Report on a Review of the Annual Audit Practice—Practice Reviews Conducted in the 2012–13 Fiscal Year

Report on a Review of the Annual Audit Practice—Practice Reviews Conducted in the 2012–13 Fiscal Year

Introduction

Overview

Objective

Scope and methodology

System of Quality Control elements and process controls reviewed

Rating system

Results of the Reviews

Appropriateness of the audit reports

Compliance with the system of quality control and process controls

Good practice

Practice-wide observations

Difficulty identifying those charged with governance or their equivalent
Lack of documentation of discussions with management and those charged with governance related to fraud
Inconsistency in the annual audit risk assessment, audit strategy, assertion alignment, and audit work performed
Difficulty evaluating the design and implementation of relevant controls and other control-related observations
Need for documenting independence
Inconsistencies in assessing and documenting the existence of components and their significance in group audits

Other observations

Validation of accuracy and completeness of the populations used for sampling
Timely senior management review

Considerations for the Professional Practices Group

Conclusion

Appendix A—System of Quality Control Elements (Annual Audit)

Appendix B—System of Quality Control Elements and Process Controls Reviewed

Introduction

1. The Office of the Auditor General conducts independent audits that provide objective information, advice, and assurance to Parliament, territorial legislatures, and Canadians. The Office has several product lines, including performance audits, annual audits, and special examinations.

2. Annual audits include audits of the summary financial statements of the Government of Canada and the three northern territories, and of the financial statements of Crown corporations and other entities. They are performed in accordance with Canadian auditing standards. The objective of annual audits is to provide an opinion on whether financial statements are presented fairly in accordance with the applicable financial reporting framework. Where required, the auditor also provides an opinion on whether the transactions examined comply, in all significant respects, with the legislative authorities that are relevant to a financial audit.

3. The Practice Review and Internal Audit (PRIA) team conducted practice reviews of nine selected annual audits that were reported in 2012. This work was done in accordance with the monitoring section of The Canadian Institute of Chartered Accountants (CICA) Handbook—“Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance Engagements (CSQC 1).” It was also done in accordance with the Office’s 2012–13 Practice Review and Internal Audit Plan (paragraph 7), which was recommended by the Audit Committee and approved by the Auditor General. The plan is based on systematic monitoring of the work of all audit principals in the Office, on a cyclical basis.

4. In addition to individual practice reviews, a horizontal practice review of the application of the Canadian Auditing Standard 600—Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors) (CAS 600) to annual audits was completed on 13 randomly selected audit files.1 This work was done in accordance with the PRIA work plan for 2011–12 as approved by the Office’s Audit Committee. In delivering on this commitment, PRIA engaged an external accounting firm (Ernst & Young LLP, “the contractor”) to conduct a practice review on 12 specific audit engagements where CAS 600 was applicable.

5. To meet CICA standards, the Office establishes policies and procedures for its work. These are outlined in an audit manual, various other audit tools, and a system of quality control (SoQC), and they guide auditors through a set of required steps to ensure that the audits are conducted according to professional standards and Office policies. There is a product leader at the assistant auditor general level for the annual audit product line, whose primary functions are to provide leadership and oversight for the product line and to contribute to the quality of the individual audits.

6. This report summarizes the major observations related to the practice reviews of the selected annual audits.

Overview

Objective

7. The objective of practice reviews is to provide the Auditor General with assurance that

Scope and methodology

8. We planned to conduct nine practice reviews of annual audits in the 2012–13 fiscal year. We conducted nine practice reviews, including eight annual audits and one audit component of the Government of Canada’s consolidated financial statements.2 The reviews were conducted on audit files for financial statements with fiscal years ending between July 2011 and July 2012. The eight annual audits included four of Crown corporations, two of special agreements and agencies, one of the Public Accounts of Canada, and one of a territorial government.

9. Our reviews included an examination of electronic (TeamMate) and paper audit files. We examined audit files related to the planning, examination, and reporting of the audits. We also interviewed audit team members, engagement quality control reviewers (EQCRs), and other internal specialists, as appropriate.

System of Quality Control elements and process controls reviewed

10. We focused our work on the selected elements (Appendix A) and key process controls (Appendix B) of the System of Quality Control (SoQC) for annual audits that we considered key or high risk.

11. We also looked at how the EQCRs carried out their responsibilities. EQCRs are management-level employees of the Office who are appointed to provide an objective evaluation, before the auditor’s report is issued, of the significant judgments that the audit team made and the conclusions that it reached when it was formulating the audit opinion. The EQCRs are an important element of the Office’s SoQC, and they are involved in selected individual audits from the initial planning decisions to the closing of the audit file.

