Annual Audit Practice Review Program
Instructions for Practice Reviewers: Audit Steps
A. Practice Review Administration: Read the instructions (January 2020)
Template in this step:
Practice Review and Internal Audit Charter
Procedure:
Reviewers should ensure that they are familiar with the instructions in the Annual Audit Practice Review Program and the Practice Review and Internal Audit (PRIA) Charter.
Note:
The practice review team assists the Office of the Auditor General of Canada (OAG) in meeting its obligations under the Chartered Professional Accountants of Canada (CPA Canada) Canadian Standard on Quality Control (CSQC) 1. The team does this by conducting inspection activities, on a cyclical basis, to determine the extent to which engagement leaders are complying with professional standards, OAG policies, and applicable legislative and regulatory requirements when conducting their audits, and by ensuring that auditors’ reports are supported and appropriate.
On an ongoing basis, evaluation is performed of the OAG’s System of Quality Control (SoQC), including a periodic inspection of at least 1 completed engagement for each Engagement Leader (CSQC 1.48).
The practice review focuses on selected elements of the SoQC of the annual financial audit practice and professional standards considered key or risky when conducting audits.
The criteria to assess compliance are based on CPA Canada standards and OAG policies, and are included in the Annual Audit Manual.
The overall criterion for a practice review is that the Engagement Leader has properly implemented the requirements of CPA standards and OAG policies.
The practice review program is divided into various audit steps and follows the same structure as that in the TeamMate library. The audit steps refer to the appropriate Annual Audit Manual sections. Consult the hyperlinked document in each audit step for the policy reference.
For the Smart Lite procedures (or Smart Documentation), reviewers will have to pay special attention to ensure that proper working papers supporting the procedures have been prepared, and that they were appropriately reviewed on a timely basis. The Smart Lite procedures should not have been used simply as a checklist. As such, for each review step, for which reviewers are asked whether the audit team has used the proper Smart Lite procedures, they will also have to assess whether the Smart Lite procedures were properly completed.
In most steps, there are references to Annual Audit Manual sections and/or other guidance. Reviewers are responsible for obtaining a good understanding of these references in order to properly assess the audit work performed by the audit team.
Reviewers should also look at the previous individual report (if any) for the Engagement Leader selected to be able to conclude on whether progress or recurring problems have been observed. If possible, the reviewers should also look at the previous Practice Review audit file in TeamMate to see whether any unreported observations (verbal) are recurring this year and might become an observation in this year’s individual report.
B. Practice Review Administration: Complete the independence form (January 2020)
Template in this step:
Practice Review of Assurance Engagement Report on Independence [MS Word]
Procedure:
-
Ensure that each reviewer has completed the specific practice review and internal audit independence form. Note: The independence form for a practice review is different than that used for an annual financial audit.
-
Ensure that the Principal (PX) of PRIA has reviewed and approved the form.
-
If there are any potential conflicts of interest, discuss these as soon as possible with the PX of PRIA, and if necessary, complete an exception report and provide it to the Internal Specialist—Values and Ethics.
C. Practice Review Administration: Select the sections for review (January 2020)
Procedure:
-
Reviewers should ensure that they are familiar with the practice review program.
-
If more than 1 reviewer has been appointed to perform the review, discussions should happen to determine which sections of the review program each reviewer will complete (to avoid duplication of work).
-
Consult with the PRIA coordinator on the split of the audit sections among the reviewers, if applicable.
Note:
Practice reviewers are expected to select significant cycles or components for detailed review for the section of the practice review program related to the examination phase. Detailed review of the audit work should be limited to 1 or 2 key or riskier cycles or components. Note which cycles or components have been selected for review, and include a brief explanation as to why they were chosen.
For every cycle or component selected, the practice reviewer must assess whether the audit team had used the specific audit procedures related to the cycle or component (see section H below).
The reviewer has to complete all the sections of the practice review program related to the planning phase and the reporting phase. Although the practice review covers all aspects of the planning and reporting sections, the reviewer must perform a more detailed review of the sections for which the audit risks are elevated and assess the audit team’s responses to those risks—for example, audit team responses to significant questions.
Also, the reviewer has to ensure that the audit team used the most recent methodology available at the time the audit was performed.
