For customers· 4 min read

Contract Review: Essential Terms in Audit & Assurance Agreements

Key terms in audit contracts: scope, fees, liability, confidentiality. Protect your interests with proper agreements.

When you hire an audit and assurance firm, the contract you sign determines what work gets done, who pays what, and what happens if standards aren't met. Missing or vague terms can lead to scope creep, unexpected costs, or inadequate assurance coverage—all costly problems. Understanding the critical clauses before signing protects your company and ensures alignment with the auditor's obligations.

Scope of Work: The Foundation of Any Audit Agreement

Your contract must clearly define what the auditor will actually examine. This isn't just "financial statement audit"—it needs specifics like which entities are included, what accounting framework applies (GAAP, IFRS, or other standards), and which accounts or processes fall within or outside the engagement.

A vague scope leads to disputes over whether inventory counts, related-party transactions, or internal controls testing are included. Request a detailed scope statement that references the audit standards the firm will follow (typically AICPA standards for U.S. audits or ISAs internationally). If you're unsure what's reasonable, platform services like Mercoly let you compare how different firms describe scope in their standard proposals, helping you benchmark expectations.

Fee Structure and Billing Terms

Audit costs typically range from $5,000 for smaller nonprofits or startups to $50,000+ for mid-market companies, depending on complexity, entity count, and industry risk factors. Contracts should specify whether fees are fixed, estimated, or hourly, and the threshold for what triggers change orders.

Pay attention to:

  • Fixed fees: Best if scope is stable; auditor absorbs overruns
  • Time-and-materials: Riskier for you; set a not-to-exceed cap
  • Retainer plus overage: Common for recurring clients; clarifies base work and extra costs
  • Out-of-pocket costs: Travel, specialist consultants, IT auditor time—should be capped or pre-approved

Billing terms matter too. Specify payment schedules (invoices at engagement start, progress points, completion) and payment terms (Net 30, Net 45). Include language on what happens if you dispute an invoice—you don't want to pay first and argue later.

Timeline and Reporting Deadlines

Audits aren't instantaneous. Specify the fieldwork window (e.g., "fieldwork to conclude by February 28"), interim review period, and final report delivery date. For year-end audits, a typical 6–10 week turnaround from year-end to report issuance is standard; complex audits or multiple entities can take longer.

The contract should also clarify how many draft iterations you'll receive before the final audit report, and whether the auditor will attend your board meeting or audit committee review. If you need quarterly reviews or agreed-upon procedures between audits, those must be explicitly listed—they don't happen by default.

Liability, Indemnification, and Insurance

This is where auditors protect themselves, and you should protect your interests too. Most firms include caps on their liability (often linked to the audit fee—e.g., "liability capped at 2× the audit fee"). Understand this cap; if your company has $50M in revenue and an audit fee of $20,000, a liability cap of $40,000 may not adequately cover material misstatements.

Ask about:

  • The firm's professional liability insurance limits (typically $1M–$5M)
  • Indemnification clauses (who covers losses if standards aren't met)
  • Third-party reliance—whether lenders or investors can sue the auditor directly

Confidentiality and Privileged Communication

Auditors see sensitive information: cash flow details, loan covenants, executive compensation, pending litigation. The contract should lock down who at your organization can access the audit work papers, and whether the auditor can disclose findings to regulators, lenders, or your board without your permission.

Also clarify ownership of work papers—the auditor typically retains them, but ensure you can request specific schedules or supporting documentation after the engagement closes.

Management Representation and Limitations

The contract should detail what your management must provide: a written representation letter confirming the completeness and accuracy of financial records, disclosures of known fraud, and compliance with laws. It should also state the auditor's limitations—that an audit doesn't guarantee detection of all misstatements, especially intentional ones.

This sets realistic expectations and protects both parties legally.

Frequently Asked Questions

Q: How much notice should I give an auditor if I want to switch firms? Most audit contracts require 30–60 days' written notice and permission to communicate with the incoming auditor about the transition.

Q: Can an auditor refuse to issue a report if management disputes their findings? Yes. If management won't disclose or correct a material misstatement, the auditor can qualify the opinion or resign and withdraw the report entirely.

Q: What happens if the auditor finds fraud? The contract should specify notification procedures—typically, fraud affecting financial statements goes to your audit committee and board first, then may trigger regulatory reporting depending on your industry.

Use Mercoly to compare audit firms side-by-side, review their standard contract terms, and find providers whose agreements align with your risk tolerance and budget.

Looking for Audit & Assurance?

Compare trusted Audit & Assurance providers on Mercoly — browse profiles, products, and services and reach out in one place.

Related articles

More in Accounting, Tax & Bookkeeping · Audit & Assurance