Introduction
The Practice Review and Internal Audit team helps the Office of the Auditor General of Canada (OAG) to meet its obligation under the Chartered Professional Accountants of Canada’s Canadian Standard on Quality Control 1. The team does this by conducting inspection activities to determine the extent to which engagement leaders are complying with Canadian Auditing Standards, OAG policies, and applicable laws and regulations when conducting their audits. The team also ensures that independent auditor’s reports are supported and appropriate.
Objective
The practice review’s objective is to provide the Auditor General of Canada with assurance that
- financial audits comply with Canadian Auditing Standards, OAG policies, and applicable laws and regulations
- independent auditor’s reports are supported and appropriate
Scope
This report summarizes the reportable observations related to the practice reviews of 7 financial audits completed in the 2020–21 fiscal year.
Rating
Each audit file reviewed is rated as one of the following:
- Compliant. The audit file is compliant in all significant respects with Canadian Auditing Standards, OAG policies, and applicable laws and regulations. Some areas of improvement may have been noted.
- Non-compliant. The audit file does not comply with Canadian Auditing Standards, OAG policies, or applicable laws and regulations. Significant deficiencies exist, and major improvements are necessary.
After completing each review, we also conclude on whether the independent auditor’s report is supported and appropriate.
Results of the Reviews
This report covers the first cycle of financial audits that were completed remotely because of the COVID‑19 pandemic. For the files we reviewed, we found that audit teams did sufficient work to assess the risks related to the pandemic for their entities’ financial reporting and for the audit.
Exhibit 1 summarizes the reportable observations related to the practice reviews.
Exhibit 1—Summary of reportable observations
Summary of reportable observations
| A. Engagement management |
- Some engagement team members did not complete an independence confirmation form. (1 audit file)
- The practice advisory Practitioner’s Responsibilities When Contracting Out an Audit is outdated and does not include guidance regarding documentation requirements.
|
| B. Planning phase |
- The audit procedures that needed to be performed to address an identified risk and the audit conclusions that were reached were not sufficiently documented in the audit planning template. (1 audit file)
- The understanding of the services provided by a service organization, the assessment of any related relevant controls, and any required audit response were not documented. (1 audit file)
- The identification of certain controls that were relevant to the audit and the assessment of their design and implementation were not adequately documented in the file. (1 audit file)
- A roll forward of the previous year’s file took place, and certain updated audit procedure documents that were available when the engagement planning commenced were not used. (1 audit file)
- The audit team did not document its understanding of how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the established controls. (1 audit file)
|
| C. Examination phase |
- There was no evidence that documentation related to a significant judgment was reviewed by the engagement leader prior to the date of the auditor’s report. (1 audit file)
- Some working papers included in the audit file did not include an appropriate security label. (3 audit files)
|
| D. Reporting phase |
- In the current period, material unadjusted errors in financial statement note disclosures and cash flows from the prior period were identified. However, these errors were not communicated to those charged with governance, and the rationale was not documented. (1 audit file)
- There was insufficient documentation to support that a required audit procedure was completed. (2 audit files)
- The evaluation of the adequacy and completeness of a legal confirmation was not documented. (1 audit file)
- The procedure pertaining to subsequent events after the date of the auditor’s report was signed off as completed in TeamMate prior to the date of the independent auditor’s report. (1 audit file)
- The OAG file documentation includes the audit plan report that was approved by the engagement leader at the conclusion of the planning phase. However, the final version of the report produced after the examination phase, which would have indicated any significant changes to the plan by the firm that was contracted to perform the audit, was not included in the OAG file. (1 audit file)
- A completion memorandum from the firm that was contracted to perform the audit was not included in the OAG’s file documentation. The contract with the firm stipulates that such a summary will be provided to the signatory. This summary would include the identification and documentation of significant matters and issues that arose during the audit and the professional judgments exercised by the contractors, thereby facilitating the engagement leader’s effective and efficient file review. It would also include the contractors’ documented conclusion on whether they obtained sufficient appropriate audit evidence to support the audit opinion. (1 audit file)
|
| E. Engagement quality review |
|
| F. Efficiencies |
- Efficiency may be gained by streamlining the documentation of the review of minutes and reconsidering the need for formal legal confirmations to in-house counsel. (1 audit file)
|
| G. Other practice improvements |
|
| H. Summary of good practice observed |
- The conclusions that were originally documented in the planning phase regarding the audit team’s competencies and capacity to complete the audit were updated prior to year-end. This was important given the compositional changes of the team, which consisted mainly of contractors, at year-end. (1 audit file)
|
Recommendation to the Audit Methodology Team
The Audit Methodology team should further develop the OAG’s methodology for contracted-out audits by providing policies and guidance that outline the engagement leader’s responsibilities and how to document the OAG audit file.
Management’s response
Agreed. The Audit Methodology team will issue updated guidance for contracted-out audits for both the direct engagement and annual audit practices.
Conclusion
All 7 financial audit files reviewed were rated as compliant in all significant respects with Canadian Auditing Standards, OAG policies, and applicable laws and regulations.
All related independent auditor’s reports were supported and appropriate.