COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
Engagement team members shall maintain and be seen to maintain independence and objectivity to fulfill the mandate of the Office.
This section outlines how team members, engagement leaders, and assistant auditors general all have an important role to play in achieving independence and ensuring threats to independence are managed through the application of appropriate safeguards. Legal Services and Corporate Services support these individuals, as outlined in the guidance in this section.
Office |
Annual Audit |
Performance Audit, Special Examination, and Other Assurance Engagements |
CSQC 1.C21 The firm shall establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including network firm personnel) maintain independence where required by relevant ethical requirements. Such policies and procedures shall enable the firm to: (Ref: Para. A10) (a) Communicate its independence requirements to its personnel and, where applicable, others subject to them; and C(b) Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement, where withdrawal is possible under applicable law or regulation. [In ISQC 1, this paragraph states: Identify threats to independence, evaluate whether the identified threats are at an acceptable level, and if not address them by eliminating the circumstances that create the threats, applying safeguards to reduce threats to an acceptable level, or withdrawing from the engagement, where withdrawal is possible under applicable law or regulation.] CSQC 1.22 Such policies and procedures shall require: (Ref: Para. A10) (a) Engagement partners to provide the firm with relevant information about client engagements, including the scope of services, to enable the firm to evaluate the overall impact, if any, on independence requirements; (b) Personnel to promptly notify the firm of circumstances and relationships that create threats to independence so that appropriate action can be taken; and (c) The accumulation and communication of relevant information to appropriate personnel so that: (i) The firm and its personnel can readily determine whether they satisfy independence requirements; (ii) The firm can maintain and update its records relating to independence; and (iii) The firm can take appropriate action regarding identified threats to independence that are not at an acceptable level. CSQC 1.23 The firm shall establish policies and procedures designed to provide it with reasonable assurance that it is notified of breaches of independence requirements, and to enable it to take appropriate actions to resolve such situations. The policies and procedures shall include requirements for: (Ref: Para. A10) (a) Personnel to promptly notify the firm of independence breaches of which they become aware; (b) The firm to promptly communicate identified breaches of these policies and procedures to: (i) The engagement partner who, with the firm, needs to address the breach; and (ii) Other relevant personnel in the firm and, where appropriate, the network, and those subject to the independence requirements who need to take appropriate action; and (c) Prompt communication to the firm, if necessary, by the engagement partner and the other individuals referred to in subparagraph 23(b)(ii) of the actions taken to resolve the matter, so that the firm can determine whether it should take further action. CSQC 1.24 At least annually, the firm shall obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel required to be independent by relevant ethical requirements. (Ref: Para. A10-A11) CSQC 1.A11 Written confirmation may be in paper or electronic form. By obtaining confirmation and taking appropriate action on information indicating a breach, the firm demonstrates the importance that it attaches to independence and makes the issue current for, and visible to, its personnel. |
CAS 220.C11 The engagement partner shall form a conclusion on compliance with independence requirements that apply to the audit engagement. In doing so, the engagement partner shall: (Ref: Para. A5) C(a) Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate circumstances and relationships that create threats to independence [In ISA 220, this paragraph states: Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate threats to independence]; (b) Evaluate information on identified breaches, if any, of the firm's independence policies and procedures to determine whether they create a threat to independence for the audit engagement; and C(c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal is possible under applicable law or regulation. The engagement partner shall promptly report to the firm any inability to resolve the matter for appropriate action. [In ISA 220, this paragraph states: (c) Evaluate whether the identified threats are at an acceptable level; and (d) Take appropriate action to address the threats that are not at an acceptable level by eliminating the circumstances that create the threats, applying safeguards to reduce threats to an acceptable level, or withdrawing from the engagement, where withdrawal is possible under applicable law or regulation. The engagement partner shall promptly report to the firm any inability to resolve the matter for appropriate action.] (Ref: Para. CA6-A7) CAS 220.CA6 The engagement partner may identify a threat to independence regarding the audit engagement that safeguards may not be able to eliminate or reduce to an acceptable level. In that case, as required by paragraph C11C(c), the engagement partner reports to the relevant person(s) within the firm to determine appropriate action, which may include eliminating the activity or interest that creates the threat, or withdrawing from the audit engagement, where withdrawal is possible under applicable law or regulation. [In ISA 220, this paragraph states: The engagement partner