CICSC
Financial Oversight

Approving the Annual Audit, Review, or Compilation — A Board Decision

CIC-SC Editorial Team··~16 minutes read

Financial Oversight · Governance

Approving the Annual Audit, Review, or Compilation — A Board Decision

Selecting and approving the year-end CPA engagement is one of the board’s most consequential financial governance decisions — and one of the most commonly delegated by default. This article frames the choice as the board’s, explains the three engagement types, identifies when statute removes the choice, and shows the board how to handle a clean engagement and a findings-laden one.

By the CIC-SC Editorial Team Updated June 5, 2026 Reading time: ~16 minutes Audience: Boards, Treasurers, Managers, Auditors

The Bottom Line

A year-end financial engagement is the independent check on the financial statements the board approves throughout the year. Three engagement types are recognized under AICPA standards: audit (the highest assurance), review (moderate assurance), and compilation (no assurance). Statute often dictates which engagement is required — Florida HOAs are tiered by revenue under Fla. Stat. § 720.303(7) and Florida condominiums are tiered under Fla. Stat. § 718.111(13). Texas leaves the choice substantially to the declaration and the board. The board’s job is to know what the statute requires, what the declaration adds, what the prior-year engagement type was, and to deliberately select the engagement — not to allow it to default. When the engagement comes back, the board approves it, signs the management representation letter, addresses the findings, and ties the response to the next year’s budget.

Operational Context: Why the Choice Is Board-Level

An audit, review, or compilation is the only set of financial statements the association produces that has been touched by someone other than the manager and the board. Every other financial report — the monthly balance sheet, the income statement, the budget-to-actual — is produced internally and approved by the same body that ran the year. The CPA engagement is the only annual check that the internal numbers reflect reality.

The choice of engagement type matters because the three engagements perform fundamentally different work. An audit tests transactions, confirms balances with banks and counterparties, and concludes with an opinion on whether the statements are presented fairly in conformity with the applicable financial reporting framework. A review applies analytical procedures and inquiries to provide limited assurance that no material modifications need to be made. A compilation presents the statements in the proper form without any assurance at all.

Selecting the engagement — or accepting last year’s by default — is a board decision under the duty of care. A board that has not asked “what level of assurance do we need this year and why?” has skipped a fiduciary step regardless of the answer.

The first rule: Before the engagement letter is signed, the board should be able to articulate (a) the statutory requirement, (b) the declaration requirement, and (c) the board’s reasoned election — on the record. If the engagement letter arrives signed without that articulation having happened, the board has accepted a decision it did not make.

The Three Engagements

Audit.

An audit is performed under AICPA Statements on Auditing Standards (SAS). The auditor obtains an understanding of internal control, identifies risks of material misstatement, designs and performs procedures responsive to those risks, and issues an opinion. For community associations, the operative reporting framework is U.S. generally accepted accounting principles as articulated for not-for-profit entities (FASB ASC 958-205 and the AICPA Audit and Accounting Guide: Common Interest Realty Associations). The auditor’s opinion can be unmodified (clean), qualified (a defined exception), adverse (the statements are not fairly presented), or a disclaimer (the auditor was unable to obtain sufficient evidence).

Audit deliverables typically include: the auditor’s report, the audited financial statements (balance sheet, statement of revenues and expenses by fund, statement of changes in fund balance, statement of cash flows), the notes to the financial statements, and the management letter (if any findings of significance arose). For Florida condominiums and some HOAs subject to required supplementary information (RSI) for future major repairs and replacements, the audit also addresses the RSI.

Review.

A review is performed under Statements on Standards for Accounting and Review Services (SSARS). The CPA applies analytical procedures and makes inquiries of management to provide a limited assurance that no material modifications are needed for the statements to conform with the applicable framework. The review does not include the testing, confirmation, and substantiation that an audit includes. The CPA’s report explicitly states what was and was not done.

Compilation.

A compilation is also performed under SSARS. The CPA presents financial information in the form of financial statements without expressing any assurance. The compilation report identifies what was prepared and explicitly states that no opinion or conclusion is expressed.

