COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.

1081 Selection of engagement quality reviews and appointment of engagement quality reviewers
Dec-2022

Overview

Engagement quality reviews are an objective evaluation of significant matters, including identified risks and significant judgments made by the engagement team, and the team’s conclusions reached in formulating the engagement report. An engagement quality reviewer performs his or her review in a timely manner at appropriate stages of the audit. An assurance report is not dated until the completion of the engagement quality review.

This section describes the process for selecting assurance engagements that require an engagement quality review and the appointment of engagement quality reviewers.

CPA Canada Copyright

CPA Canada Assurance Standards

Office

Annual Audit

Performance Audit, Special Examination, and Other Assurance Engagements

CSQM 1.34 In designing and implementing responses in accordance with paragraph 26, the firm shall include the following responses: (Ref: Para. A116)

(f) The firm establishes policies or procedures that address engagement quality reviews in accordance with CSQM 2, and require an engagement quality review for:

(i) Audits of financial statements of listed entities;

(ii) Audits or other engagements for which an engagement quality review is required by law or regulation; and (Ref: Para. A133)

(iii) Audits or other engagements for which the firm determines that an engagement quality review is an appropriate response to address one or more quality risk(s). (Ref: Para. A134-A137)

CSQM 2.17 The firm shall establish policies or procedures that require the assignment of responsibility for the appointment of engagement quality reviewers to an individual(s) with the competence, capabilities and appropriate authority within the firm to fulfill the responsibility. Those policies or procedures shall require such individual(s) to appoint the engagement quality reviewer. (Ref: Para. A1-A3)

CSQM 2.18 The firm shall establish policies or procedures that set forth the criteria for eligibility to be appointed as an engagement quality reviewer. Those policies or procedures shall require that the engagement quality reviewer not be a member of the engagement team, and: (Ref: Para. A4)

(a) Has the competence and capabilities, including sufficient time, and the appropriate authority to perform the engagement quality review; (Ref: Para. A5-A11)

(b) Complies with relevant ethical requirements, including in relation to threats to objectivity and independence of the engagement quality reviewer; and (Ref: Para. A12-A15)

(c) Complies with provisions of law and regulation, if any, that are relevant to the eligibility of the engagement quality reviewer. (Ref: Para. A16)

CSQM 2.19 The firm's policies or procedures established in accordance with paragraph 18(b) shall also address threats to objectivity created by an individual being appointed as an engagement quality reviewer after previously serving as the engagement partner. Such policies or procedures shall specify a cooling-off period of two years, or a longer period if required by relevant ethical requirements, before the engagement partner can assume the role of engagement quality reviewer. (Ref: Para. A17-A18)

CSQM 2.20 The firm shall establish policies or procedures that set forth the criteria for eligibility of individuals who assist the engagement quality reviewer. Those policies or procedures shall require that such individuals not be members of the engagement team, and:

(a) Have the competence and capabilities, including sufficient time, to perform the duties assigned to them; and (Ref: Para. A19)

(b) Comply with relevant ethical requirements, including in relation to threats to their objectivity and independence and, if applicable, the provisions of law and regulation. (Ref: Para. A20-A21)

CSQM 2.21 The firm shall establish policies or procedures that:

(a) Require the engagement quality reviewer to take overall responsibility for the performance of the engagement quality review; and

(b) Address the engagement quality reviewer's responsibility for determining the nature, timing and extent of the direction and supervision of the individuals assisting in the review, and the review of their work. (Ref: Para. A22)

Competence and Capabilities, Including Sufficient Time (Ref: Para 18(a))

CSQM 2.A5 CSQM 1 describes characteristics related to competence, including the integration and application of technical competence, professional skills, and professional ethics, values and attitudes. Matters that the firm may consider in determining that an individual has the necessary competence to perform an engagement quality review include, for example:

An understanding of professional standards and applicable legal and regulatory requirements and of the firm's policies or procedures relevant to the engagement;
Knowledge of the entity's industry;
An understanding of, and experience relevant to, engagements of a similar nature and complexity; and
An understanding of the responsibilities of the engagement quality reviewer in performing and documenting the engagement quality review, which may be attained or enhanced by receiving relevant training from the firm.