may identify a threat to independence regarding the audit engagement that may not be at an acceptable level. In that case, as required by paragraph 11(d), the engagement partner reports to the relevant person(s) within the firm to determine the appropriate action, which may include eliminating the circumstance that creates the threat, applying safeguards to reduce the threat to an acceptable level or withdrawing from the audit engagement, where withdrawal is possible under applicable law or regulation.] Considerations Specific to Public Sector Entities CAS 220.A7 Statutory measures may provide safeguards for the independence of public sector auditors. However, public sector auditors or audit firms carrying out public sector audits on behalf of the statutory auditor may, depending on the terms of the mandate in a particular jurisdiction, need to adapt their approach in order to promote compliance with the spirit of paragraph 11. This may include, where the public sector auditor's mandate does not permit withdrawal from the engagement, disclosure through a public report, of circumstances that have arisen that would, if they were in the private sector, lead the auditor to withdraw. |
Acceptance and Continuance CSAE 3001.24 The practitioner shall accept or continue a direct engagement only when: (Ref: Para. A31-A34) (a) The practitioner has no reason to believe that relevant ethical requirements, including independence, will not be satisfied; Quality Control Professional Accountants in Public Practice (Ref: Para. 22, 35(a)–(b)) CSAE 3001.A59 This CSAE has been written in the context of a range of measures taken to ensure the quality of assurance engagements undertaken by professional accountants in public practice. Such measures include:
|
Office employees shall perform their duties and arrange their private affairs so that public confidence and trust in the integrity, independence, objectivity, and impartiality of the Office are protected. [Nov-2011]
Auditors, in particular, shall maintain and be seen to maintain independence and objectivity to fulfill the mandate of the Office. [Nov-2011]
Annually, the Office shall obtain written confirmation of compliance with its policies and procedures on independence from all Office personnel who, during the year, have met the definition of an engagement team member on an assurance engagement. [Nov-2011]
The Office shall promptly communicate identified breaches of independence policies and procedures to the engagement leader for resolution. [Nov-2011]
All individuals who meet the definition of an engagement team member, including internal and, where appropriate, external specialists, shall confirm their independence. [Apr-2018]
The engagement leader shall form a conclusion on team members’ compliance with independence requirements that apply to the assurance engagement. [Nov-2011]
The engagement leader shall take appropriate action to eliminate or reduce threats to independence to an acceptable level by applying safeguards. [Nov-2011]
The engagement leader shall evaluate information on identified breaches and determine the impact of the breach on the assurance engagement. [Nov-2011]
An assistant auditor general shall inform the engagement leader of any threats or breaches to independence that he or she becomes aware of. [Nov-2011]
The ethical standard of independence and the Office’s Code of Values, Ethics and Professional Conduct require that Office employees who meet the definition of an engagement team member be and remain free of any influence, interest, or relationship regarding the entity’s affairs. Any such influence, interest, or relationship, impairs professional judgment or objectivity, or which, in the view of a reasonable observer, would impair professional judgment or objectivity. The Office’s Code of Values, Ethics and Professional Conduct has similar requirements applicable to all employees.
Objectivity is to not allow bias, conflict of interest, or the undue influence of others to override professional or business judgments. Independence may be defined as the ability to act with integrity and objectivity and be seen to act this way.
The Office’s independence policies and procedures require that all threats to independence be identified, so that their significance can be assessed and safeguards can be put in place to reduce or eliminate all significant threats to an acceptable level.
Where safeguards are not available to reduce threats to an acceptable level, the employee or Office should eliminate the activity, interest, or relationship creating the threats, or the employee or Office should refuse to accept or continue the engagement.
Any individual who meets the definition of engagement team member is required to comply with the Office’s audit policies and procedures related to independence, the policies included in the OAG’s Code of Values, Ethics and Professional Conduct, and the requirements of any professional association to which the individual is a member.
For purposes of our Office’s Policies and Procedures on Independence, an engagement team member is
each employee of the Office participating in the assurance engagement;
each contractor participating in the assurance engagement;
all other Office employees who can directly influence the outcome of the assurance engagement, including
(a) those who recommend the compensation of, or who provide direct supervisory, management, or other oversight of, the assurance engagement leader connected with the performance of the assurance engagement;
(b) those who provide consultation regarding technical or industry-specific issues, transactions, and events for the assurance team; and
(c) those who provide quality control for the assurance engagement; and
all other persons in the Office or external to the Office who can directly influence the outcome of the assurance engagement.
