COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
Glossary
Jun-2021
A
ACCEPTANCE & CONTINUANCE (ACCEPTATION ET MAINTIEN DE LA MISSION)—The process used to assess whether to accept or continue with an assurance engagement. The outputs from the process are incorporated into the audit file.
ACCEPT-REJECT TESTING (SONDAGE ACCEPTATION-REJET)—A method of selecting items for tests of details with the purpose of gathering sufficient evidence to either accept or reject that the objective of the test has been met.
ACCOUNTING ESTIMATE (ESTIMATION COMPTABLE)—An approximation of a monetary amount in the absence of a precise means of measurement. This term is used for an amount measured at fair value where there is estimation uncertainty, as well as for other amounts that require estimation. Where a CAS addresses only accounting estimates involving measurement at fair value, the term “fair value accounting estimates” is used.
ACCOUNTING RECORDS (DOCUMENTS COMPTABLES)—The records of initial accounting entries and supporting records, such as cheques and records of electronic fund transfers, invoices, contracts, the general and subsidiary ledgers, journal entries and other adjustments to the financial statements that are not reflected in journal entries and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures.
ACCOUNTING SYSTEM (SYSTÈME COMPTABLE)—A means by which business transactions are processed from their origination to their reporting in the financial statements. The process can be both computerized and manual.
ADVISORY COMMITTEE (COMITÉ CONSULTATIF)—Committees established for performance audits and special examinations to provide advice to the audit team, generally on the scope of the audit, significance of issues, and the message and tone of the draft audit report. The committee may include internal and external advisors.
ALGORITHM (ALGORITHME)—A conceptual formula
ANALYTICAL PROCEDURES (PROCÉDURES ANALYTIQUES)—Evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. Analytical procedures may be used at all stages of the audit and are required by CAS to be used in the planning and completion phases.
ANNUAL REPORT (RAPPORT ANNUEL)—A document, or combination of documents, prepared typically on an annual basis by management or those charged with governance in accordance with law, regulation or custom, the purpose of which is to provide owners (or similar stakeholders) with information on the entity’s operations and the entity’s financial results and financial position as set out in the financial statements. An annual report contains or accompanies the financial statements and the auditor’s report thereon and usually includes information about the entity’s developments, its future outlook and risks and uncertainties, a statement by the entity’s governing body, and reports covering governance matters.
ANOMALY (EXCEPTION)—A misstatement or deviation that is demonstrably not representative of misstatements or deviations in a population.
ANOMALY/OUTLIER DETECTION (DÉTECTION DES ANOMALIES/VALEURS ABERRANTES)— Examination of a source of information for the purpose of identifying unexpected or rare items. Such items are often called outliers or exceptions.
ANONYMIZATION (ANONYMISATION)—Removing any information that can serve to identify a specific individual or organisation with a set of data or other information.
APPLICABLE FINANCIAL REPORTING FRAMEWORK (RÉFÉRENTIEL D’INFORMATION FINANCIÈRE APPLICABLE)—The financial reporting framework adopted by management and, where appropriate, those charged with governance in the preparation and presentation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements, or that is required by law or regulation.
The term “fair presentation framework” is used to refer to a financial reporting framework that requires compliance with the requirements of the framework and:
- Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it may be necessary for management to provide disclosures beyond those specifically required by the framework; or
- Acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework to achieve fair presentation of the financial statements. Such departures are expected to be necessary only in extremely rare circumstances.
- The term “compliance framework” is used to refer to a financial reporting framework that requires compliance with the requirements of the framework, but does not contain the acknowledgements in (i) or (ii) above.
APPLICATION (APPLICATION)—The generic word used to describe the audit working paper software.
APPLICATION CONTROLS (CONTRÔLES D’APPLICATION)—Automated control procedures (e.g., calculations, posting to accounts, generation of reports, edits, control routines, etc.) or manual controls that are dependent on IT (e.g., the review by an inventory manager of an exception report when the exception report is generated by IT). When IT is used to initiate, authorize, record, process, or report transactions or other financial data for inclusion in financial statements, the systems and programs may include controls related to the corresponding assertions for significant accounts or disclosures or may be critical to the effective functioning of manual controls that depend on IT.
APPROPRIATENESS (OF AUDIT EVIDENCE)(CARACTÈRE APPROPRIÉ (DES ÉLÉMENTS PROBANTS))—The measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the audit opinion is based.
ARCHIVING (ARCHIVAGE)—The process that changes access to the electronic audit file to “read only” and places a secure copy on the server, with equivalent security procedures being applied to paper files. The final record of the audit procedures performed, relevant evidence obtained and conclusions reached is retained and archived for future reference. OAG policy is that files will be archived no later than 60 days after the audit report date (financial audit and special examinations) or within 60 days of the date of tabling (performance audits).
ARM’S LENGTH TRANSACTION (OPÉRATION CONCLUE DANS DES CONDITIONS DE CONCURRENCE NORMALE)—A transaction conducted on such terms and conditions as between a willing buyer and a willing seller who are unrelated and are acting independently of each other and pursuing their own best interests.
ARTIFICIAL INTELLIGENCE (AI)(INTELLIGENCE ARTIFICIELLE (AI))—The practice of applying logic based techniques to acquire, represent, and/or use relevant knowledge to automate classification, make decisions, and/or invoke actions.
ASSEMBLY OF THE FINAL AUDIT FILE (CONSTITUTION DU DOSSIER D’AUDIT DÉFINITIF)—Assembly of the Final Audit File, to include all necessary Audit Documentation, is required to be carried out on a timely basis after the audit report date. CSQC 1 indicates the assembly of the final audit file is ordinarily completed within 60 days after the date of the audit report; OAG’s policy is that archiving shall take place no later than 60 days after the report date (or, in the case of a performance audit, 60 days after the date of tabling). Completion of the final audit file assembly is evidenced by wrapping up and archiving the file.
ASSERTION (ASSERTIONS)—See Financial Statement Assertions.
ASSURANCE ENGAGEMENT (MISSION DE CERTIFICATION)—An engagement in which a practitioner aims to obtain sufficient appropriate audit evidence in order to express a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party, about the outcome of the measurement or evaluation of an underlying subject matter against criteria.
ASSURANCE SKILLS AND TECHNIQUES (COMPÉTENCES ET TECHNIQUES EN MATIÈRE DE CERTIFICATION)—Those planning, evidence gathering, evidence evaluation, communication and reporting skills and techniques demonstrated by an assurance practitioner that are distinct from expertise in the underlying subject matter of any particular assurance engagement or its measurement or evaluation.
ATTESTATION ENGAGEMENT (MISSION D’ATTESTATION)—An assurance engagement in which a party other than the practitioner measures or evaluates the underlying subject matter against the criteria. A party other than the practitioner also often presents the resulting subject matter information in a report or statement. In some cases, however, the subject matter information may be presented by the practitioner in the assurance report. In an attestation engagement, the practitioner’s conclusion addresses whether the subject matter information is free from material misstatement. The practitioner’s conclusion may be phrased in terms of:
- The underlying subject matter and the applicable criteria;
- The subject matter information and the applicable criteria; or
- A statement made by the appropriate party.
AUDIT APPROACH (APPROCHE D’AUDIT)—The OAG audit overall framework provides a holistic approach to ensure the quality of the audit. Applies clear principles in performing audit work, with the appropriate amount of supporting detail. This allows auditors to exercise judgment in their approach while avoiding inefficient form filling. Enables accountability of performance. In direct engagements, the audit approach is documented in the audit logic matrix.
AUDIT COMMITTEE (COMITÉ D’AUDIT)—An operating committee of the board of directors or other similar body charged with governance of an entity.
AUDIT DOCUMENTATION (DOCUMENTATION DE L’AUDIT)—Record of audit procedures performed, relevant audit evidence obtained, and conclusions reached (terms such as “working papers” or “workpapers” are also sometimes used). Audit documentation comprises the electronic audit file together with the related hard copy external files, which together represent the official record of our work. Documentation refers equally to information prepared by us and information provided to us by others. In addition to the documentation necessary to support our conclusions, audit documentation should include information we have identified relating to significant findings or issues that is contradictory or inconsistent with our conclusions.
AUDIT EVIDENCE (ÉLÉMENTS PROBANTS)—Information used by the auditor in arriving at the findings and conclusions on which the auditor’s opinion is based.
AUDIT FILE (DOSSIER D’AUDIT)—One or more folders or other storage media, in physical or electronic form, containing the records that comprise the audit documentation for a specific engagement. An “audit file” refers to the electronic file and any hard copy external files that contain audit documentation (including paper files for engagements where an electronic engagement file is not used).
AUDIT LOGIC MATRIX (GRILLE LOGIQUE D’AUDIT)—The planning tool used for performance audit and special examination. It describes the logical relationship between the audit’s objectives, criteria, and approach and the kinds of findings that are expected to emerge.
AUDIT MATTERS OF GOVERNANCE INTEREST (QUESTIONS D’AUDIT D’INTÉRÊT POUR LES RESPONSABLES DE LA GOUVERNANCE)—Those that arise from the audit of financial statements and, in the opinion of the auditor, are both important and relevant to those charged with governance in overseeing the financial reporting and disclosure process.
AUDIT OBJECTIVE (OBJECTIF DE L’AUDIT)—The audit objective forms the basis of the audit. The objective states the subject matter under examination and how performance will be assessed. It is the hypothesis that will be tested through the collection and analysis of evidence. For example, “The objective of the audit is to determine whether the entity has . . .”
AUDIT OPINION (OPINION D’AUDIT)—The conclusion reached on whether or not the financial statements are presented fairly in all material respects in accordance with the applicable financial reporting framework.
AUDIT PLAN (PLAN D’AUDIT)—Describes the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
AUDIT PLAN SUMMARY (APS) (SOMMAIRE DU PLAN D’AUDIT (SPA))—The audit plan summary (APS) includes key information about the audit topic, audit objective(s), approach, and audit criteria, and briefly describes the entity management’s responsibility for the underlying subject matter of the audit. The APS is sent to the entity before the examination phase to request formal acknowledgement of entity responsibility for the area under audit and acknowledgement of the audit objective(s) and criteria.
AUDIT PROCEDURE (PROCÉDURES D’AUDIT)—Tasks performed by an auditor designed either to gather audit evidence as a basis for assessing and/or responding to risk or other audit work that is necessary to comply with requirements. The performance of audit procedures collectively enables the auditor to comply with standards, draw conclusions and support the audit opinion.
AUDIT PROGRAM (PROGRAMME D’AUDIT)—Detailed work plans to guide the execution of audit work. Audit programs should be of sufficient detail to clearly communicate the nature, extent and timing of the audit work.
AUDIT REPORT DATE (AUDITOR’S REPORT DATE) (DATE DU RAPPORT DE L’AUDITEUR)—The date the auditor dates the report on the financial statements in accordance with CAS 700. For performance audits and special examinations the date of the audit report is in accordance to the CSAE 3001 requirements. The date is no earlier than the date on which sufficient appropriate audit evidence has been obtained on which to base an opinion.
AUDIT RISK (RISQUE D’AUDIT)—The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk. For performance audits and special examinations see ENGAGEMENT RISK.
AUDIT SAMPLING (SONDAGE EN AUDIT)—Audit sampling is the application of auditing procedures to a representative group of less than 100 percent of the items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population.
AUDIT STRATEGY (STRATÉGIE D’AUDIT)—Sets the scope, timing and direction of the audit, and guides the development of the more detailed audit plan.
AUDIT TOPIC (SUJET D’AUDIT)—A general description of the focus of the performance audit, which may be refined further in determining the underlying subject matter.
AUDITOR (AUDITEUR)—A member of an audit team responsible for carrying out the audit work in compliance with Office policies, professional standards, and the Office’s system of quality control.
AUDITOR’S EXPERT (EXPERT CHOISI PAR L’AUDITEUR (OU EXPERT DE SON CHOIX, LORSQUE LE CONTEXTE EST CLAIR))—An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence. An auditor’s expert may be either an auditor’s internal expert, or an auditor’s external expert. Also referred to as the practitioner’s expert in direct engagements.
AUDITOR’S EXTERNAL EXPERT (EXPERT EXTERNE CHOISI PAR L’AUDITEUR)—An individual or organization external to the OAG, with expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist in obtaining sufficient appropriate audit evidence.
AUDITOR’S INTERNAL EXPERT (EXPERT INTERNE CHOISI PAR L’AUDITEUR)—OAG staff (including temporary staff) possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist in obtaining sufficient appropriate audit evidence.
AUDITOR’S POINT ESTIMATE OR AUDITOR’S RANGE (ESTIMATION PONCTUELLE DE L’AUDITEUR ou INTERVALLE DE CONFIANCE DE L’AUDITEUR)—The amount, or range of amounts, respectively, derived from audit evidence for use in evaluating management’s point estimate.
AUTOMATED CONTROLS (CONTRÔLES AUTOMATISÉS)—Controls performed by computer systems or enforced by system security parameters.
AVERAGE ABSOLUTE (ÉCART ABSOLU MOYEN)—The average of the absolute values of deviations from the mean. This not commonly used.
B
BENCHMARK (MATERIALITY) (ÉLÉMENT DE RÉFÉRENCE (SEUIL DE SIGNIFICATION))—An element or component of the financial statements to which a threshold is applied for purposes of calculating materiality.
