COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
This topic explains:
Professional reputation and independence of the joint auditor
Unless the Office knows the professional reputation and standing of the joint auditor, the engagement leader should enquire into these matters from such sources as other practitioners. Generally we would not enter into a joint audit situation unless the reputation of the joint auditor is well known to us and would normally be a large firm. Acceptance and continuance procedures for the client are subject to the normal A&C procedures. The engagement leader should be satisfied that the joint auditor complies with the requirements for independence. If the Office is not satisfied with the professional reputation of the joint auditor or with the joint auditor’s independence, then the Office should either carry out all significant work necessary to express an opinion on the financial statements or should consider declining the engagement.
Division of work
The appropriate division of work between the Office and the joint auditor can be an area of concern and difficulty. It is not possible to establish precise rules as to what is appropriate. The engagement leader should exercise his or her judgement taking all factors into consideration to ensure that the Office is not exposed to an unacceptable level of risk. Factors to be considered include the following:
Consideration should be given to whether it is appropriate to rotate the work between the Office and the joint auditor.
If the arrangements for the division of work are not such as to enable the Office to reduce risk to an acceptable level, the Office should decline or withdraw from the engagement.
The following are some of the audit procedures that should be considered for joint coverage:
Communication with the joint auditor
Both the Office and the joint auditor need to understand the basis on which the work is to be divided before the start of the audit. The engagement leader should ensure that this understanding is confirmed in writing.
In addition, open communication between the Office and the joint auditor should be established to ensure that:
The method of determining whether the other joint auditors have carried out their part of the work adequately will depend on the particular audit arrangements and the circumstances of each audit. However, it will be essential that the joint auditors review, evaluate and discuss each other’s work. This may involve a complete review of their working papers, or in certain circumstances, may be confined to a review of work programs, points raised requiring follow-up and other major procedures. It is essential that the audit plan and division of work is reviewed and compared with the actual outcome of the audit to ensure that all balance sheet and profit and loss account captions have been appropriately and adequately addressed.
The review of the joint auditors’ work should be documented in the manner best appropriate to the specific situation and client.
Engagement quality reviewer
If the nature of the engagement requires an engagement quality reviewer, then an OAG engagement quality reviewer should be appointed. The joint auditor does not remove this requirement.
Engagement letters
The engagement leader should agree with the joint auditor whether joint or separate letters should be sent to the client. In either case there should be reference to the Office and to the joint auditor. Separate letters would normally be sent where other services are being provided.
Indemnities
Consideration should be given to whether it is appropriate, in the context of legal, regulatory and professional requirements, to enter into an agreement with the joint auditor comprising an indemnity and cross-indemnity in respect of losses suffered by either firm as a result of claims arising from the negligence of one or both of the firms.
Auditor communications regarding Independence
Most of the auditor communications in connection with joint audits are signed jointly by both firms. However, there are certain communications that we cannot make with our joint auditor.
In particular, any representations concerning independence would have to be the subject of separate letters. We see this most commonly in the reports to audit committees concerning independence. It would not be appropriate to have a common letter, since the OAG is in no position to represent about our joint auditors’ independence, and our joint auditor is not in a position to make representations about ours.
Security screening and joint auditor access to OAG audit files
The Office is obligated by the Policy on Government Security (PGS) to apply security rules around access to information. Our joint audits are typically for Crown Corporations, who do not have to comply with the PGS, but they are still required to apply security screening for consultants/contractors. The Office accepts no responsibility for conducting security screening of joint auditor employees.
The Office communicates responsibilities for conducting joint auditor screening through its official audit communications. Within our engagement letter we state that we may be providing access to the entity’s data to the joint auditor; however, it is management’s responsibility to perform security screening on members of the joint auditor’s team. Additionally, within the Report to the Audit Committee – Audit Plan we remind the audit committee of the entity’s responsibility to conduct appropriate security clearance procedures for joint audit employees.
When we provide joint auditors with access to OAG audit files we obtain the full name of each individual requiring access to our file(s) and provide them access on a stand-alone OAG laptop specifically prepared for this purpose. Steps to providing access to our files include: