ICAEW.com works better with JavaScript enabled.

Managing the professional liability of accountants

Regulations

Effective: 01 Feb 2011 Expires: 30 Sep 2015

Update History

Guidance to help members manage their risk of potential liability because of an act or omission resulting in financial loss. (Archived 30 September 2015)
Please note:

These regulations have been updated. Please refer to Managing the professional liability of accountants (October 2015 version) for the most up-to-date regulations on this subject.

Introduction

  1. Disputes can arise between providers of professional services and their clients or other (third) parties for a number of reasons. Accordingly, members will wish to manage risk and the extent of their potential liability to clients and third parties when providing professional services. Sometimes disputes arise not because of any inherent defect in professional work performed but due to misunderstandings regarding the scope of the work that has been agreed or responsibility for matters relevant to that work or parts of it. The purpose of this guidance is therefore to assist members in managing their risk of liability to clients and third parties.
  2. This guidance is concerned only with the potential liability which a member may incur because of an act or omission which results in financial loss to a person to whom a duty of care is owed. It does not deal with potential liability arising from other causes (for example criminal acts, breaches of trust, breaches of statutory duty or breaches of contract other than the negligent performance of its terms). Professional negligence is by far the most common basis for claims against members.
  3. It is not possible to guard against every circumstance in which a member might incur liability for professional negligence. However, there are opportunities available to members to assist them in managing their risk, and many of these opportunities can be used as a package, in combination with each other. The most effective way for a member to manage liability to clients is to perform work of quality with professional competence and due care.1 This guidance does not address this element of a member’s responsibilities. In addition, this guidance does not discuss making arrangements for professional indemnity insurance cover 2, nor does it deal with other possible methods of managing risk, which may include the way in which a member is structured, or incorporation.
  4. Members are reminded that, even if they adopt all the measures discussed in this guidance, they may still be exposed to disputes with clients or third parties. Disputes might give rise to allegations, complaints or claims against members. When providing professional services, risk may be managed but cannot be eliminated. The possibility of disputes involving providers of professional services is a feature of professional life. Whether or not allegations, complaints or claims made against members have merit, members will wish to establish proper procedures 3 to handle allegations or complaints and to deal with all claims promptly, to notify their insurers and to seek appropriate legal advice.

Section A: Client acceptance

  1. Standard 2: Client acceptance and disengagement of the Practice Assurance standards states: ‘A firm should agree to act for a client only if, in so doing, it does not contravene the professional, regulatory or ethical requirements of the Institute’. Members may therefore find it helpful to establish policies and procedures for deciding whether to accept or continue a client relationship and whether to perform an engagement.4 These policies and procedures are designed to provide members with comfort that association with a client (or an engagement) that presents an otherwise unacceptable risk is managed.5
  2. The establishment of such policies and procedures by a member does not imply that the member vouches for the integrity or reliability of a client, nor does it imply that the member has a general duty to anyone but itself with respect to the acceptance, rejection, or retention of clients (or engagements).
  3. The discussion below focuses on situations in which a member is considering an engagement for a new client. Many of the factors are equally relevant when a member is considering whether to continue with an existing client relationship.

Relevant considerations

  1. There are various factors for a member to consider when deciding whether to accept a new client or to continue an existing client relationship by accepting a new engagement. For the purposes of managing professional risk, the following considerations are likely to be particularly relevant when assessing client (or engagement) acceptance.
    • The reputation and integrity of the client and, if a corporate body, those who are responsible for its governance.
    • The nature and source of the engagement.
    • The risks associated with a relationship with the client, with performance of the engagement, or changes to the risks associated with an existing engagement.
    • The safeguards, such as liability limitation, that the client will or might accept.
    • The member's recent experience of dealing with the client or of providing similar services for other clients.
    • The availability of sufficient and appropriate competent resources to perform the engagement.
    • The fee expectations of the potential client for the proposed engagement having regard to the member's recent experience of providing similar services for other clients.
    • Potential conflicts of interest and other factors that may be perceived to undermine the independence and integrity of the member, if the client or engagement is accepted.
  2. Members may find it helpful to document the decision to accept a client and an engagement and the consideration of relevant factors in case a decision is reviewed at a later date. Members may use checklists (either on paper or in software) so that relevant factors are assessed on a consistent basis by those responsible for making client (or engagement) acceptance decisions. This documentation is in addition to, but may be created at the same time as, documentation of the member's performance of anti-money laundering and client identity checks.6
  3. The considerations listed above are discussed in more detail below. Some are relevant also to engagement acceptance considerations.

The reputation and integrity of the client

  1. A member obtains information about the client to assist the member in making an informed judgement on the reputation and integrity of that client.
  2. Typically, members will have regard to the following:7
    • requirements in relation to anti-money laundering and client identification;
    • where the client is a corporate body, information about the business background of owners and key management and executives including:
      • their past business history;
      • previous businesses with which they have been associated, including any instances of business failure;
      • history of disputes or disagreements between owners and officers;
      • evidence of disputes with advisers, and with regulatory, tax and other authorities;
      • any other concerns about integrity;
    • prior financial information which may show trends affecting the judgement of overall risk of the client relationship, including (if relevant) going concern issues, ability to pay a reasonable fee for services provided, aggressive accounting practices, and other similar issues;
    • other advisers to the client, in particular if they are involved in the member’s engagement;
    • publicly available information from other sources.
  3. The amount of information which members may wish to obtain about a client’s reputation and integrity will depend on the nature of the client and the member's perception of its exposure to reputational risk as a result of association with the client (or the engagement).

Section B: Engagement acceptance

  1. Many of the considerations discussed above in the context of client acceptance are relevant also to the question of engagement acceptance.
  2. Where a member is to replace an existing accountant, the Code of Ethics, Section 210, Professional Appointment will apply.
  3. Where a member is not to replace an existing accountant, the member may take account of the source of the engagement. For example, where the opportunity arises from a referral or recommendation by another professional, the member considers whether the rules governing the conduct of members of its professional body provide the member with assurance as to the integrity of the client. However, in relation to client identification and anti-money laundering checks, members remain fully responsible for making their own enquiries. 8

The engagement risk, available safeguards and the member's experience

  1. To err is human and any engagement presents the risk of error giving rise to disputes.
  2. The risks of error and disputes can be managed to some extent by the application of effective quality control measures. Members’ willingness to accept these risks will differ, depending on the circumstances.
  3. Where a member has recent experience of providing the service requested by the client, the member may consider itself well placed to assess the risks of error and disputes and the steps that may be taken to manage those risks. For example, in addition to quality control measures, exposure to disputes arising from error may be controlled through measures such as liability limitation provisions or by limiting the number of parties who may be able to rely on the service provided by the member.

