Methodology Update—September 2020
Sep-2020

Target audience: All Attest Auditors

Effective date: The revised methodology is effective upon release.

Standards: This update reflects up to CPA Canada—Assurance—Update Number 30—June 2020 (excluding revisions to CAS 315 which will be reflected in a future methodology update)

Copyright: CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright.

Description of subject: The update includes changes to audit manual policies and guidance, audit procedures, templates and Intranet pages. Significant changes to the methodology are summarized below.

Key changes are:

  • New manual sections, procedures and practice aid to reflect the revised CAS 540 Auditing Accounting Estimates and Related Disclosures

  • New policy requiring consultation with Audit Services when previously undetected prior period errors meeting specific criteria are identified.

  • New policy requiring consultation with audit Services when proposing a modified opinion, emphasis of matter paragraphs, or other matter paragraphs.

  • New procedures on cybersecurity risk assessment

  • Updated or new planning templates to document planned involvement of the IT Audit team, controls assurance team and data analytics and research methods team.

  • Removed references to TeamMate and Annual Audit Practice Team (AAPT).

  • Changed the French version of external-facing templates to reflect the gender of the current Auditor General.

Updates to the Manual

A number of revisions have been made to the annual audit manual sections. The following is a summary of all revisions other than editorial revisions, revisions made solely to CAS extracts or revisions made solely to procedure references:

Section Section Title Nature of Changes
Annual Audit Sections
3081.1

Summary of matters for consultations

Updated to reflect changes made throughout the audit manual.
7071

Introduction

New manual section related to the revised CAS 540 on auditing accounting estimates and related disclosures
7072

Understand the Entity and Its Environment
7073.1

Step 1: Perform Risk Assessment Procedures
7073.2

Step 2: Set Roles and Responsibilities
7073.3

Step 3: Determine Risk of Material Misstatement and Testing Approach
7073.4

Step 4: Test Method(s)
7073.5

Step 5: Test Significant Assumptions
7073.6

Step 6: Test Data
7073.7

Step 7: Evaluate Work of Specialists and Experts
7073.8

Step 8: Address Estimation Uncertainty and Test Disclosures
7073.9

Step 9: Consider Management Bias
7073.1

Step 10: Perform Overall Evaluation
7074

Completion Procedures
8011

Forming an opinion

New policy requiring consultation with Audit Services when proposing a modified opinion on the financial statements or financial information.
8013

Modified Audit Opinion

New policy requiring consultation with Audit Services when proposing a modified opinion on the financial statements or financial information and clarified internal process to address the risk of inappropriate modified auditor’s report.
8014

Emphasis of matter and other matter paragraphs

New policy requiring consultation with Audit Services when proposing emphasis of matter paragraphs, or other matter paragraphs.
9015

Evaluating the effect of uncorrected misstatements

New policy requiring consultation with Audit Services when previously undetected prior period errors meet specific criteria. Re-organized and enhanced guidance on evaluating impact of uncorrected misstatements. Clarified internal process related to undetected prior period errors.
11015

Reporting on compliance with authorities

New policy requiring consultation with Audit Services when proposing a modified opinion on the financial statements or financial information, emphasis of matter paragraphs, or other matter paragraphs.

Updates to the Annual Audit Procedures

The following is a summary of all revisions other than editorial revisions.

Annual Audit Procedures Cabinet

Action required: Ensure you have the most updated procedure steps and procedure documents.

Program (PRG) Procedure Step Change

A.1.PRG—Audit Mandate and Client Acceptance and Continuance

CPA Canada licence Agreement (Sept-2020)

Copyright date changed from 2019 to 2020.

Acceptance and continuance and terms of engagement (Sept-2020)

Updated to reflect current guidance on communication in official languages as per OAG Audit 2213.

Procedure document
P_01168E_Accep_con_terms_of_eng

has been replaced by
P_01472E_Accep_con_terms_of_eng

B.1.PRG—Understand the Entity and Environment

Understand entity and environment (Sept-2020)

Removed section “Assessing the impact of cybersecurity risks on the audit” (steps 5 and 6). This has been replaced by new cybersecurity procedure.

