COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
1031 Ethical Requirements Relating to an Assurance Engagement
Jun-2021
Overview
This section outlines the policies and procedures designed to provide reasonable assurance that the Office and its personnel comply with relevant ethical requirements.
It presents
- the fundamental principles of ethics (e.g., integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour); and
- the framework to be used when assessing compliance with the fundamental principles:
(a) identify threats,
(b) assess significance of threats,
(c) apply safeguards, and
(d) document professional judgment and conclusions.
CPA Canada Assurance Standards
Office |
Annual Audit |
Performance Audit, Special Examination, and Other Assurance Engagements |
CSQC 1.20 The firm shall establish policies and procedures designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements. (Ref: Para. CA7-A10) CSQC 1.CA7 In Canada, relevant ethical requirements establish fundamental principles of professional ethics, which include: (a) Integrity; (b) Objectivity; (c) Professional competence and due care; (d) Confidentiality; and (e) Professional behavior. [In ISQC 1, this introductory sentence states: The IESBA Code establishes the fundamental principles of professional ethics, which include: …] CSQC 1.A9 The fundamental principles are reinforced in particular by:
|
CAS 220.9 Throughout the audit engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of breaches of relevant ethical requirements by members of the engagement team. (Ref: Para. CA4-A5) CAS 220.CA4 In Canada, relevant ethical requirements establish the fundamental principles of professional ethics, which include: (a) Integrity; (b) Objectivity; (c) Professional competence and due care; (d) Confidentiality; and (e) Professional behavior. [In ISA 220, this introductory sentence states: The IESBA Code establishes the fundamental principles of professional ethics, which include: …] CAS 220.10 If matters come to the engagement partner’s attention through the firm’s system of quality control or otherwise that indicate that members of the engagement team have breached relevant ethical requirements, the engagement partner, in consultation with others in the firm, shall determine the appropriate action. (Ref: Para. A5) |
CSAE 3001.22 The practitioner shall comply with relevant rules of professional conduct / code of ethics applicable to the practice of public accounting and related to assurance engagements, issued by various professional accounting bodies, or other professional requirements, or requirements imposed by law or regulation, that are at least as demanding. (Ref: Para. A31-A34, A59) CSAE 3001.A31 Relevant ethical requirements for public accountants establish the following fundamental principles with which the practitioner is required to comply: (a) Maintenance of the reputation of profession; (b) Integrity and due care; (c) Objectivity; (d) Professional competence; (e) Compliance with professional standards; (f) Confidentiality of information; (g) Conflict of interest; (h) Duty to report breach of rules of professional conduct; (i) Handling of trust funds and other property; (j) Handling of property of others; (k) Unlawful activity; (l) Fee quotations; (m) Contingent fees; (n) Payment of receipt of commissions; and (o) Advertising and promotion, including solicitation and endorsements. CSAE 3001.A32 Relevant ethical requirements for public accountants also provide a conceptual framework for professional accountants to apply to: (a) Identify threats to compliance with the fundamental principles. Threats fall into one or more of the following categories: (i) Self-interest; (ii) Self-review; (iii) Advocacy; (iv) Familiarity; and (v) Intimidation; (b) Evaluate the significance of the threats identified; and (c) Apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level. Safeguards are necessary when the professional accountant determines that the threats are not at a level at which a reasonable and informed third party would be likely to conclude, weighing all the specific facts and circumstances available to the professional accountant at that time, that compliance with the fundamental principles is not compromised. CSAE 3001.A33 Relevant ethical requirements for public accountant require the practitioner to be and remain free of any influence, interest or relationship, in respect of the client’s affairs, which impairs the practitioner’s professional judgment or objectivity or which, in the view of a reasonable observer, would impair the practitioner’s professional judgment or objectivity. Independence safeguards the ability to form an assurance conclusion without being affected by influences that might compromise that conclusion. Independence enhances the ability to act with integrity, to be objective and to maintain an attitude of professional skepticism. Matters addressed in the relevant ethical requirements for public accountants with respect to independence include:
CSAE 3001.A34 Professional requirements, or requirements imposed by law or regulation, are at least as demanding as relevant rules of professional conduct / code of ethics, applicable to the practice of public accounting directed to practitioners and other members of assurance teams when they address all the matters referred to in paragraphs A31-A33 and impose obligations that achieve the aims of the requirements set out in the relevant rules of professional conduct / code of ethics applicable to the practice of public accounting and related to assurance engagements. CSAE 3001.A59 This CSAE has been written in the context of a range of measures taken to ensure the quality of assurance engagements undertaken by professional accountants in public practice. Such measures include:
CSAE 3001.38 Throughout the engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of breaches of relevant ethical requirements by members of the engagement team. If matters come to the engagement partner’s attention through the firm’s system of quality control or otherwise that indicate that members of the engagement team have breached relevant ethical requirements, the engagement partner, in consultation with others in the firm, shall determine the appropriate action. |
OAG Policy
For all assurance engagements that the Office performs, Office employees shall adhere to
- the OAG Code of Values, Ethics and Professional Conduct, and
- the rules of professional conduct and/or code of ethics applicable to the employee by virtue of his or her personal professional standing or membership in a professional accounting body in Canada. [Nov-2011]
Office employees shall conduct themselves according to the relevant ethical requirements. [Nov-2011]
Office employees shall not associate with any activity that they know, or should know, is unlawful. [Jul-2017]
The Office shall promptly communicate identified threats and breaches of relevant ethical requirements to the engagement leader for resolution. [Nov-2011]
The Office shall inform the relevant professional institute of a member practicing his or her profession in a manner detrimental to the Office, audit entities, or the public. [Jul-2017]
The engagement leader shall, throughout the audit engagement, remain alert through observation and making inquiries as necessary, for evidence of breaches of relevant ethical requirements by members of the engagement team. [Jun-2021]
The engagement leader shall eliminate or reduce threats to an acceptable level to relevant ethical requirements by applying safeguards. [Nov-2011]
The engagement leader shall evaluate information on identified breaches to relevant ethical requirements and determine the impact of the breach on the assurance engagement. [Nov-2011]
An assistant auditor general shall inform the engagement leader of any threats or breaches to relevant ethical requirements that he or she becomes aware of. [Nov-2011]
OAG Guidance
Relevant ethical requirements
As a legislative audit office, we have a responsibility to act in the public interest. In doing so, we observe and comply with the OAG’s Code of Values, Ethics and Professional Conduct and other relevant ethical requirements set out in rules of professional conduct and codes of ethics applicable to the practice of public accounting issued by the various professional accounting bodies in Canada. Employees who belong to a professional association may also be governed by the codes and by-laws of that body.
Relevant ethical requirements are derived from five fundamental principles of ethics:
- integrity,
- objectivity,
- professional competence and due care,
- confidentiality,
- professional behaviour.
Integrity. To be straightforward and honest in all professional and business relationships.
Employees are expected to be straightforward, honest, and fair in all professional relationships. A person who acts with honesty and truthfulness, and whose actions, values, and principles are consistent, is described as having integrity.
Objectivity. To not allow bias, conflict of interest, or the undue influence of others to override professional or business judgments.
Parliament, territorial legislatures, governments, and Canadians expect the Office of the Auditor General of Canada to bring objectivity and sound professional judgment to its work. It is thus essential that an Office employee does not put external influences or the will of others before professional judgment.
The public interest in the objectivity of the Office requires that the Office and its employees be, and be seen to be, free of influences that would impair the Office’s and its employees’ objectivity. Accordingly, the Office and its employees must be independent. The ethical standard of independence requires the Office and its employees to be and remain free of any influence, interest, or relationship regarding an entity’s affairs that impairs or, in the view of a reasonable observer, would impair the Office’s and its employees’ professional judgment or objectivity. An objective person does not allow bias, conflict of interest, or the influence of others to compromise judgment.
Regarding both independence and conflicts of interest, the Office employs the criterion of whether a reasonable observer would conclude that a specified situation or circumstance posed an unacceptable threat to the Office’s and its employees’ objectivity and professional judgment. Only then can public confidence in the objectivity and integrity of the Office be sustained; the reputation and usefulness of the Office rest upon this public confidence. A “reasonable observer” is a hypothetical individual who has knowledge of the facts that the Office and its employees knew or ought to have known, and applies judgment objectively with integrity and due care.
Professional competence and due care. To maintain professional knowledge and skill at the level required to ensure that an entity receives competent professional services based on current developments in practice, legislation, and techniques, and to act diligently and according to applicable technical and professional standards.
Parliament, territorial legislatures, governments, and Canadians expect the Office of the Auditor General of Canada and its employees to maintain a high level of competence. This underscores the need to maintain individual professional skill and competence by keeping abreast of and complying with developments in professional standards and pertinent legislation in all areas where the Office and its employees practise or are relied upon. The expectation to operate with due care requires employees to act diligently and according to applicable technical and professional standards when performing assurance engagements. Diligence includes the responsibility to act, in respect of an engagement, carefully, thoroughly, and on a timely basis.
Confidentiality. To respect the confidentiality of information acquired as a result of professional and business relationships and, therefore, not disclose any such information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the information for the personal advantage of the employee or third parties.
The principle of confidentiality includes the need to maintain the confidentiality of information within the Office of the Auditor General of Canada (OAG Audit 1192 Confidentiality, safe custody, integrity, accessibility, and retrievability of engagement documentation).
The disclosure of confidential information by the Office and its employees may be required or appropriate where such disclosure is
- permitted or authorized by the entity;
- required by law; or
- permitted or required by a professional right or duty, when not prohibited by law.
The Office’s mandate in the Auditor General Act with respect to reporting on its performance audits and the work of the Commissioner of the Environment and Sustainable Development is to report to Parliament; any ability the Office has to provide its reports to the public is incidental to its mandate to report to Parliament and follows reporting to Parliament. As an officer of Parliament, the Office reports directly to Parliament, which has the right to receive the reports before anyone else, according to the procedures set out in the Auditor General Act. Any other manner of reporting or releasing the information could be regarded by Parliament, or the House of Commons, as a breach of parliamentary privilege or as contempt of Parliament.
Professional behaviour. Employees conduct themselves at all times in a manner that will maintain the good reputation of the profession and the Office and its ability to serve Parliament, territorial legislatures, governments, and Canadians.
In doing so, employees are expected to avoid any action that would discredit the Office of the Auditor General of Canada. An employee’s behaviour should be based primarily on a reputation for professional excellence. An employee is expected to provide other employees with the courtesy and consideration he or she would expect to receive from them.
Processes for complying with relevant ethical requirements
Self-declaration: Annual Conflict of Interest Confidential Form. Office employees sign an Annual Conflict of Interest Confidential Form, as required under the OAG Code of Values, Ethics and Professional Conduct. The Assistant Auditor General of Corporate Services manages the annual conflict of interest process and reviews and promptly communicates identified threats and breaches to the employee’s Principal (home base), who communicates the identified threats or breaches to any impacted engagement leaders.
Breach of relevant ethical requirements. Engagement personnel promptly notify the engagement leader of a breach of relevant ethical requirements.
If matters come to the engagement leader’s attention, through the system of quality control or otherwise, that indicate that a member of the engagement team is in breach of relevant ethical requirements, the engagement leader, in consultation with the Internal Specialist, Values and Ethics, will
- evaluate information on the identified breach,
- determine the impact of the breach on the assurance engagement, and
- determine the appropriate action to be taken.
The engagement leader documents, as necessary, the substance of the breach and details of any discussions held or decisions made regarding the breach. In such instances, an Exception Report may be completed to record the actions taken.
Threat to relevant ethical requirements. Engagement personnel shall promptly notify the engagement leader of circumstances and relationships that create threats to relevant ethical requirements.
If matters come to the engagement leader’s attention, through the system of quality control or otherwise, that indicate that a member of the engagement team has a threat to relevant ethical requirements that is other than insignificant, the engagement leader will propose a resolution by applying the framework for resolving threats to their assurance engagement (see Framework for Resolving Threats below). The engagement leader documents, as necessary, the substance of the issue and details of any discussions held or decisions made regarding the threat. In such instances, an Exception Report may be completed to record the actions taken.
The Internal Specialist, Values and Ethics, performs an objective review of the safeguards and actions proposed to eliminate or reduce a threat to relevant ethical requirements.
The engagement leader promptly communicates with the Internal Specialist, Values and Ethics, who may identify instances where a threat has not been reduced to an appropriate level. The Internal Specialist, Values and Ethics, provides the engagement leader with confirmation that the proposed safeguards and actions were sufficient or that additional actions are required to reduce the threat to an acceptable level. The Internal Specialist, Values and Ethics, may help ensure that Records Management receives a copy of documentation for filing purposes.
Framework for resolving threats
It is not possible to define every situation that creates a threat to compliance with the relevant ethical requirements. The nature of engagements and work assignments differs, with the result that different threats may be created, requiring the application of different safeguards.
As such, the Office expects engagement teams to apply the following framework when assessing compliance with the relevant ethical requirements. This framework requires the Office and its employees to
- identify threats to compliance with relevant ethical requirements;
- assess the significance of the identified threats;
- apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level; and
- document, as necessary, how the safeguards eliminate the threat or reduce it to an acceptable level.
OAG Audit 3031 Independence provides specific guidance related to resolving threats to independence.
Identifying threats to compliance with relevant ethical requirements. Threats to compliance with the relevant ethical requirements must be considered before and during an assurance engagement.
Threats may fall into one or more of the following categories:
- Self-interest. This threat occurs when the Office, or a person on the engagement team, could benefit directly or indirectly from an interest or relationship with an assurance entity, its directors, officers, and/or employees. Circumstances that may create a self-interest threat include
(a) a member of the engagement team entering into employment negotiations with the entity,
(b) a member of the engagement team owning securities in publicly traded companies and/or financial institutions that benefit significantly from the entity’s support or coverage,
(c) a spouse or partner of a member of the engagement team having a contract or some other financial arrangement with an entity that confers a benefit, or
(d) discovering a significant error when evaluating the results of a previous assurance engagement.
- Self-review. This threat occurs when any product or judgment from a previous engagement needs to be evaluated in reaching conclusions in the current engagement. Circumstances that may create a self-review threat include
(a) a person on the engagement team who was recently an employee of the audited entity and is in a position to exert direct and significant influence over the subject matter and conduct of the engagement,
(b) a member of the Office performing services for the audited entity that directly affect the subject matter of the audit, or
(c) an employee of the Office preparing data that is used to generate financial statements or other records that are the subject of the audit.
- Advocacy. This threat occurs when the Office, or a person on the engagement team, promotes a position or opinion to the point that objectivity may be, or may be perceived to be, impaired. The circumstance that may create an advocacy threat is when
(a) a person on the engagement team is a member of an organization that promotes a particular viewpoint with the intent of influencing government policy related to the public entity.
- Familiarity. This threat occurs when, by virtue of a close relationship with an audited entity, its management, officers, or employees, the Office or a senior member of the engagement team becomes too sympathetic to the entity’s interests. Circumstances that may create a familiarity threat include
(a) when a person on the engagement team has an immediate (spouse, or equivalent, or dependent) or close family member (parent, non-dependent child, or sibling) who is a director, officer, or employee of the entity;
(b) a long association of the audit team with the audited entity; or
(c) the acceptance of gifts or hospitality, unless the value is clearly insignificant.
OAG Audit 1071 Job rotation outlines the policies designed to mitigate the familiarity threat. Also refer to OAG Audit 3031 Independence.
- Intimidation. This threat occurs when a person on the engagement team may be deterred from acting objectively and exercising professional skepticism by threats, actual or perceived, from the directors, officers, or employees of an audited entity. Circumstances that may create an intimidation threat include
(a) an engagement team member being pressured inappropriately to reduce the extent of work to be performed, or
(b) an engagement team member feeling pressured to agree with the judgment of an entity employee because the entity employee more expertise on the matter in question.
When identifying threats to compliance with the relevant ethical requirements, care must be taken as threats are not always direct or overt and, in many cases, they can be quite subtle. Consideration should be given to the public perception of a threat. The “public perception” is that of a “reasonable observer, who has knowledge of the facts, which the auditor knew or ought to have known, and applies judgment with integrity and due care.” Often, the reasonable observer’s perception of a threat is most important and presents the most complexity in determining whether one is complying with the relevant ethical requirements.
The examples provided are intended to be illustrative and not all encompassing. In particular, the movement of personnel between the Office and audit entities, nature and extent of advice or assistance, length of involvement with particular entities, and personal relationships are all examples of circumstances that should be considered. If there are questions regarding the interpretation of these threats, employees should refer them to the responsible supervisor or engagement leader who, in turn, may direct questions regarding policy interpretation to the Internal Specialist, Values and Ethics.
Assessing the significance of the threats identified. When a threat to the relevant ethical requirements is identified the engagement leader should evaluate its significance, in consultation with the Internal Specialist, Values and Ethics.
The nature of the threats and the applicable safeguards necessary to eliminate them or reduce them to an acceptable level will differ depending on the particulars of the engagement. Senior engagement personnel may need to evaluate the relevant circumstances in deciding whether it is appropriate to accept or continue an engagement, or whether a particular person should be on the engagement team.
In considering the significance of any particular matter, qualitative factors should be taken into account. A matter should be considered insignificant only if it is both trivial and inconsequential. Senior engagement personnel should exercise professional judgment in assessing the significance of a threat and in determining which available safeguard(s) to apply.
If the threat is other than insignificant, available safeguards should be identified and, where applicable, applied to eliminate the threat or reduce it to an acceptable level.
Applying safeguards to eliminate or reduce threats to an acceptable level. Determining whether appropriate safeguards are available and can be applied to eliminate the threats or reduce them to an acceptable level requires the exercise of professional judgment.
Where a threat to compliance with the relevant ethical requirements has been identified, or when in doubt, individuals should consult with senior engagement personnel or the Internal Specialist, Values and Ethics.
Safeguards are necessary when threats identified are at a level where a reasonable observer would likely conclude that compliance with the relevant ethical requirements may be compromised.
Senior engagement personnel, in consultation with the Internal Specialist, Values and Ethics, shall evaluate the significance of identified threats. If a threat is other than insignificant, the engagement leader shall identify and apply available safeguards to eliminate or reduce the threat to an acceptable level.
Safeguards fall into three broad categories:
- those created by the professional accounting bodies, legislation, or regulation;
- those existing within the assurance entity; and
- those existing within the Office’s own systems and practices, including:
(a) office-wide policies and procedures, and
(b) engagement-specific policies and procedures.
Safeguards created by the professional accounting bodies, legislation, or regulation include the following:
- education, training, and practical experience requirements for entry into the profession;
- continuing education programs;
- professional standards;
- external practice inspection;
- disciplinary processes;
- participation by members of the public in oversight and governance of the profession; and
- legislation governing the independence requirements of the Office and its employees.
Safeguards within the entity may include the following:
- employees of the entity who are competent to make management decisions,
- policies and procedures that emphasize the entity’s commitment to fair financial or other reporting;
- an active values and ethics program, and
- boards of directors or audit committees who are independent of entity’s management and who can satisfy themselves that the Office and its employees are independent in carrying out its mandate.
Safeguards within the Office’s systems and procedures include Office-wide safeguards such as the following:
- Office leadership that stresses the importance of independence and the expectation that individuals on engagement teams will act in the public interest;
- policies and procedures to implement and monitor quality control of assurance engagements;
- documented independence policies regarding the identification of threats to independence, the evaluation of their significance, and the identification and application of appropriate safeguards to eliminate or reduce the threats, to an acceptable level, other than those that are clearly insignificant;
- internal policies and procedures, including annual reporting by Office employees, to monitor compliance with Office policies and procedures as they relate to independence;
- policies and procedures that will enable the identification of interests or relationships between the Office or those on the engagement team and the entity;
- internal performance measures that do not put excessive pressure on engagement leaders and do not over-emphasize budgeted hours;
- timely communication of the Office’s policies and procedures, and any changes to them, to all Office employees, and appropriate training and education on them;
- designation of a member of the Office’s senior management team as responsible for overseeing the adequate functioning of the safeguarding system;
- a means of advising all Office employees of those entities and related entities from which they should be independent;
- an internal disciplinary mechanism to promote compliance with Office policies and procedures; and
- policies and procedures that empower Office employees to communicate, without fear of retaliation, to senior levels within the Office any issue regarding independence and objectivity that may concern them.
Safeguards within the Office’s systems and procedures include engagement-specific safeguards such as the following:
- involving another person to review the work done or advise as necessary. This person could be someone from outside the Office, or someone from within who was not otherwise associated with the engagement team. The person should be independent of the entity and will not, by reason of the review performed or advice given, be considered part of the engagement team;
- consulting a third party, such as a committee of independent directors, a professional regulatory body, or a professional colleague;
- rotating senior personnel on the engagement team;
- discussing independence issues with the board of directors or audit committee;
- implementing policies and procedures to ensure that individuals on the engagement team do not make, or assume responsibility for, management decisions for the entity;
- involving another firm to perform or re-perform part of the assurance engagement; and
- removing a person from the engagement team when that person’s financial interests, relationships, or activities create a threat to independence.
Familiarity threats should be assessed with reference to the guidance included in OAG Audit 1071 Job rotation, and independence threats should be addressed with reference to OAG Audit 3031 Independence.
Documenting, as necessary, threats to compliance with relevant ethical requirements. The engagement leader documents the substance of the issue and details of any discussions held or decisions made regarding a significant threat to relevant ethical requirements. In such instances, an Exception Report may be completed to record the actions taken to resolve the issue.
For each threat identified as other than insignificant, documentation should include a description of
- the nature of the engagement;
- the identified threat;
- the safeguard or safeguards identified and applied to eliminate the threat or reduce it to an acceptable level; and
- an explanation of how, in the engagement leader’s professional judgment, the safeguards eliminate the threat or reduce it to an acceptable level.
Exception reports that have been completed for the resolution of a threat to relevant ethical requirements are not filed in the audit file due to the personal nature of their content; they are given to Records Management for filing purposes.
OAG Audit 3031 Independence provides a further description of the exception reporting process used for resolving threats to independence of engagement team members.