For customers· 4 min read

Audit & Assurance Scope of Work: What Should Be Included?

Define your audit scope. Essential elements in an audit and assurance engagement letter and statement of work.

A solid audit and assurance scope of work (SOW) sets clear expectations—what gets reviewed, how deep the review goes, and what you'll actually receive. Without one, you risk scope creep, surprise fees, or gaps in coverage that leave your business exposed.

Why a Detailed Scope of Work Matters

Your audit and assurance engagement is only as good as the document that defines it. An SOW acts as a contract that protects both you and your auditor by spelling out exactly what's being audited, the methodology, the timeline, and deliverables. This prevents misunderstandings halfway through the engagement and ensures you're paying only for what you need.

Core Elements to Include in Your SOW

Engagement Type and Objective

Start by naming the type of engagement: financial statement audit, internal audit, compliance audit, or agreed-upon procedures (AUP). Be specific about what you're trying to achieve—is this for bank financing, regulatory compliance, investor confidence, or internal risk management? This shapes everything that follows.

Scope Boundaries

Define exactly what's in and what's out. For a financial statement audit of a mid-sized company, your SOW should specify which entities are included, the fiscal period covered (12 months, quarterly, or a specific date range), and any limitations. For example: "Audit covers the consolidated financial statements of XYZ Corp and its three subsidiary entities as of December 31, 2024."

If certain functions are excluded—say, the IT security audit or payroll cycle—document that explicitly. It prevents your auditor from being blamed later for not catching something that was never part of the agreement.

Audit Standards and Framework

State which standards apply: Generally Accepted Auditing Standards (GAAS), the AICPA's Statements on Auditing Standards (SAS), International Standards on Auditing (ISA), or compliance-specific frameworks like those required by the SEC, PCAOB, or industry regulators. This signals the depth and rigor expected.

Key Audit Procedures and Areas of Focus

High-risk or high-value areas deserve explicit attention in the SOW. Include:

  • Revenue recognition and cutoff testing
  • Inventory valuation and existence
  • Fixed asset capitalization and depreciation
  • Accounts payable and accrued expenses
  • Cash and bank reconciliations
  • Debt covenants and loan agreements
  • Related-party transactions
  • Estimates and allowances (bad debt, obsolescence, impairment)

Auditors should confirm whether they'll test internal controls, assess fraud risk, and evaluate the tone at the top. If you're in a regulated industry, your SOW should address regulatory-specific procedures.

Timing and Deliverables

Specify when the engagement starts and when you expect the final report. For most audits, expect 4–8 weeks from year-end to final report delivery, depending on complexity. Break this into phases: planning, interim work (if applicable), year-end fieldwork, and reporting.

List exactly what you'll receive: the audit report itself, management letter with control observations, representation letters, and any supplementary schedules or analyses. Clarify whether the auditor will present findings to your board, audit committee, or management.

Fees and Payment Terms

Audit fees vary widely—a small business audit might cost $8,000–$15,000 annually, while mid-market audits run $25,000–$100,000+. Your SOW should state the total fee or fee range, what's included (out-of-pocket costs, travel, technology), and what triggers additional charges (scope expansion, excessive audit adjustments, delayed information).

Payment terms—upfront retainer, monthly billing, or upon completion—should be crystal clear.

Independence and Conflict Disclosures

Auditors must confirm their independence and disclose any non-audit services they provide (bookkeeping, tax, advisory). If you're hiring the same firm for audit and tax work, the SOW should address any fee bundling and confirm that independence isn't compromised.

Red Flags in a Weak SOW

If your auditor's SOW is vague, uses phrases like "as determined by the auditor" without boundaries, or doesn't specify deliverables, push back. A well-written SOW protects your investment and ensures accountability.

When shopping for audit providers, Mercoly makes it easy to compare audit and assurance firms side-by-side, review their SOW templates, and find trusted providers that match your scope requirements.

Frequently Asked Questions

Q: How detailed should my audit scope be if I'm a small business? Even small businesses benefit from a specific SOW that covers the accounting period, which areas will be tested, the fee, and the expected report delivery date—you don't need 20 pages, but you do need clarity.

Q: Can an auditor change the scope midway through? Yes, but only with your written approval and amended fee; your original SOW should include a process for scope changes and additional work authorizations.

Q: What's the difference between an audit and an agreed-upon procedures engagement in the SOW? An audit provides an opinion on financial statements and follows strict standards; AUP is limited-scope work where the auditor performs specific procedures you define and reports findings without an opinion—your SOW must state which one you're getting.

Ready to find the right audit partner? Compare and request audit and assurance quotes on Mercoly today.

Looking for Audit & Assurance?

Compare trusted Audit & Assurance providers on Mercoly — browse profiles, products, and services and reach out in one place.

Related articles

More in Accounting, Tax & Bookkeeping · Audit & Assurance