When Statute Removes the Choice

Florida HOAs — Fla. Stat. § 720.303(7).

Florida HOAs are required to prepare financial reports for the preceding fiscal year, with the type tiered by annual revenue:

  • Revenues of $500,000 or more: audited financial statements.
  • Revenues of $300,000 to less than $500,000: reviewed financial statements.
  • Revenues of $150,000 to less than $300,000: compiled financial statements.
  • Revenues less than $150,000: a report of cash receipts and expenditures.

Members may also vote to waive the otherwise-required level for a fiscal year and substitute a lower level, subject to the statute’s specific procedures.

Florida condominiums — Fla. Stat. § 718.111(13).

Florida condominium associations are required to prepare financial reports with the type tiered by annual revenue. The statutory tiers parallel the HOA framework but apply distinctly to condominiums and operate alongside the SIRS and milestone-inspection regimes that have been tightened post-Surfside. The statute also addresses the member-waiver mechanism for the otherwise-required level. Condominium boards should confirm the current statutory thresholds with counsel each year, because post-Surfside amendments have altered both the floors and the waiver mechanics.

Texas — declaration and bylaws govern.

Texas Property Code Chapters 209 and 82 do not impose a uniform tiered audit requirement for residential subdivisions or condominiums. The choice typically defaults to the declaration and bylaws. Many Texas declarations require an annual audited engagement; others permit the board to select among the three. The board’s first step in Texas is to read the assessment/financial-reporting article in the declaration and identify what it actually requires.

How the Board Selects an Engagement Type

Where statute does not dictate the engagement type, the board’s selection is a duty-of-care decision informed by several factors:

  • Declaration and bylaws. The declaration may impose a floor (e.g., “the books shall be audited annually”). The board cannot select an engagement type below that floor.
  • Lender or insurance requirements. Some mortgage lenders, refinancing transactions, or master insurance carriers require audited statements. The board should confirm whether any such requirement is active before selecting a lower-assurance engagement.
  • Size and complexity. Larger associations with multiple funds, sub-associations, commercial leases, or significant reserve activity benefit from the testing an audit provides.
  • Prior-year findings. An association that received a management letter the prior year identifying control weaknesses should consider stepping up to the next-higher engagement level until the weaknesses are remediated.
  • Risk profile. Significant turnover in management, recent fraud or theft incidents, or a major capital project executed during the year all suggest a higher-assurance engagement.
  • Cost. Audit fees can be three to five times compilation fees. The board should weigh the cost against the assurance the engagement provides, not minimize the engagement to save fees.

The Engagement Cycle: What the Board Should Expect

  1. Engagement letter (Q4 prior to fiscal year close or early Q1 after). The board approves the engagement letter, which identifies the engagement type, the scope, the deliverables, the fee, and the responsibilities of the auditor and the association.
  2. PBC (prepared by client) list. The auditor delivers a list of documents the association must produce — trial balance, bank statements, contracts, insurance certificates, reserve study, prior-year working papers, etc.
  3. Fieldwork. The auditor performs the procedures — on site or remotely — over a defined period, typically two to six weeks for a community association.
  4. Draft financial statements. The auditor delivers a draft for management and board review. The board reads the draft — not just the cover letter — and asks questions.
  5. Management representation letter. The board signs a letter to the auditor representing that the financial statements are management’s, that all relevant information has been provided, that no fraud has been concealed, and the other representations the auditor requires. This is a board-level signature, not a manager-level one.
  6. Final report. The auditor issues the final report and any management letter. The board accepts and approves the financial statements in open session.
  7. Distribution. The financial statements are distributed to members on the timeline statute and bylaws require (Florida HOAs and condominiums have specific delivery rules under § 720.303(7) and § 718.111(13)).
  8. Response. Any findings are addressed in a written response and integrated into the next year’s budget and operating practice.

What a Clean Engagement Looks Like

A clean engagement produces an unmodified opinion (for an audit) or no required modifications (for a review). The financial statements are issued without qualification. The auditor’s report references the applicable framework (FASB ASC 958-205) and the standards under which the engagement was conducted (AICPA SAS for audits, SSARS for reviews and compilations).

