Every meaningful US accounting engagement — tax preparation, audit, review, compilation, or advisory — should begin with a written engagement letter. AICPA professional standards effectively require it for attest work (auditing, reviewing, compiling), and most reputable firms require it for tax and consulting too. The letter establishes scope, fees, deliverables, and the all-important limitation of liability and indemnity provisions. The single most negotiated provision in a CPA engagement letter is the limitation of liability. CPAs frequently propose caps at one or two times the fee paid, plus full mutual indemnity for third-party claims. These provisions can leave a client with multi-million-dollar exposure and minimal recovery from the CPA whose work caused the loss. Rejecting or negotiating these clauses is increasingly common and accepted in the market.
What is a Engagement Letter?
A US accounting engagement letter is a written contract between a client and a Certified Public Accountant (CPA) firm establishing the scope, fee, deliverables, professional standards applicable, and contractual terms of an accounting service. AICPA Statements on Auditing Standards (SAS) AU-C Section 210 requires written agreement on the terms of an audit engagement. AICPA Statements on Standards for Accounting and Review Services (SSARS) similarly require engagement letters for review and compilation services. The letter incorporates AICPA professional standards, applicable state CPA board rules, and any specifically negotiated terms.
Red flags to watch for
A liability cap of '1× the fee' for a $10,000 audit means your maximum recovery for a $5 million negligent error is $10,000. Some state courts (e.g., several appellate decisions in California and New York) have held aggressive liability caps unenforceable as against public policy in certain attest engagements, but the cleanest path is to negotiate the cap upward or eliminate it.
An indemnity clause requiring the client to defend and indemnify the CPA for third-party claims (e.g., from the IRS, lenders, investors) effectively shifts the CPA's risk back to the client. Several states (Texas, Illinois, Maryland) have passed statutes prohibiting CPAs from including these indemnities in audit engagements.
An engagement letter describing 'compilation of financial statements' is not the same as 'review' or 'audit.' If you need a lender to accept the financial statements, the lender often specifies the level of assurance — and a compilation may be inadequate. Verify the scope matches the third-party requirement.
AICPA Code of Professional Conduct rules and Section 101 (Independence) require disclosure of related-party services and any potential conflicts. An engagement letter omitting these disclosures may compromise the CPA's independence and the validity of any opinion issued.
Many CPA firms now use AI-assisted tools or offshore processing. Engagement letters increasingly include broad consent to such use. If client data is sensitive (PHI, attorney-client privileged, trade secrets), the consent should be specific, with named processors and security commitments.
Engagement letters that allow the CPA to terminate immediately on payment delay but require the client to give 30 days' notice of cancellation are imbalanced. Mutual termination on equal terms protects both parties.
Your legal rights
US clients of CPAs are protected by: state CPA licensing and disciplinary statutes (e.g., California Business and Professions Code §§ 5000 et seq.; New York Education Law Article 149); the AICPA Code of Professional Conduct as adopted by state CPA boards; AICPA Statements on Auditing Standards (SAS), Statements on Standards for Accounting and Review Services (SSARS), and Statements on Standards for Tax Services (SSTS); state common law duties of professional negligence and breach of contract; and state-specific statutes limiting CPA indemnification clauses (Texas, Illinois, Maryland and others). Complaints can be filed with the state CPA board, the AICPA Professional Ethics Division (for AICPA members), or pursued as civil claims in state court.
Questions to ask before you sign
- 1What level of service is being provided — audit, review, compilation, tax, advisory — and what assurance does it provide to third parties?
- 2What is the limitation of liability cap, and is it negotiable up to actual exposure?
- 3Does the engagement letter contain mutual indemnity, and does my state's law restrict that for CPA engagements?
- 4Will you be using AI tools, offshore processors, or third-party platforms, and how is my data protected?
- 5What are the termination rights for both parties, and how are fees and deliverables handled on termination?
- 6Are there any conflicts of interest or related-party services that should be disclosed under the AICPA Code?
Disclaimer: This guide is for educational purposes only and does not constitute legal advice. Contract law varies by jurisdiction and individual circumstances. Always consult a qualified legal professional before making decisions based on this information.