CSQM 2.A6 The conditions, events, circumstances, actions or inactions considered by the firm in determining that an engagement quality review is an appropriate response to address one or more quality risk(s) may be an important consideration in the firm's determination of the competence and capabilities required to perform the engagement quality review for that engagement. Other considerations that the firm may take into account in determining whether the engagement quality reviewer has the competence and capabilities, including sufficient time, needed to evaluate the significant judgments made by the engagement team and the conclusions reached thereon include, for example:

The nature of the entity.
The specialization and complexity of the industry or regulatory environment in which the entity operates.
The extent to which the engagement relates to matters requiring specialized expertise (e.g., with respect to information technology (IT) or specialized areas of accounting or auditing), or scientific and engineering expertise, such as may be needed for certain assurance engagements. Also see paragraph A19.

CSQM 2.A7 In evaluating the competence and capabilities of an individual who may be appointed as an engagement quality reviewer, the findings arising from the firm's monitoring activities (e.g., findings from the inspection of engagements for which the individual was an engagement team member or engagement quality reviewer) or the results of external inspections may also be relevant considerations.

CSQM 2.A8 A lack of appropriate competence or capabilities affects the ability of the engagement quality reviewer to exercise appropriate professional judgment in performing the review. For example, an engagement quality reviewer who lacks relevant industry experience may not possess the ability or confidence necessary to evaluate and, where appropriate, challenge significant judgments made, and the exercise of professional skepticism, by the engagement team on a complex, industry-specific accounting or auditing matter.

CSQM 2.A9 Actions at the firm level help to establish the authority of the engagement quality reviewer. For example, by creating a culture of respect for the role of the engagement quality reviewer, the engagement quality reviewer is less likely to experience pressure from the engagement partner or other personnel to inappropriately influence the outcome of the engagement quality review. In some cases, the engagement quality reviewer's authority may be enhanced by the firm's policies or procedures to address differences of opinion, which may include actions the engagement quality reviewer may take when a disagreement occurs between the engagement quality reviewer and the engagement team.

CSQM 2.A10 The authority of the engagement quality reviewer may be diminished when:

The culture within the firm promotes respect for authority only of personnel at a higher level of hierarchy within the firm.
The engagement quality reviewer has a reporting line to the engagement partner,for example, when the engagement partner holds a leadership position in the firm or is responsible for determining the compensation of the engagement quality reviewer.

CAS 220.A103 CSQM 1 contains requirements that the firm establish policies or procedures addressing engagement quality reviews in accordance with CSQM 2, and requiring an engagement quality review for certain types of engagements. CSQM 2 deals with the appointment and eligibility of the engagement quality reviewer and the engagement quality reviewer's responsibilities relating to performing and documenting an engagement quality review.

CSAE 3001.A60 CSQM 1 deals with the firm's responsibilities to design, implement and operate a system of quality management for assurance engagements. It sets out the responsibilities of the firm for establishing quality objectives that address the fulfillment of responsibilities in accordance with relevant ethical requirements, including those related to independence. CSQM 1 also deals with the firm's responsibility to establish policies or procedures addressing engagements that are required to be subject to engagement quality reviews. CSQM 2 deals with the appointment and eligibility of the engagement quality reviewer, and the performance and documentation of the engagement quality review. A system of quality management addresses the following eight components:

(a) The firm's risk assessment process;

(b) Governance and leadership;

(d) Acceptance and continuance of client relationships and specific engagements;

(e) Engagement performance;

(f) Resources;

(g) Information and communication; and

(h) The monitoring and remediation process.

Firms or requirements may use different terminology or frameworks to describe the system of quality management.

OAG Policy

An engagement quality review shall be required and an engagement quality reviewer shall be assigned for all financial audits of a listed entity. [Jun-2018]

The assignment of an engagement quality reviewer for all other assurance engagements shall be based on the level of risk associated with the assurance engagement. [Nov-2011]

The principal of methodology, Audit Services, shall approve engagement quality reviews and the appointment of individuals to the engagement quality reviewer role. [Dec-2022]

OAG Guidance

The selection of engagement quality reviews

The principal of methodology, Audit Services, is responsible for evaluating all assurance engagements and approving engagement quality review assignments. He or she will consider the Selection Criteria in this guidance and consult with the assistant auditors general of the applicable practice when evaluating the level of risk associated with an assurance engagement.

The principal of methodology, Audit Services, completes this process at least annually and revisits it as new risk factors or changes in circumstances arise.

An engagement quality review is required and an engagement quality reviewer will be assigned for all financial audits of a listed entity. For purposes of complying with this policy, listed entities are those entities whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the regulations of a recognized stock exchange or other equivalent body.