Rating system

12. We applied one of the following ratings to each selected SoQC element of the individual annual audits under review:

13. After completing each practice review, we concluded on whether the audit opinion was supported and appropriate.

14. This report highlights the procedures performed, the observations and recommendations made, and management responses.

Results of the Reviews

Appropriateness of the audit reports

15. Overall, we found that in the eight files reviewed where audit reports were issued, the audit opinions were supported and appropriate.3

Compliance with the system of quality control and process controls

16. Generally, the level of compliance with the System of Quality Control (SoQC) elements was very good. We saw progress made where none of the audits reviewed needed improvements in more than two SoQC elements. All files needed improvement in at least one SoQC element, and one file was non–compliant in one element.

17. In addition, there were no observations related to work of the engagement quality control reviewers (EQCR). The three audit files with EQCR involvement were compliant.

Good practice

18. During our reviews of the audit files, we observed the following good practice:

During the planning stage, a summary document on determination of the parameters for sampling errors defined what constituted an error for each financial statement component. This summary acted as a supplement to audit planning documents. It provided senior management with a quick overview of which components were tested by sampling, and addressed any resulting concerns. The review of the document by the Principal supported senior management’s approval of the sampling parameters.

Practice-wide observations

19. The following paragraphs present our observations:

20. We are unable to report statistically significant practice-wide observations in this summary report. Such observations require a larger sample of reviews, which will not be available until 2013–14. However, we are reporting certain findings that we observed in a number of files, as well as observations on the application of CAS 600, as follows:

Difficulty identifying those charged with governance or their equivalent

21. Three of the eight files reviewed did not properly identify those charged with governance. In particular, where the audit committee is not in an oversight role, we noted difficulty in identifying those who are charged with governance. We also noted inconsistencies in documenting the required communication that should be conducted with those charged with governance. 

Lack of documentation of discussions with management and those charged with governance related to fraud

22. Four of the audit files reviewed failed to properly communicate and document

Inconsistency in the annual audit risk assessment, audit strategy, assertion alignment, and audit work performed

23. Four files had challenges with this observation at various levels. In two of the files that we reviewed, the audit teams had not properly addressed the changes to the risk assessment for certain financial statement cycles or components. In these files, the audit teams did not document

24. In three of the files that we reviewed, several summaries of comfort (SoC) were incomplete and did not align with the audit work performed. For example:

Difficulty evaluating the design and implementation of relevant controls and other control-related observations

25. In five files, we found that the audit teams had trouble evaluating the design and implementation of relevant controls.

26. An audit team should evaluate the design and implementation of relevant controls, regardless of whether or not reliance on controls was obtained. In some instances (for the cycles and components reviewed),

27. In addition, two of the audit teams did not properly establish and document the control characteristics to be tested and the conditions that would represent an exception other than monetary misstatement.

Need for documenting independence

28. In four files, independence forms were missing or incomplete. In some instances, particularly related to the work performed by specialists and consultations done with annual audit practice teams, reports were not completed and no rationale was documented for why people had not completed their forms.

29. In one instance, an exception report was improperly documented and included in the Teammate file.

Inconsistencies in assessing and documenting the existence of components and their significance in group audits

30. We made two observations in our horizontal review of the application of CAS 600.

31. In three files, we observed that teams performed detailed work on components that were identified as insignificant due to size. While work on an insignificant component can be justified as a result of a specific risk profile, we did not find evidence of support for the additional work performed.

32. In three files, we also observed that the consideration of whether a component is significant due to risk is not always clear. This lack of clarity could lead to certain high-risk components containing undetected errors.

33. During our regular practice reviews, we noted in two files that there was a lack of consistency in documenting the analysis of the existence of significant components.

34. In addition, we observed in individual audit files, during both internal and horizontal practice reviews, limited documentation of the flow of transactions among various components, and thus had difficulty in assessing their impact on the overall audit strategy.

Other observations

Validation of accuracy and completeness of the populations used for sampling

35. When using information produced by the entity, audit teams should evaluate whether the information is sufficiently reliable—in particular, when obtaining evidence of accuracy and completeness of the information. This evaluation was not sufficiently documented in three of the files reviewed.

Timely senior management review

36. In three files, we noted that senior management (Director and/or Principal) had not performed a timely review at the planning phase of the audit. In addition, two of the files did not have their summaries of comfort reviewed and approved prior to the start of the testing/substantive work.

Considerations for the Professional Practices Group

37. During our practice reviews of annual audits, we noted areas where audit teams would appreciate methodological clarification in some areas.