Procedure document
P_01130E_Understand_entity_and_environment

has been replaced by
P_01473E_Understand_entity_and_environment

Understand and evaluate control activities (including PEFR process) (Sept-2020)

Added new option and tab for leases

Procedure document
P_01219E_Und_eval_control_act_incl_PEFR_proces

has been replaced by
P_01474E_Und_eval_control_act_incl_PEFR_proces

B.4.PRG—Assess Risk

Fraud risk assessment (Sept-2020)

Added in step 8 documentation on obtaining views from those charged with governance on risk of material misstatement due to error.

Procedure document
P_01134E_Fraud_risk_assessment

has been replaced by
P_01475E_Fraud_risk_assessment

Accounting estimates—Understanding and risk assessment (Sept-2020)

Updated to reflect revised CAS 540 standard on auditing accounting estimates and disclosure.

Procedure document
P_01135E_Accounting_estimates_risk_assess

has been replaced by
P_01490E_Accounting_estimates_risk_assess

Financial statements review risk assessment (Sept-2020)

Updated by AEA to add text box allowing auditors to describe why the financial statements or entity are considered complex. Link to updated guidance on FSR.

Procedure document
P_01166E_FS_review_risk_assess

has been replaced by
P_01476E_FS_review_risk_assess

Understand cybersecurity risk related to the audit (Sept-2020)

New procedure on understanding cybersecurity risk related to the audit

New procedure document
P_01488E_Understand_cybersecurity_risk

C.2.PRG—Develop audit plan

Determine audit strategy and plan (Sept-2020)

  • Updated in step 3 the list of possible reasons why bank confirmations will not be obtained from all financial institutions.

  • Added steps 10 and 11 for Controls Assurance Team and Data Analytics & Research Methods Team

  • Added in step 13 option of Group engagement teams planning and scoping the work to be performed at shared service centers.

  • Updated in step 15 reference to delegation of signing authority.

  • On the tab “Planning meeting,” added in step 6 IT dependencies and plan use of technology solutions as possible matter of discussion

  • On the tab “Planning meeting,” added link to the Security Quick Reference Card in step 8.

  • On the tab “Planning meeting,” added “Language of Work” in step 11 as matter for discussion

Procedure document
P_01175E_Det_audit_strategy_and_plan

has been replaced by
P_01477E_Det_audit_strategy_and_plan

D.1.PRG—Completion and Reporting Activities

Communications with those charged with governance—Report to the Audit Committee (Sept-2020)

  • In step 3, enhanced description of matters communicated with those charged with governance.

  • Added step 4 to include other possible required matters to be communicated.

Procedure document
P_01145E_Communicate_w_tcwg_RAC

has been replaced by
P_01478E_Communicate_w_tcwg_RAC

Other auditing and completion procedures  (Sept-2020)

Added step 14 on verifying consistency of names of the entity’s financial statements in the audit report and reference to CAS 700.24.

Procedure document
P_01146E_Other_auditing_and_completion_proc

has been replaced by
P_01479E_Other_auditing_and_completion_proc

Update on preliminary risk assessments (Sept-2020)

Updated step 11 on accounting estimates and added step 14 on IT Dependencies.

Procedure document
P_01149E_Upd_prelim_risk_assessments

has been replaced by
P_01480E_Upd_prelim_risk_assessments

D.2.PRG—Financial Statements and Notes

Financial statements related procedures (Sept-2020)

  • Updated steps 1, 8 and 10 to refer to new optional tabs to document testing of financial information and disclosures.

  • Updated step 10 to refer to tie-out of financial statement disclosure.

Procedure document
P_01178E_FS_related_procedures

has been replaced by
P_01481E_FS_related_procedures

Financial statements and Auditor’s Report review (Sept-2020)

Updated instructions for FS Review by AEA.

Procedure document
P_01167E_FSR

has been replaced by
P_01482E_FSR

E.1.PRG—General Execution Procedures

Respond to the risk of fraud involving management override of controls (Sept-2020)

Enhanced step 6 to document results of agreement of the opening balance and the financial statement account balances.

Procedure document
P_01181E_Resp_risk_fraud_involv_mng_over_ctl

has been replaced by
P_01483E_Resp_risk_fraud_involv_mng_over_ctl

Annual Audit Procedures—Supplement Cabinet

Action required: Ensure you have the most updated procedure steps and procedure documents.

Program (PRG) Procedure Step Change

B.2.PRG—Component Auditor—Planning

CA—Planning procedures (Sept-2020)

Added step 2 to document elements of communicated group audit strategy and plan that may impact the procedures to be performed by the component auditor.

Procedure document
P_01185E_CA_Planning_procedures

has been replaced by
P_01484E_CA_Planning_procedures

CA—Group reporting package related procedures (Sept-2020)

Updated steps 9 and 10 to refer to tie-out of financial statement disclosure. Added new optional tabs to document testing of financial information and disclosures.

Procedure document
P_01189E_CA_Group_rep_pack_related_proced

has been replaced by
P_01485E_CA_Group_rep_pack_related_proced

D.1.PRG—Reliance on the Work of Others

Plan use of work of auditor’s experts—[FSLI] (Sept-2020)

Added reference to the new Test accounting estimate procedure in step 3.

Procedure document
P_01195E_Plan_use_of_work_of_auditors_expert

has been replaced by
P_01486E_Plan_use_of_work_of_auditors_expert

Plan use of work of management’s experts—[FSLI] (Sept-2020)

Added reference to the new Test accounting estimate procedure in step 3.

Procedure document
P_01196E_Plan_use_ of_work_of_mng_experts

has been replaced by
P_01487E_Plan_use_ of_work_of_mng_experts

F.1.PRG—General Execution Procedures

Assess the impact of cybersecurity incident on the audit (Sept-2020)

New procedure to document impact of cybersecurity incident.

New procedure document
P_1489E_Impact_cybersecurity_incident

Test accounting estimate (Sept-2020)

Updated to reflect revised CAS 540 standard on auditing accounting estimates and disclosure.

Procedure document
P_01210E_Subst_proc_acctg_est

has been replaced by
P_01491E_Test_acctg_estimate

Updates to templates

The following is a summary of all revisions other than editorial revisions and any actions that need to be taken:

Annual Audit Templates

Planning

Budget and Workload Allocation

Updated references to IT Audit, AEA and Audit Working Paper Software

None

Given the changes are administrative/editorial in nature, auditors can continue to use the previous version.

Planning

Control Matrix

Deleted column for “Year Performed” as rotational walkthrough has been removed from the methodology. Added documentation on understanding of ITGCs.

Action required

Ensure you have the most updated template.

Planning

Controls Library

Updated numbering of controls that matches the number reference on the Audit Planning Template

None

Given the changes are administrative/editorial in nature, auditors can continue to use the previous version.

Planning

Engagement Letter

Removed “Other Audit Work” section and made other editorial changes.

Changed the French version to reflect the gender of the current Auditor General.

Action required

Ensure you have the most updated template.

Planning

IT Audit Planning Memorandum

Updated planning template to document the planned involvement of IT audit team.

Action required

Ensure you have the most updated template.

Planning

Controls Assurance Planning Memo

New planning template to document the planned involvement of the controls assurance team.

Action required

Ensure you have the most updated template.

Planning

Control Matrix—Example

DELETED from the templates and checklists listing

None

Planning

Understand and Evaluate Control Activities (incl PEFR process)—Example

DELETED from the templates and checklists listing

None

Planning

Understand and Evaluate Internal Control Components (excl control activities)—Example

DELETED from the templates and checklists listing

None

Planning

Understand and Evaluate Internal Control Components (excl control activities)—Mapped Example

DELETED from the templates and checklists listing

None

Planning

Understand the entity’s response to IT risks—Example

DELETED from the templates and checklists listing

None

Planning

Understand the entity’s response to IT risks—IT Function Guidance

DELETED from the templates and checklists listing

None

Planning

Understand the entity’s response to IT risks—In-Scope Systems Guidance

DELETED from the templates and checklists listing

None

Planning

Letters for Solicitor/Client Privilege

Replaced reference to OAG Senior General Counsel with OAG General Counsel.

Action required

Ensure you have the most updated template.

Planning

Data Analytics and Research Methods Planning Memo

New planning template to document the planned involvement of the data analytics and research methods team.

Action required

Ensure you have the most updated template.

Reporting

Management Representation Letter—IFRS

Updates made related to auditing accounting estimates, COVID-19, IFRS standards, and other editorial changes.

Action required

Ensure you have the most updated template.

Reporting

Management Representation Letter—PSAS

Updates made related to auditing accounting estimates, COVID-19, PSAS standards, and other editorial changes.

Action required

Ensure you have the most updated template.
Phase Template Name Change Action Required/Impact

Updates to INTRAnet

The Financial Audit INTRAnet pages reflect the changes included in this Methodology Update.