BENCHMARKING (ANALYSE COMPARATIVE)—Benchmarking can be used as an extension of analytical procedures that compare an organization’s performance (financial or non-financial) against a selected industry or peer comparison group. Such benchmarking comparisons provide the audit team with information to assist in obtaining or updating an understanding of the entity and its industry, forming a point of view on the risks in the business, and to substantiate the client’s representations. Analytical procedures properly designed and executed with financial benchmarking improve the rigor of the procedures by enhancing the evaluation of plausible relationships. Benchmarking achieves this improved rigor by establishing standards, or norms, from a comparison group against which a company’s financial performance can be assessed.
BOT (ROBOT LOGICIEL)—A software application that runs automated tasks or scripts. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible if performed manually.
BPR (ERE)—Business Performance Review.
BREACH OF ETHICAL REQUIREMENTS (MANQUEMENT AUX RÈGLES DE DÉONTOLOGIE)—An instance where an engagement team member has breached relevant ethical requirements.
BUSINESS CONTINUITY PLAN (PLAN DE CONTINUITÉ DES ACTIVITÉS)—An all encompassing term covering both disaster recovery planning and business resumption planning.
BUSINESS OBJECTIVES (OBJECTIFS D’ENTREPRISE)—Business objectives can be defined at a very high level (e.g., a company mission statement) or at a lower level in the organization (e.g., operational objectives that accomplish the strategy set by the high level objectives), but are best clearly stated and specific. Objectives are used to measure performance, and they are essential to any planning process. For purposes of the audit, understanding the entity’s business objectives is the necessary first step to identifying risks because risks are defined in relation to specific objectives.
BUSINESS PROCESS (PROCESSUS)—Any sequence of transactions that takes place in order to get work done and achieve the business’ objectives. These may range, in order of complexity, from a simple procedure, such as paying a bill, to a key element of the business operations, such as a wholesaler’s stock management and distribution system, to functional, such as maintaining an organization’s financial records, to cross-functional, like application of human resources.
BUSINESS RISK (RISQUE D’ENTREPRISE)—A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.
C
CAAT (TAAO)—Computer Assisted Audit Technique.
CAVR (OTI)—Information processing objectives: Completeness, Accuracy, Validity and Restricted Access.
CD/W (D/FC)—See deficiency in internal control.
CENSUS (RECENSEMENT)—All units in a population.
CHECKBOX (CASE À COCHER)—A standard user interface control that displays a setting or a group of non-mutually exclusive settings, each of which is represented by a box that is either checked (to select that setting) or unchecked (to deselect that setting).
CLASSIFICATION ANALYSIS (ANALYSE PAR CLASSIFICATION)— A set of techniques and algorithms which aim at predicting the allocation of items to predefined categories or buckets – a technique often used in data mining and machine learning.
CLIENT DEBRIEF MEETING (RÉUNION D’INFORMATION AVEC LE CLIENT)—For financial audits, at the client debrief meeting we will exchange feedback with the client to ensure we communicate to each other how we can work more efficiently and effectively in the future, and review our performance against the client’s expectations.
CLUSTER ANALYSIS (ANALYSE PAR GRAPPES)—A statistical technique that creates the minimal set of data groupings such that similarity of data points within a group is maximised and similarity across groups is minimized – a technique often used in data mining and machine learning.
COEFFICIENT OF VARIATION (COEFFICIENT DE VARIATION)—The standard deviation divided by the mean. Dividing by the mean makes it easier to compare the degree of dispersion of two sets of scores with different mean values.
COMPENSATING CONTROLS (CONTRÔLES COMPENSATOIRES)—Controls that generally operate at a higher level and work to cap the exposure from another control if it were to be deficient. If compensating controls are operating effectively they will prevent or detect a misstatement in the financial statements, depending on the level of the precision of the compensating control. Many compensating controls operate at a level of precision to only detect individually material misstatements.
COMPLEMENTARY CONTROLS (CONTRÔLES COMPLÉMENTAIRES)—Controls that function together to achieve the same control objective. A failure in one of these controls can cause the control objective not to be met or cause it to be met at a different level of precision.
COMPLEMENTARY USER ENTITY CONTROLS (CONTRÔLES COMPLÉMENTAIRES DE L’ENTITÉ UTILISATRICE)—Controls that the service organization assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives, are identified in the description of its system.
COMPLETION (ACHÈVEMENT)—Stage of the audit at which the electronic file is signed off. The auditor’s report and other significant communications such as regulatory reporting requirements are given to the entity. The engagement team is debriefed. Feedback is requested from the entity.
COMPLEX SYSTEMS (SYSTÈMES COMPLEXES)—Systems that require in-depth knowledge of computer environments due to factors such as: complex transaction flows or processing; automated controls; complex computer hardware or software; client developed or modified software; or complex calculations.
COMPONENT AUDITOR (AUDITEUR D’UNE COMPOSANTE)—An auditor who, at the request of the group engagement team, performs work on the financial information related to a component for the group audit. Also referred to as component team.
COMPONENT FINANCIAL INFORMATION (INFORMATIONS FINANCIÈRES RELATIVES À LA COMPOSANTE)—See “Special purpose financial information prepared for the purposes of group consolidation.”
COMPONENT FINANCIAL STATEMENTS (ÉTATS FINANCIERS DE LA COMPOSANTE)—A complete set of stand-alone financial statements, including explanatory notes, of a component. They are ordinarily prepared in accordance with the local financial reporting framework that is applicable to the component.
COMPONENT MANAGEMENT (DIRECTION D’UNE COMPOSANTE)—Management responsible for preparing the financial information of a component.
COMPONENT MATERIALITY (SEUIL DE SIGNIFICATION POUR UNE COMPOSANTE)—The materiality level for a component determined by the group engagement team. Generally, component materiality will be referred to more specifically as “component overall materiality” or “component performance materiality.”
COMPONENT OVERALL MATERIALITY AND COMPONENT PERFORMANCE MATERIALITY (SEUIL DE SIGNIFICATION GLOBAL POUR UNE COMPOSANTE ET SEUIL DE SIGNIFICATION POUR LES TRAVAUX)—Materiality levels for a component determined in the context of the group audit.
COMPONENTS (COMPOSANTE)—An entity or business activity for which group or component management prepares financial information that should be included in the group financial statements.
COMPUTER ENVIRONMENT (ENVIRONNEMENT INFORMATIQUE)—A specific set of hardware and system software on which the client’s business and accounting systems run (e.g., example AS/400, UNIX).
COMPUTER OPERATIONS CONTROLS (CONTRÔLES DES OPÉRATIONS INFORMATIQUES)—Procedures or mechanisms in place to ensure that production systems are processed as approved, that production problems are corrected and the systems are restarted to ensure errors are not introduced.
CONCLUSION (CONCLUSION)—The result of an assessment of evidence and findings against audit criteria/objective.
CONFIDENCE INTERVAL/MARGIN OF ERROR (INTERVALLE DE CONFIANCE/MARGE D’ERREUR)—The range of values over which we may be confident that the true population value resides, given the result from a sample.
CONFIDENCE LEVEL (NIVEAU DE CONFIANCE)—The measure of statistical confidence that an estimation/projection made about a population is true. For example, a 95% confidence level means that if 100 random samples of the same size and selection parameters are independently extracted from the same population, the confidence intervals computed on 95 of them should contain the true population value. Its complement (5%) represents the risk of sampling error that we are willing to accept.
CONSOLIDATION PROCESS (PROCESSUS DE CONSOLIDATION)—The consolidation process includes a) the recognition, measurement, presentation, and disclosure of the financial information of the components in the group financial statements by way of consolidation, proportionate consolidation, or the equity or cost methods of accounting; and b) the aggregation in combined financial statements of the financial information of components that have no parent but are under common control.
CONTROL ACTIVITIES (ACTIVITÉS DE CONTRÔLE)—The policies and procedures that help ensure that management’s directives are carried out. They include business performance reviews, application controls, including safeguarding of assets, and general computer controls.
CONTROL ENVIRONMENT (ENVIRONNEMENT DE CONTRÔLE)—This sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.
CONTROL OBJECTIVE (OBJECTIF DE CONTRÔLE)—The objective(s) related to internal control over financial reporting to achieve the assertions that underlie a company’s financial statements. Information processing objectives are a type of control objective.
CONTROL RISK (RISQUE LIÉ AU CONTRÔLE (UN DES TROIS ÉLÉMENTS DU RISQUE D’AUDIT))—One of the three components of audit risk, control risk is the risk that a material misstatement or a significant deviation (either individually or when aggregated with other misstatements) could occur in an assertion and will not be prevented or detected and corrected on a timely basis by the client’s internal controls. This risk is a function of the effectiveness of the design and operation of internal control in achieving the entity’s objectives relevant to the preparation of the entity’s financial statements.
CORRELATION (CORRÉLATION)—A measure of the degree to which two or more variables are related. In most cases, correlation assesses linear or straight line relationships although curvilinear relationships can also be assessed. The coefficient of correlation (r) ranges between -1 and +1. The extremes (-1,+1) signify a perfect relationship, while zero means that the variables have no relationship. The square of the coefficient of correlation (r squared or r2) shows the proportion of variance in the dependent variable that is explained by the variation within the independent variable(s).
CORROBORATION (PROCÉDURES DE CORROBORATION)—Obtaining additional evidence to support audit evidence gathered, by making further enquires, examining evidence, or performing other procedures.
COVERAGE DATE (PÉRIODE D’AUDIT)—The point in time at which, or the period in respect of which, tests will be performed.
CRITERIA (CRITÈRES)—The benchmarks used to measure or evaluate the underlying subject matter. The “applicable criteria” are the criteria used for the particular engagement.
CROWN CORPORATION (SOCIÉTÉ D’ÉTAT)—An entity owned by the federal government of Canada or one of the territorial governments. Crown corporations are distinct legal entities whose names, mandates, powers, and objectives are set out in either the constituent legislation for the parent Crown corporation or in the articles of incorporation under the Canada Business Corporations Act.
CUMULATIVE UNCORRECTED AUDIT MISSTATEMENTS (CUAM) (CUMUL DES ANOMALIES NON CORRIGÉES (CANC))—Current and prior periods uncorrected misstatements. Materiality of CUAM is assessed by either of two different but acceptable methods—Iron curtain method and Rollover method.
D
DATA AGGREGATION (AGRÉGATION DE DONNÉES)—Combining and/or summarizing data for the purpose of an analysis and/or reporting.
DATA ANALYTICS (ANALYSE DES DONNÉES)—The science and art of discovering and analyzing patterns, identifying anomalies, and extracting other useful information in data underlying or related to the subject matter of an audit through analysis, modeling, and visualization for the purpose of planning or performing the audit. (Source: AICPA)
DATA ARCHITECTURE (ARCHITECTURE DES DONNÉES)—How data and data systems are structured.
DATA GOVERNANCE (GOUVERNANCE DES DONNÉES)—A set of processes or rules that ensure data integrity and that data management best practices are met. (Source: Lean Methods Group)
DATA INTEGRATION (INTÉGRATION DES DONNÉES)—The process of combining or otherwise processing data from different sources or across records and presenting them in a single dataset.
DATA INTEGRITY (INTÉGRITÉ DES DONNÉES)—The accuracy, completeness, and other measures of data quality that provide confidence in a set of data.
DATA LAKE (LAC DE DONNÉES)—A large repository of a number of different types of data in their native format (structured, semi- and unstructured).
DATA MART (MINI ENTREPÔT DE DONNÉES)—A large repository that stores structured data which format allows for database software and business intelligence software use. (Source: Lean Methods Group)
DATA VISUALIZATION (VISUALISATION DES DONNÉES)—Graphical representation of data, involving producing images that communicate relationships among the represented data to viewers of the images.
DATA WAREHOUSE (ENTREPÔT DE DONNÉES)—A large repository that stores structured data which format allows for database software and business intelligence software use.
DATA WORKFLOW (CHAÎNE DE TRAITEMENT DES DONNÉES)—A sequence of tasks or functions that processes a set of data.
DATABASE (BASE DE DONNÉES)—A collection of data that typically consists of interrelated tables and views that each represent a subset of variables and attributes which allows for more efficient organization and storage of information.
DATASET (ENSEMBLE DE DONNÉES)—A set of data
DATE OF APPROVAL OF THE FINANCIAL STATEMENTS (DATE D’APPROBATION DES ÉTATS FINANCIERS)—The date on which all the statements that comprise the financial statements, including the notes, have been prepared and those with the recognized authority have asserted that they have taken responsibility for those financial statements.
DATE OF THE FINANCIAL STATEMENTS (DATE DE CLÔTURE)—The date of the end of the latest period covered by the financial statements, which is normally the date of the most recent balance sheet in the financial statements subject to audit.
DATE THE FINANCIAL STATEMENTS ARE ISSUED (DATE DE PUBLICATION DES ÉTATS FINANCIERS)—The date that the auditor’s report and audited financial statements are made available to third parties.
DE MINIMIS LEVEL (SEUIL DE REPORT)—Amount below which potential audit adjustments need not be accumulated (“clearly trivial”). The amount established is such that any misstatements, either individually or aggregated with other misstatements, would be inconsequential to the financial statements.
DEFICIENCY IN INTERNAL CONTROL (DÉFICIENCE DU CONTRÔLE INTERNE)—This exists when i) A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or ii) A control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing. Deficiency represents an absence or insufficiency in the design or operation of a control that does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatement on a timely basis. Also known as CD/W.
DEPARTMENTAL AUDIT COMMITTEE (COMITÉ MINISTÉRIEL D’AUDIT)—A committee of appointed members who provide advice and recommendations to the deputy head, through their oversight function in the areas of internal and external audit and the probity of financial statements, internal controls and risk assessment, and management and mitigation.
DEPENDENT VARIABLE (DV) (VARIABLE DÉPENDENTE (VD))—The dependent variable is a quantity or attribute you are trying to predict or explain.
DESCRIPTIVE STATISTICS (STATISTIQUE DESCRIPTIVE)— A set of techniques which aim at summarizing the information contained in a dataset by using graphs, tables and numerical indicators.
DESIRED EVIDENCE (ÉLÉMENTS PROBANTS SOUHAITÉS)—The judgmental setting of Low, Medium or High in the Summary of Comfort that indicates for each individual procedure how persuasive the evidence must be. For a controls audit procedure, the setting reflects judgment of the amount of evidence considered necessary to establish that the control is operating effectively as well as the persuasiveness of that evidence. For a substantive audit procedure, the level reflects the quantity and quality (i.e., relevance and reliability) of the evidence we need to be satisfied that the account, transactions or disclosure are not misstated by an amount that could be material, either individually or when aggregated with other misstatements.
DETECTION RISK (RISQUE DE NON-DÉTECTION)—The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement (or a significant deviation) that exists and that could be material, either individually or when aggregated with other misstatements. This risk is one of the three components of audit risk. It is a function of the effectiveness of the auditing procedures and their application by the auditor.
DEVIATION (ÉCART)—An instance where the underlying subject matter does not conform with the applicable criteria. A deviation can be intentional or unintentional, qualitative or quantitative, and include omissions.
DEVELOPMENT AND IMPLEMENTATION CONTROLS (CONTRÔLES LIÉS AU DÉVELOPPEMENT ET À LA MISE EN OEUVRE)—Procedures or mechanisms in place to ensure that systems are developed, configured and implemented to meet financial, operational and compliance business objectives.
DIRECT ENGAGEMENT (MISSION D’APPRÉCIATION DIRECTE)—An assurance engagement in which the practitioner measures or evaluates the underlying subject matter against the applicable criteria. In a direct engagement, the practitioner’s conclusion addresses the reported outcome of the measurement or evaluation of the underlying subject matter against the criteria.
DIRECT ENTITY LEVEL CONTROLS (DIRECT ELCS) (CONTRÔLES DIRECTS AU NIVEAU DE L’ENTITÉ (CDNE))—Controls that typically operate at least at the sub-process level, i.e. at a level higher than transaction level controls, and, when performed effectively, at a sufficient level of precision to adequately prevent, or detect and correct on a timely basis, material misstatements to one or more relevant assertions for FSLIs/ business processes. Direct ELCs, such as business performance reviews, tend to be detective rather than preventive in nature.
DOCUMENTATION REQUIREMENT (EXIGENCE EN MATIÈRE DE DOCUMENTATION)—Audit procedures are documented in sufficient detail to enable a reviewer to understand what work was done (nature, timing and extent), what evidence was obtained (results) and what conclusions were drawn from the evidence obtained.
DRAFT SPECIAL EXAMINATION REPORT (ÉBAUCHE DE RAPPORT D’EXAMEN SPÉCIAL)—Reports used mainly for validation as well as a vehicle with which to seek advice. Drafts reports are prepared for the OAG Advisory Committee, the Auditor General message briefing, for senior management of the Crown corporation and for the Audit Committee of the board of directors. As well a draft can be sent to the board of directors, depending on the practices within the Crown corporation.
E
ENGAGEMENT CIRCUMSTANCES (CIRCONSTANCES DE LA MISSION)—The broad context defining the particular engagement, which includes: the terms of the engagement; whether it is a reasonable assurance engagement or a limited assurance engagement; the characteristics of the underlying subject matter; the measurement or evaluation criteria; the information needs of the intended users; relevant characteristics of the responsible party, and the engaging party and their environment; and other matters, for example, events, transactions, conditions, and practices, that may have a significant effect on the engagement.
ENGAGEMENT LEADER (RESPONSABLE DE LA MISSION)—The person responsible for the engagement and its performance. Typically, the engagement leader is the audit Principal assigned to an engagement whether or not the Auditor General has delegated signing authority. The engagement leader may also be called practitioner, or engagement partner.
ENGAGEMENT LETTER (LETTRE DE MISSION)—Written terms of an engagement in the form of a letter sent by the auditor to the audit entity.
ENGAGEMENT PARTNER (ASSOCIÉ RESPONSABLE DE LA MISSION)—The partner or other person in the firm who is responsible for the engagement and its performance, and for the assurance report that is issued on behalf of the firm, and who, where required, has the appropriate authority from a professional, legal, or regulatory body. “Engagement partner” should be read as referring to its public sector equivalents where relevant.
ENGAGEMENT RISK (RISQUE DE MISSION)—The risk that the practitioner expresses an inappropriate conclusion when the underlying subject matter contains a significant deviation. For some performance audits in the public sector, there may be a higher risk of the auditor concluding that a matter detected during the audit is a significant deviation when that is not the case. Engagement risk is a function of inherent risk, control risk and detection risk. See also Audit Risk.
ENGAGEMENT TEAM (ÉQUIPE DE MISSION)—The engagement leader/engagement partner and all auditors performing the engagement, including internal specialists engaged to assist with the engagement and any individuals engaged by the firm or a network firm who perform procedures on the engagement. This excludes a practitioner’s external expert engaged by the firm or a network firm.
ENGAGING PARTY (DONNEUR DE MISSION)—The party(ies) that engages the practitioner to perform the assurance engagement.
ERROR (ERREUR)—An unintentional misstatement in the financial statements.
ESTIMATED MISSTATEMENT (ANOMALIE ESTIMÉE)—An estimate of the population misstatement (made before performing audit sampling procedures). We assess the estimated amount of misstatement on the basis of professional judgment after considering such factors as the entity’s business, prior audit experience, the results of prior years’ tests of the account, related substantive tests and tests of controls.
ESTIMATION UNCERTAINTY (INCERTITUDE DE MESURE)—The susceptibility of an accounting estimate and related disclosures to an inherent lack of precision in its measurement.
ETL (EXTRACT, TRANSFORM, LOAD) (EXTRACTION, TRANSFORMTION ET CHARGEMENT DES DONNÉES)—The process of extracting raw data and transforming by cleaning/enriching the data to make them fit operational needs.
EXCEPTION (DIVERGENCE)—An error found when performing audit testing.
EXPECTED CONTROLS RELIANCE (CONFIANCE ACCORDÉE AUX CONTRÔLES)—The level of evidence (expressed as High, Partial or None) in respect of a relevant risk that we expect to obtain from testing the entity’s controls for operating effectiveness, including controls evidence gathered in prior audits, if appropriate. The judgment takes into account both our assessment of control risk and view on the efficiency of obtaining evidence from controls testing compared to substantive testing.
EXPERIENCED AUDITOR (AUDITEUR EXPÉRIMENTÉ)—An individual (whether internal or external to the office) who has practical audit experience and a reasonable understanding of (i) audit processes, (ii) GAAS and applicable legal and regulatory requirements, (iii) the business environment in which the entity operates, and (iv) auditing and financial reporting issues, as applicable to the audit and relevant to the entity’s industry.
EXPERTISE (EXPERTISE)—Skills, knowledge and experience in a particular field.
EXPLORATORY SAMPLE (ÉCHANTILLON EXPLORATOIRE)—An initial small sample drawn from a population for the purpose of getting estimates of information about the population. Exploratory samples are often used to obtain estimates of noncompliance/error rates in a population in order to determine required sample sizes for representative sampling. The exploratory sample can then be extended to become the final sample if and only if no changes are made to the sampling parameters (including any random number seeds).
EXTERNAL CONFIRMATION (CONFIRMATION EXTERNE)—Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.
F
FACTUAL MISSTATEMENTS (ANOMALIE ÉVIDENTE)—Misstatements about which there is no doubt.
FINAL SPECIAL EXAMINATION REPORT (RAPPORT FINAL D’EXAMEN SPÉCIAL)—The special examination report is deemed to be final when the finalized versions of the report (in English and French) are received by the board, the secretary, or whomever the board designates.
FINANCIAL CONTROL (CONTRÔLE FINANCIER)—A method for determining organizational boundary. The financial control method reflects where the organization has the ability to direct the financial and operating policies of the operation with a view to gaining economic benefits from its activities.
FINANCIAL STATEMENT ASSERTIONS (ASSERTIONS AU NIVEAU DES ÉTATS FINANCIERS)—Representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur. These represent assertions that we seek to achieve for each material balance sheet and profit and loss account in the financial statements
a) Assertions about classes of transactions and events, and related disclosures for the period under audit include:
- Occurrence: transactions and events that have been recorded or disclosed, have occurred, and such transactions and events pertain to the entity;
- Completeness: all transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included;
- Accuracy: amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described;
- Cut-off: transactions and events have been recorded in the correct accounting period;
- Classification: transactions and events have been recorded in the proper accounts; and
- Presentation—transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
b) Assertions about account balances, and related disclosures, at the period end include:
- Existence: assets, liabilities, and equity interests exist;
- Rights and obligations: the entity holds or controls the rights to assets and liabilities are the obligations of the entity;
- Completeness: all assets, liabilities and equity interests that should have been recorded have been recorded; and all related disclosures that should have been included in the financial statements have been included;
- Accuracy, valuation and allocation: assets, liabilities and equity interests have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described;
- Classification—assets, liabilities and equity interests have been recorded in the proper accounts;
- Presentation—assets, liabilities and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
FINANCIAL STATEMENT LEVEL (NIVEAU DES ÉTATS FINANCIERS)—Applies to the financial statements of the entity or audit unit as a whole rather than at the level of a particular FSLI or process, e.g., financial statement level risk, such as the risk of management override of controls, or financial statement level procedures, such as those relating to going concern.
FINANCIAL STATEMENT LINE ITEM (FSLI) (POSTE DES ÉTATS FINANCIERS)—A single line item or individual element of a financial statement (balance sheet or income statement), representing a class of transactions, account balance, or other disclosure, e.g., accounts receivable, or interest expense.
FINANCIAL STATEMENTS (ÉTATS FINANCIERS)—A structured representation of historical financial information, including disclosures, intended to communicate an entity’s economic resources or obligations at a point in time or the changes therein for a period of time in accordance with a financial reporting framework. The term “financial statements” ordinarily refers to a complete set of financial statements as determined by the requirements of the applicable financial reporting framework, but can also refer to a single financial statement. Disclosures comprise explanatory or descriptive information, set out as required, expressly permitted or otherwise allowed by the applicable financial reporting framework, on the face of a financial statement, or in the notes, or incorporated therein by cross-reference.
FINDINGS (CONSTATATIONS)—Findings from the audit evidence that are significant enough to include in the audit report.
FIRM (CABINET)—A sole practitioner, partnership or corporation or other entity of individual practitioners. “Firm” should be read as referring to its public sector equivalents where relevant. At the Office of the Auditor General (OAG) of Canada, the OAG is the firm.
FLOWCHARTS (SCHÉMA ou DIAGRAMME)—Method of documenting an overview of an entity’s business processes or the detailed flow of a business process. Each business process flow can be broken down into several sub-processes, with information or data as input and files or documents as output.
FRAUD (FRAUDE)—An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Two types of intentional misstatements are relevant: misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets.
FRAUD RISK (RISQUE DE FRAUDE)—The risk of material misstatement of the financial statements due to fraud.
FRAUD RISK FACTORS (FACTEUR DE RISQUE DE FRAUDE)—Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud.
G
GENERALIZATION (GÉNÉRALISATION)—Making statistical conclusions about a population parameter using a statistic from a representative sample.
GENERAL PURPOSE FINANCIAL STATEMENTS (ÉTATS FINANCIERS À USAGE GÉNÉRAL)—Financial statements prepared in accordance with a general purpose framework.
GENERAL PURPOSE FRAMEWORK (RÉFÉRENTIEL À USAGE GÉNÉRAL)—A financial reporting framework designed to meet the common financial information needs of a wide range of users. The financial reporting framework may be a fair presentation framework or a compliance framework.
GOING CONCERN (HYPOTHÈSE DE L’EXPLOITATION)—Management’s assumption that the company will continue in operational existence for the foreseeable future.
GROUP (GROUPE)—All the components whose financial information is included in the group financial statements. A group always has more than one component.
GROUP AUDIT (AUDIT DU GROUPE)—The audit of group financial statements.
GROUP AUDIT OPINION (OPINION SUR LES ÉTATS FINANCIERS DU GROUPE)—The opinion on the group financial statements.
GROUP ENGAGEMENT LEADER (RESPONSABLE DE L’AUDIT DU GROUPE)—The partner or other person in the OAG firm who is responsible for both the group audit engagement and its performance, and for the auditor’s report on the group financial statements that is issued on behalf of the OAG firm. Where joint auditors conduct the group audit, the joint engagement leaders and their engagement teams collectively constitute the group engagement leader and the group engagement team.
GROUP ENGAGEMENT TEAM (ÉQUIPE AFFECTÉE À L’AUDIT DU GROUPE)—Partners, including the group engagement leader and staff, who establish the overall group audit strategy, communicate with component auditors, perform work on the consolidation process, and evaluate the conclusions drawn from the audit evidence as the basis for forming an opinion on the group financial statements.
GROUP FINANCIAL STATEMENTS (ÉTATS FINANCIERS DU GROUPE)—Financial statements that include the financial information of more than one component. The term “group financial statements” also refers to combined financial statements aggregating the financial information prepared by components that have no parent but are under common control. Also see definition for “Special purpose financial information prepared for the purposes of group consolidation.”
GROUP MANAGEMENT (DIRECTION DU GROUPE)—Management responsible for preparing and presenting the group financial statements.
GROUP OVERALL MATERIALITY AND GROUP PERFORMANCE MATERIALITY (SEUIL DE SIGNIFICATION GLOBAL DU GROUPE ET SEUIL DE SIGNIFICATION POUR LES TRAVAUX DU GROUPE)—The overall and performance materiality levels determined for the group financial statements as a whole.
GROUP WIDE CONTROLS (CONTRÔLES À L’ÉCHELLE DU GROUPE)—Controls designed, implemented, and maintained by group management over group financial reporting. Also known as entity level controls related to more than one component in an audit of group financial statements.
H
HAIRCUT (MATERIALITY) (RÉDUCTION DU SEUIL DE SIGNIFICATION)—A percentage reduction (generally 10 percent, 25 percent or 50 percent) applied to overall materiality in order to determine performance materiality.
HAPHAZARD SELECTION METHOD (MÉTHODE DE PRÉLÈVEMENT EMPIRIQUE)—A common method of selection in non-statistical sampling. This provides a method for selecting a judgmentally representative sample without relying on a truly random process. “Haphazard” does not mean without thought or effort.
HEAD OFFICE (ADMINISTRATION CENTRALE)—The client’s central or controlling office in a Group engagement.
HISTORICAL FINANCIAL INFORMATION (INFORMATIONS FINANCIÈRES HISTORIQUES)—Information expressed in financial terms in relation to a particular entity, derived primarily from that entity’s accounting system, about economic events occurring in past time periods, or about economic conditions or circumstances at points in time in the past.
I
INCONSISTENCY (INCOHÉRENCE)—Other information that contradicts information contained in the audited financial statements. A material inconsistency may raise doubt about the audit conclusions drawn from audit evidence previously obtained and, possibly, about the basis for our opinion on the financial statements.
INDEPENDENT GOVERNANCE FUNCTION (FONCTION DE GOUVERNANCE INDÉPENDANTE)—Refers to one or more independent (external, non-executive) members of the Board of Directors having responsibility for oversight of the financial reporting process. In most cases, this will take the form of an Audit Committee, but it could also be a supervisory board, an individual non-executive representing external stakeholders or some other body.
INDEPENDENT VARIABLE (IV) (VARIABLE INDÉPENDENTE (ID))—An independent variable is a quantity or attribute you are using to predict or explain a dependent variable.
INFERENTIAL STATISTICS (STATISTIQUE INFÉRENTIELLE)—A set of methods which allow to draw conclusions applicable to an entire population based on a subset of this population.
INTERQUARTILE RANGE (INTERVALLE INTERQUARTILE)—The difference between the first and third quartiles in a set of scores. The interquartile range is often used in the identification of outliers in a set of data. A common approach is to consider scores that are either 1.5 (liberal) or 3.0 (conservative) times the value of the interquartile range, beyond the first and third quartiles as outliers (John Tukey: Exploratory Data Analysis). The interquartile range is often used as the measure of dispersion when reporting medians.
INTERVAL ESTIMATE (ESTIMATION PAR INTERVALLE)—An estimate of the range of values over which we may be confident that a population parameter lies. When we also provide the confidence level, we call this estimate a confidence interval.
INTERVAL VARIABLE (VARIABLE D’INTERVALLES)—Its values are ordered and there are equal intervals between adjacent values. Temperature as measured in Celsius or Fahrenheit represents an interval variable.
INDEPENDENCE (INDÉPENDANCE)—Independence is comprised of two elements: i. Independence of mind—the state of mind that permits the provision of an opinion without being affected by influences that compromise professional judgment, allowing an individual to act with integrity, and exercise objectivity and professional scepticism. ii. Independence in appearance—the avoidance of facts and circumstances that are so significant a reasonable and informed third party, having knowledge of all relevant information, including any safeguards applied, would reasonably conclude the Office’s, or a member of the assurance team’s, integrity, objectivity or professional scepticism had been compromised.
INDIRECT ENTITY LEVEL CONTROLS (INDIRECT ELCS) (CONTRÔLES INDIRECTS AU NIVEAU DE L’ENTITÉ (CINE))—Entity level controls that do not directly relate to any specific FSLIs/ business processes or assertions and, therefore, would not by themselves prevent, or detect and correct on a timely basis, material misstatements to assertion(s). They may, however, contribute to the effectiveness of controls. Indirect ELCs include company-wide programs such as codes of conduct and anti-fraud programs and controls, and controls that monitor the overall effectiveness of other controls.
INFORMATION AND COMMUNICATION (INFORMATION ET COMMUNICATION)— Systems that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.
INFORMATION PROCESSING CONTROL (CONTRÔLE DU TRAITEMENT DE L’INFORMATION)—A type of control activity, comprising two broad groupings—application and general computer controls.
INFORMATION PROCESSING OBJECTIVES (OBJECTIFS DE TRAITEMENT DE L’INFORMATION)—Management’s goals in relation to controls, which, if effectively met, help support management’s implicit financial statement assertions: completeness of records, accuracy of records, validity of records, and restricted access to assets and records.
INFORMATION SECURITY CONTROLS (CONTRÔLES LIÉS À LA SÉCURITÉ DES INFORMATIONS)—Procedures or mechanisms in place to ensure that access (physical or logical) to systems resources and data is authenticated and authorized.
INFORMATION TECHNOLOGY GENERAL CONTROLS (CONTRÔLES GÉNÉRAUX INFORMATIQUES)—Controls used to manage and control the IT activities and computer environment, covering the following areas: IT Control Environment, Program Development, Program Changes, Access to Programs and Data, and Computer Operations.
INHERENT RISK (RISQUE INHÉRENT)—The susceptibility of the financial statements, or of an FSLI at the assertion level, to a misstatement that could be material, either individually or when aggregated with other misstatements, without considering the effect of controls related to the risk. In the case of direct engagements, it is the susceptibility of the underlying subject matter to a significant deviation before consideration of any related controls applied by the appropriate parties.
INITIAL AUDIT ENGAGEMENT (AUDIT INITIAL)—An engagement in which either: (i) The financial statements for the prior period were not audited; or (ii) The financial statements for the prior period were audited by a predecessor auditor.
INITIAL MEETINGS WITH MANAGEMENT (RENCONTRE INITIALE AVEC LA DIRECTION)—Inquiries of senior management, which take place during the planning phase of the audit, with the main purpose of gathering information about the entity, its environment and internal control.
INITIAL “TAKING STOCK” MEETING (RÉUNION DE MISE AU POINT INITIALE)— Meeting that takes place at the beginning of the Respond to Risks stage of the audit where: The work to date is discussed. The engagement leader signs off the audit plan. The team plans which client meetings will be held. Agendas for client meetings are agreed.
IN SCOPE FSLI (POSTE DES ÉTATS FINANCIERS À AUDITER)—The status given to FSLIs relevant to an engagement, for which the auditor will perform audit work.
INTENDED USERS (UTILISATEURS VISÉS)—The individual(s) or organization(s), or group(s) thereof that the practitioner expects will use the assurance report. In some cases, there may be intended users other than those to whom the assurance report is addressed.
INTERNAL AUDIT FUNCTION (FONCTION D’AUDIT INTERNE)—A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management, and internal control processes.
INTERNAL AUDITORS (AUDITEURS INTERNES)—Those individuals who perform the activities of the internal audit function. Internal auditors may belong to an internal audit department or equivalent function.
INTERNAL CONTROL (CONTRÔLE INTERNE)—The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control.
INTERNAL CONTROL FRAMEWORK (CADRE DE CONTRÔLE INTERNE)—Internal control is evaluated against a framework of five interrelated components that should be applied at any level of the organization (i.e., at the entity, management unit and/or business process level). These components are: Risk assessment; Control environment; Information and communication; Control activities; and Monitoring of controls. The division of internal control into the five components provides a useful framework for us to consider how different aspects of an entity’s internal control may affect the audit. However, our primary consideration is to evaluate and test whether, and how, a specific control—individually or in combination with others—helps prevent, or detect and correct, material misstatements in classes of transactions, account balances or disclosures and related assertions rather than its classification into any particular component.
INTEROFFICE REPORT (RAPPORT INTERNE)—A report provided by an OAG component auditor to the OAG group engagement team in relation to a component’s financial statements or component financial information.
INTERNAL SPECIALIST (SPÉCIALISTE INTERNE)—OAG staff (including temporary staff) possessing expertise in a field other than accounting or auditing, whose work in that field is used by the engagement leader to assist in obtaining sufficient appropriate audit evidence.
INTRAnet (INTRAnet)—The Office’s internal network accessible to all employees. It facilitates communication between people, teams, and groups, and improves knowledge sharing capability within the Office.
IRON CURTAIN METHOD (MÉTHODE DU « RIDEAU DE FER »)—Quantifies a misstatement based on the effects of correcting the misstatement or misstatements that have accumulated in the balance sheet at the end of the current year. This method considers it inappropriate to offset any amounts from the prior periods’ SUM.
IT DEPENDENCIES (DÉPENDANCES AUX TI)—Automated control procedures (e.g., calculations, posting to accounts, generation of reports, edits, control routines, etc.) or manual controls that are dependent on IT (e.g., the review by an inventory manager of an exception report when the exception report is generated by IT). When IT is used to initiate, authorize, record, process, or report transactions or other financial data for inclusion in financial statements, the systems and programs may include controls related to the corresponding assertions for significant accounts or disclosures or may be critical to the effective functioning of manual controls that depend on IT.
J
JUDGMENTAL MISSTATEMENTS (ANOMALIES LIÉES AU JUGEMENT)—Misstatements arising from management’s judgments concerning accounting estimates that we consider unreasonable, or the selection or application of accounting policies that we consider inappropriate.
JUDGEMENTAL SELECTION (ÉCHANTILLONAGE DISCRÉTIONNAIRE)—Judgmental sampling relies on specific criteria that the team uses to select individual items for examination or to scope particular types of items for possible selection.
K
KEY AUDIT MATTER (QUESTIONS CLÉS DE L’AUDIT)— Those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance.
L
LETTER OF REPRESENTATION (LETTRE D’AFFIRMATION)—A type of written audit evidence, provided by client management. In limited audit areas, management’s actions or intentions may have an impact on the accounting treatment of certain items, e.g., expanding and investing in or disposing of a particular division. The letter of representation ensures that there is a written record of auditor’s enquiries and management’s intentions. These representations should be corroborated with other forms of evidence, e.g., board minutes.
LIMITED ASSURANCE ENGAGEMENT (MISSION D’ASSURANCE LIMITÉE)—An assurance engagement in which the practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement as the basis for expressing a conclusion in a form that conveys whether, based on the procedures performed and evidence obtained, a matter(s) has come to the practitioner’s attention to cause the practitioner to believe: in an attestation engagement, the subject matter information is materially misstated; or in a direct engagement, that the underlying subject matter does not conform, in all significant respects, with the applicable criteria. The nature, timing and extent of procedures performed in a limited assurance engagement is limited compared with that necessary in a reasonable assurance engagement but is planned to obtain a level of assurance that is, in the practitioner’s professional judgment, meaningful. To be meaningful, the level of assurance obtained by the practitioner is likely to enhance the intended users’ confidence about the matters being reported on to a degree that is clearly more than inconsequential. A limited assurance engagement may be referred to as a review engagement.
LISTED ENTITY (ENTITÉ COTÉE)—An entity whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the regulations of a recognized stock exchange or other equivalent body.
LOCK-UP (SÉANCE À HUIS CLOS)—A briefing session held by the OAG that is intended for media personnel only. A lock-up for media reporters takes place several hours before the tabling in Parliament of the Auditor General’s or Commissioner’s report. It is held at the same time as, but separately from, a briefing for parliamentarians. The lock-up provides journalists with an opportunity to preview the report and question the OAG representatives present about the audit reports it contains.
M
MACHINE LEARNING (ML) (APPRENTISSAGE AUTOMATIQUE)—Commonly considered a type of artificial intelligence (AI), machine learning (ML) is focused on the automatic learning of new associations and classifications based either on a training set (supervised learning) or directly on the structure present within a set of data (unsupervised learning). Supervised learning models are more applicable in audit.
MAINTENANCE CONTROLS (CONTRÔLES DE MAINTENANCE)—Procedures or mechanisms in place to ensure that modified systems continue to meet financial, operational and compliance business objectives.
MANAGEMENT (DIRECTION)—The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities in some jurisdictions, management includes some or all of those charged with governance, for example, executive members of a governance board, or an owner-manager.
MANAGEMENT BIAS (PARTI PRIS DE LA DIRECTION)—A lack of neutrality by management in the preparation and presentation of information.
MANAGEMENT INFORMATION (INFORMATION DE GESTION)—Any information that management uses to control the business and on which they make business decisions. This may be the formal output from a business process or any other informal source from which management obtain information.
MANAGEMENT UNIT (UNITÉ DE GESTION)—The sphere of responsibility of a particular manager, whether a senior executive or lower down the organization. More specifically, management units are units of the business grouped according to the organization structure (delegation of authority and responsibility) and defined by products, processes, functions, profit or cost centers.
MANAGEMENT’S EXPERT (EXPERT CHOISI PAR LA DIRECTION)—An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements.
MANAGEMENT’S POINT ESTIMATE (ESTIMATION PONCTUELLE DE LA DIRECTION)—The amount selected by management for recognition or disclosure in the financial statements as an accounting estimate.
MANAGEMENT’S RISK ASSESSMENT PROCESS (PROCESSUS D’ÉVALUATION DES RISQUES DE LA DIRECTION)—The entity’s process for identifying and analyzing relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.
MAPPING (SCHÉMATISATION)—Method of documenting how the management information systems (systems/applications and computer environments) initiate, record and process financial or relevant non-financial information, and how business processes are linked to the financial statements.
MATERIALITY (SEUIL DE SIGNIFICATION)—The magnitude of an omission or misstatement of accounting information that may change or influence the economic decisions of users of financial statements.
MATERIALITY FOR PARTICULAR CLASSES OF TRANSACTIONS, ACCOUNT BALANCES OR DISCLOSURES (SEUIL DE SIGNIFICATION POUR DES CATÉGORIES D’OPÉRATIONS, SOLDES DE COMPTE OU INFORMATIONS À FOURNIR EN PARTICULIER)—Materiality established to address specific circumstances when there is one or more particular class of transactions, account balances or disclosures for which misstatements of lesser amounts than overall materiality could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.
MEAN (MOYENNE)—This typically refers to the arithmetic average of a set of quantitative data. (i.e. the sum of all scores divided by the number of scores). However, there are also alternate procedures such as the harmonic mean and geometric mean that are used in certain situations. The term mean, by itself, should always be taken to indicate the arithmetic mean.
MEASURER OR EVALUATOR (ÉVALUATEUR)— The party(ies) who measures or evaluates the underlying subject matter against the criteria. The measurer or evaluator possesses expertise in the underlying subject matter.
MEDIAN (MÉDIANE)—The middle point in a set of quantitative data (note that the median may fall in between two actual data points). The median is also called the second quartile.
MESSAGE BRIEFING (SÉANCE D’INFORMATION)—A briefing by the audit AAG and the engagement leader to the Auditor General on the main messages of a draft performance audit or special examination report.
MILESTONES (JALONS)—Dates the engagement team has identified to be important, e.g., meetings with the client, observation of physical inventory count, meetings of the engagement team, and delivery of reports.
MISSTATEMENT (ANOMALIE)—A difference between the reported amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be in accordance with the applicable financial reporting framework. Misstatements can arise from error or fraud. When the auditor expresses an opinion on whether the financial statements are presented fairly, in all material respects, or give a true and fair view, misstatements also include those adjustments of amounts, classifications, presentation, or disclosures that, in the auditor’s judgment, are necessary for the financial statements to be presented fairly, in all material respects, or to give a true and fair view.
MISSTATEMENT OF FACT (ANOMALIE CONCERNANT DES FAITS)—Other information that is unrelated to matters appearing in the audited financial statements that is incorrectly stated or presented. A material misstatement of fact may undermine the credibility of the document containing audited financial statements.
MISSTATEMENT OF THE OTHER INFORMATION (ANOMALIE DANS LES AUTRES INFORMATIONS)—A misstatement of the other information exists when the other information is incorrectly stated or otherwise misleading (including because it omits or obscures information necessary for a proper understanding of a matter disclosed in the other information).
MODE (MODE)—The most common value in a set of any data, whether quantitative, or qualitative.
MONITORING OF CONTROLS (SUIVI DES CONTRÔLES)—A process that assesses the quality of internal control performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two.
MOVING AVERAGE (MOYENNE MOBILE)—A set of averages taken over a series of typically overlapping time periods that serves to reduce transitory short term fluctuations and highlight more stable longer term trends.
N
NEGATIVE CONFIRMATION REQUEST (DEMANDE DE CONFIRMATION TACITE)—A request that the confirming party respond directly to the auditor only if the confirming party disagrees with the information provided in the request.
NEURAL NETWORK (RÉSEAU NEURONAL)—Artificial neural networks are commonly used in machine learning and AI for classification purposes. They always include an input layer that holds available information in distinct nodes (neurons), an output layer that has nodes for each classification or category, and one or more “hidden” layers by which the network can identify increasingly abstract relationships between inputs and outputs. Most networks use supervised learning to adjust the weights on connections between nodes which is how they “learn”.
NOMINAL VARIABLE (VARIABLE NOMINALE)—Nominal variables are variables that have two or more categories and which do not have an intrinsic order. In other words, they represent categories which may be arranged in any order (e.g.: favourite breakfast cereal, method of travelling to work, favourite hobby or type of car owned). IDEA—the application we use for audit—calls these STRING variables.
NON-COMPLIANCE (NON-CONFORMITÉ)—Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations. Such acts include transactions entered into by, or in the name of, or on behalf of the entity, by those charged with governance, management or employees. Non-compliance does not include personal misconduct (unrelated to the business activities of the entity) by those charged with governance, management or employees of the entity.
NON-SAMPLING RISK (RISQUE NON LIÉ À L’ÉCHANTILLONNAGE)—The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk.
NORMAL DISTRIBUTION (DISTRIBUTION NORMALE)—A symmetric bell-shaped frequency distribution that is used in many statistical estimates.
NORMAL RISK (RISQUE NORMAL)—Inherent risks other than significant risks are considered “Normal” under our risk assessment framework. Normal risks relate to a range of situations, including routine transactions subject to systematic processing, as well as more complex transactions where significant judgment is required. Normal risks do not rise to the level of a significant risk because of either the magnitude of potential misstatements that could result from the risk or the likelihood of the risk occurring. Risks falling in the “Normal” category cover a wide range of the risk assessment continuum.
NOTIFICATION AND SOLICITOR-CLIENT PRIVILEGE LETTER (ENGAGEMENT AND SOLICITOR-CLIENT PRIVILEGE LETTER for special exams) (LETTRE D’AVIS AU SUJET DE L’AUDIT ET LETTRE AU SUJET DU SECRET PROFESSIONNEL DE L’AVOCAT (LETTRE DE MISSION ET DU SECRET PROFESSIONNEL DE L’AVOCAT pour les examens spéciaux))—These letters are issued by the OAG at the outset of all audits. The letters notify the entities about the audit and state that in the course of the audit, we may request documents that are subject to solicitor-client and other privileges. Solicitor-client privilege is the right of a client to refuse to disclose confidential communication made with a lawyer for the purpose of obtaining or giving legal advice or assistance. The most common form of document to which solicitor-client privilege attaches is a legal opinion. The Auditor General is entitled to such documents under the Auditor General Act. The letter is sent to confirm that disclosure of these documents to the OAG does not result in a waiver of the solicitor-client privilege (e.g. the destruction of the protection that solicitor-client privilege gives the client against disclosure to third parties).
O
OPENING BALANCES (SOLDES D’OUVERTURE)—Those account balances that exist at the beginning of the period. Opening balances are based upon the closing balances of the prior period and reflect the effects of transactions and events of prior periods and accounting policies applied in the prior period. Opening balances also include matters requiring disclosure that existed at the beginning of the period, such as contingencies and commitments.
ORDINAL VARIABLE (VARIABLE ORDINALE)—Ordinal variables are variables that have two or more categories just like nominal variables only the categories can also be ordered or ranked (e.g.: the quality of a service: excellent, good, indifferent, bad, very bad).
OTHER INFORMATION (AUTRES INFORMATIONS)—Financial or non-financial information (other than financial statements and the auditor’s report thereon) included in an entity’s annual report.
OUTCOME OF AN ACCOUNTING ESTIMATE (DÉNOUEMENT D’UNE ESTIMATION COMPTABLE)—The actual monetary amount which results from the resolution of the underlying transaction(s), event(s) or condition(s) addressed by the accounting estimate.
OVERALL MATERIALITY (SEUIL DE SIGNIFICATION GLOBAL)—Materiality determined for the financial statements as a whole.
P
PARAMETER (PARAMÈTRE)—A specific measure of a population. It may be computed directly from all units of a population (i.e. a census) or it may be estimated from a sample statistic.
PERFORMANCE AUDIT (AUDIT DE PERFORMANCE)—An independent, objective and systematic assessment of how well government is managing its activities, responsibilities and resources. Performance audit is a type of direct engagement, conducted in accordance with assurance standards, in which the practitioner evaluates whether public sector entities are delivering programs or carrying out activities and processes with due regard to one or more of the principles of economy, efficiency and effectiveness. Performance audits may also focus on the principle of environment and sustainable development. Economy involves getting the right inputs, such as goods, services and human resources, at the lowest cost. Efficiency involves getting the most from available resources, in terms of quantity, quality and timing of outputs or outcomes. Effectiveness involves meeting the objectives set and achieving the intended results. Environment and sustainable development encompass sustainable development strategies or management of sustainable development and environmental issues.
PERFORMANCE MATERIALITY (SEUIL DE SIGNIFICATION POUR LES TRAVAUX)—Materiality set at less than overall materiality to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds overall materiality. If applicable, also refers to materiality set at less than the materiality level(s) for particular classes of transactions, account balances or disclosures.
PERFORMANCE MEASURES (MESURES DU RENDEMENT)—Information used by management, investors, analysts and others (financial institutions, government/ regulatory authorities, key customers or suppliers, etc.) to gain an understanding of the organization’s performance in any area, both financial and non-financial, including financial position and results. Designing and monitoring measures are a vital way of managing an organization and measures need to be aligned with the organization’s business objectives, risks and controls.
PERIODIC BUSINESS PROCESS (PROCESSUS OPÉRATIONNELS PÉRIODIQUES)—Include control activities over the initiation, recording, processing, and reporting of lower numbers of transactions, including significant one-time or infrequent periodic transactions. These control activities generally operate periodically or as of the reporting date, such as authorizations and reviews of account reconciliations, or the review of accounts subject to judgment and estimation. Therefore, we expect to obtain an understanding of fewer or no relevant controls than for transactional business processes. Examples of these business processes often include, but are not limited to: capital and equity, financing, intangible assets and goodwill, property plant and equipment, share-based compensation awards, taxes, and treasury.
PLANNED SUBSTANTIVE EVIDENCE (ÉLÉMENTS PROBANTS À OBTENIR AU MOYEN DE PROCÉDURES DE CORROBORATION)—The level of evidence (expressed as High, Medium or Low) expected to be obtained from performing substantive procedures as a whole in order to reduce engagement risk to an acceptably low level. The judgment takes into account both assessed level of inherent risk and the evidence we expect from controls.
PLANNING (PLANIFICATION)—The initial project management activities on the engagement. It includes forming and organizing the team, including considering the initial involvement of specialists and internal experts, arranging the first meetings with the client and developing an initial audit plan.
POINT ESTIMATE (ESTIMATION PONCTUELLE)—An estimate of the specific value of a population parameter.
POPULATION (POPULATION)—The entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions.
POSITIVE CONFIRMATION REQUEST (DEMANDE DE CONFIRMATION EXPRESSE)—A request that the confirming party respond directly to the auditor indicating whether the confirming party agrees or disagrees with the information in the request, or providing the requested information.
PRACTITIONER (PROFESSIONNEL EN EXERCICE)—The auditor(s) conducting the engagement (usually the engagement partner or other members of the engagement team or, as applicable, the firm). Where CSAE 3001 expressly intends that a requirement or responsibility be fulfilled by the engagement partner, the term “engagement partner” rather than “practitioner” is used.
PRACTITIONER’S EXPERT (EXPERT CHOISI PAR LE PROFESSIONNEL EN EXERCICE)—An individual or organization possessing expertise in a field other than assurance, whose work in that field is used by the practitioner to assist the practitioner in obtaining sufficient appropriate evidence. A practitioner’s expert may be either a practitioner’s internal expert (who is a partner or staff, including temporary staff, of the practitioner’s firm or a network firm), or a practitioner’s external expert. Also referred to as auditor’s expert in an annual audit.
PRECISION (PRÉCISION)—A term used in connection with the assurance which our substantive procedures provide. In relation to analytical procedures the degree of precision refers to the closeness of our expectation to the “correct” amount.
PRECONDITIONS FOR AN AUDIT (CONDITIONS PRÉALABLES À LA RÉALISATION D’UN AUDIT)—The use by management of an acceptable financial reporting framework in the preparation of the financial statements and the agreement of management and, where appropriate, those charged with governance to the premise on which an audit is conducted.
PREDECESSOR AUDITOR (PRÉDÉCESSEUR)—The auditor from a different audit firm, who audited the financial statements of an entity in the prior period and who has been replaced by the current auditor.
PREMISE, RELATING TO THE RESPONSIBILITIES OF MANAGEMENT AND, WHERE APPROPRIATE, THOSE CHARGED WITH GOVERNANCE, ON WHICH AN AUDIT IS CONDUCTED (POSTULAT DE DÉPART POUR LA RÉALISATION D’UN AUDIT, EN CE QUI CONCERNE LES RESPONSABILITÉS DE LA DIRECTION ET, LE CAS ÉCHÉANT, DES RESPONSABLES DE LA GOUVERNANCE)—That management and, where appropriate, those charged with governance have the following responsibilities that are fundamental to the conduct of an audit in accordance with CASs. That is, responsibility:
- For the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework; this includes the design, implementation and maintenance of internal control relevant to the preparation and presentation of financial statements that are free from material misstatement, whether due to fraud or error; and
-
To provide the auditor with:
- All information, such as records and documentation, and other matters that are relevant to the preparation and presentation of the financial statements;
- Any additional information that the auditor may request from management and, where appropriate, those charged with governance; and
- Unrestricted access to those within the entity from whom the auditor determines it necessary to obtain audit evidence.
In the case of a fair presentation framework, the responsibility is for the preparation and fair presentation of the financial statements in accordance with the financial reporting framework; or the preparation of financial statements that give a true and fair view in accordance with the financial reporting framework. This applies to all references to “preparation and presentation of the financial statements” in the CASs.
The “premise, relating to the responsibilities of management and, where appropriate, those charged with governance, on which an audit is conducted” may also be referred to as the “premise.”
PREPARED (PRÉPARÉ)—The status of a task that has been marked as Prepared by the preparer.
PREPARER (AUTEUR)—The auditor who is assigned to, or who did, perform a task and then marks that task as Prepared. The preparer is the first person in the workflow for a task.
PRINCIPAL’S DRAFT (ÉBAUCHE DU DIRECTEUR PRINCIPAL OU DU PX)—The Principal’s or PX draft is the first full version of the audit report presented to the audited entities. It is used to obtain entity officials’ comments on the validity and completeness of the findings, and the suitability and practicality of the recommendations.
PROCESS MINING (EXPLORATION DE PROCESSUS)—Process mining incorporates specialized algorithms and approaches that are applied to event log data in order to identify trends and patterns.
PROCESS-WIDE CONSIDERATIONS (FACTEURS RELATIFS À L’ENSEMBLE DU PROCESSUS)—Relevant control activities (either transaction level or entity level) performed at a business process level that should be considered when evaluating transaction level and direct entity level controls over a process. Process-wide considerations relate to topics such as: Controls over standing data; Controls over end-user computer tools, such as spreadsheets; Management’s review of access rights; Segregation of duties; System postings (based on pre-defined accounts mapping); Use of service organizations, including controls over inputs and outputs.
PROFESSIONAL JUDGMENT (JUGEMENT PROFESSIONNEL)—The application of relevant training, knowledge and experience, within the context provided by assurance and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the engagement.
PROFESSIONAL SKEPTICISM (ESPRIT CRITIQUE)—An attitude that includes a questioning mind, being alert to conditions which may indicate possible deviation, and a critical assessment of evidence.
PROJECT MANAGEMENT (GESTION DE PROJETS)—The process of planning, managing, monitoring and issue resolving at the right level of detail and at the right time to identify and schedule tasks to complete. Identify and realize engagement objectives, including all desired benefits. Maximize efficiency while ensuring effectiveness.
PROGRAM (PRG) (PROGRAMME)—A folder in the audit working paper software comprising detailed audit procedures and audit steps to be performed. When completed it forms, where necessary with supporting documentation, the record of work done.
PROJECTED MISSTATEMENTS (ANOMALIES EXTRAPOLÉES)—Arise from misstatements that we project, based on an extrapolation from audit evidence obtained. For example, the amount obtained by projecting misstatements identified in an audit sample to the entire population from which the sample was drawn.
PURPOSEFUL SELECTION (SÉLECTION DIRIGÉE)—Purposeful selection is used to comment or conclude specifically on the items chosen for examination. There are two ways to select items: judgmental selection and random selection.
Q
QUALITY REVIEWER (EXAMINATEUR DE LA QUALITÉ)—An individual, who is independent of the assurance engagement, and conducts an objective evaluation of significant matters, including identified risks and significant judgments made by the engagement team, and the team’s conclusions reached in formulating the assurance engagement report.
QUARTILE (QUARTILE)—Quartiles divide a set of scores into four equal sized divisions. The first quartile cuts off the lowest 25 percent of scores from the remaining 75 percent. The second quartile, or median, separates the lowest half from the highest half. The third quartile cuts off the highest 25 percent of scores from the lowest 75 percent.
QUERY (INTERROGER)—Asking for information.
R
R SQUARED (R AU CARRÉ)—See correlation.
RANDOM SELECTION METHOD (MÉTHODE DE SÉLECTION ALÉATOIRE)—A common method of selection in non-statistical sampling. This method ensures that all items in the population have an equal chance of being selected.
RANGE (INTERVALLE DE VARIATION)—The difference between the minimum and maximum values in a set of quantitative data. It is often paired with the median.
RATIO VARIABLE (VARIABLE DE RAPPORTS)—Its values are ordered, there are equal intervals, and there is an absolute zero point. Length is an example of a ratio variable. Ratio variables allow ratio comparisons such as 3 meters is 3 times as long as 1 meter.
REASONABLE ASSURANCE (ASSURANCE RAISONNABLE)—A high, but not absolute, level of assurance.
REASONABLE ASSURANCE ENGAGEMENT (MISSION D’ASSURANCE RAISONNABLE)—An assurance engagement in which the practitioner reduces engagement risk to an acceptably low level in the circumstances of the engagement as the basis for the practitioner’s conclusion. The practitioner’s conclusion is expressed in a form that conveys the practitioner’s opinion on the outcome of the measurement or evaluation of the underlying subject matter against criteria. A reasonable assurance engagement may be referred to as an audit engagement.
RECOMMENDATIONS (RECOMMANDATIONS)—Audit recommendations point to the direction in which an entity (or entities) can make positive changes for the deficiencies reported. Recommendations should be action-oriented, practical and relate to strategic issues. They should address areas where there are significant risks to the entity. Recommendations should be fully supported by and flow from the findings, and they should be aimed at correcting the underlying cause of the deficiency.
REDUNDANT CONTROL (CONTRÔLE REDONDANT)—A control that achieves the same control objective as another control. Such controls operate at the same level as the other control and if operating effectively, meet the same control objective. Example—Both the Senior Accountant and Controller reviewing exception reports at the same level of detail (i.e., items over $5,000)
REGRESSION (RÉGRESSION)—Regression analysis relies on the correlation between variables to show how one dependent variable (DV) is related to one or more other independent variables (IVs). As a correlation gets stronger (+ or -), the regression model will become more predictive.
RELATED PARTY (PARTIE LIÉE)—A party that is either: i. A related party as defined in the applicable financial reporting framework; or ii. Where the applicable financial reporting framework establishes minimal or no related party requirements: 1. A person or other entity that has control or significant influence, directly or indirectly through one or more intermediaries, over the reporting entity; 2. Another entity that is under common control with the reporting entity through having: i. Common controlling ownership; ii. Owners who are close family members; or iii. Common key management. However, entities that are under common control by a state (i.e., a national, regional or local government) are not considered related unless they engage in significant transactions or share resources to a significant extent with one another.
RELATED PARTY TRANSACTION (OPÉRATION ENTRE PARTIES LIÉES)—The transfer of assets or liabilities or the performance of services by, to or for a related party irrespective of whether a price is charged.
RELEVANT CONTROL (CONTRÔLE PERTINENT)—Controls related to the following areas are “relevant” to the audit (when applicable):
- Controls related to a significant risk
- Controls upon which we intend to rely (because it is effective and efficient to do so)
- Controls upon which we need to rely (for risks with which we cannot obtain sufficient appropriate audit evidence through substantive procedures alone)
- Controls relevant to accounting estimates that give rise to the risk of material misstatement
- Controls, if any, that management has established to identify, account for, disclose and authorize related party transactions and transactions outside the normal course of business
- Controls at the user entity that relate to services provided by the service organization, including those that are applied to transactions processed by the service organization
- Group-wide controls in group audits
- Those that are considered to be relevant in the judgment of the auditor
RELEVANT ETHICAL REQUIREMENTS (RÈGLES DE DÉONTOLOGIE PERTINENTES)—Relevant ethical requirements are derived from five fundamental principles of ethics: integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour. Integrity—To be straightforward and honest in all professional and business relationships. Objectivity—To not allow bias, conflict of interest, or the undue influence of others to override professional or business judgments. Professional Competence and Due Care—To maintain professional knowledge and skill at the level required to ensure that an entity receives competent professional services based on current developments in practice, legislation, and techniques, and to act diligently and according to applicable technical and professional standards. Confidentiality—To respect the confidentiality of information acquired as a result of professional and business relationships and, therefore, not disclose any such information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the information for the personal advantage of the employee or third parties. Professional Behaviour- Employees conduct themselves at all times in a manner that will maintain the good reputation of the profession and the Office and its ability to serve Parliament, territorial legislatures, governments, and Canadians.
RELEVANT RECONCILIATION (RAPPROCHEMENT PERTINENT)—Reconciliations are commonly used to compare and analyze differences in balances between a general ledger account and the related subsidiary ledger (control account reconciliations). Financial statement reconciliations typically include bank, accounts receivable, inventory, fixed asset, accounts payable and other types of account and activity reconciliations (e.g., inter-company account reconciliations). Many of these reconciliations are likely to be considered relevant reconciliations for our audits. For specific industries (e.g., financial services) many other types of account and activity reconciliations are likely to be relevant reconciliations.
REPORT OF THE AUDITOR GENERAL/REPORT OF THE COMMISSIONER OF THE ENVIRONMENT AND SUSTAINABLE DEVELOPMENT (RAPPORT DU VÉRIFICATEUR GÉNÉRAL/RAPPORT DU COMMISSAIRE À L’ENVIRONNEMENT ET AU DÉVELOPPEMENT DURABLE)—The Auditor General’s and Commissioner’s reports consist of several audit reports, each reporting on the results of individual performance audits. In addition, the Auditor General’s Report includes special examination reports issued to boards of directors. Each year, the Auditor General and Commissioner submit reports to the House of Commons. Performance audits conducted on territorial entities and programs are reported directly to the appropriate Northern legislative assembly.
REPORT ON THE DESCRIPTION AND DESIGN OF CONTROLS AT A SERVICE ORGANIZATION (REFERRED TO IN CAS 402 15 AS A TYPE 1 REPORT) (RAPPORT SUR LA DESCRIPTION ET LA CONCEPTION DES CONTRÔLES DE LA SOCIÉTÉ DE SERVICES (APPELÉ « RAPPORT DE TYPE 1 » DANS LA NCA 402 15))—A report that comprises: i) A description, prepared by management of the service organization, of the service organization’s system, control objectives and related controls that have been designed and implemented as at a specified date; and ii) A report by the service auditor with the objective of conveying reasonable assurance that includes the service auditor’s opinion on the description of the service organization’s system, control objectives and related controls and the suitability of the design of the controls to achieve the specified control objectives.
REPORT ON THE DESCRIPTION, DESIGN, AND OPERATING EFFECTIVENESS OF CONTROLS AT A SERVICE ORGANIZATION (REFERRED TO IN CAS 402 AS A TYPE 2 REPORT) (RAPPORT SUR LA DESCRIPTION, LA CONCEPTION ET L’EFFICACITÉ DU FONCTIONNEMENT DES CONTRÔLES DE LA SOCIÉTÉ DE SERVICES (APPELÉ « RAPPORT DE TYPE 2 » DANS LA NCA 402))—A report that comprises: (i) A description, prepared by management of the service organization, of the service organization’s system, control objectives and related controls, their design and implementation as at a specified date or throughout a specified period and, in some cases, their operating effectiveness throughout a specified period; and (ii) A report by the service auditor with the objective of conveying reasonable assurance that includes: a. The service auditor’s opinion on the description of the service organization’s system, control objectives and related controls, the suitability of the design of the controls to achieve the specified control objectives, and the operating effectiveness of the controls; and b. A description of the service auditor’s tests of the controls and the results thereof.
REPORTABLE CONDITION (SITUATION DEVANT ÊTRE COMMUNIQUÉE)—Matters that should be communicated because they represent significant deficiencies in the design or operation of internal control that could adversely affect the entity’s ability to record, process, summarize, and report financial data consistent with management’s assertions in the financial statements. Such deficiencies may involve aspects of the internal control components of (a) the control environment, (b) entity’s risk assessment process, (c) control activities, (d) information system, including the related business processes, relevant to financial reporting, and communications, or (e) monitoring of controls.
REPRESENTATIVE SAMPLING (ÉCHANTILLONNAGE REPRÉSENTATIF)—Sampling that is used to generalize to a parent population. Samples must be of sufficient size and appropriately chosen. Representative sampling does not guarantee that a sample is indeed representative.
RESIDUAL RISK (RISQUE RÉSIDUEL)—The remaining risk after treatment or control measures have been put in place.
RESPONSIBLE PARTY (PARTIE RESPONSABLE)—The party(ies) responsible for the underlying subject matter.
RESTRICTED ACCESS (ACCÈS RESTREINT)—Data is protected against unauthorized amendments, its confidentiality is ensured, and physical assets are protected.
RETENTION PERIOD (PÉRIODE DE CONSERVATION DES DOCUMENTS)—The period for which the final audit file is retained after the audit report date or other relevant trigger date. Refer to OAG Audit 1191 – Retention Policies and Procedures for further guidance.
REVIEWER (RÉVISEUR)—An auditor in the workflow after the preparer who will consider whether the work performed has been completed satisfactorily, using their experience and judgment, and mark the task reviewed when they are satisfied with it.
RISK ASSESSMENT PROCEDURES (PROCÉDURES D’ÉVALUATION DES RISQUES)—The audit procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels.
RISK OF MATERIAL MISSTATEMENT (RoMM) (RISQUE D’ANOMALIES SIGNIFICATIVES)—The risk that the financial statements are materially misstated prior to audit due to fraud or error; also known as RoMM. Such risks may exist at either the financial statement level or at the assertion level. The risk consists of two components, described as follows at the individual assertion level: 1) Inherent risk—The susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, without considering the effect of controls related to the risk. 2) Control risk—The risk that a misstatement that could occur in an assertion and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal controls.
RISK OF MATERIAL MISSTATEMENT AT THE ASSERTION LEVEL (RISQUE D’ANOMALIES SIGNIFICATIVES AU NIVEAU D’UNE ASSERTION)—Risks related to individual assertions for specific FSLIs, and having regard to the nature of the FSLI, e.g., whether classes of transactions, account balances or disclosures.
RISK OF MATERIAL MISSTATEMENT AT THE FINANCIAL STATEMENT LEVEL (RISQUE D’ANOMALIES SIGNIFICATIVES AU NIVEAU DES ÉTATS FINANCIERS)—Risks of material misstatement that relate pervasively to the financial statements as a whole and potentially affect many FSLIs and assertions.
RISK OF SIGNIFICANT DEVIATION (RISQUE D’ÉCARTS IMPORTANTS)—The risk that the underlying subject matter contains a significant deviation prior to the engagement.
ROLLOVER METHOD (MÉTHODE DU ROULEMENT)—Quantifies a misstatement based on the amount of the error originating in the current-year income statement (or the statement of changes in net assets or statement of operations). This method considers that differences not corrected in the period in which they arise may be offset to the SUM of a subsequent period.
ROOT CAUSE (CAUSES PROFONDES)—The reason why the tasks or processes are not working or not working properly; the factor that generated the deviation.
ROOT CAUSE ANALYSIS (ANALYSE DES CAUSES PROFONDES)—A systematic analysis of the causes of an incident or a deviation to try and identify the core issue or factor resulting in the observed incident or problem(s). A collective term that describes a wide range of approaches, tools, and techniques used to uncover causes of problems.
RULE OF THUMB (MATERIALITY) (RÈGLE EMPIRIQUE (seuil de signification))—A threshold, otherwise called a percentage, applied, based on our experience, to a component of the financial statements for the purposes of overall materiality calculation.
S
SAFEGUARDS (SAUVEGARDES)—Actions associated with eliminating or reducing threats to compliance with relevant ethical requirements to an acceptable level.
SAMPLE (ÉCHANTILLON)—A subset of a population.
SAMPLE SELECTION METHOD (MÉTHODE DE SÉLECTION DE L’ÉCHANTILLON)—To obtain a representative sample so that sample results can be projected to the population or stratum. Either random, haphazard or systematic methods may be applied, according to the circumstances.
SAMPLING (ÉCHANTILLONNAGE)—The process of selecting a sample from a population.
SAMPLING ERROR (ERREUR D’ÉCHANTILLONAGE)—The risk that our sample does not accurately characterize its population because we have not tested the entire population. It is the complement of the confidence level. For example, a confidence level of 90% means that the sampling risk is 10%. Thus there is a 10% risk that the true population value is outside of the confidence interval surrounding the value we obtain from the sample.
SAMPLING FRAME (BASE D’ÉCHANTILLONAGE)—The list or representation of a population from which you are actually selecting a sample. This might be an excel listing, for example.
SAMPLING POPULATION (POPULATION DE L’ÉCHANTILLON)—The source of items to be selected by audit sampling. Can be an entire account balance or class of transactions. However, the population should be restricted to the group of transactions, for the time period and under the same system of controls, that are relevant to the objectives of the test to be performed.
SAMPLING RISK (RISQUE D’ÉCHANTILLONNAGE)—The risk that the auditor’s conclusion based on a sample may be different from the conclusion if the entire population were subjected to the same audit procedure. Sampling risk can lead to two types of erroneous conclusions: (i) In the case of a test of controls, that controls are more effective than they actually are, or in the case of a test of details, that a material misstatement does not exist when in fact it does. The auditor is primarily concerned with this type of erroneous conclusion because it affects audit effectiveness and is more likely to lead to an inappropriate audit opinion. (ii) In the case of a test of controls, that controls are less effective than they actually are, or in the case of a test of details, that a material misstatement exists when in fact it does not. This type of erroneous conclusion affects audit efficiency as it would usually lead to additional work to establish that initial conclusions were incorrect.
SAMPLING UNIT (UNITÉ DE SONDAGE)—The individual items constituting a population. It represents the specific population characteristic that defines the items we will sample. For example, in testing accounts receivable, the sampling unit might be the customer balance, invoice number or individual sales transaction.
SCOPE (ÉTENDUE)—The audit scope sets out what will be audited, the extent of the audit, and any limitations. Clearly defining the audit scope is important to set out which issues are of significance to be included in a particular audit or special examination and to determine what will be reported to Parliament or to the Board of Directors of a Crown corporation.
SECTION OF FINANCIAL STATEMENT (SECTION DES ÉTATS FINANCIERS)— A caption within a financial statement (e.g., assets, liabilities and equity within the balance sheet).
SEGREGATION OF DUTIES (SÉPARATION DES TÂCHES)—Assigning different people the responsibilities of authorizing transactions, recording transactions and maintaining custody of assets is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person’s duties. It is part of the foundation of internal controls to achieve the validity and restricted access information processing objectives at both the control environment and control activities component levels. Segregation of duties should be enabled by the information system as well as manual controls to restrict access to physical assets to ensure the separation of roles and responsibilities throughout the organization.
SENTIMENT ANALYSIS (ANALYSE DE SENTIMENTS)—A form of text analytics. It consists of applying analysis on bodies of text to understand the velance of the underlying sentiment.
SERVICE AUDITOR (AUDITEUR DE LA SOCIÉTÉ DE SERVICES)—An auditor who, at the request of the service organization, provides an assurance report on the controls of a service organization.
SERVICE ORGANIZATION (SOCIÉTÉ DE SERVICES)—A third-party organization (or segment of a third-party organization) that provides services to user entities that are part of those entities’ information systems relevant to financial reporting.
SERVICE ORGANIZATION’S SYSTEM (SYSTÈME DE LA SOCIÉTÉ DE SERVICES)—The policies and procedures designed, implemented and maintained by the service organization to provide user entities with the services covered by the service auditor’s report.
SIGNIFICANT COMPONENT (COMPOSANTE IMPORTANTE)—A component identified by the group engagement team (i) that is of individual financial significance to the group, or (ii) that, due to its specific nature or circumstances, is likely to include significant risks of material misstatement of the group financial statements.
SIGNIFICANT DEFICIENCY (DÉFAUT GRAVE)—The Office considers a significant deficiency to be a major weakness that could prevent the corporation from having reasonable assurance that its assets are safeguarded and controlled, its resources are managed economically and efficiently, and its operations are carried out effectively.
SIGNIFICANT DEFICIENCY IN INTERNAL CONTROL (DÉFICIENCE IMPORTANTE DU CONTRÔLE INTERNE)—A deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance.
SIGNIFICANT DEVIATION (ÉCART IMPORTANT) (for direct engagements only)—Deviations, including omissions, are considered to be significant if they, individually or in the aggregate, could reasonably be expected to influence relevant decisions of intended users taken on the basis of the practitioner’s report. The practitioner’s consideration of significance is a matter of professional judgment, and is affected by the practitioner’s perception of the common information needs of intended users as a group.
SIGNIFICANT MATTER (QUESTION IMPORTANTE)—A finding or issue that in our judgment is significant to the procedures performed, evidence obtained, or conclusions reached. Significant matters either are, or could be, important to our audit opinion or to the support for our opinion. They require consideration by the team manager and review and sign off by the engagement leader, and frequently also require appropriate consultation. Examples of significant matters include:
- Results of audit procedures indicating that the financial statements could be materially misstated, where judgment is involved.
- New significant risks of material misstatement assessed after the risk assessment performed for planning purposes, and the auditor’s responses to those risks.
- Circumstances that cause the auditor significant difficulty in applying necessary audit procedures.
- Findings that could result in a modification to the audit opinion or the inclusion of an emphasis of matter paragraph in the auditor’s report.
SIGNIFICANT RISK (RISQUE IMPORTANT)—An inherent risk that, in our judgment, requires special audit consideration in terms of the nature, timing or extent of testing, because of: the nature of the risk, the likely magnitude of the potential misstatements (including the possibility that the risk may give rise to multiple misstatements) and the likelihood of the risk occurring. In assessing whether a significant risk exists, we do not consider the effect of controls related to the risk. A significant risk is a higher risk than normal risk.
SKEWNESS (ASYMÉTRIE)—A statistical measure which indicates a lack of symmetry about the population mean in a frequency distribution. Typical accounting populations are often skewed because there are many small to medium amounts and several very few large amounts.
SMALLER ENTITY (PETITE ENTITÉ)—For purposes of specifying additional considerations to audits of smaller entities, a “smaller entity” refers to an entity which typically possesses qualitative characteristics such as: (a) Concentration of ownership and management in a small number of individuals (often a single individual—either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and (b) One or more of the following: (i) Straightforward or uncomplicated transactions; (ii) Simple record-keeping; (iii) Few lines of business and few products within business lines; (iv) Few internal controls; (v) Few levels of management with responsibility for a broad range of controls; or (vi) Few personnel, many having a wide range of duties. These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller entities do not necessarily display all of these characteristics.
SPECIAL EXAMINATION (EXAMEN SPÉCIAL)—Are a type of performance audit performed by the Office of the Auditor General. Special Examinations provide an opinion on whether there is reasonable assurance that there are no significant deficiencies in the Crown corporation’s systems and practices. The special examination reports are presented to the Board of Directors, which in turn submit the reports to the appropriate Minister, the President of the Treasury Board, and make the report available to the public.
SPECIAL EXAMINATION OBJECTIVES (OBJECTIF DE L’EXAMEN SPÉCIAL)—In accordance with section 138 of the Financial Administration Act, the examiner’s responsibility in a special examination is to express an opinion on whether there is reasonable assurance that, during the period covered by the examination, management can reasonably ensure that there were no significant deficiencies in the corporation’s systems and practices.
SPECIAL EXAMINATION PLAN (PLAN D’EXAMEN SPÉCIAL)—The special examination plan is submitted to the corporation’s audit committee before the examination phase begins. The plan identifies the systems and practices that are considered essential to providing the corporation with reasonable assurance that its assets are safeguarded and controlled, its resources managed economically and efficiently, and its operations carried out effectively. The examination plan also includes the criteria used to examine the corporation’s systems and practices.
SPECIAL EXAMINATION REPORT (RAPPORT D’EXAMEN SPÉCIAL)—The special examination report provides an opinion, based on the criteria presented to the Corporation’s audit committee, on whether there is reasonable assurance that, during the period covered by the examination, there were no significant deficiencies in the systems and practices selected for examination. In addition to the opinion, the report presents the findings in more detail for each area examined, and may contain recommendations.
SPECIAL PURPOSE FINANCIAL INFORMATION PREPARED FOR THE PURPOSES OF GROUP CONSOLIDATION (INFORMATION FINANCIÈRE À USAGE PARTICULIER PRÉPARÉE AUX FINS DU PROCESSUS DE CONSOLIDATION DU GROUPE)—(hereinafter referred to as component financial information or special purpose financial information)—Special purpose financial information prepared for the purposes of group consolidation refers to any form of financial information submitted from a component to the corporate head office to support the preparation of consolidated group financial statements. Such financial information includes, for example:
- Standard reporting forms;
- A trial balance;
- An individual financial statement or statements (i.e., balance sheet, income statement, cash flow statement);
- Financial statement element schedule (e.g., accounts receivable statement); and/or
- Any other financial information (e.g., lease or debt information relevant to the preparation of the notes to the consolidated group financial statements).
SPECIAL PURPOSE FINANCIAL STATEMENTS (ÉTATS FINANCIERS À USAGE PARTICULIER)—Financial statements prepared in accordance with a special purpose framework.
SPECIAL PURPOSE FRAMEWORK (RÉFÉRENTIEL À USAGE PARTICULIER)—A financial reporting framework designed to meet the financial information needs of specific users. The financial reporting framework may be a fair presentation framework or a compliance framework.
SPECIALISTS IN ACCOUNTING OR AUDITING (SPÉCIALISTE EN COMPTABILITÉ OU EN AUDIT)—OAG staff possessing expertise in accounting or auditing.
STAKEHOLDERS (PARTIES PRENANTES)—Those who have an interest in the performance of an entity. They may include employees, customers, suppliers, and the community. Understanding stakeholder needs, including how these needs interact and compete, helps develop a more comprehensive appreciation of business objectives and related risks.
STANDARD DEVIATION (ÉCART-TYPE)—The square root of the variance. It has important statistical properties. The standard deviation is most commonly used measure of dispersion and is almost always paired with the mean.
STANDING DATA (DONNÉES PERMANENTES)—Data of a permanent or semi-permanent nature that is used repeatedly during processing, e.g., rates of pay used for calculating salaries.
STANDARD ERROR (ERREUR-TYPE)—The expected variability in a statistic, such as the arithmetic mean, across repeated sampling.
STATISTIC (STATISTIQUE)—A specific measure taken on a sample.
STATISTICAL SAMPLING (SONDAGE STATISTIQUE)—An approach to sampling that has the following characteristics:
- Random selection of the sample items; and
- The use of probability theory to evaluate sample results, including measurement of sampling risk.
A sampling approach that does not have characteristics (i) and (ii) is considered non-statistical sampling.
STATUS REPORT (RAPPORT LE POINT)—Status reports follow up on progress made by the government in responding to recommendations contained in previous performance audits.
STATUTORY CONTROL OBJECTIVE FOR SPECIAL EXAMINATIONS (OBJECTIFS DE CONTRÔLE LÉGISLATIF (AUX FINS DES EXAMENS SPÉCIAUX))—Control objectives defined under section 131 (2) (a) and (c) of the Financial Administration Act, that are required to be achieved by the Crown corporation. These objectives are: Ensuring that assets are safeguarded and controlled; Ensuring that its resources are managed economically and efficiently; and Ensuring that operations are carried out effectively.
STRATIFICATION (STRATIFICATION)—The process of dividing a population into sub-populations, each of which is a group of sampling units which have similar characteristics (often monetary value). It is a means of improving the effectiveness of our sampling when we are concerned with overstatement and where monetary amounts of items within the population vary significantly.
STRUCTURED DATA (DONNÉES STRUCTURÉES)—Data that have a layout or form (e.g.: Excel spreadsheet).
SUBJECT MATTER INFORMATION (INFORMATIONS SUR L’OBJET CONSIDÉRÉ)—The outcome of the measurement or evaluation of the underlying subject matter against the criteria, i.e., the information that results from applying the criteria to the underlying subject matter.
SUB-PROCESS (SOUS-PROCESSUS)—A group of transactions for which specific accounting procedures and controls are established by an entity’s management. For example, a revenue and receivables business process may include sub-processes such as sales of goods and services, cash receipts and customer receipts.
SUBSEQUENT EVENTS (ÉVÉNEMENTS POSTÉRIEURS)—Events occurring between the date of the financial statements and the date of the auditor’s report, and facts that become known to the auditor after the date of the auditor’s report.
SUBSERVICE ORGANIZATION (SOUS-TRAITANT DE LA SOCIÉTÉ DE SERVICES)—A service organization used by another service organization to perform some of the services provided to user entities that are part of those user entities’ information systems relevant to financial reporting.
SUBSTANTIATION (CORROBORATION)—Substantiation is comprehensive summary or references to the documented evidence for an audit report. Substantiation summarizes the material or includes references to the material that supports the factual statements, findings, recommendations, and the conclusion of the audit report, including any logical deductions and judgments.
SUBSTANTIVE PROCEDURES (PROCÉDURE DE CORROBORATION)—An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise: (i) Tests of details (of classes of transactions, account balances, and disclosures); and (ii) Substantive analytical procedures. Their purpose is to provide evidence supporting management’s implicit financial statement assertions or, conversely to discover misstatements in the financial statements directed to management information capable of being related to financial statement assertions.
SUFFICIENCY (OF AUDIT EVIDENCE) (CARACTÈRE SUFFISANT (DES ÉLÉMENTS PROBANTS))—The measure of the quantity of audit evidence. The quantity of audit evidence is affected by the auditor’s assessment of the risks of material misstatement and also by the quality of such audit evidence.
SUMMARY FINANCIAL STATEMETENTS (ÉTATS FINANCIERS SOMMAIRES)—Historical financial information that is derived from financial statements but that contains less detail than the financial statements, while still providing a structured representation consistent with that provided by the financial statements of the entity’s economic resources or obligations at a point in time or the changes therein for a period of time. Different jurisdictions may use different terminology to describe such historical financial information.
SUMMARY OF COMFORT (SoC) (SOMMAIRE DE LA CONFIANCE ACCORDÉE)—A component of the audit plan which records how we plan to obtain and how we have obtained audit evidence, whether by Controls Reliance or from obtaining substantive audit evidence, in relation to the financial statement assertions.
SUMMARY OF UNCORRECTED MISSTATEMENTS (SUM) (SOMMAIRE DES ANOMALIES NON CORRIGÉES (SANC))—A record of the misstatements identified during the audit, whether corrected or expected to be corrected, or not, by the entity. For this purpose, “misstatements” include our qualitative findings, including inadequate or improper description of an accounting policy and incomplete or omitted disclosures.
SYSTEM (SYSTÈME)—Packaged or in-house developed or modified software that processes the client’s financial and operational information.
SYSTEMATIC SELECTION METHOD (MÉTHODE DE SÉLECTION SYSTÉMATIQUE)—A common method of selection in non-statistical sampling. This method of selecting a sample selects every nth item. A sampling interval is established based on the number of items, without reference to size or monetary value of the item.
SYSTEMS AND PRACTICES (MOYENS ET MÉTHODES)—These are controls found in a Crown corporation that, taken together with resources, processes, culture and structure, support the achievement of the statutory control objectives.
T
TABLING (DÉPÔT D’UN RAPPORT)—The process whereby the Auditor General (or Commissioner of the Environment and Sustainable Development) submits reports on performance audits and status reports to the House of Commons or Territorial Legislatures.
TAKING STOCK/PROGRESS MEETINGS (RÉUNIONS DE MISE AU POINT ou D’ÉTAPE)—A meeting of all or key members of the engagement team, including relevant specialists (such as IT Audit specialists, Controls Assurance specialists, Data analytics specialists), to share information about the client and the work performed to date, and to discuss and agree what needs to be done next and by whom. This includes considering whether we have enough audit evidence, and the need to drill further down the management unit/business process or obtain substantive audit evidence.
TARGETED TESTING (TEST CIBLÉ)—A method of selecting items to be tested based on some characteristic (e.g. monetary value, or risk), rather than selecting them “randomly” using audit sampling.
TEAM DEBRIEF (RÉUNION-BILAN DE L’ÉQUIPE)—A team meeting held at the end of the completion process where the team reviews its performance against its objectives, feedback is shared and areas are identified for future.
TEAM MANAGER (GESTIONNAIRE D’ÉQUIPE)—The team manager is a director or experienced audit professional on the engagement team who, with the appropriate oversight and coaching by the engagement leader, assists in the design of the audit strategy and plan and coordinates its implementation on a day-to-day basis.
TEAM PLANNING MEETING (RÉUNION DE PLANIFICATION DE L’ÉQUIPE)—A meeting that takes place during the planning phase that involves the engagement leader and other key members of the engagement team where certain required discussions occur. The objective of the meeting is to enhance the effectiveness and efficiency of the planning process through effective gathering and sharing of information among the team.
TECHNOLOGY SOLUTION (SOLUTION TECHNOLOGIQUE)—A program, database, or other automated technique created or developed using a technology.
TEST OF CONTROLS (TEST DES CONTRÔLES)—An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.
TESTS OF DETAILS (TEST DE DÉTAIL)—One type of substantive test; tests involving the examination of support for individual items that make up balance sheet and profit and loss accounts.
THIRD PARTY (TIERS)—Third parties are organizations, groups, and individuals that are not included in the scope of an audit, but have been referred to directly or indirectly in the reports of performance audits or special examinations. Third parties can be government departments and agencies, other levels of government, Crown corporations, suppliers or beneficiaries of government programs, commercial organizations, interest groups, and individuals.
THOSE CHARGED WITH GOVERNANCE (RESPONSABLES DE LA GOUVERNANCE)—The person(s) or organization(s) (e.g., a corporate trustee) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting process. For some entities in some jurisdictions, those charged with governance may include management personnel, for example, executive members of a governance board of a private or public sector entity, or an owner-manager.
TIME SERIES (SÉRIE CHRONOLOGIQUE)—Analysis of repeated measures over time to identify time based patterns.
TIMELY (EN TEMPS OPPORTUN)—Timely means within a reasonable time after the procedures were performed and at least within any applicable time limit. Our documentation, assembly of the final audit file and archiving is timely in order to comply with professional standards and, as appropriate, to facilitate efficient and effective review and evaluation of the procedures performed, proper recording of the audit evidence obtained and conclusions reached before the finalization of the audit report, and efficient and effective completion of the wrap-up and archiving process.
TOLERABLE MISSTATEMENT OR TOLERABLE ERROR (ANOMALIE ACCEPTABLE ou ERREUR ACCEPTABLE)—A monetary amount set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the monetary amount set by the auditor is not exceeded by the actual misstatement in the population. It represents the largest amount of misstatement we can tolerate in an account or population and still conclude that we have obtained sufficient assurance that the account does not contain a material misstatement. When planning an audit sample, we judge how much misstatement is considered material for that particular account or population. Tolerable misstatement is related to our preliminary estimate of overall materiality.
TOLERABLE RATE OF DEVIATION (TAUX D’ÉCART ACCEPTABLE)—A rate of deviation from prescribed internal control procedures set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of deviation set by the auditor is not exceeded by the actual rate of deviation in the population.
TRANSACTION (OPÉRATION)—In the context of a sub-process, a manual or automated event that changes the data held or its state, either by adding or changing information held, or by applying a control or judgment over the data.
TRANSACTION LEVEL CONTROLS (CONTRÔLE AU NIVEAU DE L’OPÉRATION)—Control activities over the initiation, recording, processing and reporting of transactions designed to operate at a level of precision that would prevent, or detect and correct on a timely basis, misstatements to one or more relevant assertions for a FSLI/business process. Transaction level controls can be either detective or preventive in nature. Transaction level controls comprise manual, automated or IT dependent manual controls (the latter are referred to in OAG Audit as manual controls that use system-generated data or reports).
TRANSACTIONAL BUSINESS PROCESS (PROCESSUS OPÉRATIONNELS AU NIVEAU DES TRANSACTIONS)—Include control activities over the initiation, recording, processing, and reporting of higher number and different types of routine transactions throughout the reporting period. Therefore, control activities operate throughout the period and as of the reporting date. Such processes are generally fundamental to the way in which an entity primarily generates revenues and incurs expenses, and may be heavily reliant on information technology systems and applications. We expect there is a greater number of relevant control activities that we need to understand in transactional business processes than in periodic business processes. Examples of transactional business processes often include, but are not limited to: revenue and receivables, purchasing and payables, production and inventory and payroll.
TRANSPARENCY (TRANSPARENCE)—The financial statement assertion of transparency means that financial information is appropriately classified and disclosures are understandable.
TRANSPARENCY IN CORPORATE REPORTING (TRANSPARENCE DES RAPPORTS D’ENTREPRISE) — Refers to the information that management of an organization articulates to its stakeholders, communicating the “whole story” of the organization, key information management uses to run the organization and key information for stakeholders to make informed decisions on the future of the organization.
TRANSMISSION DRAFT (ÉBAUCHE DE TRANSMISSION)—The Transmission draft is the near final version of the audit report that is issued to the deputy head of the entity (for performance audits) or to the Audit Committee (for special examinations). This draft reflects changes made following entity official’s review of the principal’s (PX) draft and discussions between the entity and audit team, as well as with internal reviewers.
TYPES OF AUDIT TESTS (TYPES DE CONTRÔLE PAR SONDAGE)—There are eight types of audit tests: Confirmation, Inspection of tangible assets, Inspection of information or data, Observation, Inquiry, Recalculation, Reperformance, Analytical procedures.
U
UNCORRECTED MISSTATEMENTS (ANOMALIES NON CORRIGÉES)—Misstatements that the auditor has accumulated during the audit and that have not been corrected.
UNDERLYING SUBJECT MATTER (OBJET CONSIDÉRÉ)—The phenomenon that is measured or evaluated by applying criteria.
USER AUDITOR (AUDITEUR DE L’ENTITÉ UTILISATRICE)—An auditor who audits and reports on the financial statements of a user entity.
USER ENTITY (ENTITÉ UTILISATRICE)—An entity that uses a service organization and whose financial statements are being audited.
USER ORGANIZATION (ENTITÉ CLIENTE)—Term used in relation to guidance on service organizations to identify the entity that has engaged a service organization and whose financial statements are being audited.
USERS OF FINANCIAL STATEMENTS (UTILISATEURS DES ÉTATS FINANCIERS)—A group of interested parties assumed to have a reasonable knowledge of business, economic activities and accounting, willingness to study the financial statements with reasonable diligence, and an understanding of the principles of materiality.
UNSTRUCTURED DATA (DONNÉES NON STRUCTURÉES)—Data that do not use a predefined layout, such as Twitter posts, Word document contents, audio files, etc.
V
VARIABLES SAMPLING (SONDAGE DE VARIABLES)—Variables sampling is used to extrapolate amounts or quantities, such as the amount of error in salary among employees of the OAG. It is not suitable for the extrapolation of the proportion of items in error. This sampling is most often used for financial audit. Information needed includes confidence interval and confidence level, population size, and standard deviation of the selection variable. At the OAG, Dollar Unit Sampling (DUS/MUS) and Non-Statistical Sampling (NSS) are used for variables sampling.
VARIANCE (VARIANCE)—The average of the squared deviations of each value from the mean.
W
WALKTHROUGH (TEST DE CHEMINEMENT)—A method of confirming our understanding of the process flow and design of controls by tracing individual transactions, both recurring and unusual, from initiation through recording and processing by the entity’s information system until they are reported in the entity’s financial statements.
WHISTLEBLOWER (DÉNONCIATEUR)—An employee or former employee who reports misconduct to people or authorities who have the power to take corrective action. Generally the misconduct is a breach of law, regulation or public interest.
WORKING PAPER/WORK PAPER (DOCUMENT DE TRAVAIL)—An electronic or paper document used to record the audit work done in respect of an audit step.
WRITTEN REPRESENTATION (DÉCLARATION ÉCRITE)—A written statement by management provided to the auditor to confirm certain matters or to support other audit evidence. Written representations in this context do not include financial statements, the assertions therein, or supporting books and records.
List of Synonyms
The following list of terms used in the OAG audit manuals and their synonyms has been prepared to assist auditors with the interpretation of policies and guidance.
Term Used | Synonyms |
---|---|
Assurance Engagement Report (Rapport de la mission de certification) | Auditor General’s Report, Special Examination Report, Engagement Report, PX (Principal’s) Draft, Transmission Draft |
Audit Risk (Risque d’audit) | Engagement Risk |
Auditor (Auditeur) | Examiner, Practitioner |
Board of Directors (Conseil d’administration) | Those charged with governance |
Engagement (Mission) | Audit, Assurance Engagement, Financial Audit, Annual Audit, Audit of Financial Statements, Special Examination, Performance Audit |
Engagement Leader (Responsable de la mission) | Audit Principal, PX, Engagement Partner |
Entity (Entité) | Client, Crown corporation, Government department, Government agency |
Office (Bureau) | Office of the Auditor General of Canada, Firm, OAG, Legislative Audit Office |
Procedure (Procedure) | Procedure step, audit procedure |
Quality Reviewer (Responsable du contrôle qualité) | Engagement Quality Control Reviewer, QR |
Relevant Ethical Requirements (Règles de déontologie pertinentes) | Fundamental Principles of Ethics |