Report on a Review of the Annual Audit Practice—Annual Audits Completed in the 2014–15 Fiscal Year
Report on a Review of the Annual Audit Practice—Annual Audits Completed in the 2014–15 Fiscal Year
Table of Contents
- Results of the Reviews
- Appendix A—System of Quality Control Elements
- Appendix B—System of Quality Control Elements and Process Controls Reviewed
1. The Office of the Auditor General of Canada (the Office) conducts independent audits and studies that provide objective information, advice, and assurance to Parliament, territorial legislatures, boards of Crown corporations, government, and Canadians. The Office has three main product lines: annual audits, performance audits, and special examinations. Performance audits and special examinations are referred to as direct report engagements.
2. Annual audits include audits of the financial statements of the Government of Canada, the three northern territories, Crown corporations, and other organizations. They are performed in accordance with Canadian Auditing Standards. The objective of annual audits is to provide an opinion on whether financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. Where required, the auditor also provides an opinion on whether the transactions examined comply in all significant respects with legislative authorities that are relevant to the annual audit.
3. The Practice Review and Internal Audit team conducted practice reviews of selected annual audits. This work was done in accordance with the monitoring section of the Canadian Standard on Quality Control 1—Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance Engagements, issued by the Chartered Professional Accountants of Canada. We also performed our work in accordance with the Office’s most recent Practice Review and Internal Audit Plan, which was recommended by the Audit Committee and approved by the Auditor General. The Plan is based on systematic, cyclical monitoring of the work of all engagement leaders in the Office.
4. To ensure that audits meet the standards of the Chartered Professional Accountants of Canada, the Office establishes policies and procedures for its work. These are outlined in the Office’s audit manual, its System of Quality Control, and various other audit tools, which guide auditors through a set of required steps. A product leader at the level of assistant auditor general is assigned to the annual audit product line. The product leader’s primary functions are to provide leadership and oversight of the product line and to contribute to the quality of individual audits.
5. This report summarizes the key observations related to the practice reviews of selected annual audits completed in the 2014–15 fiscal year.
6. The objective of practice reviews is to provide the Auditor General with assurance that
- annual audits comply with professional standards, Office policies, and applicable legislative and regulatory requirements; and
- audit reports are supported and appropriate.
Scope and methodology
7. We conducted all six of our planned practice reviews of the annual audits completed in the 2014–15 fiscal year. We used a random sampling approach to select the engagement leaders and their related files.
8. Our reviews included an examination of electronic (TeamMate) and paper audit files. We reviewed documentation related to the planning, examination, and reporting of the audits. We also interviewed selected audit team members, engagement quality control reviewers, and other internal specialists, as appropriate.
9. We reviewed all files selected in terms of the System of Quality Control (Appendix A). We focused our work on the selected elements and process controls that we considered key or high-risk (Appendix B).
10. For each annual audit under review, we rated each selected System of Quality Control element and process control as one of the following:
- Compliant. Office policy requirements and applicable auditing standards were met.
- Compliant but needs improvement. Improvements are necessary in some areas to fully comply with Office policies and professional auditing standards.
- Non-compliant. Major deficiencies exist; there is non-compliance with Office policies or professional auditing standards.
11. After completing each practice review, we concluded whether the audit opinion was supported and appropriate.
Results of the Reviews
Appropriateness of the audit reports
12. Overall, we found that the audit opinions were supported and appropriate in the six files reviewed.
Compliance with the System of Quality Control elements and process controls
13. The level of compliance with the System of Quality Control elements and process controls was good. All six files complied in all material respects with the Office’s annual audit policies, and with Canadian Auditing Standards. In three files, at least one System of Quality Control element needed improvement, and one of these files was non-compliant with a specific Office policy requirement.
14. None of the files selected for review had engagement quality control reviewers assigned to them. Therefore, there are no observations related to engagement quality control reviews.
15. Except for one item, described in paragraph 17, we did not observe any systemic issues among the six files reviewed. However, in three of these files, we noted instances of needing to improve documentation.
16. As noted above, one file was non-compliant with a specific Office requirement. We observed that this file did not include the final version of the auditor’s report, contrary to Office policy.
17. In all of the reviewed files, we found that independence forms had not been completed for certain individuals who charged time to the audit. In five of the six files, we concluded that no form was required because most of the work completed was administrative in nature and had no impact on the audit results. We encourage audit teams to review the list of individuals who have charged time to their audits, and if applicable, to document briefly in the audit results section of the audit file why the independence of these individuals does not need to be assessed.
18. Office policies require an engagement leader to review significant matters in a timely manner. In one file, we could see that even though the engagement leader was involved in all stages of the audit, this person reviewed a significant and elevated audit risk section many days after the date of the auditor’s report, counter to Office policies.
19. In one file, unforeseen events prevented the team from performing a test that the Summary of Comfort lists as mandatory for concluding on certain assertions. The team members had decided that they could obtain the necessary evidence without documenting the compensating procedures performed.
20. In response to a new risk, an audit team developed a test that consisted of performing a surprise inventory count. However, key elements were missing in the working paper for that test, including when the count was performed and by whom.
21. During planning, an audit team established materiality as a percentage of anticipated revenues. The final results showed that the revenues were significantly lower than anticipated. At the end of the audit, the audit team concluded, without any further justification, that the initial materiality was still appropriate. In these particular cases, we would have expected the audit team to have documented their judgment.