The engagement leader is required to form a conclusion on team members’ compliance with independence requirements and should apply professional judgment in assessing who meets the definition of an engagement team member and the extent to which individuals who are consulted or engaged or who provide advice on the engagement have a direct influence on the outcome of the assurance engagement.
In addition, the engagement leader should consider whether known relationships between Office employees who are not on the engagement team and the entity may also create threats to independence.
The Office considers non-compliance with these standards to be a very serious matter. Employees who breach these standards are subject to appropriate disciplinary action, up to and including termination of employment. For members of a provincial professional accounting body, the engagement leader could refer the issue to the institute/order or association.
Internal specialists involved in performing the assurance engagement or who provide formal advice in their area of specialization meet the definition of an engagement team member.
External specialists do not always meet the definition of an engagement team member.
External specialists meet the definition of an engagement team member if they possess skills, knowledge, and experience in accounting or auditing, and their work in that field is used to help the auditor obtain sufficient appropriate evidence.
External specialists who possess skills, knowledge, and experience in a field other than accounting or auditing and whose work in that field is used to help the auditor obtain sufficient appropriate evidence, do not meet the definition of an engagement team member.
An internal specialist or external specialist (in accounting or auditing) who will be involved in performing the assurance engagement (i.e. performing procedures that will give rise to audit evidence used by the engagement leader to form a conclusion) would meet the engagement team member definition.
An internal specialist or external specialist (in accounting or auditing) providing formal advice regarding technical subject matter or industry-specific subject matter issues, transactions, or events for the assurance team would meet the engagement team member definition.
The Office and those meeting the definition of engagement team members should be independent of the assurance entity during both the period covered by the assurance engagement report and the period of the current assurance engagement. This cumulative period starts at the beginning of the period covered by the assurance engagement report and ends when the assurance report is issued.
For further clarification, refer to Figure 1.1 below.
Figure 1.1 Independence period for each OAG product line
Although the Office has a significant degree of independence from its audited entities, it is important nevertheless to take appropriate actions to ensure that engagement team members are (and are perceived to be) independent and objective.
An assurance engagement team member must be and remain independent and free of any influence, interest, or relationship, that, regarding the engagement, impairs the professional judgment or objectivity of the engagement team member, or that, in the view of a reasonable observer, would impair the professional judgment or objectivity of the engagement team member.
Engagement personnel promptly notify the engagement leader of circumstances and relationships that create threats to independence.
If matters come to the engagement leader’s attention through the system of quality control or otherwise, that indicate that a member of the engagement team has a threat to independence requirements, the engagement leader, in consultation with Internal Specialist, Values and Ethics, shall
The engagement leader must consider threats to independence throughout an assurance engagement. All individuals who meet the definition of an engagement team member, including internal and where appropriate, external specialists, must perform the following for each assurance engagement they are involved in:
All team members complete an Independence Confirmation.
If no threats to independence are noted, team members provide the completed Independence Confirmation to the engagement leader for approval and inclusion in the audit file.
If a threat to independence is identified, an exception report is completed and the engagement leader proposes a resolution by applying the framework for resolution. The exception report should include a description of
(a) the nature of the engagement;
(b) the threat identified;
(c) the safeguard or safeguards identified and applied to eliminate the threat or reduce it to an acceptable level; and
(d) an explanation of how, in the senior personnel’s professional judgment, the safeguards eliminate the threat or reduce it to an acceptable level.
The engagement leader promptly communicates to the Internal Specialist, Values and Ethics, the safeguards and actions proposed to eliminate or reduce the threat.
The Internal Specialist, Values and Ethics, performs an objective review of the safeguards and actions proposed to eliminate or reduce the threat.
The engagement leader receives confirmation from the Internal Specialist, Values and Ethics, on the appropriateness of the proposed course of action, which may include proposed additional actions to reduce the threat to an acceptable level.
An individual should not commence work on the assurance engagement until any necessary safeguards to reduce or eliminate an identified threat to an acceptable level are in place.
The Internal Specialist, Values and Ethics may help ensure Records Management receives a copy of documentation for filing purposes.
The engagement leader ensures that evidence of compliance with independence requirements is documented for all engagement team members.
If rotation is desirable but not practical for an individual engagement team member, the senior engagement personnel should consider how to address any associated risk. References to the Office’s policies and procedures regarding rotation should be considered. See OAG Audit 1071 Job Rotation.
The engagement leader, throughout the engagement, remains alert through observation and making inquiries as necessary, for evidence of non-compliance with independence by members of the engagement team.
If the engagement leader has an exception to disclose, the engagement leader should identify safeguards in cooperation with the Internal Specialist, Values and Ethics and sign the exception report. If an assistant auditor general has an exception to disclose, he or she should consult the engagement leader and Internal Specialist, Values and Ethics.
If a quality reviewer identifies a threat to his or her independence or a threat to his or her ability to perform an objective review, he or she must immediately inform the engagement leader and the Assistant Auditor General, Audit Services. See OAG Audit 3063 Quality reviewer responsibilities.
The Office shall be and remain independent and free of any influence, interest, or relationships, that, regarding its audit entities, impairs the Office’s professionalism or objectivity, or that, in the view of a reasonable observer, would impair the Office’s professionalism or objectivity.
When new circumstances arise or information is obtained during the engagement that could result in an impairment of independence, team members must immediately report them to the engagement leader, who should make a decision as to whether work should stop immediately.
When joint audits are undertaken, the engagement leader should obtain assurance from the joint auditor that he or she has performed an independence assessment. Similarly, the Office should be in a position to provide the same assurance to the joint auditor.
Office employees sign an annual Conflict of Interest—Confidential Report form, as required by and according to the OAG Code of Values, Ethics and Professional Conduct. This form includes an additional independence declaration for all staff working on audit engagements. Staff members who, during the course of the year, meet the definition of engagement team member on at least one assurance engagement are required to declare that they have read the Office policies on independence and that they comply with these policies and procedures, as required by relevant ethical requirements.
The Assistant Auditor General of Corporate Services manages the annual conflict of interest process and reviews and promptly communicates identified threats and breaches to independence to the employee’s assistant auditor general, who communicates the identified threats or breaches to any impacted engagement leaders.
A conflict of interest is an incompatibility between an employee’s private interests and his or her duties as a public servant. A conflict of interest may arise from an interest, restriction, or relationship that, regarding an assurance engagement, would be seen by a reasonable observer to influence an employee’s judgment or objectivity in the conduct of the assurance engagement.
The Office has established conflict of interest measures that are included in the Code of Values, Ethics and Professional Conduct. These conflict of interest measures both protect Office employees from conflict of interest allegations and help them avoid situations of risk.
Office employees have the following overall responsibilities:
In carrying out their official duties, Office employees should arrange their private affairs in a manner that will prevent real, apparent, or potential conflicts of interest from arising.
If a conflict does arise between the private interests and the official duties of an employee, the conflict should be resolved in favour of the public interest.
Office employees also have the following specific duties:
They should not have private interests, other than those specifically permitted, that would be affected particularly or significantly by government actions in which they participate.
They should not solicit or accept transfers of economic benefit.
They should not place themselves in a position where they are under an obligation to any person who might benefit from special consideration or favour on their part or seek in any way to gain special treatment from them.
They should not step out of their official roles to assist private entities or persons in their dealings with the government where this would result in preferential treatment to the entities or persons.
They should not knowingly take advantage of, or benefit from, information that is obtained in the course of their official duties and that is not generally available to the public.
They should not directly or indirectly use, or allow the use of, government property of any kind, including property leased to the government, for anything other than officially approved activities.
An employee who does not comply with these requirements is subject to appropriate disciplinary action, up to and including termination of employment.
The annual Conflict of Interest—Confidential Report form is designed to remind Office employees of the importance of the Office’s Code of Values, Ethics and Professional Conduct and the relevant ethical requirements, including independence. The form reinforces that Office employees and members of their immediate families should have no financial or other interests that could conflict with the employees’ responsibilities or call into question their judgment or objectivity.
Employees are obligated to submit a statement about their assets, liabilities, or other interests as set out in the Conflict of Interest—Confidential Report.
This obligation arises
Office employees must disclose all of their reportable assets, liabilities, or other interests (without indicating their value) that could jeopardize or call into question their judgment or objectivity. For purposes of the disclosure, other interests include personal relationships with staff or clients; gifts, hospitality (not allowable under the Code), or other benefits; or participation in outside employment or activities.