D. Practice Review Administration: Obtain knowledge of audit file (January 2020)
Procedure:
Before starting the review, read the following key information and background on the financial audit under review:
- Auditor’s Report and financial statements
- Report to the Audit Committee—planning and reporting
- Report Clearance Summary (if used)
- Annual Audit Practice Team (AAPT) comments and team disposition (if required)
- Engagement Quality Control Reviewer (if any) comments and team disposition
E. Practice Review Administration: Conduct interviews (January 2020)
Procedure:
-
When an Engagement Leader has been informed, via email, of the selection for a practice review, the Engagement Leader’s Assistant Auditor General (AAG) should also be copied on the email so that the AAG is informed that there will be a practice review on 1 of the engagement leaders under the AAG’s responsibility. The email should also outline the administrative aspects of the review.
-
Separately interview the Engagement Leader, the Director, and the Engagement Quality Control Reviewer (if any). In rare circumstances, you may also interview the Project Leader (AP3/AP2). However, at the discretion of the Engagement Leader, the Director may also be present at the meeting with the Engagement Leader. If this is the case, ensure that both of them are aware that they can ask to meet separately with the reviewer at any time during the review process.
-
Document the interview notes.
Note:
Interviews should be conducted early with the Engagement Leader, Director, and AAG (if applicable). A subsequent interview with them may be necessary to clarify issues identified during the review. Only if necessary, team members (audit professionals) should also be interviewed, but together instead of individually.
F. Practice Review Administration: Document the information on the audit budget (April 2019)
Procedure:
-
Print out product costing information from the OAG INTRAnet, including the following:
- Product Summary
- Product Utilization (grouped by fiscal year)
-
Highlight areas in which the budget varies significantly from the actual costing. This might be an indication of a high-risk area.
-
Identify whether any external consultants were retained. (This can be done by reviewing the People on a Project section of the OAG INTRAnet.)
G. Practice Review Administration: Document other background information (April 2019)
Procedure:
Document the following, if applicable:
- whether the entity uses a complex information technology (IT) system (such as Oracle, SAP, or PeopleSoft)
- in a multiple-location audit, the activities in various locations and related audit approach on file
- whether it is a component audit or a group audit
- whether an opinion on authorities is required by legislation
- the service organizations used by the entity
- the date of approval of the financial statements and the date of the Auditor’s Report
- whether an Engagement Quality Control Reviewer was appointed to the audit (Canadian Auditing Standard (CAS) 220.20)
H. Practice Review Administration: Use of relevant audit procedures and other review procedures to be performed (April 2019)
Procedure:
-
The practice review program has not been built to cover all the situations. The reviewer is responsible for identifying which audit programs from TeamStore have been used by the audit team and for downloading the related procedures in the PRIA review program for that specific file. The reviewer must also compare the date that the audit was performed and the date of the audit procedures.
Note: The general practice review program has been developed on the basis of TeamStore as at January 2020. At the time the audit was performed, the audit program may have been different.
-
For both the mandatory and specific audit programs, the reviewer must ensure that the audit team has used the audit program in place at the time of the audit. Often, the audit team simply rolled forward the previous year’s audit program without seeing whether sections of the previous year’s audit program had been updated.
-
In all the steps reviewed, the reviewer should ensure that there has been adequate supervision and review of less experienced staff, and that the Engagement Leader (and the Quality Reviewer (QR) if applicable) has documented, as evidenced in TeamMate, their reviews.
-
For any complex audit section(s), assess whether the audit team had the appropriate knowledge to perform the audit work. If not, did the audit team consult an internal or external expert?
-
When the audit team had consulted an expert, was there any difference of opinion? If yes, did the audit team properly document the difference of opinion and how it was resolved?
-
The reviewer must assess whether the completed file was properly documented and archived within the 60-day rule.
-
The reviewer must also assess whether protected and classified information have been labelled, copied, stored, transmitted, and disposed of according to the measures outlined on the Security Quick Reference Card.
