Book a demo Log in / Sign up

Assurance Engagement Letter Template for the United States

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Assurance Engagement Letter?

The Assurance Engagement Letter is a critical document used when a client requires independent assurance services for their financial statements, internal controls, or other subject matters. This document, governed by U.S. federal and state regulations, establishes the professional relationship between the assurance provider and the client. It clearly defines the scope of work, methodologies to be employed, and deliverables expected. The letter must comply with AICPA standards, relevant state laws, and where applicable, SEC requirements. It serves as both a legal contract and a planning document, helping to manage expectations and mitigate risks for both parties.

Frequently Asked Questions

Is an Assurance Engagement Letter legally binding in the United States?

Yes, an Assurance Engagement Letter is a legally binding contract in the United States once signed by both parties. It creates enforceable obligations regarding the scope of services, fees, and professional responsibilities under federal and state contract law. The letter also establishes compliance requirements with AICPA standards and SEC regulations for public companies.

Can my company face penalties if the Assurance Engagement Letter is missing or incomplete?

Yes, missing or incomplete engagement letters can result in significant penalties from the SEC, PCAOB sanctions for auditors, and potential legal liability. Under Sarbanes-Oxley Act requirements, public companies must have proper documentation of auditor relationships and scope of services. Incomplete letters may also void professional liability insurance coverage.

How does an Assurance Engagement Letter differ from an Audit Engagement Letter in the US?

An Assurance Engagement Letter covers broader services beyond just financial statement audits, including reviews, compilations, and agreed-upon procedures. Audit Engagement Letters specifically focus on financial statement audits with stricter independence requirements under SOX. Assurance letters may have different liability limitations and scope depending on the specific service being provided.

Which federal laws must be referenced in US Assurance Engagement Letters?

US Assurance Engagement Letters must reference the Sarbanes-Oxley Act for public companies, Securities Exchange Act of 1934 for SEC reporting requirements, and applicable AICPA Professional Standards. Public company letters must also address PCAOB standards and auditor independence rules. State-specific professional licensing requirements may also need to be included.

How long does it typically take to prepare an Assurance Engagement Letter?

A standard Assurance Engagement Letter typically takes 1-3 business days to prepare using established templates. Complex engagements involving multiple subsidiaries or specialized industries may require 1-2 weeks for customization and legal review. Rush situations can be accommodated, but proper review for regulatory compliance should not be compromised.

Which mistakes commonly invalidate Assurance Engagement Letters in the US?

Common invalidating mistakes include failing to specify auditor independence requirements under SOX, omitting mandatory disclosures about non-audit services, and inadequate liability limitation clauses that violate state law. Missing signatures, unclear scope definitions, and failure to address management representation requirements also create enforceability issues. Outdated regulatory references can also cause compliance problems.

Can Assurance Engagement Letters be modified after signing without affecting validity?

Yes, but modifications must be documented through formal written amendments signed by both parties to maintain legal validity. Changes affecting the scope of services, fees, or regulatory compliance requirements need careful review to ensure continued adherence to AICPA and SEC standards. Verbal modifications are not legally enforceable and may create professional liability issues.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United States

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Engagement Letter

Sector

Business

Cost

Free to use

Last updated

About the Assurance Engagement Letter

When your organization requires independent verification of financial statements, internal controls, or compliance matters, an Assurance Engagement Letter becomes an essential legal document. This formal agreement establishes the professional relationship between you and your assurance provider, clearly defining responsibilities, scope, and deliverables under United States federal regulations and professional standards.

When do you need this document?

You need an Assurance Engagement Letter whenever your organization engages a certified public accountant or professional services firm to provide assurance services. This includes situations where you require independent verification of financial statements for lenders or investors, compliance attestation for regulatory requirements, or internal control assessments under Sarbanes-Oxley Act requirements. Public companies must use these letters when engaging auditors for SOX compliance work, while private companies often need them for bank loan requirements or due diligence processes. The letter is also necessary when you need assurance on sustainability reports, cybersecurity frameworks, or other specialized subject matters that require independent professional verification.

Key legal considerations

The engagement letter must clearly define the scope of services to avoid misunderstandings and potential liability issues. Professional standards require specific language regarding management responsibilities, including your obligation to provide complete and accurate information to the assurance provider. The document should explicitly state which professional standards govern the engagement, whether AICPA SSAEs for attestation services or PCAOB standards for public company audits. Independence requirements under federal securities laws must be addressed, particularly regarding prohibited non-audit services and potential conflicts of interest. The letter should also include limitation of liability clauses, fee arrangements, and dispute resolution mechanisms to protect both parties from unforeseen complications during the engagement.

Legal requirements in United States

Under United States law, assurance engagement letters must comply with multiple layers of regulation depending on your organization type and the nature of services required. Public companies must ensure their engagement letters meet PCAOB Auditing Standards and Sarbanes-Oxley Act requirements, particularly regarding auditor independence and management certifications. The Securities Exchange Act of 1934 and Securities Act of 1933 impose additional disclosure and reporting requirements that may affect engagement scope and timing. AICPA Statements on Standards for Attestation Engagements provide the foundational framework for most assurance services, requiring specific communication protocols and professional responsibilities. State regulations may also apply, particularly regarding professional licensing requirements and ethical standards for CPAs practicing within your jurisdiction. The engagement letter must demonstrate compliance with these overlapping regulatory requirements while establishing clear contractual terms that protect your organization's interests throughout the assurance process.

GOVERNING LAW

Applicable law

This Assurance Engagement Letter is drafted to comply with United States law. Key legislation includes:

Sarbanes-Oxley Act (SOX): Federal law that sets requirements for all U.S. public company boards, management, and public accounting firms. Key for defining auditor independence and corporate responsibility.

Securities Exchange Act of 1934: Federal law governing secondary trading of securities and establishing the SEC, which impacts reporting and disclosure requirements in assurance engagements.

Securities Act of 1933: Federal law requiring registration of securities offerings and detailed financial disclosure, affecting the scope of many assurance engagements.

AICPA SSAEs: Statements on Standards for Attestation Engagements that provide the framework for assurance services other than audits of financial statements.

PCAOB Auditing Standards: Standards set by the Public Company Accounting Oversight Board that govern the audits of public companies and other issuers.

AICPA Code of Professional Conduct: Ethical principles and rules that guide the conduct of CPAs in all professional activities, including assurance engagements.

GAAS: Generally Accepted Auditing Standards that set the minimum standard for auditing private companies in the United States.

State Accountancy Laws: State-specific regulations governing the practice of public accountancy, including licensing requirements and professional standards.

Professional Liability Regulations: Laws and regulations governing the liability of accounting professionals in assurance engagements, including limitations and insurance requirements.

Privacy Laws: Federal and state laws governing data protection and privacy, including Gramm-Leach-Bliley Act for financial institutions and state-specific privacy requirements.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it