The fact pattern that produces a clean engagement looks like this: a complete trial balance reconciles to subsidiary ledgers; bank balances reconcile; revenue recognition (assessment income) ties to the assessment roll; reserve activity reconciles to the reserve study; the management representation letter is signed without exception; no significant control deficiencies are identified.

What to Do When There Are Findings

Findings come in several flavors. The board’s response should match the severity.

Material weakness.

A material weakness is a deficiency in internal control such that a material misstatement could occur and not be prevented or detected. The board’s response is a written corrective action plan, board-adopted, addressing each deficiency with an owner, a timeline, and a verification step. A material weakness should also trigger consideration of whether the prior-year engagement type was sufficient.

Significant deficiency.

A significant deficiency is less severe than a material weakness but still important enough to merit attention by those charged with governance. Same response framework: written, board-adopted, with owner, timeline, and verification.

Management letter comments.

The auditor’s management letter (if any) identifies operating and control suggestions that are not necessarily formal deficiencies. The board should not dismiss these as “just opinions” — they are the auditor’s direct read on where the association’s practices could be improved.

Qualified opinion.

A qualified opinion identifies a specific exception. The board’s response is a remediation plan and, if necessary, a re-issuance of corrected statements. A second consecutive qualified opinion is a serious governance signal.

Adverse opinion or disclaimer.

An adverse opinion (the statements are not fairly presented) or a disclaimer (the auditor was unable to perform sufficient procedures) is a crisis. The board should engage counsel, consider whether a forensic engagement is required, and address the underlying conditions before the next fiscal year begins.

Why This Matters

The CPA engagement is the only independent check the association produces. Internal financials are produced by the same body that approves them. The audit, review, or compilation is the only annual point at which someone outside the association looks at the numbers. Skipping or minimizing the engagement removes that check.

Member access to the engagement is statutory. Florida HOAs (§ 720.303(7)) and condominiums (§ 718.111(13)) require delivery to members. Texas declarations frequently require it. A board that fails to deliver the report on the statutory or declaration timeline has created a procedural defect that compounds any substantive concern.

Engagement findings are the highest-quality leading indicator of future problems. Material weaknesses identified in this year’s audit predict next year’s loss event. Boards that treat the management letter seriously head off problems; boards that file it without reading head into them.

Stepping down an engagement type without statutory authority is a duty-of-obedience problem. If the declaration or statute requires an audit, the board cannot lawfully substitute a review. The cost savings are a fiduciary problem dressed up as a budget decision.

Best-Practice Guidance

1. Make the engagement selection an explicit agenda item.

Don’t roll over last year’s engagement by default. At the budget or year-end planning meeting, the board takes up the engagement type, confirms statutory and declaration floors, considers risk factors, and votes.

2. Issue an RFP every three to five years.

Rotating CPA firms periodically — or at minimum re-bidding the engagement — produces fresh eyes and pricing discipline. Long-tenured engagements drift toward routine; a periodic RFP keeps the engagement engaged.

3. Sign the management representation letter at a board meeting.

The representation letter is a substantive document. The board should review it, ask questions about each representation, and sign at an open meeting with the signature recorded in the minutes. A manager-signed representation letter without board affirmation is a thinner record than one the board has owned.

4. Approve the financial statements by formal motion in open session.

The acceptance of the final report is a board act. The motion names the report by date and auditor, and the vote is recorded.

5. Respond to findings in writing within 60 days.

A written corrective action plan, board-adopted, with owners and timelines, is the response a future auditor will look for. A response held in a director’s head is no response at all.

6. Integrate the engagement findings into next year’s budget.

If the auditor identified that the reserve study is stale, next year’s budget funds a new study. If the auditor noted that contract files are incomplete, next year’s budget funds a records project. The audit’s value is in what changes after it.

