CPA engagement letter liability caps - what's reasonable and enforceable?

We're hiring a new CPA firm for audit work. Their engagement letter has a liability cap limiting their liability to "the fees paid for the engagement." We're paying them $45,000 for the audit.

If they screw up our financials and we have SEC issues or investor lawsuits, their max exposure is $45K? That seems absurdly low. Our company could face millions in damages from a negligent audit.

Is this standard? Is it even enforceable? Should I push back?

Ngl i work in regulatory compliance and deal with CPA engagement letters from the client side. One issue that has not been mentioned yet is the scope limitation clause, which is just as important as the liability cap.

Most engagement letters narrowly define the scope of the engagement — for example, “audit of financial statements for the fiscal year ending December 31, 2025.” If the CPA misses something outside that narrow scope (like a tax compliance issue they noticed but did not flag because it was “outside scope”), the liability cap may not even matter because they will argue they had no duty to catch it.

@the_whole_truth_1_Mike — your redline list looks solid. I would add the scope notification clause and extend the survival period to at least 3 years.