Direct Engagement Practice Review Program—2020–21 Cycle

Procedure

1. Once all issues are resolved, finalize the Engagement Leader Report. Remove the “draft” watermark from the report.

2. Ensure the Chief Audit Executive has documented evidence of his or her review of significant sections in TeamMate, including the section on exceptions. Include the Chief Audit Executive’s review memo.

3. Insert a scanned, final, signed copy of the report into TeamMate.

Procedure

To be completed by the Practice Reviewer and reviewed by the Chief Audit Executive (Principal of the Practice Review and Internal Audit team).

1. Prepare the TeamMate file for final assembly and completion by ensuring the following:

   1. All electronic documents (including emails) that are part of the practice review substantiation are captured in the TeamMate file.

   2. All replicas have been merged.

   3. All observations have been resolved and documented.

   4. All sections have been completed and reviewed (where applicable).

   5. The reviewers stayed independent throughout the practice review process.

   6. The practice reviewers conducted their work and documented it appropriately, in line with the Practice Review and Internal Audit policies and guidelines, and in accordance with the CSQC 1 requirements.

2. Once the above steps are completed and the TeamMate file is ready to be closed, set the TeamMate file status to “issued.”

3. Send an email to Information and Records Management and copy the TeamMate IT team, indicating that the TeamMate file has been set to “issued.” The email should indicate the project name and project code.

Procedure

1031—Ethical requirements relating to an assurance engagement

3031—Independence

Interview the engagement quality control reviewer and the engagement leader and review the independence forms to determine

1. other than the use of independence forms, how the engagement leader ensured and documented how he or she remained alert for non-compliance throughout the audit engagement, either through observation and inquiries as necessary, with relevant ethical requirements by team members

2. how the engagement leader determined who was required to complete a form and what action, if any, was necessary to reduce the threat to independence to an acceptable level

3. whether the independence forms were included in the audit file

4. the date on the forms (it is no longer a requirement to sign the form prior to starting the audit work)

5. how the practitioner reduced threats to ethical requirements and independence by applying safeguards, if any conflicts were identified

Note:To determine who should have completed an independence form, review team meeting notes, people on a file (product costing), TeamMate (team), and FAQ on the INTRAnet. Consider whether specialists should have been included. If relevant, consider whether internal auditors at the entity should also have been included (if the entity’s internal audit function conducted audit work).

Potential location in the file: A.2.PRG Ethical and Independence Requirements

Procedure

At the end of the practice review, look at the planning documents, examination steps, reports, and so on to get a sense of whether professional skepticism is evident in the audit work.

Potential location in the file: throughout

Procedure

At the end of the practice review, look at the planning documents, examination steps, reports, and so on to get a sense of whether professional judgment is evident in the audit work.

Potential location in the file: throughout

Procedure

At the end of the practice review, look at the planning documents, examination steps, reports, and so on to get a sense of whether the engagement leader and the audit team applied assurance skills and techniques in their audit work.

Potential location in the file: throughout

Procedure

1051—Sufficient appropriate audit evidence

Review the audit programs and other related planning documents to determine whether

1. there was an insufficient link between the criteria, the questions, and the objective

2. the senior auditors performed an adequate review and challenge

3. the team obtained sufficient appropriate audit evidence, if the audit was completed as planned

1052—Audit procedures for obtaining audit evidence

Review the audit program’s dates of approval to determine if the approval was granted prior to completing the examination work. If the team made any changes to the plan, review that the changes were approved.

Potential locations in the file: B.1—Significant Judgments; C.2—Audit Scope and Approach; C.3—Audit Plan Summary; C.4—Audit Programs; C.5—Examination Approval

Procedure

Complete this step at the end of the practice review.

1111—Nature, purpose, and extent of audit documentation

After completing the review program, consider whether the team adhered to the “experienced auditor principle” for sign-offs and audit documentation throughout the audit file. If not, document significant variances.

Potential location in the file: throughout

1141 and 1142—Identifying significant matters / Evaluating, resolving, and communicating significant matters

Conduct interviews and review the audit files to determine whether the audit team identified, documented, and communicated significant matters to the entity’s senior management.

Potential location in the file: throughout

1143—Documenting significant matters and related significant professional judgments

Determine whether the audit team documented and resolved conclusions on significant matters, as well as the significant professional judgments made in reaching conclusions.

Potential locations in the file: B.1—Significant Judgments; throughout

Procedure

Conduct these steps at the end of the practice review.

1112—Entity documentation and electronic audit evidence (including email)

Review the audit file documentation to determine whether the audit team

1. retained substantive email communications with the entity relevant to the audit

2. retained internal email communications

3. included, when appropriate, data that was stored temporarily on a USB or another device during the audit, and included it in the audit file when appropriate

4. disposed of non-relevant information prior to completing file assembly

Potential locations in the file: throughout

1121—Timely preparation of audit documentation

Determine whether, in general, the team completed the audit work in a timely manner, whether it was clear who performed the work, and whether it was clear the date that the work was completed.

Note: For the date completed, identify whether the date the work was signed as prepared and reviewed was close to, or on, the date it was completed.

Potential location in the file: throughout

Procedure

Complete these steps at the end of the practice review.

1161—Documenting evidence of the extent of review

Review a group of audit procedures performed to determine whether reviewers recorded the extent of work reviewed and the date completed. If the paper file contains audit work, select some of it for this review as well.

Potential location in the file: Depends on how the audit team developed the file

1162—Engagement leader review: minimum documentation requirements

1. Review the audit file to determine whether it is clear that the engagement leader took responsibility for reviews being completed according to OAG policy.

   Sections: OAG Audit 1051 Sufficient appropriate audit evidence; OAG Audit 1143 Documenting significant matters and related significant professional judgments; OAG Audit 1161 Documenting evidence of the extent of review; OAG Audit 1163 Quality reviewer: minimum documentation requirements; OAG Audit 1171 Assembly of the final audit file; OAG Audit 3062 Engagement leader responsibilities for audit quality; OAG Audit 3071 Review of audit work and documentation

   Potential location in the file: throughout

2. Determine whether more experienced team members reviewed less experienced team members’ work.

3. Determine whether the engagement leader documented evidence of his or her review (sign-off) on or before the date of the assurance engagement report for

   1. critical areas of judgment, especially those relating to complex or contentious matters identified during the engagement

   2. evidence obtained and the resulting conclusions relating to areas identified as having high risk (for example, in a direct reporting engagement, evidence obtained and the resulting conclusions relating to each of the significant criteria used to evaluate the subject matter)

   3. resolution of significant issues raised during the engagement

   4. any other matters the engagement leader considered significant

3071—Review of audit work and documentation

Review the audit file to confirm that the

1. engagement leader ensured the team completed detailed reviews throughout the audit, as well as prior to the date of the assurance engagement report

2. reviewers ensured the team carried out and documented work

Potential location in the file: throughout

Procedure

Review the audit file to determine whether the team completed the audit on time (met key production or T-minus dates) and was on budget.

Potential locations in the file: A.1—Project Management (T-minus); C.3—Audit Plan Summary; F.1—Audit File Completion; and throughout

1. On time

   Performance audits

   Key performance audit milestones are as follows:

   1. the Principal’s draft (PX draft), which is the first draft of the report sent to the entity, to be sent 19 weeks before tabling

      Section: (OAG Audit 8019 Submitting the PX draft and transmission draft)

   2. the transmission draft, which is the near-final draft of the report sent to the entity’s deputy head for sign-off, to be sent 9 weeks before tabling

      Section: (OAG Audit 8019 Submitting the PX draft and transmission draft)

   3. the finalization date, which is the date by which the team must get final approval to indicate that the report can be published, to be submitted to Editorial Services 6 weeks before tabling.

   Special examinations

   The “Key production dates for special examination reports” timeline outlines all the deliverables for a special examination. The most important dates are those for when the team sends certain documents to the entity. These include the dates for sending the Special Examination Plan to the audit committee (OAG Audit 4100, Special examination plan), including

   4. the PX draft, which is the first draft of the special examination report sent to the Crown corporation’s management

      Section: (OAG Audit 8019 Submitting the PX draft and transmission draft)

   5. the transmission draft, which is the near-final draft of the special examination report sent to the audit committee

      Section: (OAG Audit 8019 Submitting the PX draft and transmission draft)

   6. the final special examination report to the Board of Directors

   Audit teams must prepare a “Key production dates for special examination reports” schedule to be aware of the dates for upcoming deliverables. To generate the schedule, engagement teams must discuss and agree upon timelines with Crown corporation officials.

   Audit teams must monitor the production schedule’s key milestones throughout the engagement. Teams must regularly consult with Editorial Services and Translation if the timing of any of the key milestones changes.

2. On budget: comparison of budget to actual hours and dollars (ref. Section A.1)—Budget at C.5.PRG—Examination Approval vs product costing

Procedure

Review the audit or special examination file to ensure the following:

1. The audit team sent the entity notification and solicitor client letter to either the deputy head (performance audit) or head of the Crown corporation (special examination) before starting the engagement. Verify that the appropriate letter templates were used. Verify that the entity responses signed by the deputy head (or delegated authority) are on file. For special examinations, confirm that the entity acknowledged

   1. in writing, its responsibilities for the subject under audit

   2. the terms and conditions under which the engagement will be performed, including suitability of criteria

2. The audit team maintained relations with the entity or entities over the course of the audit by

   1. obtaining the entity’s language preference for the audit report

   2. making consistent efforts to understand the context in which the entity works

   3. promoting open, 2-way communications

   4. acting in a professional and objective manner

Potential locations in the file: A.3—Entity Communication; throughout

Procedure

Review the audit file to determine whether the team briefed the Auditor General throughout the audit as required.

Potential locations in the file: A.6—Early AG Engagement Meeting; C.2—Planning Phase AG Briefing; D.2—Finding Blocks Discussion with the AG; E.4—Transmission Draft Discussion with the AG

Performance audits

1. Determine whether the Auditor General was briefed

   1. by the engagement leader, before starting the examination, on the audit’s objective, scope, and criteria, either through an advisory meeting or a separate meeting (mandatory if the Auditor General did not attend the planning phase advisory committee meeting)

   2. by the engagement leader, at the end of the examination phase, on the structure and messages of the audit report

   3. by the Assistant Auditor General and the engagement leader on the transmission draft before it was issued to the deputy head (transmission draft then finalized)

2. Determine whether the audit team documented each consultation with the Auditor General and disposed of key advice received.

Special examinations

1. Determine whether during the planning phase, the engagement leader, in consultation with the Assistant Auditor General and the product leader considered briefing the Auditor General on the objective, scope, and criteria (either at the planning phase advisory committee or in a separate meeting).

   Note: This step is not mandatory.

2. Determine whether the Auditor General was briefed by the

   1. engagement leader, at the end of the examination phase, on the structure and messages of the audit report

   2. Assistant Auditor General and the engagement leader on the transmission draft before it was issued to the deputy head or audit committee (the transmission draft is then finalized)

3. Determine whether the audit team documented each consultation with the Auditor General and disposed of key advice received.

Procedure

1. Review the file to determine whether the audit team held an advisory committee meeting (with external and internal advisors):

   1. during the planning phase

   2. near the end of the examination phase

2. Did the team members document the key advice received during these consultations? Did the team dispose of the advice received?

3. If the team did not hold any advisory committee meetings, review the engagement risk assessment to ensure that this decision was documented and approved by the engagement leader.

Potential locations in the file: A.6—Early Planning Phase Advisory Committee Meeting; C.2—Optional—Planning Phase Advisory Committee meeting; D.2—Optional Examination Phase Advisory Committee Meeting

Procedure

1. Determine whether the audit team documented and received items it deemed necessary, such as interviews with individuals, cabinet documents, and “regular” entity documents.

2. If the audit team experienced issues around accessing entity information, confirm whether the OAG’s Legal Services was involved.

Potential locations in the file: A.4—Management of Information Requested and Received; A.4—Optional—Management of Cabinet and TB Documents

Procedure

1. Review the audit file to determine whether the audit team consulted an internal specialist as necessary according to the risk assessment conducted during the planning phase of the audit.

2. When special expertise is necessary and is not available internally, the audit team may use an external expert. If this was the case, determine whether the team complied with requirements related to the selection, supervision, and use of the expert’s work.

3. If the audit team relied on an audited entity’s expert’s work (the responsible party’s expert), determine whether the team evaluated the expert’s competence, capabilities, and objectivity. Determine whether the team obtained an understanding of the expert’s work and evaluated the adequacy of the expert’s work for the audit.

Potential locations in the file: A.2.PRG—Team Members and Experts; A.2—Optional—Use of Experts

Procedure

1. Review the audit file for documentation of the assessment of the audit team’s competence, capability, time and resources, and ability to comply with relevant ethical requirements, as well as a consideration of the entity’s integrity, such as fraud. Assess whether the engagement leader demonstrated competence in assurance skills and techniques.

2. If the team identified issues related to acceptance and continuance, review for documentation and consultation.

3. If the engagement leader made a consideration of a withdrawal, interview the engagement leader (Principal), engagement quality control reviewer, and the entity’s Assistant Auditor General. If the team identified issues at the outset and throughout the audit, review the file for documentation and consultation with the entity’s Assistant Auditor General and with the OAG’s Legal Services.

Potential locations in the file: Engagement Risk Assessment Template (ERAT); A.1.PRG Project Management—Budget; A.1.PRG Project Management—Key Steps & Dates; A.5.PRG—Engagement Risk (and Team Competency) Assessment

Procedure

Conduct interviews and review the audit file to determine how the engagement leader (or Director) assigned roles and responsibilities to all team members prior to the end of the engagement’s planning or survey phase. Determine if the engagement leader

1. assessed the engagement team in order to be satisfied that the engagement team, specialists, and any auditor’s experts collectively had the appropriate competence and capabilities

2. assigned roles and responsibilities by matching the level of knowledge and experience to the risk and complexity of the tasks

Potential location in the file: A.1 PRG, A.2 PRG, C.4.PRG

Procedure

The audit Principal is the engagement leader for all engagements; the Principal normally discharges the responsibilities of the engagement partner or practitioner. If the OAG assigns someone below the level of Principal as the engagement leader, the Auditor General must formally approve this assignment and it must be appropriately documented. If the OAG does not assign an engagement leader, an Assistant Auditor General of the applicable audit practice must assume the role of engagement leader.

The engagement leader must ensure the team carries out audits in compliance with OAG policies, professional standards, and the OAG's System of Quality Control.

Overall audit quality

Review the audit file, including that of the Quality Reviewer Checklist, to determine whether the engagement leader ensured the team carried out the audit in compliance with OAG policies, professional standards, and the OAG's System of Quality Control.

Engagement quality control review

1. If the OAG did not appoint a quality reviewer, determine whether the engagement leader documented whether one ought to have been appointed and communicated this to the quality reviewer assignment team.

   This assessment should document the engagement’s complexity and the audit risks and should be updated when these factors change.

2. Conduct interviews and review the audit file to determine whether the engagement leader

   1. ensured that the team discussed with the quality reviewer all significant matters, including identified risks and significant judgments arising during the assurance engagement

      Potential locations in the file: B.1: Significant Judgments; Quality Reviewer Checklist

   2. did not date the report until it had obtained sufficient appropriate evidence, the quality reviewer had reviewed the audit file, and the team had addressed any disagreements within the team or with internal specialists

   3. ensured the team appropriately documented the engagement quality control review

      Potential location in the file: Quality Reviewer Checklist

Assignment of engagement teams

Confirm that the team members had an understanding of professional standards appropriate to their roles.

