience
to conduct the initial due diligence for the client, and to audit such complex and elaborate company and
business structures. He further observed that the audits of many of these finance companies lacked the
rigour and analytical depth one would expect for entities managing substantial public investments.
The International Accounting Education Standards Board (IAESB) recently released for comment an
Exposure Draft of International Education Standard (IES) 8 (Revised), Professional Competence for
Engagement Partners Responsible for Audits of Financial Statements (comments are due 17 April). It
recognises that as the career of a practitioner progresses, practical experience also becomes increasingly
important in maintaining and further developing the necessary depth and breadth of professional
competence.

Key message

Typically the process of handling audit client acceptance and continuance varies with the size of the firm,
and such directives should be included in a firm's quality control manual. The process should provide the
audit firm with information to judge whether the entity meets or exceeds the necessary standards of
integrity and whether the firm has the capacity to perform a quality audit. if these standards are not clearly
met, the engagement should not be accepted. If a client no longer meets the firm's standards, or when the
firm cannot commit sufficient resources to deliver a quality audit to the client, the auditor should not accept
the engagement. As with any auditing procedure, the process should be documented and all correspondence
retained as audit evidence.
The cost of client due diligence is a small fraction of the value of the engagement, and if the outcome is
acceptance this cost should be passed onto the client as part of the audit fee. If the prospective client is not
accepted, then clearly this is time and money well spent. The key message is that audit firms can turn work
down, a firm does not have to accept an audit engagement, it can say no to clients that do not fit the risk
profile of the firm and capital will go where it is deserved. This will contribute towards developing a healthy
and profitable business.

At a glance red flag examples

1. Frequent changes of auditors can mean an organisation is opinion shopping.
2. Poor financial history prior failed business or bankruptcy could indicate a person who takes
unjustifiable risks.
3. Work/business history is there unstable address, employment or professional history?
4. Overly litigious as a plaintiff or defendant signals a party who is not afraid to sue, presents a risk of
non-payment or who may not honour their agreements.
5. High turnover in upper management can indicate a lack of internal stability.
6. Short operating history where were the management team before they were at the current
organisation?
7. Foreign operations/plants complex business structures may be concealing something.
8. Reluctance to provide references if they are reluctant to disclose information now, how will they be
once they are a client?
9. Pressure to start work quickly can be a sign that they do not want you looking into their background.
10. Regulatory actions can indicate poor internal controls or a management team ignoring internal
controls.

ACCEPTANCE DECISIONS FOR AUDIT AND

ASSURANCE ENGAGEMENTS
RELATED LINKS

Student Accountant hub page

Relevant to ACCA Qualification Paper P7
The syllabus for Paper P7, Advanced Audit and Assurance includes Professional Appointments (syllabus reference
C4). The learning outcomes include the explanation of matters that should be considered and procedures that should
be followed by a firm before accepting a new client, a new engagement for an existing client, or agreeing the terms of
any new engagement. The engagement may be an audit, or it may be a non-audit or assurance engagement.
Acceptance decisions are crucially important, because new clients and/or engagements can pose threats to

objectivity, or create risk exposure to the firm, which must be carefully evaluated. One of the current issues being
debated in the profession is whether there should be an outright ban on the provision of non-audit services to audit
clients. In addition, new International Standard on Auditing (ISA) requirements compel the firm to establish whether
preconditions for an audit are present when faced with a potential new audit engagement. All of these factors mean
that acceptance decisions must be taken with care.

ACCEPTING NEW AUDIT CLIENTS

IFACs Code of Ethics for Professional Accountants states: Before accepting a new client relationship, a professional
accountant in public practice shall determine whether acceptance would create any threats to compliance with the
fundamental principles. Potential threats to integrity or professional behaviour may be created from, for example,
questionable issues associated with the client (its owners, management or activities). This means that when
approached to take on a new client, the firm should investigate the potential client, its owners and business activities
in order to evaluate whether there are any questions over the integrity of the potential client which create
unacceptable risk. These investigative actions are usually performed as know your client/customer or customer due
diligence procedures, which are also carried out in order to comply with anti-money laundering regulations.
Once a client has been accepted, the firm should consider the suitability of the specific engagement it has been
asked to perform. In particular there may be ethical threats which mean that the engagement should not be accepted,
in particular whether there are any threats to objectivity. Potential threats could arise for example, if members of the
audit firm hold shares in the client or there are family relationships. If threats are discovered, it may not mean that the
client must be turned down, as safeguards could potentially reduce the threats to an acceptable level.
There may be other ethical matters to evaluate in relation to a potential new engagement, for example, whether any
conflict of interest or confidentiality issues could arise, and if so, whether appropriate safeguards can be put in place.
Also, the firms competence to perform the potential work should be evaluated, especially if the potential client
operates in a specialised industry, or if the client has a complex structure. A self-interest threat to professional
competence and due care is created if the engagement team does not possess, or cannot acquire, the competencies
necessary to properly carry out the engagement. Practical matters such as the resources needed to perform the
work, the deadline for completion, and logistics like locations and geographical spread will have to be looked into as
well.
Obviously, these matters need to be evaluated in the specific context of the potential engagement, and should be fully
documented. Different types of potential engagement will give rise to different matters that should be evaluated. For
example, if the firm is asked to perform the audit of a large group of companies with operations in many countries,
then resourcing the audit may be the most significant issue. The fee may be large, leading to a self-interest threat of
fee dependence. On the other hand, if asked to perform the audit of a small owner-managed company, fee
dependence is less likely to be an issue, but threats potentially created by the auditor appearing to make
management decisions could be significant. In answering requirements on client and engagement acceptance,
candidates are warned that their comments must be made specific to the scenario presented to them in order to pass
the requirement.