Availability of competent resources

    Members will wish to consider the competencies of those persons to be assigned to perform any engagement, and the following:
    • the availability of persons possessing relevant skills and experience within the timeframe agreed for the delivery of the service;
    • the availability and adequacy of other resources required to support performance of the engagement, such as IT systems;
    • requirements for access to or information from third parties;
    • any assistance that will be obtained from external specialists in the UK or overseas.
  1. Members will wish to consider the Code of Ethics A, Section 100, Introduction and Fundamental Principles, and Section 130, Professional Competence and Due Care, before accepting engagements if they might not have the skills or available resources to provide the services desired by the client.9
  2. Where the timing requirements expressed by the client are challenging, members may find it helpful to discuss these with the client before the engagement is accepted so that any conflict with resource availability or other quality considerations can be resolved with the client 10.

Fee considerations

  1. Members and clients will often have differing views about the fees that are appropriate for an engagement. A degree of negotiation is normal regarding the amount of a fixed fee, or an upper limit on a flexible fee, or rates that are to be charged for a time-based fee, or different bases for charging that might be linked to an event or outcome, such as contingent fees or success fees. Whatever is agreed in relation to fees and the basis for charging, members will find it helpful to state clearly what is being provided for an agreed fee and where appropriate what will trigger payment. Clarity in relation to the scope, nature and complexity of an engagement and any other matters relevant to fees, will help to avoid misunderstandings.

Conflicts of interest

  1. Members act with integrity at all times and members will therefore wish to avoid accepting or continuing engagements that present an actual or perceived conflict of interest, unless they are satisfied that adequate safeguards can be implemented and the client agrees.11 More guidance on the identification and management of conflicts of interest is available in the Code of Ethics B, Section 220, Conflicts of Interest.12

Section C Engagement contracts

  1. Members will find it helpful if the terms of their contract with their client are recorded in writing, either in an engagement letter that is counter-signed by the client to demonstrate agreement, or in some other written form. Whatever written form the engagement contract may take, it is described in this guidance as an engagement letter. The approach of recording the agreement in writing is designed to manage the risk of future disputes with the client by reducing the scope for misunderstandings as to:
    • the scope of the services to be provided by the member;
    • the fees to be paid by the client for the services;
    • the purpose for which the member is to provide the services;
    • any responsibilities of the client in relation to the member’s services;
    • any limitations on the member’s liability.
  2. Members will note that International Standards on Auditing (UK & Ireland) 210, Terms of Audit Engagements, paragraph 2-1, and Standards for Investment Reporting 1000, Investment Reporting Standards applicable to all engagements in connection with an Investment Circular, paragraph SIR 1000.3, require engagements to which those Standards apply to have terms of engagement that are recorded in writing.

Engaging with all parties to benefit from the services

  1. The general principle is that a member will wish to enter into an engagement letter with each party to whom the member is prepared to accept a duty of care. However, this may not always be possible. For example, a party may be entitled by statute to rely on a member’s report without contracting with the member to deliver it (as is the case with the statutory audit engagement for a company, where the audit report is addressed to the shareholders of the company even though they are not a party to the engagement letter). There may also be practical constraints in obtaining signatures to an engagement letter from all relevant parties.
  2. One approach in relation to engagements with multiple parties, such as groups of companies, is to have a single composite engagement letter, with each relevant party being both an addressee and signatory to the letter. An alternative approach is to have one party signing the engagement letter as agent for the others, or to have a separate engagement letter for each party. Where an agency approach is adopted, the member will wish to be satisfied that the addressee and signatory is suitably authorised. A further alternative might be to use the Contracts (Rights of Third Parties) Act 1999, which enables contracting parties to confer benefits on non-contracting parties, but members may wish to seek legal or other professional 13 advice before using that Act.

Engagement contract formalities

  1. The engagement letter will not form a binding contract unless the client demonstrates agreement to its terms, ideally by counter-signing it. Members may find it helpful to clarify agreement by requiring the client’s signature to the engagement letter before carrying out any work and certainly before providing the client with any work product, such as a report. A signed engagement letter demonstrates that the client has accepted the terms of the engagement. Members will wish to satisfy themselves that the person signing the letter on behalf of a corporate client has the authority to accept the terms.
  2. If the client does not sign the engagement letter and there is a dispute concerning the engagement, there is a risk that a court may rule that:
    • the member is not entitled to rely on any limitations of liability or other terms in the engagement letter; and/or that
    • different terms and conditions are to apply to the engagement.
    Members may wish to try to manage these risks by catering in advance for circumstances where a signed engagement letter cannot be obtained from the client despite efforts to achieve this. Members attempting to address such matters as a pre-emptive safeguard may wish to consider clarifying in their engagement letter that client activity responding positively to the engagement letter will be treated by the member as behaviour that demonstrates acceptance of the engagement letter. Such activity might include:
    • receipt by the client of the engagement letter without raising any questions or concerns after a reasonable period;
    • liaison by the client with the member as envisaged by the engagement letter;
    • the provision of information by the client pursuant to the engagement letter;
    • the client’s payment of the member’s invoices as presented in accordance with the engagement letter.
    What amounts to a reasonable period for a client to consider an engagement letter will depend on the circumstances, including (for example) the client’s availability, the complexity of the engagement letter, and the nature of the services. Members who include such clarification in an engagement letter and who specify a period for responding will therefore wish to take account of such circumstances as may apply.
  3. Different terms and conditions may apply to the engagement where, for example, the engagement results from a successful proposal submitted in response to an invitation to tender issued by the client. This may arise where the invitation to tender to which the member responds contains terms and conditions that will apply if a contract is awarded and the member presents an engagement letter which the client does not sign. Members responding to invitations to tender will wish to read the invitation carefully and submit a proposal on a ‘subject to contract’ basis if they wish to qualify the proposal in relation to contract issues.
  4. If a client that has signed an engagement letter subsequently asks the member to carry out any additional tasks, or in any other way wishes to vary the terms of the engagement, members will find it helpful to document the changes in writing and to obtain acceptance in writing from the client. Disputes may arise if changes are not documented and agreed in writing.

The content of the engagement letter

  1. Members and their clients will find it helpful if engagement letters are clear and informative. Such engagement letters will typically cover various points, such as the following:
    • name and address of contracting entity/entities 14
    • date;
    • description of engagement;
    • introduction or background;
    • scope of the member’s work and any limitations on that scope, the specific tasks to be undertaken, and the purpose for which the work is to be performed;
    • timing details for performance of the work;
    • the member’s resources to be assigned to the engagement;
    • client responsibilities, including restrictions on the client’s ability to distribute the product of the services;
    • limitation on liability;
    • contact points at the client;
    • fee arrangements;
    • the member’s arrangements for handling complaints;15
    • signature block for the client to demonstrate agreement.16
  2. Some of these points for engagement letters are considered in further detail below. With the exception of any limitation on the member’s liability, these points are not designed to exclude or limit the member’s liability for loss arising from errors in work performed. Their objective is to clarify the scope of work to be undertaken, including any limitations on that scope, the purpose for which the client is entitled to rely on that work, and other matters that might be important. Such measures can help to protect a member from disputes relating to the services provided.
  3. A member may also wish to include, either in the engagement letter or in an appendix enclosed with the engagement letter, additional terms and conditions dealing with matters that the members considers applicable to the engagement, such as:
    • confidentiality of client information and of the products of services provided;
    • ownership of copyright and other intellectual property rights in client information and in the products of services provided;
    • termination rights available to the member and to the client;
    • governing law and applicable jurisdiction;
    • the time within which any claims are to be made;
    • a term requiring any claims to be made against the member itself and not against any partners or staff personally; and
    • other terms that the member might regard as standard.

Members may find it helpful, with the benefit of legal or other professional advice as may be appropriate, to develop an appendix that sets out standard terms applicable to the member’s work.17

Master services and framework agreements

  1. Some corporate clients may prefer members to enter into master services or framework agreements, containing the client’s own terms and conditions, which provide a contracting framework for any work to be carried out for that client. It is common, however, to have a separate engagement letter (which might be described as a ‘work order’ or ‘statement of work’) with the client for each piece of work carried out under the master services or framework agreement.
  2. Certain organisations (such as major banks, large corporate bodies and public authorities) may have created their own standard terms and may present these to members for agreement. Members may wish to negotiate changes to these standard terms or alternative terms of engagement. In some cases this may be difficult, but such standard terms are not binding on members unless they are accepted.

Section D Limiting liability to members’ clients

  1. The provision by members of professional services can give rise to disputes with clients and other (third) parties, which, in the absence of safeguards, may expose members to unlimited liability. Potential liability to third parties is dealt with elsewhere in this guidance. This section deals with limiting or excluding liability to members’ clients.
  2. Like many other providers of goods or services, members may limit their potential liability to their clients by including limitations or exclusions of liability in their engagement letters. The validity of any limitation or exclusion clause will be subject to legal restraints. Accordingly, some uncertainty cannot be avoided.19 However, members will wish to have the following in mind:
    • Any limitation or exclusion clause is more likely to be enforceable if it is fair and reasonable.
    • The importance of a limitation or exclusion clause being clear and agreed by the client in writing.
    • The possible application of statutory or regulatory rules, or industry or market practices.

Any limitation or exclusion clause is more likely to be enforceable if it is fair and reasonable

    A limitation or exclusion clause may be unenforceable if it is not fair and reasonable. What is fair and reasonable will depend on all the circumstances, with particular regard to factors that are discussed in Appendix 1 to this guidance.
  1. Where a member has performed work for a fee, it is not likely to be fair and reasonable for a member to seek to exclude liability entirely to the client. A more common approach is to limit in the engagement letter a member’s liability to a fixed amount (often described as a ‘cap’ on liability). A cap set at a reasonable level is more likely to be enforceable and to protect the member than a total exclusion of the member’s liability to the client. If a court finds that the amount of a liability cap is unreasonable, the court will not vary the cap to make it reasonable and it will remain unenforceable.
  2. Members are free to negotiate suitable engagement terms and conditions with their clients but, having regard to applicable legal restraints, members may wish to adopt a pragmatic approach when negotiating limitations or exclusions of liability. Clients can sometimes exert commercial pressure on members. Members are entitled to be robust in their negotiations given the importance of limiting liability but will wish to avoid being perceived as unfair or unreasonable. Equally, members avoid taking unfair advantage of clients who might be unsophisticated or not commercially aware. In deciding what negotiating position to adopt, members will wish to take into account the nature of the client and the engagement and the overall commercial risk and reward analysis.
  3. Caps on liability that have been discussed and negotiated are generally more likely to be regarded as reasonable. Where a cap on liability is accepted without discussion, it is not necessary for members to try to compel negotiation by clients. It would however be unusual for a client to be given no reasonable opportunity to consider a liability cap, to take advice, and to negotiate, if desired by the client.
  4. If negotiations on limitation do take place, eventually a deal will have to be reached. This may require a member to make concessions, which may include upward adjustment to a limitation amount initially proposed. 20

The importance of any exclusion or limitation of liability being clear and agreed by the client in writing

  1. Members will wish a limitation of liability agreed with the client to be set out clearly in the engagement letter. Where a member’s engagement letter comprises the member’s standard terms together with a covering letter, it may help to draw attention to the cap on liability by referring to the cap on liability in the covering letter as well as in the standard terms.
  2. Members may wish to take their own legal advice on the formulation of a clause in the engagement letter limiting liability.21 The following points of principle may assist members:
    • Members will find it helpful if a limitation or exclusion clause is drafted to capture clearly any basis on which a claim might be made, including breach of contract, breach of statutory duty, and negligence.
    • If a formula is to be used for determining a limitation of liability, members will wish the basis for calculation to be clear.
    • Members will wish to avoid presenting a formula that may appear to be inherently arbitrary because, for example, it does not take account of the nature of the client or engagement.
    • Members will find it helpful to avoid seeking to exclude or limit liability for loss that cannot legally be excluded or limited, such as liability arising from a member’s fraud.
    • Members may wish terms containing limitations or exclusions to be set out in parts that can be separated from each other, so that any provisions that are subsequently considered to be unreasonable may be removed without affecting the enforceability or sense of the wording that remains.
    • To avoid wording that is broader than the law will allow, members will wish to consider what seems necessary to give protection. A common device is to provide that an exclusion or limitation will apply to the fullest extent that the law will permit, and/or to state that liability for a member’s fraud is not excluded or limited.