38. One area is the engagement leader’s review and sign-off on the summary of uncorrected misstatements (SUM). Section 9016 of methodology requires the engagement leader to sign off on uncorrected misstatements. However, it is not clear in the Teammate audit file where this sign-off procedure is included.

39. We noted that there was limited guidance for joint audits. As a result, there are some inconsistencies among audit teams in the level of joint auditor file review and the types of working papers that should be copied for our audit file. The Annual Audit Practice Team (AAPT) might consider providing some high- level guidance to increase consistency across the Office and potentially increase efficiencies.

40. OAG guidance “Obtaining the Auditor General's Signature for an Auditor's Report” details the process for obtaining final sign-off for an auditor’s report. This guidance should be reviewed to ensure that it reflects the process preferred by the Auditor General and minimizes confusion by removing references to the Deputy Auditor General (DAG).

41. There were instances where independence forms were missing from AAPT individuals who are providing consultative services to the audit team. Even though the involvement of AAPT measured by the number of hours might be low, there is a concern that the assessment of independence is not performed by all AAPT individuals in a particular review.

42. We also noted that there is inconsistency in the Annual Audit Manual section 3031 Independence concerning the period during which an auditor should declare his/her independence and the guidance issued. 

Conclusion

43. For each of the eight annual audits that we reviewed, the auditor’s report was supported and appropriate.

44. While the level of compliance with Office policies and professional audit standards is high, we observed that improvement is needed in four areas:

45. While there were no significant reportable findings in the horizontal practice review concerning application of CAS 600, we believe that other reportable findings should be brought forward for the Office to consider. In the cases described previously,

Management’s response

We have reviewed the observations raised and note the progress since prior reviews. The summary results will be shared with the annual audit practice and practitioners will be reminded of the importance of continuing to address any outstanding observations.

Appendix A—System of Quality Control Elements (Annual Audit)4

Diagram showing objectives, levels, and elements of the System of Quality Control

[Appendix A—text version]

Appendix B—System of Quality Control Elements and Process Controls Reviewed

Our review covers the following System of Quality Control (SoQC) elements:

Engagement performance. We reviewed whether the audit was planned, executed, and reported in accordance with Canadian generally accepted auditing standards, applicable legislation, and Office policies and procedures. We considered whether the Office meets its reporting responsibilities by having in place appropriate audit methodology, recommended procedures, and practice aids that support efficient audit approaches, producing sufficient audit evidence at the appropriate time.

As part of the conduct of the audit, we also reviewed audit file finalization. We determined whether audit files were closed within 60 days of the auditor's report being given final clearance by the signatory and the financial statements being approved by the Board of Directors of the entity, or its equivalent, as required by Office policy.

We reviewed whether consultation was sought from authoritative sources and specialists with appropriate competence, judgment, and authority to ensure that due care was taken, particularly when dealing with complex, unusual, or unfamiliar issues. We also reviewed whether the consultations were adequately documented, and whether the audit team took appropriate and timely action in response to the advice received from the specialists and other parties consulted.

We reviewed whether the quality reviewer carried out, in a timely manner, an objective evaluation of

We reviewed whether the work of the quality reviewer was adequately documented, and whether the audit team took appropriate and timely action in response to the advice received from the quality reviewer.

Resources. We reviewed whether the adequacy, availability, proficiency, competence, and resources of the audit team were appropriately assessed and documented.

Independence. We reviewed whether the independence of all individuals performing audit work, including specialists, had been properly assessed and documented.

Leadership and supervision. We reviewed evidence of whether individuals working on the audit received an appropriate level of leadership and direction and whether adequate supervision of all individuals, including specialists, was provided to ensure that audits were carried out properly.

 


Footnotes:

1 Ernst & Young reviewed 12 audit engagement files. The remaining audit engagement file was reviewed by the OAG’s PRIA team. (Return)

2 Of nine practice reviews planned, eight were completed during the 2012–13 fiscal year. We were unable to start the practice review of one of the files because the annual audit was not substantially completed in time for the preparation of the summary report. It is scheduled to be completed in 2013–14, and the results will be included in the summary report for that fiscal year. In addition, one of the reviews related to the 2011–12 practice review cycle, which was started and completed in 2012. Therefore, the final number of practice reviews conducted in 2012–13 is nine. (Return)

3 Of nine audit files reviewed, eight had separate audit opinions; one file was a component of a group audit. (Return)

4 The standards used for audit quality at the Office level are Canadian Standards on Quality Control (CSQC 1). A quality control standard at the engagement level for annual audits is the Canadian Auditing Standard (CAS) 220 Quality Control for an audit of financial statements. (Return)