All employees complete the Conflict of Interest—Confidential Report form and must declare that
If, during the course of the year, an employee’s situation or circumstances change with respect to the declarations previously made, he or she is required to complete a new Conflict of Interest—Confidential Report form and provide it immediately to the Assistant Auditor General, Corporate Services.
The Office expects engagement teams to apply a framework when assessing threats to independence. This framework requires the Office and its employees to
Where safeguards are not available to reduce the threat or threats to an acceptable level, the engagement leader consults the Internal Specialist, Values and Ethics concerning eliminating the activity, interest, or relationship creating the threat or threats, or refusing to accept or continue the engagement, if possible, under applicable laws and regulations.
Identify threats to compliance with independence requirements. A threat to independence, for the purposes of this policy, is a situation, relationship, or circumstance that may give rise to a breach of an employee’s professional judgment or objectivity.
Threats to independence must be considered by all engagement team members throughout the assurance engagement. Threats to independence can be categorized into threats arising from self-interest, self-review, advocacy, familiarity, and intimidation. OAG Audit 1031 Ethical requirements relating to an assurance engagement discusses these categories of threats.
When identifying threats to independence, care must be taken as threats are not always direct or overt and, in many cases, they can be quite subtle.
Assess the significance of identified threats. OAG Audit 1031 Ethical requirements relating to an assurance engagement discusses the factors to consider when assessing the significance of identified threats.
Apply safeguards, when necessary, to eliminate or reduce the threat to an acceptable level. Senior engagement personnel (engagement leader and assistant auditor general), evaluate the significance of identified threats.
Safeguards are necessary when identified threats are at a level where a reasonable observer would likely conclude that compliance with the relevant ethical requirements, including independence, may be compromised. OAG Audit 1031 Ethical requirements relating to an assurance engagement provides examples of safeguards that may eliminate or reduce identified threats to an acceptable level.
If a threat is other than insignificant, senior engagement personnel identify and apply available safeguards to eliminate or reduce the threat to an acceptable level. The Internal Specialist, Values and Ethics, objectively reviews the threat and safeguards.
Document the threat and how safeguards eliminate or reduce the threat to an acceptable level. The ongoing evaluation and disposition of threats to independence should be supported by evidence obtained both before accepting an engagement and while it is being performed. For each threat identified as other than insignificant, an engagement exception report is completed and the engagement leader ensures that all relevant decisions taken are supported and documented. Final exception reports are provided to Records Management for filing purposes. Exception reports are not placed in the audit file due to the personal and confidential nature of the content.
There may be occasions when an employee or the Office is inadvertently in breach of the relevant ethical requirements, including independence. If such an inadvertent breach occurs, it will generally not impair independence, given that the Office has appropriate quality control policies and procedures in place to promote independence and, once discovered, the breach is corrected promptly and any necessary safeguards are applied. An inadvertent breach includes a situation where the employee did not know of the circumstances that created the breach.
Engagement personnel promptly notify the engagement leader of a breach to independence requirements.
If matters come to the engagement leader’s attention, through the system of quality control or otherwise, that indicate that a member of the engagement team is in breach of the independence requirements, the engagement leader, in consultation with the employee’s Principal (where different), and the Internal Specialist, Values and Ethics,
The engagement leader documents the breach to independence in an exception report and promptly communicates a proposed action with the Internal Specialist, Values and Ethics. The engagement leader and the employee’s Principal (where different) receive confirmation from the Internal Specialist, Values and Ethics, on the appropriateness of the proposed actions. Records Management receives a copy of the final exception report for filing purposes.
If differences of opinion arise on the resolution of independence matters, team members should follow the procedures established in OAG Audit 3082 Resolution of differences of opinion.
Office employees are entitled to file a complaint or allegation if they believe the Office or its employees have failed to comply with professional standards, including relevant ethical requirements, regulatory and/or legal requirements, including the system of quality control, according to OAG Audit 1091 Complaints and allegations.
Independence matters that must be referred to the Internal Specialist, Values and Ethics, include
instances where specified actions and procedures will be necessary to appropriately manage threats and potential threats to independence, and
independence compliance concerns raised by Office personnel and/or members of the audit team.