The possible application of statutory or regulatory rules, or industry or market practices

  1. Members appointed as auditors under the Companies Act 1985 were unable to limit their liability to their audit clients in respect of their statutory audit work, because of section 310 of that Act. However, the position was changed by the Companies Act 2006. Members appointed as auditors under the Companies Act 2006 may limit their liability provided that shareholder approval is obtained and then only to the extent that the limitation is ‘fair and reasonable’ in the particular circumstances. To give effect to an agreed limitation, the auditor must enter into an auditor liability limitation agreement with the company, after following a prescribed procedure.22
  2. Members who audit bodies other than companies will wish to consider the framework under which their appointment to audit the body concerned has been made and the audit is to be performed. The audits of some bodies (such as building societies) are governed by legislation that prevents members from limiting their liability for their audit work. Frameworks governing other audits (such as audits of limited liability partnerships) may permit limitations on the auditor’s liability to be agreed.
  3. The acceptability of any limitation or exclusion of liability may be affected by applicable market expectations or common practices.23
  4. There is an ‘interim moratorium’ on limiting or excluding liability where members are engaged to issue reports for or relating to public transactions by listed companies. Details of this moratorium are set out in an agreement reached in 1995 between what was then the London Investment Bankers’ Association (now the Association for Financial Markets in Europe) and representatives of what was then the ‘Big 6’ accountancy firms. Although this moratorium is described as interim, there is currently a market expectation that members will not seek to limit their liability when issuing reports for use in such public transactions.24
  5. In respect of private equity/debt finance transactions where members are providing due diligence services, the market expectation is that the limitation of the member’s liability is to be determined by reference to a formula developed in 1998 by the Big 6 accountancy firms with the British Venture Capital Association (‘BVCA’). The development of the formula resulted in a Memorandum of Understanding being issued by the BVCA to its members recommending adoption of the formula in such transactional work. The formula is widely used for such work. 25
  6. Members providing reports in connection with the Civil Aviation (Air Transport Organisers’ Licensing) Regulations 1995 (as amended) and the Civil Aviation (Contributions to the Air Travel Trust) Regulations 2007 will be familiar with the guidance set out in Technical Release AAF 02/09, New Arrangements for Accountants Reporting to the Civil Aviation Authority. The guidance in AAF 02/09 includes model engagement terms which make provision for a reporting member’s liability to be limited to an amount to be agreed or calculated in accordance with a formula, which is set out in the Technical Release. The formula has been published by the Civil Aviation Authority, which has offered to accept a limitation on a reporting member’s liability in an amount that arises from application of the formula. 26
  7. Members who are authorised and regulated by the Financial Conduct Authority (FCA) in respect of the performance of ‘regulated activities’ under the Financial Services and Markets Act 2000 are prevented from limiting or excluding liability to their clients for any such regulated activities. In respect of other services, an FSA authorised and regulated member may not limit or exclude liability ‘unless it is honest, fair and professional for it to do so’. Members who are FCA authorised and regulated may find it helpful to have regard to the principles discussed in this guidance if considering whether it is honest, fair and professional to limit or exclude liability for services that do not amount to ‘regulated activities’.

Exclusion of liability for certain types of loss

  1. Some members might wish to exclude liability for certain types of loss altogether. Common examples are:
    • Exclusion of liability for indirect or consequential loss and/or loss of profits. Some members may feel that the possibility of indirect or consequential loss presents a risk that cannot be managed because it might be of an unforeseeable and/or catastrophic nature. An exclusion of liability for such loss can be controversial and members will wish to use clear language in defining such losses.
    • Exclusion of liability arising from use of defective or deficient information provided by the client. Such an exclusion will not be fair or reasonable where the scope of work requires the accuracy or completeness of the information to be checked by the member.
    • Exclusion of joint and several liability. The objective of such a term is to limit the member’s liability to its proportionate share of the blame for loss incurred by the client, so that the member is not liable for the loss and damage caused by others, such as other professional advisers or employees of the client, even where those others are unable to pay or are not a party to the dispute. Members are not the only providers of services who may wish to achieve proportionality in respect of their liability. Proportionate liability clauses can be found in standard form contracts used by other industries and are sometimes called ‘net liability’ or ‘net contribution’ clauses. 28

Section E Managing risks arising during the engagement

  1. There are steps available to members who wish to manage risks that can arise during performance of an engagement. Some of these steps can be taken in advance of performance and others can be taken during performance.
  2. Members will wish to prepare engagement letters that set out clearly the services to be provided and any specific tasks to be undertaken by the member.29 Members may also find it helpful to exclude those tasks which are not to be undertaken where uncertainty might otherwise arise. The level of detail appropriate for each engagement will depend upon the nature of the tasks to be undertaken by the member.
  3. Members may find it helpful to monitor the tasks that they have agreed to undertake during the course of the engagement. Members may also wish to make clear in any work product, such as a report, the agreed scope of the work undertaken and check that the description of work set out in any invoice sent to the client is consistent with the engagement letter, any changes agreed in writing and any work product.30
  4. Members may also wish to clarify in the engagement letter the client’s obligations and responsibilities. For most engagements members will be reliant on the client providing or giving access to relevant information. It may be appropriate for the accuracy or completeness of information provided by the client to be confirmed by the client signing a factual accuracy letter or providing a letter of representation. There may be other specific tasks to be performed by the client and these can be stated in the engagement letter for clarity.
  5. Making each party aware of its responsibilities is designed to help manage the risk of any subsequent dispute in this regard. If, during the engagement, the member does not obtain the expected information or cooperation from the client, the member may wish to take this up with the client and may wish to consider:
    • withdrawing from the engagement, if the lack of information or cooperation makes it impossible for the member to provide the agreed services; or
    • qualifying its work product (such as its report) as a result.
  6. Where the client has agreed that certain procedures are to be performed, and is responsible for determining the sufficiency of those procedures for the client’s purposes, it is helpful for the engagement letter to reflect that.

Specifying any limitations on the work to be undertaken

  1. Members may find it helpful if the engagement letter includes any limitations on the scope of the member’s work. One common example is where the client requires an immediate answer to a complicated problem. There could also be limitations on the information to which the member is to be allowed access.
  2. In such circumstances members may wish to consider whether it is appropriate to accept the engagement at the outset. If the member does accept the engagement, the engagement letter will include the nature of the limitations with which the member is faced and how these might impact on the member’s performance of the agreed work. For example, where the member is being asked to report on a complicated problem within a short timeframe, the member may wish to make clear in the engagement letter that: the problem is a complex one; that it has been given very little time in which to report; that further time would enable the member to consider it in greater depth; and that the member’s report might well be different if further time were available. Factors such as these might also influence the amount of any limitation on liability which the member is willing to accept.
  3. Members may also wish to set out in the engagement letter limitations on the work to be carried out by the member where, for example, additional procedures are or might be necessary to enable the client to reach a conclusion in relation to the member’s work, or where the member is to perform agreed-upon procedures (that may not involve verification of data), or where the client is separately to obtain legal advice on matters to which the member’s work relates.

Section F Managing third-party risk

  1. In some circumstances, it is not just the addressees of the engagement letter that will wish to rely on members’ work or their work products, such as reports. Third parties will frequently wish to have sight of a member’s report or other work product. Examples include parties to a transaction wishing to place reliance on an audit report on a target company, or clients wanting to share the member’s assurance report on systems and controls with its customers. Where members are aware of this possibility when they accept the engagement, it could be assumed by a third party that they have taken on a duty of care and responsibility in law to the third party on a voluntary basis, thereby providing the third party with a basis for a claim against the member. Since the third party will not be a party to the engagement letter it will be difficult to argue that the third party is bound by any cap on liability or other protections contained in the member’s engagement letter. The absence of any fee payment by the third party is not likely to be conclusive as to whether or not any duty is owed.
  2. Members will therefore wish to guard against this ‘third-party risk’. As a first step, members may wish to include, in the engagement letter, terms that restrict the disclosure by the client of the member’s work product, such as reports and advice, to third parties. A common approach is to include a provision in the engagement letter such that the client must seek the member’s consent before disclosing any such work product to a third party. This gives members a degree of control over whether a work product is disclosed, and whether conditions might be applied if it is disclosed (discussed further below).
  3. In some circumstances, members may wish to refuse consent for disclosure, for instance if the number of intended recipients is large or the class of recipients ill-defined, or the circumstances are such that disclosure presents unmanageable risk. Members may also wish to undertake a risk/reward analysis in respect of the request: although often the client will want the member to consent to disclosure, the member will rarely get any additional fees in return for consenting. Members may also wish to avoid disclosure if the report contains intellectual property that the member wishes to preserve as confidential.
  4. If a member is willing to consent to disclosure of its work product, such as a report, to third parties, the member will wish to consider what protection is put in place to manage the risk of assuming a duty of care and responsibility to the third parties in question. The most common methods for doing this are (i) release or ‘hold harmless’ letters; (ii) ‘duty of care’ letters; and (iii) indemnities obtained from the client. Each of these methods is discussed below.
  5. Release or ‘hold harmless’ letters are letters used by members to facilitate the release of confidential information to a third party at the request of a client. The information might be a member’s report that is confidential to the client and prepared for the client alone, the information might extend to oral explanations to be provided by the member about the member’s report, or it might be the member’s own working papers which contain information that is confidential to the client but which have been prepared for the member’s purposes alone. The objective of the release or ‘hold harmless’ letter is to manage the member’s third party risk by securing the third party’s agreement that the information to be disclosed was not prepared for the third party, that the third party will verify the information with the client and not the member, that the member owes the third party no duty in relation to the information, that the third party will rely on the information at its own risk, that the third party will not assert any rights or bring any claims against the member in relation to the information, that the member will incur no liability to the third party arising from disclosure, and that the third party will keep the information confidential.31
  6. A ‘duty of care’ letter is a device that enables a member to assume a duty of care and responsibility to a third party in respect of work performed for a client but in a controlled way through agreement with the third party. Frequently, this arises where the third party is unwilling to accept a release or ‘hold harmless’ arrangement because it wishes to rely on the member’s work (and the client consents to and may even support this). In this case, a letter may be sent to the third party containing terms that regulate the member’s relationship with the third party and clarifying the basis on which the member is willing to accept a duty and assume responsibility to the third party, which may include any limitation on the member’s liability agreed with the client. The letter will require counter-signature by the third party to demonstrate agreement.

Indemnities obtained from the client

  1. Release or ‘hold harmless’ letters and ‘duty of care’ letters do not provide members with solutions to each and every third-party question. Sometimes members may prefer no disclosures to be made to third parties at all on any basis, even with safeguards. At other times members may feel that a release or ‘hold harmless’ letter, or a ‘duty of care’ letter, would be appropriate but it is not practical to obtain agreement and signature by the third party concerned. A further alternative is that a member can obtain a release or ‘hold harmless’ letter from the third party but the member continues to have reservations about the risks arising from disclosure.
  2. Where members are prepared to provide information to a third party but a release or ‘hold harmless’ letter or ‘duty of care’ letter cannot be obtained, or where a release or ‘hold harmless’ letter can be obtained but the member continues to have reservations about the risks arising from disclosure, members may wish to consider seeking an indemnity from the client as an alternative or additional safeguard. For example, in recognition of the third-party risk taken on by the member, the client might agree to indemnify the member against any loss or damage (including legal expenses) arising from claims brought or threatened against the member as a result of the provision of information by the member (which may comprise disclosure of the member’s report) to the third party. Such an indemnity could be included in the engagement letter.
  3. Members may find that indemnities are not attractive commercially to clients and, in any case, indemnities do not limit third parties’ ability to assert claims. Indemnities merely give the member the right to pass on the liability to the client. It follows that if the indemnity is in some way ineffective or the client does not have adequate resources to meet the liability, then the member will be left unprotected.
  4. 73. It may be permissible in some circumstances to obtain indemnities from audit clients or from other clients from which members demonstrate independence but generally indemnities from such clients will present ethical difficulties for members.

Clarifying the purpose of work performed and for whose benefit work has been performed

  1. Members will find it helpful to clarify in the engagement letter the purpose for which and for whom the work is to be performed and that the work product, such as a report, may not be used by any other person or for any other purpose. The engagement letter speaks to the client only but clarifying in this way may help to manage the risk of the client using or relying on work performed or a work product for purposes that have not been envisaged and for which the work may not be suitable.
  2. Members will also find it helpful to provide similar clarification in their work product, such as a report. When doing so, members may wish to read the clarification as if it is speaking not only to the client but also to a third party who might obtain access to the report. Members reading a clarification in this way will consider the message conveyed to the third party whether or not the third party obtains access to the report on a permitted basis or contrary to disclosure restrictions that may have been agreed in the engagement letter.
  3. Members may wish to prepare a clarification paragraph in a report that captures the following points:
    • the framework under which the report has been prepared (which may be statutory, or may be set out in a separate document, or may be as agreed in the engagement letter);
    • the party for whom the report has been prepared;
    • the purpose for which the report has been prepared (which may be clear from the framework);
    • to whom the member accepts responsibility (normally the client) and for what (normally the member’s work, the report, and any findings, conclusions, or opinions formed or made);
    • to whom the member denies responsibility (third parties) and for what (normally the member’s work, the report, and any findings, conclusions, or opinions formed or made);
    • any disclosure restrictions that may have been agreed.
    Members may wish to include other caveats or restrictions in reports, depending on the circumstances of the engagement, and will position the clarification paragraph in a suitably prominent position, such as the beginning, so that it is not missed by readers.
  4. A clarification paragraph in a member’s report will not act as a barrier to a third-party claim but will normally present a hurdle which a third party will have to clear in order to establish a duty of care owed by the member to the third party. The absence of a clarification paragraph that speaks to third parties may, depending on the circumstances, give rise to an inference that the member could have clarified but chose not to do so and has assumed responsibility to third parties as well as to the client.
  5. Members including such paragraphs will wish to avoid the clarification being overridden by words or actions that are inconsistent. For example, a clarification paragraph that denies a duty to any third parties might be overridden in relation to a particular third party if the member engages in discussions with or provides the report to the third party without confirming clearly and securing the third party’s acceptance that the clarification paragraph is not affected.32
  6. Members may wish to refer to available guidance for a clarification paragraph to be included in statutory audit reports.33

Restricting use of a member’s name

  1. Members may wish to avoid any statement or document issued by their client (other than statements or documents that in accordance with applicable law are to be made public, such as financial statements in the form in which they have been reported on by a member as auditor) bearing the member’s name unless the member’s prior written consent has been obtained. A restriction can be achieved by including a suitable paragraph in the engagement letter.
  2. There have been occasions when the use of a member’s name in a client document has been interpreted by third parties as implying that the client is financially sound or that the member is in some way endorsing the content of the client document, or giving some other form of assurance, whether or not this is in fact the case.
  3. If a member becomes aware that a client proposes to use the member’s name, the member may wish to inform the client that permission must first be obtained, in order that the member may approve the form in which the member’s name is to be mentioned and the context in which it is to be used, and in appropriate cases the member may wish to withhold permission.

Appendix 1

Limiting liability to members’ clients: legal principles

  • This Appendix is a summary of factors relevant to members wishing to limit their liability to their clients in what is a complex area of law. While this Appendix may assist members in considering legal restraints, it is not a substitute for legal advice. As case law in this area has shown, the facts and circumstances of each case can be key in determining the outcome.
  • The ability of members to enforce terms excluding or limiting their liability will be governed by the Unfair Contract Terms Act 1977 (the Act). Members are unable to exclude or limit their liability for death or personal injury resulting from negligence. In addition, members cannot exclude or limit liability for other loss or damage resulting from negligence unless the term satisfies ‘the reasonableness test’ under the Act. That same test will apply to an exclusion or limitation where one of the contracting parties ‘deals as a consumer or on the other’s written standard terms of business’.
  • A member’s client will deal ‘as a consumer’ if the client does not make (or pretend to make) the contract in the course of a business and the member (as the other contracting party) does make the contract in the course of a business. A client will ‘deal’ with a member if the client ‘makes a deal’ with the member, regardless of any negotiations.
  • There is no definition in the Act of what is meant by ‘standard terms of business’. It is however clear that a member’s use of pre-printed or ready-prepared terms, on a regular basis as a matter of policy and routine, are standard terms of business.
  • There is no guidance in the Act on what is meant by reference to a party that ‘deals’ on another party’s ‘written standard terms’. Traditionally this was assumed to mean contracting on standard, pre-printed terms, perhaps appearing on the back of an invoice. It is now clear that if standard terms are ‘effectively untouched’ following negotiations, even if certain provisions are amended, they will still amount to standard terms.
  • Members might be engaged to provide services, such as tax compliance or tax advisory, by private individuals. These clients will fall within the definition of ‘consumer’ in the Unfair Terms in Consumer Contracts Regulations 1999 (‘the Regulations’). The Regulations provide that a ‘consumer’ is someone who ‘is acting for purposes which are outside his trade, business or profession’. The Regulations apply in relation to ‘unfair terms in contracts concluded between a seller or a supplier and a consumer’.
  • Unlike under the Act, the Regulations provide that no terms are automatically of no effect and all terms are subject to the test of fairness. A contract term which has not been individually negotiated will be unfair (and so not binding on the consumer client) if, contrary to good faith, it causes a significant imbalance in the parties’ contractual rights and obligations to the detriment of the consumer. In cases of doubt, the interpretation most favourable to the consumer will prevail.
  • An exclusion or limitation of liability contained in standard terms could fail the fairness test under the Regulations. However, members may feel that the application of the fairness test is likely to be the same as the reasonableness test under the Act. There seems to be no material difference between the two.
  • Accordingly, if members’ clients are consumers, exclusions and limitations of liability will have to pass the fairness test in the Regulations; if clients are businesses, the exclusions and limitations will have to pass the reasonableness test under the Act. The effect for members is, for practical purposes, likely to be the same.
  • In order to satisfy ‘the reasonableness test’ under the Act, a contract term must have been:
  • ‘a fair and reasonable one to be included having regard to the circumstances which were, or ought reasonably to have been, known to or in the contemplation of the parties when the contract was made’.
  • Whether or not a member’s exclusion or limitation is reasonable will therefore be determined by the particular circumstances. A member claiming reasonableness will have to demonstrate this. A Schedule to the Act contains ‘Guidelines’ on assessing reasonableness that are likely to apply. These include in summary the following:
    1. the strength of the parties’ relative bargaining positions;
    2. whether the client was offered an inducement to accept the term or whether the client had an opportunity to contract for similar services with another supplier without the term;
    3. whether the client knew or ought reasonably to have known of the existence and extent of the term;
    4. where the term excludes or restricts liability for non-compliance with a condition, whether it was reasonable when contracting to expect compliance with that condition;
    5. whether the goods were manufactured, processed or adapted to the special order of the client.
  • Item (e) above refers to goods and is not therefore immediately referable to professional services but might be applied in certain circumstances.
  • All services provided by a member will to some extent at least be designed to meet the client’s particular requirements. For clients to whom a member regularly provides services, the particular requirements of that client will often be known to the member. If a client requests a service that requires the member’s normal processes and procedures to be tailored specifically for the particular client’s requirements, or if a client’s particular requirements are known to the member, these are factors that may have a bearing on what is a reasonable limitation on the member’s liability.
  • In addition to the Guidelines summarised above, a section of the Act provides that when assessing the reasonableness of a contractual limitation of liability, regard is to be had to the resources available to the party seeking to limit its liability (the member) to meet the liability if it arises and how far it was open to that party to cover itself by insurance.
  • It will not always be the member who is best placed to cover a risk with insurance. Members do not routinely take out insurance cover for a particular engagement. In some circumstances, it might be easier for the client to insure against the risk of loss.
  • Some professional indemnity insurance policies may not provide cover for liability in respect of indirect or consequential loss. For members with such policies, an exclusion of such liability in an engagement letter might be reasonable.

Appendix 2

Release or ‘hold harmless’ letters: further detail

This Appendix relates to paragraph 68 of this guidance and discusses in further detail the use of release or ‘hold harmless’ letters.

  1. There is sometimes confusion over the terminology used to describe letters under which disclosures of members’ work products or other papers or information are made on a confidential basis without giving rise to any duty of care to the recipient. Such letters are typically described as release or ‘hold harmless’ letters and these labels are often used interchangeably. The terms ‘release’ or ‘hold harmless’ as a description are used to denote a denial of, or release from, any duty or responsibility. Often such a letter will contain an indemnity in favour of the member – the scope of the indemnity normally being that the member is indemnified by the third party in the event of breach by the third party of the terms of the letter (or in the event of any claims arising from disclosure to the third party).
  2. The release or ‘hold harmless’ letter is issued on the member’s notepaper and presented to the third party who wishes to receive a copy of, or who wishes to obtain access to, the member’s work product or other papers or information, and sets out the terms on which the member is willing to consent to the disclosure. These terms will normally include various matters that the third party is to accept, such as the following:
    • that the information to be disclosed was not prepared for the third party
    • that the third party will verify the information with the client and not the member
    • that the member does not owe the third party a duty of care or assume any responsibility to it in relation to the information
    • that the third party will rely on the information at its own risk
    • that the third party will not assert any rights or bring any claims against the member in connection with the information
    • that the member will incur no liability to the third party arising from disclosure
    • that the third party will keep the information confidential.
  3. Once the third party signs the release or ‘hold harmless’ letter it has contractual effect. Although a robust form of protection, it might not be effective in every circumstance. If it can be established that the third party is really in the position of a client, the effect is likely to be the same as if the member were to seek to exclude liability to its client in the engagement letter. This might arise where (in summary) the relationship between the member and the third party is sufficiently close (or what the law calls ‘proximate’) that it cannot in reality be shown that the third party is distant from the member and so is not in the same position as a client for the purpose of the engagement.
  4. In such a case, if the third party challenges the release or ‘hold harmless’ letter, a court is only likely to enforce the exclusion if it is considered reasonable in the circumstances. This closeness (or ‘proximity’) may arise if the third party in question is known to the member and its interests are taken into account when the work is performed, especially if the member is aware that the third party wants to rely on the member’s work and the member accepts this or does not challenge this. As the law currently stands, the absence of any intention by the member that the third party will rely on the member’s work is not likely to be conclusive as to whether or not any duty is owed. Clearly a third party that signs a release or ‘hold harmless’ letter only to challenge it later will be expected to explain its apparent agreement to the terms of the letter and justify why that apparent agreement might be ignored.
  5. In a case like that described above, a release or ‘hold harmless’ letter may not be the best way for the member to manage its risk. Members may therefore wish to consider inviting the third party to accept the terms of the engagement letter in return for a duty, or to sign a ‘duty of care’ letter. 34
  6. Use and disclosure of some work products issued by members, such as auditors’ reports under the Companies Act 2006 or accountants’ reports for public offer documents, cannot be restricted. Members will wish to think carefully about managing their risk to third parties in respect of such public documents by clarifying the nature and purpose of the work performed in the public document itself. 35
  7. Auditors are frequently asked to provide information (which may include oral information), such as audit working papers, to parties who have an interest in the financial affairs of the audit client. Parties with an interest may include banks considering a lending decision in respect of the audit client, or potential purchasers of the audit client. Members will wish to treat these requests with the same care and attention as requests for the release of a member’s private work product. This is because the same risks of assuming a duty of care and responsibility to third parties will arise. Members will therefore wish to consider the use of release or ‘hold harmless’ letters for such cases. 36
  8. Members considering the issue of a release or ‘hold harmless’ letter will wish to obtain written authority from the client before agreeing to release the member’s work product (or any other client confidential information relating to the engagement) to any third party. Members will also wish to secure the client’s agreement to accept the risk of adverse consequences flowing from disclosure to the third party when obtaining such authority. 38

Appendix 3

List of relevant publications

This Appendix contains a list of publications to which members may wish to refer when considering the matters discussed in this guidance. All can be found at icaew.com/regulations or from the Library by phone: +44 (0)20 7920 8620, fax: +44 (0)20 7920 8621, email: library@icaew.com or search ICAEW's Library online for the archive copy.

  • Code of Ethics, Section 100, Introduction and Fundamental Principles.
  • Code of Ethics, Section 130, Professional Competence and Due Care.
  • Code of Ethics, Section 140, Confidentiality.
  • Code of Ethics, Section 220, Conflicts of Interest.
  • Guidance on the Practice Assurance Standards.
  • helpsheet, Professional Indemnity Insurance.
  • helpsheet, Engagement Letters.
  • Professional Indemnity Insurance Regulations and Guidance.
  • The Duty on Firms to Investigate Complaints – Guidance on How to Handle or Avoid Them.
  • Anti-Money Laundering Guidance for the Accountancy Sector
  • International Standard on Quality Control (UK and Ireland) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements.
  • Ethical Standard 5, Non-Audit Services Provided to Audit Clients, Auditing Practices Board.
  • Guidance on Auditor Liability Limitation Agreements, Financial Reporting Council, June 2008.
  • Statement Audit 4/00, TECH 29/00, Firms’ reports and duties to lenders in connection with loans and other facilities to clients and related covenants, Consultative Committee of Accountancy Bodies.
  • Audit Liability: Claims by Third Parties, ICAEW Audit & Assurance Faculty with Simmons & Simmons, June 2005.
  • Technical Release Audit 01/01, Reporting to Third Parties.
  • Technical Release Audit 01/03, The Audit Report and Auditors’ Duty of Care to Third Parties.
  • Technical Release Audit 04/03, Access to Working Papers by Investigating Accountants.
  • Technical Release Audit 05/03, Reporting to Regulators of Regulated Entities.
  • Technical Release AAF 02/06, Identifying and Managing Certain Risks Arising from the Inclusion of Reports from Auditors and Accountants in Prospectuses (and Certain Other Investment Circulars).
  • Technical Release AAF 04/06, Assurance Engagements: Management of Risk and Liability.
  • Technical Release TECH 04/08, Anti-money Laundering Guidance for the Accountancy Sector.
  • Technical Release AAF 02/09, New Arrangements for Accountants Reporting to the Civil Aviation Authority.