Commercially, an engagement should be profitable to make it worthwhile for the firm. But the firm must take care that
commercial considerations do not outweigh other matters to be considered.
IFACs Code makes it clear that acceptance decisions are not to be treated as a one-off matter. The Code states: It is
recommended that a professional accountant in public practice periodically review acceptance decisions for recurring
client engagements. Changes in the circumstances of either the client, or the audit firm may mean that an
engagement ceases to be ethically or professionally acceptable or creates a heightened level of risk exposure.
Therefore, client continuance assessments are important and should be fully documented.

PRECONDITIONS FOR AN AUDIT

Once a firm has decided to go ahead with an audit engagement, it must comply with the requirements of ISA
210, Agreeing the Terms of Audit Engagements. ISA 210 was revised as part of the International Auditing and
Assurance Standards Boards Clarity Project, with new requirements to perform specific procedures in order to
establish whether the preconditions for an audit are present.
ISA 210 defines preconditions for an audit as follows: The use by management of an acceptable financial reporting
framework in the preparation of the financial statements and the agreement of management and, where appropriate,
those charged with governance to the premise on which an audit is conducted. This means that the auditor must do
two things. First, the auditor must determine the acceptability of the financial reporting framework to be applied in the
preparation of the financial statements. This includes evaluating whether law or regulation prescribes the applicable
financial reporting framework, considering the purpose of the financial statements, and the nature of the reporting
entity (for example, whether a listed company or a public sector entity). In most cases this will simply be a matter of
confirming with the client that the financial statements will be prepared under International Financial Reporting
Standards, or other national reporting framework.
Second, the auditor must obtain the agreement of management that it acknowledges and understands its
responsibility:

For the preparation of the financial statements in accordance with the applicable financial reporting
framework.

For internal controls to enable the preparation of financial statements which are free from material
misstatement, whether due to fraud or error.

To provide the auditor with access to all information necessary for the purpose of the audit.

In relation to the final bullet point, if management impose a limitation on the scope of the auditors work in the terms of
a proposed audit engagement, the auditor should decline the audit engagement if the limitation could result in the
auditor having to disclaim the opinion on the financial statements. The engagement should also be declined if the
financial reporting framework is unacceptable, or if management fail to provide the agreement outlined above. (ISA
580, Written Representations also requires that management provide written representations regarding its
responsibilities in relation to the preparation of financial statements.)

ACCEPTING NON-AUDIT ASSIGNMENTS

It is very common for audit clients to approach their auditor for the provision of additional services, ranging from audit
related services such as tax planning and bookkeeping, to other engagements such as due diligence and forensic
investigations. The audit firm must again carefully consider whether it is ethically and professionally acceptable to take
on the additional service.
The main ethical threat created by the provision of non-audit services is the threat to objectivity. The threats created
are most often self-review, self-interest and advocacy threats and if a threat is created that cannot be reduced to an
acceptable level by the application of safeguards, the non-audit service shall not be provided. The UK Auditing
Practices Boards (APB) Ethical Standard 5, Non-audit services provided to audit clients contains similar principles,
and emphasises the management threat which exists when the audit firm makes decisions and judgments that are
properly the responsibility of management.
Both the Code and ES 5 outline a principles-based approach to determining the acceptability of a non-audit service to
an audit client. With a few exceptions, if safeguards can reduce threats to an acceptable level then the service may be
provided. Safeguards could include using separate teams to provide the various services to the client, and the use of
second partner review or Engagement Quality Control Review. ES 5 specifies that it is the audit engagement partner
who should evaluate the level of threat, the effectiveness of safeguards, and is ultimately responsible for the
documentation of the acceptance decision.
The provision of non-audit services to audit clients continues to be debated by the profession. Many argue in favour of
outright prohibition as being the only measure which can totally safeguard auditors objectivity. However, it is accepted
that audit firms are best placed to provide audit clients with additional services due to the knowledge of the business
which they already possess, leading to a lower cost and higher quality service than that would be provided by a
different firm. In 2010 the APB issued a feedback and consultation paper The provision of non-audit services by
auditors , which prompted continued discussion of these issues and recommended a number of measures to:

Increase the rigour with which auditors assess threats to their independence

Introduce a new non-audit services disclosure regime and

Increase the role of Audit Committees in overseeing the retention of a companys auditors to undertake nonaudit services.

The final bullet point is important as it links to corporate governance. Under many codes of corporate governance,
including the UK Corporate Governance Code , the clients audit committee should be involved with any decision as to
whether the audit firm can be engaged to provide a non-audit service. Therefore, when approached to provide a nonaudit service to an audit client, there should be full discussion with those charged with governance, including the audit
committee, with a view to seeking approval for the engagement to go ahead.
As well as considering independence and objectivity, audit firms should remember that the fundamental ethical
principles apply to non-audit services, just as they apply to audits. Therefore, when considering whether to provide a
non-audit service, the firm should evaluate its competency to perform the work, whether confidentiality is an issue,

and that it is able to comply with all relevant laws and regulations.
As discussed above, in answering requirements to do with non-audit services, candidates answers must apply
knowledge to the specific scenario provided in order to score well.

CONCLUSION
The evaluation of new engagements is a crucial part of successful practice management. The current debate over the
acceptability of auditors providing non-audit services to their audit clients indicates that ethical matters will continue to
play an important part in acceptance decisions.