22. Office practices require that audit teams communicate with senior management just before issuing the auditor’s report to identify subsequent events. In one of the files reviewed, this inquiry was done six days before the date of the auditor’s report. Because the delay was longer than what is usual for this type of communication, we would have expected to see documentation in the file outlining briefly why the team felt that this was acceptable under the circumstances.
23. When working with a joint auditor, the audit team must review their audit strategy to ensure that the risks identified for the audit will be addressed by the joint auditor. For one audit, we noted that the review was done only during the execution phase. Given that the execution phase is late in the audit process, there would have been no time to allow any adjustment in the joint auditor’s audit strategy if it was found to deviate from the team’s expectation. We believe that this situation placed the audit team at risk. The team members told us that they had had many discussions with the joint auditor on this topic during the planning phase of the audit, and that based on their experience with this file, they believed that the audit approach of the previous year did not need to change. However, the audit team did not document these discussions and decisions in the audit file.
24. Documenting the review of the audit programs by audit team management is often a challenge. One team ensured that the tailored audit programs in TeamMate were in line with the audit strategy by creating a TeamMate report based on the audit program. This report was also used to document the director’s review, by using the Track Changes and Comments features of Word.
Recommendations to the Professional Practice Group
25. During our practice reviews of annual audits, we noted the need for clarifications in methodology and in the delegation of signing authority.
26. Observations. The Office’s Annual Audit Manual policy 3062, Engagement leader responsibilities for audit quality states that “the responsibilities of the practitioner shall be discharged by the audit principal, who is the engagement leader for all engagements . . . .” The policy also specifies that “in those circumstances where an audit principal is not assigned to the engagement, the assistant auditor general shall assume the role of engagement leader.”
27. It has come to our attention that the Office has audits that are or were being managed by a director who was in the role of an engagement leader. In the audit file we reviewed, it was well documented how the assistant auditor general and the director would cover the role of engagement leader. However, this practice is not consistent with Office policy for direct report and annual audits.
28. Recommendation 1. The Professional Practice Group should update the Office’s policy 3062 Engagement leader responsibilities for audit quality to make it possible for the Auditor General to name a staff member other than a principal as an engagement leader.
Management’s response. Management agrees with the recommendation above. Management will review and revise, as appropriate, the wording of the above-noted policy in response to the recommendation.
29. We also noted an instance where the delegation of signing authority had two people (a director and an assistant auditor general) listed as the annual audit engagement leader for a specific audit.
30. Recommendation 2. The delegation of signing authority documents should be reviewed to clearly identify a single engagement leader and to ensure the inclusion of that name in the delegation of signing authority approved by the Auditor General.
Management’s response. Management agrees with the above recommendation. We will ensure that the individual with ultimate responsibility as engagement leader is named on the delegation of signing authority.
31. We concluded that the six annual audits we reviewed were compliant overall with Office policies and professional audit standards, and that their audit opinions were supported.
32. As noted earlier in this report, the level of compliance with Office policies and professional audit standards is good, but improvement is needed in some areas. We made two recommendations to the Professional Practice Group.
Appendix A—System of Quality Control Elements
Appendix A—text version
This diagram shows three sides of a cube, each side depicting aspects of the System of Quality Control.
The top of the cube shows the objectives of the System of Quality Control:
- Compliance with professional standards and applicable legal and regulatory requirements; and
- Reports issued are appropriate in the circumstances.
The right side of the cube shows the two levels of the System Quality Control:
- Firm level (CSQC 1)
- Engagement level (CAS 220 or S5030)
The left side of the cube shows the elements of the System of Quality Control:
- ethics and independence,
- acceptance and continuance,
- human resources,
- engagement performance, and
Appendix B—System of Quality Control Elements and Process Controls Reviewed
Our review covers the following System of Quality Control elements:
- engagement performance,
- independence, and
- leadership and supervision.
Engagement performance. We reviewed whether the audit was planned, executed, and reported in accordance with generally accepted Canadian auditing standards, applicable legislation, and Office policies and procedures. We also considered whether the Office met its reporting responsibilities by having in place appropriate audit methodology, recommended procedures, and practice aids to support efficient audit approaches and produce sufficient audit evidence at the appropriate time.
As part of the conduct of the audit, we also reviewed audit file finalization. We determined whether audit files were closed within 60 days of the signatory’s final clearance of the auditor’s report, and within 60 days of the approval of the financial statements by the entity’s board of directors, or its equivalent, as required by Office policy.
We reviewed whether consultation was sought from authoritative sources and specialists with appropriate competence, judgment, and authority to ensure that due care was taken, particularly when dealing with complex, unusual, or unfamiliar issues. We also reviewed whether the consultations were adequately documented, and whether the audit team took appropriate and timely action in response to the advice received from the specialists and other parties consulted.
We reviewed whether the quality reviewer carried out, in a timely manner, an objective evaluation of
- the significant judgments made by the team,
- the conclusions reached in supporting the auditor’s report, and
- other significant matters that came to the attention of the quality reviewer during his or her review.
We reviewed whether the work of the quality reviewer was adequately documented, and whether the audit team took appropriate and timely action in response to the advice received from the quality reviewer.
Resources. We reviewed whether the adequacy, availability, proficiency, competence, and resources of the audit team were appropriately assessed and documented.
Independence. We reviewed whether the independence of all individuals performing audit work, including specialists, had been properly assessed and documented.
Leadership and supervision. We reviewed evidence of whether individuals working on the audit received an appropriate level of leadership and direction and whether adequate supervision of all individuals, including specialists, was provided to ensure that audits were carried out properly.