Managing client relationships effectively can be challenging when the primary focus is on getting the work done efficiently and professionally. Engagement documents are the best way to ensure both engagement scope and fee for service are clearly understood. They also provide the opportunity to outline mutual expectations in relation to communication and sharing of information before, during and after the completion of client work.
Changes in relation to client engagement documents have been recently announced with amendments to APES 305 Terms of Engagement. The new standard was effective for engagements commencing on or after 1 July 2021.
Changes in relation to outsourced services
The amendments include new rules to third party responsibilities including outsourced services and cloud computing.
Outsourced services refer to outsourcing a material business activity to an outsourced service provider, who may or may not be in the same country or may not even be a member of a professional body.
Where a Member in Public Practice will utilise Outsourced Services in the provision of Professional Services to a Client, the Member shall document and communicate the details of the Outsourced Service Provider, the geographical location of where the Outsourced Services will be performed and the nature and extent of the Outsourced Services to be utilised. [APES 305 S3.6]
Changes in relation to cloud computing
Cloud computing refers to computing resources provided over the internet, including on-demand access to networks, servers, data storage, databases, software, and applications. Cloud computing entrusts the remote third party with data and information of the firm’s client data.
Where a Member in Public Practice will utilise Cloud Computing in the provision of Professional Services to a Client which is not an Outsourced Service, the Member in Public Practice should document and communicate to the Client the details of the Cloud Computing provider, the geographical location of where the Cloud Computing will be provided and how the Client’s confidential information will be stored. [APES 305 S3.7]
What’s actions should be taken now
These changes will apply to all client engagement documents from 1 July 2021, including accounting, audit and tax client engagements. Clearly, these changes will also require practitioners to ensure that policies and procedures are in place to manage risk and quality control.
At the present time, there is little information available on the specific requirements in relation to third party responsibilities. CAANZ recently published an updated Engagement Letter Tool which outlines all key considerations in relation to building an engagement document. This document outlines how third-party responsibilities should be communicated to clients:
We may utilise outsourced service providers and cloud computing service providers, including:
- [insert name of third party and geographic location] to [insert description of the nature and extent of the outsourced/cloud computing services]; and
- [insert name of third party and geographic location] to [insert description of the nature and extent of the outsourced/cloud computing services]; and
- and other third parties from time to time and as separately notified to you.
To perform the services, we may provide these third parties with access to your data to the extent this is required to perform the services.
Your data will be stored in servers physically located in Australia (unless otherwise specified) and in accordance with the security practices of the third-party service provider and our Privacy Policy.
It is likely further examples will be provided to practitioners in the near future. In the meantime, best practice suggests that practitioners should be asking all 3rd party providers for documented information on the way that they manage and store client data. If this information is not disclosed to clients, practitioner run the risk of being liable should a data security breach occur, for example in the case of unauthorised disclosure of a client’s TFN or other sensitive personal information.
What about annual re-engagement?
Paragraph 5(f) of APES 305 states it is necessary to re-issue or amend engagement documents when there is a significant change to a professional standard.
Whilst there is no specific reference to an annual review, in practice this is an essential part of every client annual engagement assessment procedure. Even when there’s a pre-existing agreement to maintain a fee for service over a number of years, regular internal reviews are essential to ensure that the sharing of information is strong and consistent.
This also provides opportunity to:
- Ask the client about the quality of service and standard of communication over the past 12 months and
- Conduct a business health check to identify and understand any issues that may affect business performance over the next 12 months.
The team at National Audits Group conducts an internal review of every audit client at the time the annual audit is completed. This is even more important with the required disclosure of 3rd party arrangements in relation to outsourcing and cloud computing.
Steven Watson | Director, National Audits Group | steven.watson@audits.com.au
- Navigating New Shores: The Role of Auditors in Australia’s Climate Reporting Landscape - 2 April 2024
- Switching Gears: Critical Considerations When Changing Your Business’s External Auditor - 4 March 2024
- ASIC releases first integrated financial reporting and audit surveillance report - 17 November 2023