References

  1. See Code of Ethics A, Section 100, Introduction and Fundamental Principles, and Section 130, Professional Competence and Due Care. General guidance on competence and quality control is available in Guidance on the Practice Assurance Standards, which can be obtained by contacting the Technical and Advisory Helplines on +44 (0)1908 248 250 or from icaew.com/regulations
  2. See Professional Indemnity Insurance Regulations and Guidance. General guidance on professional indemnity insurance is available in a helpsheet, Professional Indemnity Insurance, which can be obtained by contacting the Technical and Advisory Helplines on 01908 248 250.
  3. See further, The Duty on Firms to Investigate Complaints – Guidance on How to Handle or Avoid Them.
  4. General guidance on client acceptance and standard 2 is available in the Guidance on the Practice Assurance Standards, which can be obtained by contacting the Technical and Advisory Helplines on +44 (0)1908 248 250 or from icaew.com/regulations.
  5. International Standard on Quality Control (UK and Ireland) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements, (ISQC (UK&I) 1), requires that for all assurance engagements (as defined in the Standard) members establish policies and procedures for the acceptance and continuance of client relationships and individual engagements. Additional considerations relevant to engagement acceptance are addressed in Section B of this guidance.
  6. See TECH 05/08, Anti-Money Laundering Guidance for the Accountancy Sector.
  7. In relation to assurance engagements see ISQC (UK&I) 1.
  8. See further, Anti-Money Laundering Guidance for the Accountancy Sector
  9. See note 1.
  10. See further paragraphs 61 and 62 below.
  11. See Code of Ethics B, Section 220, Conflicts of Interest.
  12. See also Code of Ethics A, Section 140, Confidentiality. Members providing audit services will find additional rules in Ethical Standard 5, Non-Audit Services Provided to Audit Clients, published by the Auditing Practices Board.
  13. Members can contact the Technical and Advisory Helplines on +44 (0)1908 248 250.
  14. As the aim of the engagement letter is to form a contract between the client and the member, it is usual where the client is corporate for the letter to be addressed to the contracting entity (rather than one of its representatives) and signed by or on behalf of the member.
  15. See The Duty on Firms to Investigate Complaints – Guidance on How to Handle or Avoid Them.
  16. This is not an exhaustive list and other potential points are mentioned in paragraph 35. Engagement letters that are clear and informative may cover some or all of these points and may capture others not listed. What is to be covered will depend on all the circumstances. General guidance on engagement letters is available in a helpsheet, Engagement Letters, which can be obtained by contacting the Technical and Advisory Helplines on +44 (0)1908 248 250. Members may also wish to refer to the Guidance on the Practice Assurance Standards, which can be obtained by contacting the Technical and Advisory Helplines on the same number or from icaew.com/regulations.
  17. The Provision of Services Regulations 2009 impose obligations on members as providers of services in relation to making certain information available to clients. These Regulations do not require engagement letters to be the only method for making relevant information available. Members may find it convenient to capture some or all of the information requirements in their engagement letters or elsewhere, such as on a member’s website. The Regulations provide that relevant information is to be available to clients before the engagement letter is counter-signed by the client.
  18. See Section F: Managing third-party risk.
  19. See Appendix 1 for a summary of relevant legal principles.
  20. Members may find it helpful to document any negotiations on liability capping, through file notes, correspondence or other records. See also note 30 below.
  21. See also note 13 above.
  22. Members are referred to the Guidance on Auditor Liability Limitation Agreements published by the Financial Reporting Council in June 2008 for details of what is permitted and how to implement limitation arrangements for audits under the Companies Act 2006. See frc.org.uk
  23. Members are cautioned against reaching agreements, formal or informal, or establishing practices that might be seen as unlawful cartels or anti-competitive and contrary to competition law.
  24. There is no requirement to follow this practice. Members and clients are entitled to propose alternative arrangements for particular engagements.
  25. There is no requirement to accept the formula. Members and clients are entitled to propose alternative arrangements for particular engagements. The Memorandum of Understanding was notified to the Office of Fair Trading under the Restrictive Trade Practices Act 1976.
  26. There is no requirement to accept the formula. Members and the Civil Aviation Authority are entitled to propose alternative arrangements for particular engagements.
  27. The position may differ if the client is fraudulent and the exclusion of liability relates to client fraud. In relation to client fraud in the context of audit work, members are referred to International Standards on Auditing (UK & Ireland) 240, The Auditor’s Responsibility to Consider Fraud in an Audit of Financial Statements.
  28. Members are referred to the Guidance on Auditor Liability Limitation Agreements published by the Financial Reporting Council in June 2008 for discussion about proportionality. See frc.org.uk
  29. See Section C: Engagement contracts.
  30. Members may wish to document, through file notes, correspondence or other records, the undertaking of tasks and the client’s instructions. Documenting records of other discussions or negotiations, such as those relating to fees or the member’s liability, may also be helpful if the member is later called upon to justify or explain matters done or agreed.
  31. The use of release or ‘hold harmless’ letters is discussed in more detail in Appendix 2.
  32. See further, Section G: Managing the risk of informal reporting.
  33. See Technical Release AAF 01/03, The Audit Report and Auditors’ Duty of Care to Third Parties.
  34. See Technical Release AAF 04/06, Assurance Engagements: Management of Risk and Liability, for a discussion of safeguards that can be implemented in appropriate cases.
  35. See Technical Release AAF 01/03, The Audit Report and Auditors’ Duty of Care to Third Parties, and see Technical Release AAF 02/06, Identifying and Managing Certain Risks Arising from the Inclusion of Reports from Auditors and Accountants in Prospectuses (and Certain Other Investment Circulars).
  36. See Technical Release AAF 04/03, Access to Working Papers by Investigating Accountants, for guidance on release or ‘hold harmless’ letters relating to audit working papers.
  37. Technical Release AAF 04/03, Access to Working Papers by Investigating Accountants, contains guidance and an example authority letter for use when providing access to audit working papers.