Guidance:
- Resolution of Differences of Opinion (OAG Audit 3082)
- Assembly of the Final Audit File (OAG Audit 1171)
- Modifications to Audit Documentation after Final Assembly (OAG Audit 1172)
- Matters Arising After the Date of the Assurance Engagement Report (OAG 1173)
- File Freezing (OAG 1174)
- Multiple Reports: Documentation Issues (OAG 1181)
- Retention Policies and Procedures (OAG 1191)
- Confidentiality, Safe Custody, Integrity, Accessibility, and Retrievability of Engagement Documentation (OAG 1192)
- Review of Audit Work and Documentation (OAG 3071)
I. Practice Review Administration: Interpretation of the results and determination of the rating (January 2020)
Procedure:
-
During the review, all issues noted must be documented as an exception in PRIA’s TeamMate. The exception must include a good description of the issue and a reference to the policy. Ensure that all exceptions are discussed with the PX of PRIA, and that a proper action plan has been identified for each exception. The PX of PRIA is expected to sign off, as reviewed, on all the exceptions as evidence of the PX’s approval of the observations and action plans.
-
Before drafting the Engagement Leader Report, informal meeting(s) should be held, as required, with audit management (Director and/or Engagement Leader) to go through the exceptions to ensure that the practice reviewer has all the facts. Note: For those exceptions that could be more significant, the facts should be discussed with audit management throughout the review, as they are identified.
-
On the basis of the responses obtained from management, document all observations in PRIA’s TeamMate with a status of what will be the next steps (that is, removable observation, verbal observation, or reportable observation) and the rationale supporting the decision. At this stage, the review should be completed.
-
In preparation for the draft Engagement Leader Report, determine the preliminary rating for the overall audit file evaluation as
-
C: Compliant
-
CWI: Compliant while improvements needed
-
NC: Non-compliant
Note: See below for notes to the practice reviewer.
-
-
Preliminary ratings have to be discussed with the PX of PRIA before sharing the content of the draft Engagement Leader Report with the Engagement Leader. This rating should include an overall evaluation and consideration as to whether the audit work has been carried out in accordance with professional standards, legislative requirements, and OAG policies.
-
Prepare the draft Engagement Leader Report with observations. Evidence to support the observations should be well referenced in the TeamMate review file.
-
After the PX of PRIA has completed the review, provide a copy of the draft Engagement Leader Report to the Engagement Leader.
-
At this stage of the review, the results of the draft Engagement Leader Report should not be a surprise for the Engagement Leader.
Note to practice reviewers:
The reviewer needs to assess the level of compliance for the overall audit file evaluation—including compliance with the Canadian Auditing Standards (CAS) and/or OAG policies on the planning phase, execution phase, reporting phase, and auditing compliance with authorities and “other matters”—as
-
Compliant (C): Performance is satisfactory
-
Compliant while improvements needed (CWI): Performance is satisfactory while improvements are necessary in some areas to fully comply with OAG policies and professional standards
-
Non-compliant (NC): Non-satisfactory, major deficiencies exist—non-compliant with professional standards and/or OAG policies
It is important to note that the evaluation of the audit sections is the reviewer’s evaluation of the degree to which the audit file and report met the reviewer’s expectations in the circumstances—for example, with respect to sufficiency of evidence, to compliance with professional standards and OAG policies, and to elements in planning, procedures, and supervision.
The overall rating must be discussed with the PX of PRIA before any discussion on the rating takes place with the Engagement Leader.
J. Practice Review Administration: Obtain final individual summary of findings report (April 2019)
Procedure:
-
Finalize the Engagement Leader Report once all issues raised by the reviewer have been addressed and properly documented. Remove the “draft” watermark from the report.
-
Ensure that the PX of PRIA has documented evidence of the PX’s review of significant sections in the PRIA TeamMate file, including the section on exceptions. Also include the review memo.
-
Insert a scanned final signed copy of the Engagement Leader Report into the PRIA TeamMate file.
K. Practice Review Administration: Finalize the practice review (April 2019)
Procedure:
-
Prepare the TeamMate file for final assembly and completion by ensuring the following:
-
All electronic documents (including emails) that are part of the practice review substantiation are captured in TeamMate.
-
All replicas have been merged.
-
All observations have been resolved and documented.
-
All sections have been completed and reviewed (where applicable).
-
The reviewers stayed independent throughout the practice review process.
-
The review work of the practice reviewers has been conducted and documented appropriately in line with the PRIA policies and guidelines, and in accordance with the requirements of CSQC 1.
-
-
Once the above steps are completed and the TeamMate file is ready to be closed, do the following:
-
Set the TeamMate file status to “Issued.”
-
Send an email to Records indicating that the TeamMate file has been set to “Issued.” The email should indicate the project name and project code.
-
Practice Review Program—Based on TeamMate Library
Note: The following sections cover the general audit program steps to be completed in all audits. These steps do not include any specific execution procedures that an audit team might have used. When performing an audit, the audit team has to select from a large number of procedures those that are relevant for its audit.
The reviewer is responsible for obtaining the appropriate audit steps for the reviewer’s review at the time the audit was performed.
A.1.PRG—Audit Mandate and Client Acceptance and Continuance / Acceptance and continuance and terms of engagement (June 2019)
Templates in this step:
Acceptable Financial Reporting Framework Assessment [MS Word]
Acceptance Template [MS Word]
Annual Audit Engagement Letter [MS Word]
Letters for Solicitor/Client Privileges [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01168E_Accep_con_terms_of_eng.
A.2.PRG—Timetable and Engagement Management / Independence and ethical requirements (June 2018)
Templates in this step:
Exception Report [MS Word]
Independence Confirmation [MS Word]
Independence—Frequently Asked Questions (FAQ) [MS Word]
Procedure:
-
Determine whether the audit team properly used and completed the procedure document P_01127E_Independence.
-
Independence declaration:
-
Perform a cross-reference between the individuals who had charged time on the audit, and the independence form included in TeamMate. If an individual had charged time and no independence form was prepared, assess whether an independence form should have been prepared. On the basis of the assessment, if you believe that a form should have been filled out and there is none in the files, verify whether the Engagement Leader had clearly documented why it was not necessary for those individuals to fill out a form. Usually, no form is prepared when time spent was for administrative purposes.
-
Give special attention to the date covered by the independence confirmation to ensure that it is related to the period covered by the assurance engagement report.
-
Assess whether the Engagement Leader had reviewed and approved all the independence forms.
-
If an exception has been reported in an independence form, contact the OAG Internal Specialist—Values and Ethics to confirm that he or she did receive an exception report and was satisfied with the remediation process to mitigate the independence risk.
-
A.2.PRG—Timetable and Engagement Management / General engagement decisions (June 2019)
Template in this step:
Observations Tracking Template [MS Excel]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01169E_General_engagement_decisions.
A.3.PRG—Team Management / Team mobilization (June 2019)
Templates in this step:
Engagement Team Competency and Resource Assessment [MS Word]
Performance Evaluation—Assignment [PDF]
Audit Timetable [MS Word]
Budget and Workload Allocation [MS Excel]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01170E_Team_mobilization.
A—Client Acceptance and Engagement Management
Procedure:
Conclude whether the file was in compliance with the Client Acceptance and Engagement Management section.
B.1.PRG—Understand the Entity and Its Environment / Understand entity and environment (June 2018)
Template in this step:
Key Positions [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01130E_Understand_entity_and_environment.
B.2.PRG—Risk Assessment Analytics / Risk assessment analytics (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01131E_Risk_assess_analytics.
B.3.PRG—Internal Control Framework / Understand and evaluate internal control components (excluding control activities) (June 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01171E_ Und_eval_int_control_comp_excl_cont_act (irrespective of the planned reliance on the operating effectiveness of those controls).
B.3.PRG—Internal Control Framework / Understand and evaluate control activities (including PEFR process) (June 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01219E_Und_eval_control_act_incl_PEFR_proces (irrespective of the planned reliance on the operating effectiveness of those controls).
Note:
If necessary, the audit team might have separate instances of the procedure available to add to the engagement TeamMate file for each of the business processes. These separate procedures can either be added in this B.3 folder or in the Transaction Flow and Processes folder of each business process. Where multiple team members are assigned responsibility for understanding and evaluating different business processes, see the following procedures:
- P_00748E_Und_eval_control_act_benefits
- P_00749E_Und_eval_control_act_business_comb
- P_00750E_Und_eval_control_act_capital_equity
- P_00751E_Und_eval_control_act_derivatives_hedge
- P_00752E_Und_eval_control_act_financing
- P_00753E_Und_eval_control_act_int_assets_goodwill
- P_00754E_Und_eval_control_act_production_inventory
- P_00755E_Und_eval_control_act_purchasing_pay
- P_00756E_Und_eval_control_act_payroll
- P_07757E_Und_eval_control_act_prop_plant_equip
- P_00758E_Und_eval_control_act_revenue_rec
- P_00759E_Und_eval_control_act_share_based_comp
- P_00760E_Und_eval_control_act_taxes
- P_00761E_Und_eval_control_act_treasury_cash_inv
- P_00762E_Und_eval_control_act_other
B.3.PRG—Internal Control Framework / Understand the entity’s response to IT risks (July 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01172E_Und_entity’s_response_to_IT_risks (irrespective of the planned reliance on the operating effectiveness of those controls).