Potential location in file: A.2.PRG—Team Meetings; A.5.PRG—Engagement Risk (and Team Competency) Assessment

Direction, supervision, and performance of the assurance engagement

Review the audit file, focusing on guidance, team meetings, and other supervision components, to determine whether the engagement leader ensured proper supervision.

Reviews

1. Review the audit file to determine whether

   1. the team conducted detailed file reviews on a timely basis throughout the audit

   2. the engagement leader conducted in TeamMate the minimum sign-off steps

      Potential location in the file: Throughout the audit file or the PX/AAG Checklist

2. Conduct interviews and review the audit file to determine whether the engagement leader identified and appropriately reviewed other significant issues.

Practice review results at the OAG level

Conduct interviews and review the audit file to determine whether the engagement leader documented and communicated necessary changes in the audit file resulting from the annual methodology update.

Procedure

The quality reviewer must remain objective and independent of the engagement team and the entity throughout the engagement period. If the quality reviewer’s independence or objectivity is compromised, the OAG must assign another quality reviewer.

Review the audit file and interview the quality reviewer and the engagement leader to determine whether the quality reviewer met the obligations described below.

1163—Quality reviewer: minimum documentation requirements

Review the audit file for timing, sign-offs, and documentation to confirm that the quality reviewer conducted the engagement quality control review in a timely manner. This may be demonstrated through sign-offs in TeamMate, notes in the file, emails for timeliness, and compliance with OAG policy and standards.

Potential location in the file: Quality Reviewer Checklist (Find the relevant checklist on the INTRAnet; ensure the dates are appropriate for the date of the assurance engagement.)

3063—Quality reviewer responsibilities

Review the audit file to ensure

1. the OAG assigned another quality reviewer if the original quality reviewer's objectivity or independence was compromised

2. the assurance report was not dated until the completion of the engagement quality control review

Potential locations in the file: Quality reviewer independence form; other documentation

Procedure

Review team competency or other assessments to determine whether the engagement leader confirmed that team members understood generally accepted auditing standards appropriate to their roles on the team.

Potential locations in the file: A.5 Engagement Risk (and Team Competency) Assessment; A.2 Team Members (team meetings)

Procedure

3081—Consultation

1. Conduct interviews and review the audit file to determine whether there were difficult or contentious issues or other areas requiring specialization. If so, review the consultation with specialists or senior OAG staff.

2. Consider whether the team had appropriate research resources and technical expertise to enable consultation.

   Potential locations in the file: A.5.PRG—Engagement Risk Assessment; Functional Risk Identification Template (FRIT); Advisory Committee meetings

3. Confirm whether appropriate consultation took place for difficult or contentious issues throughout the audit. If so, confirm whether consultations were well documented in terms of nature, scope, conclusions, and implementation.

4. Conduct interviews and review the audit file to determine whether there were any reasonable suspicions that the entity mishandled an instance of wrongdoing and fraud. If so, confirm whether the engagement leader reported the instance to the quality reviewer; the Internal Specialist, Wrongdoing and Fraud; and Legal Services. (It is optional to report this to the Assistant Auditor General.)

   Potential location in the file: Conduct interviews to determine the location.

3082—Differences of Opinion

1. Conduct interviews to determine whether there were any differences of opinion.

2. If so, identify the nature of the differences of opinion to better understand where in the audit file the team documented it. Determine the date and how it was resolved.

   Potential location in the file: Conduct interviews to determine the location.

3. Review the audit file to determine whether the team

   1. identified and resolved differences of opinion in a timely manner, in accordance with the OAG’s resolution process

   2. dated the assurance engagement report after it resolved all differences of opinion

   3. provided the parties it consulted during the resolution process with all relevant facts and any previous consultative advice received

   4. documented the nature and scope of the differences of opinion and implemented the resulting conclusions

Procedure

1. Conduct interviews and review documents to determine whether the team had up-to-date knowledge of the subject matter examined for determining significance and risk and to properly scope the audit.

2. Determine whether the team considered other sources of information to get up-to-date knowledge of the subject matter (for example, planning documents, organizational charts, risk profiles, and so on).

Note: In special examinations, the audit team must identify all affiliated entities of the Crown corporation and decide whether to include these affiliated entities in the scope of the audit.

Potential location in the file: C.1.PRG—Understanding the Subject Matter

Procedure

1. Interview the engagement leader and Director and review the file to determine whether the audit team performed a risk-based planning exercise to determine the audit’s scope and approach.

2. Determine if the team reassessed risk when planning and performing the engagement to respond to changing circumstances, including the following:

   1. Did the team identify the subject matter’s main objectives (including purpose, mandate, key priorities, and commitments)?

   2. Did the team use the following templates: Subject Matter Assessment of Risk Template, Functional Risk Identification Template, Engagement Risk Assessment Template, and Controls Assessment Template?

   3. Did the internal specialist sign off the Functional Risk Identification Template for the Environment and Sustainable Development?

Potential locations in the file and templates: A.5.PRG—Engagement Risk and Team Competency Assessment and throughout; Functional Risk Identification Template; Subject Matter Assessment of Risk Template; Engagement Risk Assessment Template; Controls Assessment Template—Guide on Risk-based Planning and Scoping for Direct Engagements

Procedure

Review the audit documents to determine whether the team understood internal controls relevant to the audit. Determine whether the team considered the internal controls and completed the Controls Assessment Template.

Potential locations in the file and templates: Controls Assessment Template C.2 Scope and Approach in TeamMate (Control worksheets)

Note: The evaluation of the design and implementation can sometimes be done and documented outside of the planning phase (Risks and Controls Assessment Template (RCAT)).

Procedure

Conduct interviews with the engagement leader and Director and review the file to determine whether the team considered relying on Internal Audit. Consider whether the team

1. made inquiries to get an understanding of the entity’s internal audit function’s audit activities

2. assessed whether entity’s internal audit’s work was adequate for the engagement before relying on it

Potential locations in the file: C.1.PRG—Knowledge of the Audit Subject; C.1.PRG—Understanding the Subject Matter/Additional Considerations to Understand the Subject Matter.

Procedure

Review the audit documents to determine whether, at the end of the planning phase, the audit team had a clear objective against which it could draw conclusions before the team started its examination.

Performance audits

Confirm that the objectives are consistent and that the team finalized each objective before starting its examination. If inconsistencies are found, ensure that any changes to the objective (other than minor editorial changes) and their rationale had been approved by the engagement leader, discussed with the quality reviewer (if any), and communicated to the audited entity.

Potential locations within the file: Audit Logic Matrix; Audit Plan Summary; Audit Programs; and final audit report.

Special examinations

In special examinations, teams do not need to develop objectives, as they are set by the Financial Administration Act (FAA) in sections 138(1), and 131(1) and (2). The audit objective is the same for every special examination, as follows:

to determine whether the systems and practices we selected for examination at [Corporation name] were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively, as required by section 138 of the Financial Administration Act.

Confirm that the objective is consistent in the Special Examination Plan and the final special examination report submitted to the Board of Directors. If inconsistencies are found, ensure that any changes to the objective (other than minor editorial changes) and their rationale had been approved by the engagement leader, discussed with the quality reviewer (if any), and communicated to the audited entity.

Potential locations in the file: C.2.PRG—Audit Logic Matrix; C.3.PRG—Prepare Audit Plan Summary; C.4.PRG—Audit Programs; E.4.PRG—Revised Transmission (DM) Draft as a Result of Comments Received.

Procedure

1. Review the audit documents to determine whether the audit had a clear scope that focused on the audit’s extent, timing, and nature. Determine whether the team selected the issues for audit based on risk, significance, their planned value added, and their auditability.

2. Confirm whether the engagement leader approved the audit’s scope and approach as documented in the Audit Logic Matrix.

Performance audits

Confirm whether the audit team

1. followed up on issues that led to recommendations in a previous audit report if those issues continue to be of interest to Parliament and/or posed a significant risk

Special examinations

Confirm whether the audit team

2. considered significant deficiencies identified and recommendations made in the previous special examination report when determining the audit scope

3. identified all affiliated entities of the Crown corporation and decided whether to include these affiliated entities in the scope of the audit

Potential locations in the file: C.1.PRG—Knowledge of the Audit Subject; C.1.PRG—Understanding the Subject Matter/Additional Considerations to Understand the Subject Matter; C.2.PRG—Audit Logic Matrix; C.3.PRG—Prepare Audit Plan Summary; C.4.PRG—Audit Programs.

Procedure

Review the audit documents to determine whether the audit team

1. identified suitable criteria (see the note below) to assess evidence in order to develop observations and draw conclusions regarding the objectives

2. sought entity management’s acknowledgement of the suitability of the audit criteria (see OAG 4090; if the audit team was unable to obtain such acknowledgement, confirm that the engagement leader considered the effect, if any, on the audit work and the audit report, and documented the assessment)

3. identified the criteria used and their sources in the audit report

Note: Suitable audit criteria exhibit the following characteristics:

• Relevance—Relevant criteria result in an audit report that can help Parliament or territorial legislative assemblies in making decisions.

• Completeness—Criteria are complete when they do not omit relevant factors that could affect the intended users’ decisions.

• Reliability—Reliable criteria allow a relatively consistent measurement or evaluation of the subject matter when used in similar circumstances by different auditors.

• Neutrality—Neutral criteria are free from bias.

• Understandability—Understandable criteria result in an audit report that the intended users can understand.

Special examinations

Confirm that the team used the “core” systems and practices for special examinations and the NEW template. If the team modified the criteria, confirm whether it consulted with the responsible internal specialist and the Direct Engagement Practice Team.

Potential locations in the file: C.2.PRG—Audit Logic Matrix; C.3.PRG—Prepare Audit Plan Summary.

Procedure

1. Review the audit documents to determine whether the audit team

   1. developed an Audit Logic Matrix before starting examination work (which can be used as an audit program)

   2. ensured the Audit Logic Matrix set out the audit’s strategy and stated the audit objectives, risks, context, scope and approach, criteria, the audit questions to be answered based on the criteria, the evidence-gathering and analysis methods, any data limitations, and potential messages for users

For performance audits, confirm that the Audit Logic Matrix included the planned value added of the audit.

Potential location in the file: C.2.PRG—Audit Logic Matrix

Procedure

Review the audit file to determine whether the team documented how it intended to gather evidence to conclude against the audit objective as follows:

1. Did the audit team’s plan rely on secondary evidence? If so, did the team demonstrate its relevance, reliability, and validity?

2. Did the audit team’s plan include the use of representative sampling?

   1. If so, were audit samples sufficient to attain a confidence interval of 10% and a confidence level of 90%?

   2. If the audit was high risk or sensitive, were audit samples sufficient to attain the confidence interval of 5% and confidence level of 95%.

3. Did the team include in the audit report an informative summary of the work performed? Did this summary include information on the nature and extent of testing completed?

Potential locations in the file: C.2.PRG—Audit Logic Matrix; C.4.PRG—Audit Programs.

Procedure

Review the audit file to determine whether the team prepared audit programs (or the Audit Logic Matrix). If so, review the audit programs to determine whether the team

1. outlined the detailed steps for the audit work for each line of enquiry

2. designed the audit programs to enable the team to conclude against the audit criteria

3. took into consideration the audit’s budget and timelines

Potential location in the file: C.4.PRG—Audit Programs

Procedure

Review the audit file to determine whether

1. the audit team obtained approvals at the end of the planning phase to confirm that the audit can proceed to the examination phase

2. the engagement leader ensured the team conducted the required reviews and consultations during the audit’s planning phase

3. the audit team properly documented these consultations

4. the engagement leader ensured the audit team prepared and justified detailed budgets so that it could complete the audit within the set timelines

Potential location in the file: C.5.PRG—Engagement Leader—Examination Approval.

Procedure

1. Review the audit file to determine whether the engagement leader submitted the audit plan summary to the deputy head of each audited entity to seek written acknowledgement of

   1. the entity’s responsibility for the subject matter as it related to the audit objectives

   2. the terms of the engagement, including audit objectives, scope, and approach

   3. the suitability of the audit criteria

2. Confirm whether the team received written acknowledgement. Confirm that the deputy head (or its delegated authority) sent the letter.

3. If the audit team did not receive the appropriate acknowledgements, determine whether the engagement leader considered the effect, if any, on the audit work and conclusion and on the audit report (and documented the assessment).

4. If the audit team did not obtain the entity’s written acknowledgement of its responsibility for the subject matter related to the audit objective, confirm that the team obtained other evidence that the audited entity is responsible for the underlying subject matter.

5. Confirm that the team informed the deputy head (or its delegated authority) of each audited entity of any subsequent changes to the audit plan summary.

Potential locations in the file: C.3.PRG—Audit Plan Summary/Prepare Audit Plan Summary; C.3.PRG Response to APS from Entity.

Procedure

1. Review the audit file to determine whether the audit team

   1. submitted the special examination plan to the Crown corporation’s management and its audit committee

   2. informed the Crown corporation’s management and its audit committee of any subsequent significant changes to the special examination plan

2. Review the audit file to determine whether the engagement leader sent a letter to the head of the Crown corporation requesting written acknowledgement of

   1. the engagement terms, including the audit objective, scope, and approach

   2. the audit criteria’s suitability

3. Confirm whether the team received written acknowledgement. Confirm that the deputy head sent the letter.

4. If the audit team did not receive the appropriate acknowledgements, determine if the engagement leader took appropriate steps to resolve the issue (impact on the special examination).

Note: Confirm that it was the responsible party who responded.

Potential locations in the file: C.3.PRG—Special Examination Plan/Special Examination Plan to Management; C.3.PRG—Special Examination Plan/Final SE Plan.

Procedure

1. Review the audit file to determine whether, before the audit’s conclusion, the engagement leader

   1. ensured the applied risk assessment remained appropriate (for example, did the situation change? Did information come to the auditors’ attention that differed from expectations? Did the audit strategy require amendment?)

   2. considered if the team obtained sufficient appropriate audit evidence or if additional audit procedures were needed (see OAG 4020 Risk assessment)

2. If the engagement leader could not obtain sufficient appropriate audit evidence, confirm whether he or she consulted in accordance with OAG Audit 3081—Consultations, to evaluate the impact on the assurance engagement report.

Potential locations in the file: B.1.PRG—Significant Judgments / Documentation of Significant Judgments; C.4 Audit Programs; A.5.PRG—Engagement Risk Assessment.

Procedure

1. Review the audit file to determine whether the audit team used the official OAG template for drafting the audit report and that the team did not modify any standard reporting requirements.

2. Verify that the report included

   1. a description of the entity management’s responsibilities for the subject matter of the audit along with the OAG’s responsibilities

   2. a description of scope, including any limitations in scope

   3. a description of the engagement’s objective and the entity or portion thereof, the subject matter, and the time period the engagement covered

   4. a description of the criteria used for the audit and their sources

   5. a conclusion that evaluates the subject matter for which the accountable party is responsible, reports against the audit objective, and states any reservations

   6. an informative summary of the work performed as the basis of the conclusion, including information on the nature and extent of testing completed

   7. a description of the applicable standards in accordance with which the team conducted the engagement and which conveyed the level of assurance that was provided

   8. the date of the report

   9. the name of the practitioner and the names of audit team members

   10. the entity management’s confirmation that the audit report is factually accurate (optional)

3. If the official template was not used, the revised reporting format proposed by the team shall be approved by the Direct Engagement Practice Team (DEPT).

Potential locations in the file: OAG Standards Checklist; E.PRG—Prepare PX Draft; E.4.PRG—Revised Transmission (DM) Draft as a Result of Comments Received.

Procedure

Performance audits

1. Review the audit report to confirm that it has a clear conclusion against the audit objective. Confirm that the engagement leader supported the audit conclusion with sufficient appropriate evidence. Confirm that the engagement leader concluded whether the subject matter was free from significant deviation.

2. If the report notes that 1 or more of the audit criteria were not met, confirm whether the engagement leader expressed a “reservation” in the form of a qualified or an adverse conclusion. Confirm whether the team included in the report an explanation of the reservation.

Special Examinations

Review the audit file to determine whether the audit team

1. used the official OAG format for the special examination opinion

2. included in the report a statement on whether in the examiner’s opinion there was reasonable assurance that there were no significant deficiencies in the systems and practices examined

3. included in the report a statement on the extent to which the examiner relied on internal audits

Potential Teammate Locations: E.1 PX Draft to Entity; E.4 Transmission (DM) Draft to Entity

Procedure

Review the audit file to determine that

1. the team documented substantiation of the audit report and that this was reviewed by the person leading the audit (usually the Director)

2. the engagement leader reviewed selected substantiation, including sections considered important or high risk, and was satisfied that the documentation of evidence was sufficient and appropriate to support the audit report’s factual statements, findings, recommendations, and conclusion

3. the engagement leader ensured that decisions regarding contentious issues and higher-risk findings in the audit report were documented and that any differences of opinion were resolved

4. the engagement leader documented his or her approach to ensure that the evidence was sufficient and appropriate and that he or she was satisfied with the overall report content

5. the quality reviewer reviewed selected documentation related to the audit team’s significant judgments and conclusions

6. the quality reviewer documented his or her determination as to whether the documentation supported the audit team’s conclusions

7. the quality reviewer documented his or her review, any disagreements, and the resolutions to those disagreements

Potential locations in the file: Evidence of substantiation—depends on where and how the audit team completed the substantiation; B.2.PRG—Quality Reviewer

Procedure

Review the audit file to confirm that

1. the date of the report corresponds to the date by which

   1. the audit team obtained sufficient appropriate evidence on which it based the report’s conclusion, and the engagement leader reviewed audit documentation

   2. the quality reviewer completed the audit quality control review

   3. the team addressed any differences of opinion within the audit team, with those consulted, or between the engagement leader and the engagement quality control reviewer

   4. the team obtained written confirmation that the audited entity has provided all information of which it is aware that has been requested or that could significantly affect the findings or the conclusion of the audit report

2. the quality reviewer documented that he or she completed the engagement quality control review on or before the date of the assurance engagement report, and that he or she was not aware of any unresolved matters or that the significant judgments and conclusions reached were not appropriate

3. the engagement leader ensured both the individual seeking consultation and the consulted party documented and agreed to the nature and scope of, and conclusions resulting from, consultations on or before the date of the assurance report

4. the engagement leader obtained approval on the audit report’s content before submitting the transmission draft to the audited entity

Potential locations in the file: Review of substantiation; E.4.PRG—Revised Transmission (DM) Draft as a Result of Comments Received

Procedure

Review the audit file to determine whether

1. the team submitted the draft audit report to the entity to allow for entity input prior to finalizing the report for publication or submitting it to the Board of Directors

2. the engagement leader attended meetings with senior entity officials, during which they discussed the content of the audit report

3. the audit team documented changes to draft reports (PX and transmission drafts) proposed by the audited entity, the quality reviewer, the internal specialists, as well as external advisors, and prepared a disposition table

4. the engagement leader obtained written confirmation that the entity had provided the audit team with all information that it was aware of that was requested during the course of the audit or that could significantly affect the audit report (if the engagement leader did not get this confirmation, determine whether the engagement leader considered the effect, if any, on the audit work and audit report and documented the assessment)

Potential Teammate locations: E.1 PX Draft to Entity; E.4 Transmission (DM) Draft to Entity

Procedure

1. Review the audit file to determine whether the team’s recommendations to the entity

   1. focused on positive changes

   2. were not proposed for every observation

   3. were clearly directed to an entity or clearly defined entities

2. Determine whether the audit team gave the entity or entities an opportunity to provide written responses to recommendations to be included in the audit report. If not, confirm whether the audit team included or documented an explanation in the audit file.

3. If this was a follow-up audit, determine whether the audit team assessed progress on how well the entity implemented recommendations or focused on the issues as originally identified.

Potential locations in the file: E.PRG—Prepare PX Draft; E.4.PRG—Revised Transmission (DM) Draft as a Result of Comments Received; review the previous audit report if this is a follow-up audit

Procedure

If applicable, determine whether

1. the audit team considered subsequent events and new information obtained during the reporting phase of the audit

2. the engagement leader assessed the impact of subsequent events and/or new information on the findings and conclusions of the audit report and its date

Procedure

After reading the audit report, if any third parties (entities that were not the subject of the audit but were identifiable) were noted and were part of observations, confirm that the team verified the accuracy and completeness of the information at the time the PX draft was issued.

