COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
This section outlines the policies and procedures designed to provide reasonable assurance that the Office and its personnel comply with relevant ethical requirements.
It presents
For all assurance engagements that the Office performs, Office employees shall understand and adhere to
Office employees shall conduct themselves according to the relevant ethical requirements. [Nov-2011]
Office employees shall not associate with any activity that they know, or should know, is unlawful. [Jul-2017]
The Office shall promptly communicate identified threats and breaches of relevant ethical requirements to the engagement leader for resolution. [Nov-2011]
The Office shall inform the relevant professional institute of a member practicing his or her profession in a manner detrimental to the Office, audit entities, or the public. [Jul-2017]
The engagement leader shall identify threats to compliance with relevant ethical requirements and:
The engagement leader shall, throughout the engagement, remain alert to identify breaches of relevant ethical requirements by members of the engagement team and:
An assistant auditor general shall inform the engagement leader of any threats or breaches to relevant ethical requirements that he or she becomes aware of. [Nov-2011]
As a legislative audit office, we have a responsibility to act in the public interest. In doing so, we observe and comply with the OAG’s Code of Values, Ethics and Professional Conduct which is applicable to all Office employees.
To perform any assurance engagement, team members also need to observe and comply with relevant rules of professional conduct/codes of ethics applicable to the practice of public accounting issued by the various professional accounting bodies in Canada. In most of our engagements, the applicable rules are the CPA Code of Professional Conduct issued by the relevant provincial order. This means that a team member that is a non-member of any CPA order in Canada is required to observe and comply with relevant rules of CPA Code of Professional Conduct to perform an engagement. Team memberss who belong to a different professional association may also be governed by the codes and by-laws of that body.
Relevant ethical requirements are derived from five fundamental principles of ethics:
Professional behaviour. Employees conduct themselves at all times in a manner that will maintain the good reputation of the profession and the Office and its ability to serve Parliament, territorial legislatures, governments, and Canadians.
In doing so, employees are expected to avoid any action that would discredit the Office of the Auditor General of Canada. An employee’s behaviour should be based primarily on a reputation for professional excellence. An employee is expected to provide other employees with the courtesy and consideration he or she would expect to receive from them.
Integrity and due care. To be straightforward and honest in all professional and business relationships and to act diligently and according to applicable technical and professional standards.
Employees are expected to be straightforward, honest, and fair in all professional relationships. A person who acts with honesty and truthfulness, and whose actions, values, and principles are consistent, is described as having integrity. The expectation to operate with due care requires employees to act diligently and according to applicable technical and professional standards when performing assurance engagements. Diligence includes the responsibility to act, in respect of an engagement, carefully, thoroughly, and on a timely basis.
Objectivity. To not allow bias, conflict of interest, or the undue influence of others to override professional or business judgments.
Parliament, territorial legislatures, governments, and Canadians expect the Office of the Auditor General of Canada to bring objectivity and sound professional judgment to its work. It is thus essential that an Office employee does not put external influences or the will of others before professional judgment.
The public interest in the objectivity of the Office requires that the Office and its employees be, and be seen to be, free of influences that would impair the Office’s and its employees’ objectivity. Accordingly, the Office and its employees must be independent. The ethical standard of independence requires the Office and its employees to be and remain free of any influence, interest, or relationship regarding an entity’s affairs that impairs or, in the view of a reasonable observer, would impair the Office’s and its employees’ professional judgment or objectivity. An objective person does not allow bias, conflict of interest, or the influence of others to compromise judgment.
Regarding both independence and conflicts of interest, the Office employs the criterion of whether a reasonable observer would conclude that a specified situation or circumstance posed an unacceptable threat to the Office’s and its employees’ objectivity and professional judgment. Only then can public confidence in the objectivity and integrity of the Office be sustained; the reputation and usefulness of the Office rest upon this public confidence. A “reasonable observer” is a hypothetical individual who has knowledge of the facts that the Office and its employees knew or ought to have known, and applies judgment objectively with integrity and due care.
Professional competence. To maintain professional knowledge and skill at the level required to ensure that an entity receives competent professional services based on current developments in practice, legislation, and techniques.
Parliament, territorial legislatures, governments, and Canadians expect the Office of the Auditor General of Canada and its employees to maintain a high level of competence. This underscores the need to maintain individual professional skill and competence by keeping abreast of and complying with developments in professional standards and pertinent legislation in all areas where the Office and its employees practise or are relied upon.