B.4.PRG—Assess Risk / Fraud risk assessment (June 2018)
Templates in this step:
Fraud Risk—Audit Committee and Others Charged with Governance Inquiries [MS Word]
Fraud Risk—Management Inquiries [MS Word]
Fraud Risk—Internal Audit Inquiries [MS Word]
Fraud Risk Factors Checklist [MS Word]
Fraud Scheme Template [MS Excel]
Checklist 1—Screening Contracts for Possible Wrongdoing and Fraud [MS Word]
Checklist 2—Screening Grants and Contributions for Possible Wrongdoing and Fraud [MS Word]
Checklist 3—Screening Non-Tax Revenues for Possible Wrongdoing and Fraud [MS Word]
Checklist 4—Screening Acquisition Cards/Credit Cards for Possible Wrongdoing and Fraud [MS Word]
Checklist 5—Screening Expense Accounts for Possible Wrongdoing and Fraud [MS Word]
Checklist 6—Screening Payroll and Human Resources for Possible Wrongdoing and Fraud [MS Word]
Checklist 7—Screening Assets Management for Possible Wrongdoing and Fraud [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01134E_Fraud_risk_assessment.
B.4.PRG—Assess Risk / Accounting estimates risk assessment (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01135E_Accounting_estimates_risk_assess.
B.4.PRG—Assess Risk / Financial statements review risk assessment (February 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01166E_FS_review_risk_assess.
B.4.PRG—Assess Risk / Other risk assessment procedures (October 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01470E_Other_risk_assessment_procedures.
B—Understand the Business and Assess Risk
Procedure:
Conclude whether the file was in compliance with the Understand the Business and Assess Risk section.
C.1.PRG—Materiality / Determine materiality (June 2019)
Template in this step:
Materiality template [MS Excel]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01174E_Determine_materiality.
C.2.PRG—Develop Audit Plan / Determine audit strategy and plan (June 2019)
Templates in this step:
Audit Planning Template [MS Excel]
Bank Confirmation [MS Word]
Accounts Receivable Confirmation—Balance [MS Word]
Accounts Receivable Confirmation—Specific Transactions [MS Word]
Cash Flow 101 [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01175E_Det_audit_strategy_and_plan.
Determine whether the audit team properly used and completed the procedure document P_01139E_Planning_exec_board_comp_THCE.
C.2.PRG—Develop Audit Plan / Respond to financial statement level risk (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01140E_Respond_FS_level_risk.
C.3.PRG—Report to the Audit Committee—Annual Audit Plan / Communications—Planning (June 2019)
Template in this step:
Report to the Audit Committee—Annual Audit Plan [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01176E_Communications_planning.
C.4.PRG—QR and Planning Sign-Off / Engagement leader and team manager—Planning sign-off (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01142E_Eng_lead_team_manager_plan_signoff.
C—Develop Strategy and Plan
Procedure:
Conclude whether the file was in compliance with the Develop Strategy and Plan section.
D.1.PRG—Completion and Reporting Activities / Evaluating misstatements (June 2019)
Template in this step:
Summary of Uncorrected Misstatements (SUM) template [MS Excel]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01177E_Evaluate_misstatements.
D.1.PRG—Completion and Reporting Activities / Communicate with those charged with governance—Report to the Audit Committee (June 2018)
Templates in this step:
Report to the Audit Committee—Annual Audit Results [MS Word]
Survey Following an Audit of Financial Statements—Delivery by Mail [MS Word]
Survey Following an Audit of Financial Statements—Delivery by Hand [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01145E_Communicate_w_tcwg_RAC.
D.1.PRG—Completion and Reporting Activities / Other auditing and completion procedures (June 2018)
Templates in this step:
CAS 700 Auditor’s Report Template (for periods ending prior to 15 December 2018) [MS Excel]
Management Representation Letter—IFRS [MS Word]
Management Representation Letter—PSAS [MS Word]
Sample Legal Letters (dated on or after 1st Dec 2016) [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01146E_Other_auditing_and_completion_proc.
D.1.PRG—Completion and Reporting Activities / Subsequent events after the date of the Auditor’s Report (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01147E_Subsequent_events.
D.1.PRG—Completion and Reporting Activities / Management letter (June 2018)
Template in this step:
Observations Tracking template [MS Excel]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01148E_Management_letter.
D.1.PRG—Completion and Reporting Activities / Update on preliminary risk assessments (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_001149E_Upd_prelim_risk_assessments.
D.1.PRG—Completion and Reporting Activities / Update initial assessment of independence (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01150E_Update_initial_assess_independ.
D.1.PRG—Completion and Reporting Activities / Overall conclusion analytics (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01151E_Overall_concl_analytic.
D.2.PRG—Financial Statements and Notes / Financial statements related procedures (June 2019)
Template in this step:
Cash Flow 101 [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01178E_FS_related_procedures.
D.2.PRG—Financial Statements and Notes / Financial statement and Auditor’s Report review (February 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01167E_FSR.
D.2.PRG—Financial Statements and Notes / Submit final documents to AAPT (June 2019)
Procedure:
Determine whether, for historical records purposes and for the purpose of the Annual Audit Summary Report, the audit team provided electronic copies of the following final documents within 1 month of the date of the Auditor’s Report:
-
Signed financial statements (in both languages)
-
Signed Auditor’s Report (in both languages)
D.3.PRG—Completion Sign-Off / Report clearance summary (June 2018)
Template in this step:
Report Clearance Summary [MS Word]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01153E_Report_Clearance.
D.3.PRG—Completion Sign-Off / Engagement leader and team manager—Completion sign-off (June 2019)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01154E_Eng_lead_team_manager_comp_signoff.
D.3.PRG—Completion Sign-Off / Clearance by the Auditor’s Report signatory (April 2015)
Template in this step:
Signatory Comments and Disposition Table [MS Word]
Procedure:
SIGNATORY COMMENTS AND DISPOSITION
-
If necessary, did the audit team use the Signatory Comments and Disposition Table template, under “Template in this step” above, to document comments from the signatory, at the signing meeting, and the related dispositions?
-
Did the Engagement Leader and the signatory sign off the template if used?
-
Did the Engagement Leader sign off the procedure prior to the Auditor’s Report signatory being signed off?
-
Did the audit team copy the following text in the Results field? Did the audit team complete and adjust it as required?
The Auditor’s Report signed and cleared for issuance.
Note:
When the Engagement Leader was the signatory, procedures 1, 2, and 3 are not required and the Engagement Leader should have signed the procedure as “Reviewed.”
D.4.PRG—Annual Report and/or Other Information / Test financial statement translation and reproduction (July 2019)
Procedure:
Determine whether the audit team used and completed the procedure document P_01180E_Test_fin_stat_translation_reproduction.
D.5.PRG—File Finalization / Audit completion checklist (June 2018)
Templates in this step:
New Material to Be Managed by Information and Records Management [PDF] (Note: Link unavailable offline)
Attest Product Completion Form [MS Excel] (Note: Link unavailable offline)
Performance Evaluation—Assignment form [PDF]
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01155E_Audit_compl_checklist.
D—Completion and Reporting Activities
Procedure:
Conclude whether the file was in compliance with the Completion and Reporting Activities section.
E.1.PRG—General Execution Procedures / Respond to the risk of fraud involving management override of controls (June 2019)
Procedure:
Determine whether the audit team used and completed the procedure document P_01181E_Resp_risk_fraud_involv_mng_over_ctl.
E.1.PRG—General Execution Procedures / Compliance with authorities (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01156E_Compliance_authorities.
E.1.PRG—General Execution Procedures / Executive and Board compensation (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01157E_Exec_brd_compensation.
E.1.PRG—General Execution Procedures / Test travel, hospitality, conference, and event expenditures (June 2018)
Procedure:
Determine whether the audit team properly used and completed the procedure document P_01158E_Test_travel_hosp_conf_event.
E—General Execution Procedures
Procedure:
Conclude whether the file was in compliance with the General Execution Procedures section.
F.1.PRG—Scoping / Determine scope of IT Audit procedures (July 2017)
Procedure:
-
Did the audit team determine whether IT Audit procedures were required as outlined in the IT Audit and Controls Assurance Planning Memorandum in the Consultation with IT Audit and Controls Assurance Team procedure within the Reliance on the Work of Others program?
-
If IT Audit procedures were not required:
- Did the audit team put “N/A” in the Results field and sign off the procedure?
-
If information technology general control (ITGC) testing was required, did the IT Audit specialist:
- Complete the IT Audit Scope Template to determine the required IT Audit procedures where applicable for
- access to programs and data
- program changes
- computer operations
- program development
- data conversion
- computer-assisted audit techniques (CAATs)
- Did the audit team populate the required programs in the F folder on the basis of the results of the IT Audit Scope Template?
- Did the audit team sign off the procedure?
- Complete the IT Audit Scope Template to determine the required IT Audit procedures where applicable for
Guidance:
- Impact of the Entity’s Use of Information Technology on the Audit (OAG Audit 6020)
F—IT General Controls
Procedure:
Conclude whether the file was in compliance with the IT General Controls section.
G.1.PRG—Lead Schedule / Lead schedule (October 2018)
Template in this step:
Leadsheet Automation Tool [MS Excel]
Procedure:
Determine whether the audit team properly used and completed document P_01016E_Lead.
G.2.PRG—Transaction Flow and Processes / Understand business process/FSLI and evaluate relevant control activities (June 2018)
Templates in this step:
Control Matrix [MS Excel]
Controls Library [MS Excel]
Procedure:
-
Did the audit team document its understanding of the business process/FSLI including the flow of transactions starting from initiation of a transaction through to financial reporting to identify control activities that were relevant to the audit? Did the audit team use the form of a flowchart and mapping diagram for its documentation? (Narrative descriptions, although not the preferred method, could also have been used.)
-
Did the audit team document its understanding of the business process/FSLI by observing the flow of a transaction (which generally includes a combination of inquiry, observation, and inspection of relevant documentation of controls) and performed an evaluation of design and implementation of relevant control activities? Did the audit team use the Control Matrix Template or use pre-populated controls, tailored as appropriate, included in the procedures documents in the B.3 folder for its documentation?
Guidance:
- Components of Internal Control—Control Activities (OAG Audit 5035)
- Controls and Controls Properties (OAG Audit 6010)
G.2.PRG—Transaction Flow and Processes / Consider changes in internal controls and inherent risks since planning (October 2012)
Procedure:
-
Did the audit team document and determine, through inquiry, whether there had been any significant changes in internal control and inherent risks since the planning phase? If significant change was identified, did the audit team consider what modifications were necessary to the Audit Planning Template developed in the planning phase?
G.3.PRG—Conduct Control Testing / Conduct control testing (October 2012)
Template in this step:
Test of Controls [MS Excel]
Procedure:
-
For each control selected for testing in the Summary of Comfort (SoC) sheet in the Audit Planning Template, did the audit team conduct a test of operating effectiveness as appropriate by using the Test of Control Template?
Note: At year-end, inquire about any significant changes to those controls subsequent to the sample period selected for testing. Did the audit team consider the impact any significant changes may have on the audit strategy?
-
If deviations from controls upon which the auditor intends to rely were detected, did the audit team make specific inquiries to understand these matters and their potential consequences by determining the following?
- If tests of controls had been performed, did the audit team provide an appropriate basis for reliance on the controls?
- Were additional tests of controls necessary?
- If the potential risks of misstatement need to be addressed, did the audit team use substantive procedures?
- If necessary, did the audit team update the Audit Planning Template accordingly and notify the appropriate members of the audit team?
-
As appropriate, did the audit team evaluate and document if misstatements identified during substantive testing would have indicated ineffective operation of controls? If necessary, did the audit team update the Audit Planning Template accordingly?
Note: A material misstatement detected by audit procedures could have been a strong indicator of the existence of a significant deficiency in internal control.
Guidance:
- Develop and Execute a Controls Test Plan (OAG Audit 6050)
- Determine Whether Evidence Is Available for the Whole Period (OAG Audit 6055)
G.4.PRG—Substantive Procedures—Substantive Analytics / Substantive analytics (October 2018)
Procedure:
Determine whether the audit team properly used and completed document P_00988E_Subst_analytics.