Common Mistakes & Pitfalls

Pitfall 1: Treating the engagement type as a manager decision. The selection is the board’s. A manager who tells the board “we did a compilation last year so we’ll do one this year” without raising the option for the board to deliberate has effectively made the decision for the board.
Pitfall 2: Signing the engagement letter at the wrong level. The engagement letter is a contract. It should be approved by the board and signed by the president or secretary, not by the manager unilaterally.
Pitfall 3: Treating the management letter as informational. The management letter is the auditor’s direct communication to the board. It deserves an item on the next agenda, a discussion, a written response, and a follow-up at the subsequent engagement.
Pitfall 4: Stepping down the engagement to save fees. Lower-assurance engagements cost less. They also produce less. Stepping down without statutory authority and without addressing the risk factors that supported the prior level is fiduciary erosion.
Pitfall 5: Failing to deliver the engagement to members on time. Florida statutes impose delivery deadlines. Declaration requirements often parallel them. Late delivery creates a procedural defect that the next election cycle will surface.

Actionable Takeaways

  1. Identify the statutory engagement requirement (Fla. Stat. § 720.303(7) HOA tier, § 718.111(13) condominium tier, declaration in Texas).
  2. Confirm the declaration and bylaws do not impose a higher floor.
  3. Make engagement-type selection an explicit board agenda item.
  4. Approve the engagement letter by board vote.
  5. Review the draft financial statements at a board meeting before the auditor finalizes.
  6. Sign the management representation letter at a board meeting; record the signature.
  7. Approve the final financial statements by motion in open session.
  8. Adopt a written response to any management letter or findings within 60 days.
  9. Distribute the financial statements to members on the statutory or declaration timeline.
  10. Integrate engagement findings into the following year’s budget and operating practice.

Related CIC-SC Resources

  • The Board’s Fiduciary Duty Over the Annual Budget
  • Reading and Approving Financial Statements at Board Meetings
  • Reserve Funding Adequacy Standards (CICSC FIN-001)
  • Treasurer Quarterly Financial Review Worksheet (Template)
  • Authorizing Expenditures — Spending Limits, Dual Signatures, and Approval Thresholds
Treat the year-end engagement as the board decision it is.
The CIC-SC Financial Oversight series provides engagement-letter checklists, representation-letter walk-throughs, and findings-response templates that make the audit cycle a board-owned governance act. Join CIC-SC to access the full library.

References & Sources

  1. Florida Statutes § 720.303(7) — HOA financial reporting tiers and member-waiver mechanism.
  2. Florida Statutes § 718.111(13) — Condominium financial reporting tiers and member-waiver mechanism.
  3. Florida Statutes § 718.112(2)(f)(2) — SIRS regime and related reserve disclosures.
  4. Texas Property Code Chapter 209 — Texas residential property owners’ association framework.
  5. Texas Property Code Chapter 82 — Texas Uniform Condominium Act.
  6. AICPA, Audit and Accounting Guide: Common Interest Realty Associations — reporting framework for community associations.
  7. AICPA Statements on Auditing Standards (SAS) — auditing engagement standards.
  8. AICPA Statements on Standards for Accounting and Review Services (SSARS) — review and compilation standards.
  9. FASB ASC 958-205 — Not-for-Profit Entities, Presentation of Financial Statements.
  10. Community Associations Institute, Best Practices Report: Financial Operations.

Tags: audit · review · compilation · AICPA · SAS · SSARS · § 720.303(7) · § 718.111(13) · financial reporting · management representation letter · management letter · findings response

CICSC publishes this article for educational and informational purposes only. It is not legal, tax, accounting, engineering, insurance, or financial advice and does not establish an attorney-client relationship. Statutory references and operational frameworks are intended to support informed governance, not to substitute for advice from qualified legal counsel and other professional advisors familiar with your jurisdiction and your association's facts. CICSC, its authors, and its members assume no liability for actions taken in reliance on this content.

Notice: CICSC provides educational resources, governance standards, and practical advisory support. CICSC does not provide legal advice, accounting advice, tax advice, engineering advice, insurance advice, or reserve study services. Board members and associations should consult qualified professionals for matters requiring professional judgment or legal interpretation.