The assignment of an engagement quality review for all other assurance engagements will be based on the evaluation and documentation of the level of risk associated with the assurance engagement done by the principal of methodology, Audit Services. The assurance engagements assessed at an acceptable level of risk to the Office will not require an engagement quality review.

Selection criteria

The principal of methodology, Audit Services, considers (a) the nature of the entity and engagement and (b) any unusual engagement circumstances and risks when evaluating the level of risk associated with an assurance engagement.

Criteria to assess the nature of the entity and engagement

the accountability relationship of the entity, the importance of its mandate, and the degree to which the entity or program is visible in the public eye;
the political sensitivity including recent parliamentary interest in the entity or the subject matter of the assurance engagement;
the size of the entity or program, the number of entities scoped into the assurance engagement, or the Office’s past experience reporting on the subject matter of the engagement;
the Office’s reporting responsibility for the assurance engagement, including joint-audit engagements, whereby the Office signs an opinion or issues a report together with a public accounting firm or another legislative audit office;
the nature of the entity’s operations, such as the existence of very complex and specialized transactions or issues that require significant professional judgment to evaluate;
the results of the assessment of engagement risk performed by the engagement team, including the acceptance and continuance risk assessment;
the extent of professional judgment and expertise required by the engagement team in order to assess management’s significant judgments and estimates and management’s assessment of significant risks and key measures of performance;
the composition of the engagement team, such as a newly appointed audit principal, significant turnover in the engagement team, or the team’s limited experience with the objectives or subject matter of the engagement;
the engagement leader has been recently promoted, or does not have current audit experience (>2 years); and
is an international engagement.

Criteria to assess unusual engagement circumstances and risks

recent history of difficult or contentious engagement issues, including disagreements with management, negative conclusions in previous reports, and reservations in previous opinions and reports;
uncertainty about the entity’s ability to continue operating as a going concern or to deliver its mandate;
any other specified risk factors, such as known and potential threats to the Office’s independence;
the engagement has recently resulted in a modified opinion; and
significant prior period errors are being identified on a recurring basis.

During the course of an assurance engagement, if an engagement leader identifies new risk factors or changes in circumstances that lead them to believe that an engagement quality review would be beneficial, they should communicate these concerns to the principal of methodology, Audit Services, in a timely manner.

The appointment and eligibility of the engagement quality reviewer

The principal of methodology, Audit Services, is responsible for identifying eligible individuals to be appointed as engagement quality reviewers. The principal of methodology, Audit Services, will consider the criteria established in this policy and consultations when identifying an eligible engagement quality reviewer.

This process will be completed at least annually and revisited as threats to the engagement quality reviewer’s objectivity or changes in circumstances arise.

The principal of methodology, Audit Services, will apply professional judgment and consider the assessed level of risk for the assurance engagement when identifying one or more individuals with sufficient and appropriate authority to fulfill the role of engagement quality reviewer. The engagement quality review is performed solely by the individual appointed as engagement quality reviewer.

The principal of methodology, Audit Services, considers the following eligibility criteria when identifying individuals for appointment as engagement quality reviewers:

sufficient up-to-date technical knowledge in the subject matter relevant to the assurance engagement;
sufficient and appropriate experience and expertise;
independence from the entity, in fact and in appearance;
rotation requirements;
ability to provide an objective evaluation of significant matters, including identified risks, significant judgments, and the conclusions reached;
sufficient and appropriate authority to challenge judgments made by the engagement leader; and
sufficient time to perform the review according to the expected timing of the assurance engagement.

The engagement quality reviewer should be, and be seen to be, free of influences that would impair his or her objectivity from the engagement and the entity (OAG Audit 3031 Independence and OAG Audit 1071 Job rotation).

During the engagement quality reviewer selection process, the principal of methodology, Audit Services, may identify potential threats to the engagement quality reviewer’s objectivity, independence, and authority. Where threats are considered significant, the principal of methodology, Audit Services, may choose to identify, document, and apply safeguards to reduce threats to an acceptable level.

OAG Audit 3063 Engagement quality reviewer responsibilities addresses the degree to which an engagement quality reviewer can be consulted on the engagement without compromising the reviewer’s objectivity. It also addresses impairment of the engagement quality reviewer’s eligibility to perform the review post initial appointment to the role.

Audit Guidance

Our System of Quality Management

1081 Selection of engagement quality reviews and appointment of engagement quality reviewers Dec-2022