Confidentiality. To respect the confidentiality of information acquired as a result of professional and business relationships and, therefore, not disclose any such information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the information for the personal advantage of the employee or third parties.
The principle of confidentiality includes the need to maintain the confidentiality of information within the Office of the Auditor General of Canada (OAG Audit 1192 Confidentiality, safe custody, integrity, accessibility, and retrievability of engagement documentation).
The disclosure of confidential information by the Office and its employees may be required or appropriate where such disclosure is
The Office’s mandate in the Auditor General Act with respect to reporting on its performance audits and the work of the Commissioner of the Environment and Sustainable Development is to report to Parliament; any ability the Office has to provide its reports to the public is incidental to its mandate to report to Parliament and follows reporting to Parliament. As an officer of Parliament, the Office reports directly to Parliament, which has the right to receive the reports before anyone else, according to the procedures set out in the Auditor General Act. Any other manner of reporting or releasing the information could be regarded by Parliament, or the House of Commons, as a breach of parliamentary privilege or as contempt of Parliament.
Auditors should have an understanding of the relevant ethical requirements, including those related to independence, to which the Office’s and the engagement are subject and to fulfill their responsibility in relation to those relevant ethical requirements. Various information, communication and resources help assist the engagement team in understanding and fulfilling relevant ethical requirements applicable to the nature and circumstances of the audit engagement.
Engagement team members promptly notify the engagement leader of circumstances and relationships that create threats to relevant ethical requirements.
If matters come to the engagement leader’s attention, through the system of quality management or otherwise, that indicate that a member of the engagement team has a threat to relevant ethical requirements that is other than insignificant, the engagement leader will propose a resolution by applying the framework below for resolving threats to their assurance engagement.
It is not possible to define every situation that creates a threat to compliance with the relevant ethical requirements. The nature of engagements and work assignments differs, with the result that different threats may be created, requiring the application of different safeguards.
As such, the Office expects engagement teams to apply the following framework when identifying, evaluating and resolving threats to compliance with relevant ethical requirements. This framework requires the Office and its employees to
OAG Audit 3031 Independence provides specific guidance related to resolving threats to independence.
Identifying threats to compliance with relevant ethical requirements. Threats to compliance with the relevant ethical requirements must be considered before and during an assurance engagement.
Threats may fall into one or more of the following categories:
(a) a member of the engagement team entering into employment negotiations with the entity,
(b) a member of the engagement team owning securities in publicly traded companies and/or financial institutions that benefit significantly from the entity’s support or coverage,
(c) a spouse or partner of a member of the engagement team having a contract or some other financial arrangement with an entity that confers a benefit, or
(d) discovering a significant error when evaluating the results of a previous assurance engagement.
(a) a person on the engagement team who was recently an employee of the audited entity and is in a position to exert direct and significant influence over the subject matter and conduct of the engagement,
(b) a member of the Office performing services for the audited entity that directly affect the subject matter of the audit, or
(c) an employee of the Office preparing data that is used to generate financial statements or other records that are the subject of the audit.
(a) a person on the engagement team is a member of an organization that promotes a particular viewpoint with the intent of influencing government policy related to the public entity.
(a) a person on the engagement team having an immediate or close family member who is an officer or director of the entity;
(b) a person on the engagement team having an immediate or close family member who is in a position to exert significant influence over the subject matter of the assurance engagement;
(c) a former senior member of the Office being an officer or director of the entity or in a position to exert significant influence over the subject matter of the assurance engagement;
(d) the long association of a senior person on the engagement team with the entity; and
(e) the acceptance of gifts or hospitality from the entity, its directors, officers or employees, unless the value thereof is clearly insignificant.
OAG Audit 1071 Job rotation outlines the policies designed to mitigate the familiarity threat but also the self-review threat which is relevant for engagement quality reviewers. Also refer to OAG Audit 3031 Independence.
(a) an engagement team member being pressured inappropriately to reduce the extent of work to be performed, or
(b) an engagement team member feeling pressured to agree with the judgment of an entity employee because the entity employee has more expertise on the matter in question.
When identifying threats to compliance with the relevant ethical requirements, care must be taken as threats are not always direct or overt and, in many cases, they can be quite subtle. Consideration should be given to the public perception of a threat. The “public perception” is that of a “reasonable observer, who has knowledge of the facts, which the auditor knew or ought to have known, and applies judgment with integrity and due care.” Often, the reasonable observer’s perception of a threat is most important and presents the most complexity in determining whether one is complying with the relevant ethical requirements.