Potential location in the file: E.4.PRG—Revised Transmission (DM) Draft as a Result of Comments Received and E.1 PRG—PX Draft Excerpts to Third Parties (if applicable)

Procedure

For special examinations, review the audit file to determine whether

1. the audit team obtained approval to release the special examination report before communicating the report to the Crown corporation’s Board of Directors

2. the audit team reviewed and approved the accuracy of the reproduction of the report and all related summary or extract information before the report and any related information is made public

3. the engagement leader, in consultation with the Assistant Auditor General, and if necessary the Auditor General, approved any redaction of the final special examination report

4. the engagement leader, in consultation with the Assistant Auditor General, and if necessary the Auditor General, considered if the final report contained information that should have been brought to the attention of the appropriate minister and/or Parliament

Potential locations in the file: E.3.PRG—Report Content Approval; E.4.PRG—Transmission (AC) Draft; E.6.PRG—Final Report to Board of Directors; E.8.PRG—Preparation for Report Tabling

Procedure

Review the audit file review to determine whether

1. the audit team used the electronic form via the Controlled Document Interface to send the following documents to the entity or entities

   1. audit plan summaries and special examination plans (no longer mandatory)

   2. PX draft, subsequent amended versions, extracts, and detailed responses to disposition tables that contain draft audit report extracts

   3. transmission drafts (DM drafts or audit committee’s drafts), subsequent amended versions, extracts, and detailed responses to disposition tables that contain extracts of the draft audit report

2. the audit team sent any controlled documents (above) via hard copy; if yes, confirm whether the team

   1. used hard copies only when it was technically impossible to use the electronic form

   2. sent a maximum of 2 hard copies of OAG controlled documents for use by the deputy head and the minister (specifically for performance audits)

   3. numbered the hard-copy documents, recorded them in the team’s register of hard-copy control documents, and returned them to the OAG within the required time frame

Potential locations in the file: F.1.PRG—Audit File Completion; A.4.PRG—Information Management / Management of Controlled Documents

Procedure

1. Review the audit file to determine whether the engagement leader ensured the team completed the audit file and assembled and finalized the audit file documentation (both the paper file and the electronic file) within 60 calendar days after the date of the assurance engagement report (special examinations), or within 60 days of the tabling date of the report (performance audits).

2. If the team did not meet the date, review for engagement leader approval.

Potential location in the file: F.1.PRG—Audit File Completion

Procedure

1. Conduct interviews and review the audit file to determine whether the team modified audit documentation after it assembled the final audit file.

2. If amendments to the closed file were necessary, review for whether

   1. the engagement leader approved the documentation changes

   2. the team documented the engagement leader’s approval

   3. the team documented specific reasons for the additions or amendments

   4. the team documented when and by whom the additions or amendments were made and reviewed

Procedure

1. Conduct interviews and review the audit file to determine whether the team needed to complete new or additional audit procedures or reach new conclusions after the date of the assurance engagement report.

2. If the team completed additional or new procedures or reached new conclusions after the date of the report, review for whether

   1. the engagement leader approved the new or additional audit procedures or new conclusions

   2. the team documented the engagement leader’s approval

   3. the team documented the specific reasons for the changes (circumstances encountered)

   4. the team documented the new or additional procedures it performed, the audit evidence obtained, and the conclusions reached—and their effect on the report

   5. the team documented when and by whom the resulting changes to audit documentation were made and reviewed

Procedure

Review the audit file to determine whether the electronic file references the physical locations of any audit records retained outside of the electronic audit file.

Potential locations in the file: Determine through interviews if not easily found.

Procedure

1. Conduct interviews and review the audit file to determine whether the team did not document the audit in TeamMate. If so, identify the reasons and conclude on whether this is within OAG policy.

2. Note whether the team labelled, copied, stored, transmitted, and disposed of protected and classified information according to the measures outlined on the Security Quick Reference Card.

As the balance of the items in the policy are either covered elsewhere or are not possible to test within the practice review environment, no further testing is needed.

Procedure

After conducting the other steps for planning, examination, and reporting, each reviewer should read the final audit report in full and consider whether

1. the report reflects the audit that was planned

2. the findings in the project reports or other working papers are consistent with the audit report

3. the final audit report includes all criteria, and all criteria are concluded upon

4. the audit objective has a conclusion against it

This analysis will support a conclusion on whether the overall audit report was appropriate in the circumstances.

Procedure

If necessary, identify 2 to 3 risk areas from the audit report and examine their supporting documentation and substantiation as follows:

1. Identify Risk Area 1.

2. Ensure the supporting documentation and substantiation were accessible, sufficient, appropriate, and referenced and filed before the team issued the transmission draft to the audited entity.

3. If the area selected contains a recommendation, determine whether the recommendation is clear, action-oriented, and the entity can follow up on it in a subsequent audit or review.

Procedure

If necessary, identify 2 to 3 risk areas from the audit report and examine their supporting documentation and substantiation as follows:

1. Identify Risk Area 2.

2. Determine whether the supporting documentation and substantiation were accessible, sufficient, appropriate, and referenced and filed before the team issued the transmission draft to the audited entity.

3. If the area selected contains a recommendation, determine whether the recommendation is clear, action-oriented, and the entity can follow up on it in a subsequent audit or review.

Procedure

If necessary, identify 2 to 3 risk areas from the audit report and examine their supporting documentation and substantiation as follows:

1. Identify Risk Area 3.

2. Determine whether the supporting documentation and substantiation were accessible, sufficient, appropriate, and referenced and filed before the team issued the transmission draft to the audited entity.

3. If the area selected contains a recommendation, determine whether the recommendation is clear, action-oriented, and the entity can follow up on it in a subsequent audit or review.