Guidance:
- Substantive Analytics (OAG Audit 7030)
G.5.PRG—Substantive Procedures—Test of Details / Develop audit program with appropriate tests of details procedures (October 2012)
Procedure:
-
Did the audit team develop the TeamMate audit program with appropriate tests of details procedures based on the Audit Planning Template? Did the audit team select audit procedures for the specific financial statement line item (FSLI) from the relevant cabinet: IFRS or PSAS substantive tests?
Guidance:
- Tests of Details (OAG Audit 7040)
- External Confirmations (OAG Audit 7050)
- Physical Inventory Observation (OAG Audit 7060)
G.6.PRG—Summary of Comfort / Finalize the summary of comfort (June 2018)
Procedure:
-
Upon completion of audit procedures, did the audit team finalize the Summary of Comfort (SoC) sheets of the Audit Planning Template by concluding whether the desired level of evidence had been obtained through the audit procedures for the FSLI/business process?
-
Did the audit team ensure the Summary of Comfort (SoC) sheets of the Audit Planning Template clearly documents or refers to
- the overall responses to address the assessed risks of material misstatement at the financial statement level and at the assertion level, and the nature, timing, and extent of the further audit procedures performed
- the results of the audit procedures, including the conclusions in which these were not otherwise clear
Guidance:
- Summary of Comfort (OAG Audit 4032)
G.6.PRG—Summary of Comfort / Assess impact on materiality (June 2019)
Procedure:
During the audit, the audit team may have encountered situations that may cause results to be substantially different from the anticipated period-end financial results that were used initially to determine materiality.
- On the basis of work performed by the audit team in this FSLI/business process, did the audit team assess whether materiality for the financial statements as a whole should have been revised or if the planning materiality level for particular classes of transactions, account balances, or disclosures had to be revised?
-
If materiality was affected, did the audit team perform the Assess Impact of Revision to Materiality procedure from the General Execution Procedures program found in the Annual Procedures—Supplement cabinet?
Guidance:
- Revising Materiality Levels (OAG Audit 2106)
G—Standard Execution Procedures
Procedure:
Conclude whether the file was in compliance with the Standard Execution Procedures section.
H.1.PRG—Quality Reviewer / Planning sign-offs (April 2015)
Template in this step:
Quality Reviewer Checklist [MS Excel]
Procedure:
-
Did the Quality Reviewer use the Quality Reviewer Checklist to document the review of the audit strategy? Did the Quality Reviewer use the checklist to document the queries that require follow up by the audit team? Did the Quality Reviewer attach the QR Planning Checklist sheet (which is part of the Quality Reviewer Checklist) and the QR Comments related to planning to the current audit procedure?
Refer to the Quality Reviewer Checklist template, under “Template in this step” above.
If there is no Quality Reviewer assigned to this engagement, document this procedure as “not applicable” in the TeamMate results section.
-
Did the Quality Reviewer sign the checklist and the procedure as evidence of the Quality Reviewer’s agreement with the responses to the comments provided to the team and the overall audit strategy?
-
Did the Engagement Leader sign the procedure to confirm that the Engagement Leader agrees with the responses given and that the overall responsibility for the quality of the assurance engagement remains with the Engagement Leader?
H.1.PRG—Quality Reviewer / Completion sign-offs (April 2015)
Template in this step:
Quality Reviewer Checklist [MS Excel]
Procedure:
-
Did the Quality Reviewer use the Quality Reviewer Checklist to document the review of the Execution and Reporting phases? Did the Quality Reviewer use the checklist to document the queries that require follow-up by the audit team? Did the Quality Reviewer attach the QR Exam & Reporting Checklist sheet (which is part of the Quality Reviewer’s Checklist) and QR Comments related to execution and reporting to the current audit procedure?
Refer to the Quality Reviewer Checklist template, under “Template in this step” above.
-
Did the Quality Reviewer sign the checklist and the procedure indicating that
-
the procedures required by the OAG’s Quality Reviewer guidance have been performed
-
the review was completed before the auditor’s report was dated
-
the Quality Reviewer agrees with the responses to the comments provided to the team and is not aware of any unresolved matters that would cause the Quality Reviewer to believe that the significant judgments the audit team made and the conclusions reached were inappropriate
-
-
Did the Engagement Leader sign the procedure to confirm that the Engagement Leader agrees with the responses given and that the overall responsibility for the quality of the assurance engagement remains with the Engagement Leader?
Guidance:
- Quality Reviewer Responsibilities (OAG Audit 3063)
- Last modified:
- 2020-03-05