The examples provided are intended to be illustrative and not all encompassing. In particular, the movement of personnel between the Office and audit entities, nature and extent of advice or assistance, length of involvement with particular entities, and personal relationships are all examples of circumstances that should be considered. If there are questions regarding the interpretation of these threats, employees should refer them to the responsible supervisor or engagement leader who, in turn, may direct questions regarding policy interpretation to the Internal Specialist, Values and Ethics.
Evaluating the significance of the threats identified. When a threat to the relevant ethical requirements is identified the engagement leader should evaluate its significance, in consultation with the Internal Specialist, Values and Ethics.
The nature of the threats and the applicable safeguards necessary to eliminate them or reduce them to an acceptable level will differ depending on the particulars of the engagement. Senior team members may need to evaluate the relevant circumstances in deciding whether it is appropriate to accept or continue an engagement, or whether a particular person should be on the engagement team.
In considering the significance of any particular matter, qualitative factors should be taken into account. A matter should be considered insignificant only if it is both trivial and inconsequential. Senior engagement personnel should exercise professional judgment in assessing the significance of a threat and in determining which available safeguard(s) to apply.
If the threat is other than insignificant, available safeguards should be identified and, where applicable, applied to eliminate the threat or reduce it to an acceptable level.
Applying safeguards to eliminate or reduce threats to an acceptable level. Determining whether appropriate safeguards are available and can be applied to eliminate the threats or reduce them to an acceptable level requires the exercise of professional judgment.
Where a threat to compliance with the relevant ethical requirements has been identified, or when in doubt, individuals should consult with senior team members or the Internal Specialist, Values and Ethics. The Internal Specialist, Values and Ethics, performs an objective review of the safeguards and actions proposed to eliminate or reduce a threat to relevant ethical requirements.
Safeguards are necessary when threats identified are at a level where a reasonable observer would likely conclude that compliance with the relevant ethical requirements may be compromised.
Senior team members, in consultation with the Internal Specialist, Values and Ethics, evaluate the significance of identified threats. If a threat is other than insignificant, the engagement leader identifies and applies available safeguards to eliminate or reduce the threat to an acceptable level. The engagement leader promptly communicates with the Internal Specialist, Values and Ethics, who may identify instances where a threat has not been reduced to an appropriate level. The Internal Specialist, Values and Ethics, provides the engagement leader with confirmation that the proposed safeguards and actions were sufficient or that additional actions are required to reduce the threat to an acceptable level.
Safeguards fall into three broad categories:
(a) office-wide policies and procedures, and
(b) engagement-specific policies and procedures.
Safeguards created by the professional accounting bodies, legislation, or regulation include the following:
Safeguards within the entity may include the following:
Safeguards within the Office’s systems and procedures include Office-wide safeguards such as the following:
Safeguards within the Office’s systems and procedures include engagement-specific safeguards such as the following:
Familiarity threats should be assessed with reference to the guidance included in OAG Audit 1071 Job rotation, and independence threats should be addressed with reference to OAG Audit 3031 Independence.
Documenting, as necessary, threats to compliance with relevant ethical requirements. The engagement leader documents the substance of the issue and details of any discussions held or decisions made regarding a significant threat to relevant ethical requirements. In such instances, an Exception Report may be completed to record the actions taken to resolve the issue.
For each threat identified as other than insignificant, documentation should include a description of
Exception reports that have been completed for the resolution of a threat to relevant ethical requirements are not filed in the audit file due to the personal nature of their content; they are given to Information and Data Management for filing purposes. The Internal Specialist, Values and Ethics, may help ensure that Information and Data Management receives a copy of documentation for filing purposes.
OAG Audit 3031 Independence provides a further description of the exception reporting process used for resolving threats to independence of engagement team members.
Engagement personnel promptly notifies the engagement leader of a breach of relevant ethical requirements.
If matters come to the engagement leader’s attention, through the system of quality management or otherwise, that indicate that a member of the engagement team is in breach of relevant ethical requirements, the engagement leader, in consultation with the Internal Specialist, Values and Ethics, will
The engagement leader documents, as necessary, the substance of the breach and details of any discussions held or decisions made regarding the breach. In such instances, an Exception Report may be completed to record the actions taken.
When a breach of an Independence rule has occurred, refer to the section OAG Audit 3031 Independence.
Appropriate actions may include, for example: