11014 Evaluating the results
Jun-2019

Overview

This topic explains:

  • The factors to consider when evaluating the significance of non-compliance and determining the way to report it
  • The consultations needed when non-compliance is identified or suspected
  • The information presented in the Report Clearance Summary
  • The documentation to have in the audit file when non-compliance is significant and is reported
Evaluation of the significance of non-compliance

OAG Guidance

All potential cases of reportable non-compliance with authorities should be referred to the engagement leader for assessment and resolution. Such situations often involve legal interpretation of the relevant facts of the case, and will normally require consultation with the Internal Specialist—Compliance with Authorities and Legal Services.

Non-compliance with authorities is considered significant and reportable where there is a serious deviation from legislative and other authorities with respect to purpose, monetary limits, and other restraints.

Although compliance is normally a yes-or-no situation, the auditor has to assess the significance of the non-compliance situation identified and the attitude of the entity, as not all instances of non-compliance will necessarily be reported.

The following factors must be considered when evaluating the significance of a non-compliance situation:

  • the significance of the deviation in relation to the dollar materiality of the transaction(s); it may or may not be advisable to report a deviation involving small monetary amounts;

  • the importance of the deviation considering the organization’s legislative mandate;

  • the level of importance of the authority (non-compliance with a statutory requirement is likely to be more serious than non-compliance with by-law);

  • the pervasiveness of non-compliance for example, where a situation reported previously only in the management letter is escalating and the entity does not intend to take corrective action or where the situation reflects systemic non-compliance;

  • the motivation behind the deviation, as an accidental occurrence may be dealt with differently than a voluntary and deliberate case of non-compliance;

  • the clarity of the situation for example, a “borderline” case when there are opposing legal opinions from the entity and the Office;

  • the need to report the situation to Parliamentarians, after giving consideration to any public or parliamentary sensitivity or known need;

  • whether the situation reflects a significant erosion of Parliamentary controls;

  • the corrective action, if any, taken by the entity for example, an unauthorized transaction that is subsequently approved retroactively may not warrant disclosure; or

  • the impact of reporting, as the perceived role of the Office as an agent of change may influence the entity or the government to react to and change the unwanted situation.

Depending on the nature and the significance, a non-compliance with authority situation may be reported to:

  • The entity management (via a management letter);

  • The Audit Committee (via the Report to the Audit Committee); and/or

  • The Minister and/or Parliament (via the Auditor’s Report or the Observations of the Auditor General in the Public Accounts of Canada); and/or

  • The Minister and/or Parliament via audit chapter in the Report of the Auditor General.

Refer to the Policy in OAG Audit 7514 that requires consultations with Legal Services, the assistant auditors general of the practice and the Auditor General, when specific circumstances lead the engagement leader to determine it is necessary to report the identified or suspected non-compliance to the attention of the appropriate Minister.

The template Nature and Significance Considerations of Non-Compliance Issue may assist the auditor to assess the significance of a non-compliance instance and to determine the appropriate reporting mechanism as well as to document the rationale of his/her decision.

Consultations

OAG Guidance

Office policies require the audit team to consult when dealing with complex, unusual or unfamiliar issues, contentious matters or other matters requiring specialized knowledge or experience. A situation involving non-compliance with authority generally meets all of these criteria. At the early stages of evaluating potential non-compliance with authorities, consultation would be expected with:

  • Quality Reviewer, if applicable;

  • Legal Services;

  • Audit Services; and

  • any relevant internal specialists (for example, with the Internal Specialist for Fraud and/or the Internal Specialist—Compliance with Authorities).

As mentioned in OAG Audit 3081, certain significant matters are brought to the attention of the Auditor General before the signing of the Auditor’s report. Consultation may be directed by Office policy; however, it is also a matter of professional judgment.

Where a situation of non-compliance with authorities may indicate potential fraud, the Internal Specialist for Fraud should be consulted.

Report Clearance Summary

OAG Guidance

The Report Clearance Summary, if any, should include a comprehensive discussion of any proposed reporting of non-compliance with authorities, including a full description of:

  • the nature and significance of the non-compliance;

  • the entity’s management’s perspective;

  • the perspective of OAG Legal Services and other Internal Specialists consulted;

  • the mode of reporting and the rationale for the decision (management letter, Report to the Audit Committee, Auditor’s Report); and

  • any potential sensitivities.

Audit documentation

OAG Guidance

When a situation involving non-compliance with legislative authorities is identified, the audit file shall contain appropriate documentation, including:

  • a description of the non-compliance with authorities and references to the corresponding provision(s) of the authority instrument;

  • results of discussion with the entity’s management and the entity legal counsel;

  • communication with other federal entities;

  • the analysis of the significance of the non-compliance and the decision made about the reporting mechanism;

  • results of consultations with the engagement leader, the Quality reviewer, Audit Services and OAG specialists;

  • results of consultation with the Auditor General, if applicable;

  • a copy of relevant documents; and

  • any subsequent events between the end of the year and the date of the report.

This documentation is filed within the procedure “Evaluate potential impact of non-compliance with authorities and laws and regulations” within the program “General Execution Procedures” found in the Annual Audit Procedures—Supplement cabinet.

Related Guidance

Documenting significant matters and related significant professional judgment—OAG Audit 1143

Sufficient appropriate audit evidence—OAG Audit 1050

Communicating Deficiencies in Internal Control to those charged with Governance and Management—OAG Audit 2220

Consultations—OAG Audit 3081 and OAG Audit 3082

Fraud—OAG Audit 5500