Audit Engagement Letter (UAE)

An Audit Engagement Letter in the United Arab Emirates is the formal document through which a licensed audit firm and its audit client agree the terms on which an independent audit of the company's financial statements will be conducted. Required by International Standard on Auditing (ISA) 210 and by the Accountants and Auditors Regulation (Federal Law No. 12 of 2014), the engagement letter defines the objective and scope of the audit, confirms management's responsibilities, sets out the auditor's obligations, and records the audit fee. Once countersigned by the client's authorised representative, the letter creates a binding contract governed by the UAE Civil Code (Federal Law No. 5 of 1985) and by the professional regulatory framework administered by the Ministry of Economy.

The UAE's audit environment is shaped by the Commercial Companies Law (Federal Decree-Law No. 32 of 2021), which requires every UAE company to appoint licensed auditors to audit its annual financial statements. Public joint stock companies listed on the Dubai Financial Market (DFM) or the Abu Dhabi Securities Exchange (ADX) are subject to enhanced audit requirements under the Securities and Commodities Authority (SCA), including mandatory audit partner rotation. Companies incorporated in the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM) are audited under those free zones' own companies legislation, overseen by the DIFC Registrar of Companies and the ADGM Registration Authority respectively. Banks and financial institutions are subject to audit requirements under Central Bank of the UAE regulations.

The audit is conducted in accordance with International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB). The auditor is responsible for planning and executing procedures that provide reasonable assurance that the financial statements are free from material misstatement, whether due to fraud or error, and for expressing an independent opinion in the Auditor's Report. The audit does not guarantee the detection of all errors; it provides reasonable, not absolute, assurance. Management remains responsible for the preparation and fair presentation of the financial statements in accordance with the applicable framework — International Financial Reporting Standards (IFRS) for most UAE entities — and for maintaining appropriate internal controls.

The Corporate Tax Law (Federal Decree-Law No. 47 of 2022) has added a further dimension to UAE audits. Financial statements form the starting point for the Corporate Tax Return, and the Federal Tax Authority (FTA) may request audited accounts during reviews. The audit engagement letter should address whether Corporate Tax compliance is within or outside the audit scope. The VAT Law (Federal Decree-Law No. 8 of 2017) requires businesses to maintain detailed transaction records, and auditors will review VAT accounting as part of the financial statement audit. Anti-money-laundering obligations under the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018) apply to auditors as designated non-financial businesses and professions (DNFBPs), requiring customer due diligence and reporting suspicious transactions to the Financial Intelligence Unit (FIU). Electronic execution is valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021), and the forms-legal.com UAE Audit Engagement Letter template addresses each of these requirements.

An Audit Engagement Letter in the United Arab Emirates is needed before every statutory or voluntary financial statement audit. Without a signed engagement letter, the audit cannot properly commence under ISA 210, and neither party has a documented record of what the audit covers, who is responsible for what, and what fee has been agreed.

Statutory audits required by the Commercial Companies Law (Federal Decree-Law No. 32 of 2021) are the most frequent context. Every LLC, PJSC, and PrJSC incorporated in the UAE must have its annual financial statements audited, and the engagement letter is signed at the start of each annual cycle — either as a new letter or as a renewal of the prior year's terms where no material changes have occurred. Trade licence renewal with the Department of Economic Development and annual general meeting requirements create hard deadlines that drive the audit calendar.

Free-zone audits generate engagement letters for DIFC and ADGM entities, which are subject to those free zones' own audit requirements, and for other free-zone companies such as DMCC or RAKEZ entities that must produce audited financial statements for their free-zone authority.

Corporate transactions create demand for special purpose audit engagement letters. A business that is being acquired, that is raising debt or equity finance, or that is applying for a credit facility from a UAE bank regulated by the Central Bank of the UAE often requires a current-year or historical audit to satisfy investor or lender due diligence requirements.

Companies that have triggered the Corporate Tax registration threshold under the Corporate Tax Law (Federal Decree-Law No. 47 of 2022) and seek to demonstrate the accuracy of their tax base to the Federal Tax Authority (FTA) often commission an audit for this purpose. The engagement letter defines whether the audit scope includes review of the Corporate Tax computation and related disclosures.

A UAE Audit Engagement Letter compliant with ISA 210 and the Accountants and Auditors Regulation (Federal Law No. 12 of 2014) must contain the following elements. The forms-legal.com UAE Audit Engagement Letter template covers each component in a format accepted by the Dubai Courts, the Ministry of Economy, and UAE free-zone supervisory bodies.

Party identification must record the full legal name and Ministry of Economy registration number of the audit firm, and the full legal name and trade licence of the audit client. The engagement letter is addressed to the board of directors or the shareholders of the client, reflecting that the auditor reports to those who appointed it.

Objective and scope must state that the audit will be conducted in accordance with ISAs, identify the financial period, and specify the applicable reporting framework — full IFRS or IFRS for SMEs. The scope should address whether Corporate Tax compliance review is included and should note the inherent limitation that the audit provides reasonable, not absolute, assurance.

Management's responsibilities must be confirmed: preparation and fair presentation of the financial statements, maintenance of internal controls, provision of complete and unrestricted access, and the requirement to provide written representations at audit completion. ISA 580 requires these representations in every audit.

Auditor's responsibilities must set out the obligation to conduct the audit in accordance with ISAs, exercise professional judgement and scepticism, and comply with the ethical requirements of the IESBA Code of Ethics including independence.

Audit deliverables must specify what the client will receive: the Independent Auditor's Report and any management letter on internal control observations, together with the expected completion date.

Fees must state the audit fee in AED, the payment schedule, and confirm that 5% VAT applies under the VAT Law (Federal Decree-Law No. 8 of 2017). The letter should address the process for agreeing fee variations if scope changes materially. Confidentiality, AML obligations, liability cap consistent with Article 296 of the UAE Civil Code, and governing courts complete the letter.

Completing an Audit Engagement Letter for a UAE company requires accurate identification of the parties, a precise description of the audit scope, and clear fee terms. Work through the template fields in order.

Enter the audit firm's full legal name as registered with the Ministry of Economy, the Ministry of Economy registration number, and the firm's address. Then enter the audit client's full legal name as it appears on the trade licence, the trade licence number, and the registered address. The letter is addressed to the board of directors or the shareholders of the client.

Enter the date of the letter in DD/MM/YYYY format.

Specify the financial period to be audited — for example, 1 January 2025 to 31 December 2025. Select the applicable reporting framework: IFRS for most UAE entities, or IFRS for SMEs where this is appropriate and permitted.

Describe the audit deliverables. The standard deliverable is the Independent Auditor's Report on the financial statements; many audit firms also provide a management letter noting internal control observations. Enter the expected completion date, which should be realistic based on the complexity of the business and the lead time available.

State the audit fee in AED, confirming it is exclusive of VAT at 5% under the VAT Law (Federal Decree-Law No. 8 of 2017). State the payment schedule — typically 50% on signing and 50% on delivery of the signed report. The audit firm must issue valid tax invoices meeting Federal Tax Authority requirements.

Select the governing courts. The Dubai Courts apply for companies incorporated in Dubai; the Abu Dhabi Courts apply for Abu Dhabi onshore entities; the DIFC Courts and ADGM Courts apply for entities in those free zones.

Arrange for signature by an authorised partner or director of the audit firm, and countersignature by an authorised representative of the client. Electronic signatures are valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021). Retain a signed copy in both the audit file and the client's records.

An Audit Engagement Letter in the United Arab Emirates is required by International Standard on Auditing (ISA) 210, which mandates a written agreement of the terms of the audit engagement before the audit begins or continues. The Accountants and Auditors Regulation (Federal Law No. 12 of 2014) requires auditors to be registered with the Ministry of Economy, to comply with applicable professional standards, and to follow the ethical framework of the International Ethics Standards Board for Accountants (IESBA) Code of Ethics, including the independence requirements that prohibit an auditor from auditing financial statements it has prepared.

The Commercial Companies Law (Federal Decree-Law No. 32 of 2021) requires UAE companies to appoint licensed auditors and to have their annual financial statements audited. Listed companies face additional requirements under the Securities and Commodities Authority (SCA). DIFC and ADGM companies are subject to the audit requirements of their respective free-zone regulations.

The UAE Civil Code (Federal Law No. 5 of 1985) governs the contract created by the engagement letter: Article 125 on formation, Article 246 on good-faith performance, and Article 257 on the binding nature of the contract. Liability follows Articles 282 and 389, subject to Article 296, which prevents the exclusion of liability for a harmful act.

The Corporate Tax Law (Federal Decree-Law No. 47 of 2022) and the VAT Law (Federal Decree-Law No. 8 of 2017), both administered by the Federal Tax Authority (FTA), require businesses to maintain accurate financial records that an audit will assess. Anti-money-laundering obligations under the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018) impose customer due diligence and reporting duties on auditors as DNFBPs. Electronic execution is valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021).

An Audit Engagement Letter in the United Arab Emirates must be prepared carefully to protect the auditor's independence and define the engagement clearly. The following mistakes are common.

1. Failing to address the independence requirement. An audit firm that also prepares the financial statements creates a self-review threat under the Accountants and Auditors Regulation (Federal Law No. 12 of 2014) and the IESBA Code of Ethics. The engagement letter should state clearly that management is responsible for the financial statements and that the audit firm does not prepare them.

2. Vague audit scope. An engagement letter that says 'audit of financial statements' without specifying the period, reporting framework, and what is excluded — such as Corporate Tax compliance — leaves both parties uncertain about what work is included. State every element of scope and every exclusion explicitly.

3. No management representations clause. ISA 580 requires written representations from management at audit completion. An engagement letter that does not reference this requirement may make it harder to obtain the representations, weakening the evidential basis for the audit opinion.

4. Ignoring the Corporate Tax overlay. Failing to address whether Corporate Tax review under the Corporate Tax Law (Federal Decree-Law No. 47 of 2022) is within scope can lead to disputes when the client expects the audit to cover the Corporate Tax computation and the auditor has not priced or planned for this.

5. No fee variation mechanism. Where the audit scope expands due to new transactions, additional entities, or significant adjustments, an engagement letter without a fee variation clause leaves the auditor either absorbing the extra cost or in conflict with the client. Include a written variation process.

6. Overreaching liability exclusion. Attempting to exclude all audit liability is inconsistent with Article 296 of the UAE Civil Code (Federal Law No. 5 of 1985). Use a capped liability clause limited to the audit fee, carving out fraud and wilful misconduct.

7. Not addressing AML obligations. Omitting reference to anti-money-laundering duties under the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018) fails to put the client on notice that the auditor may need to file a Suspicious Transaction Report without informing the client, which is a professional obligation that takes precedence over confidentiality.