Annual Audit Manual

COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.

2326 Understanding the component auditors
Dec-2023

In This Section

Obtaining an understanding of a component auditor

Procedures to obtain an understanding of the component auditor and sources of evidence

Procedures for another OAG audit team

Procedures for external firms / auditors

The need for additional procedures to obtain an understanding in the first year

Obtaining an understanding subsequent to the first year

Responding to new information about the component auditor

Documenting the procedures performed and the results

Obtaining an understanding of a component auditor

CAS Requirement

If the group engagement team plans to request a component auditor to perform work on the financial information of a component, the group engagement team shall obtain an understanding of the following (CAS 600.19):

(a)   Whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent.

(b)   The component auditor's professional competence.

(c)   Whether the group engagement team will be able to be involved in the work of the component auditor to the extent necessary to obtain sufficient appropriate audit evidence.

(d)   Whether the component auditor operates in a regulatory environment that actively oversees auditors.

CAS Guidance

The group engagement team obtains an understanding of a component auditor only when it plans to request the component auditor to perform work on the financial information of a component for the group audit. For example, it will not be necessary to obtain an understanding of the auditors of those components for which the group engagement team plans to perform analytical procedures at group level only (CAS 600.A32).

The nature, timing and extent of the group engagement team's procedures to obtain an understanding of the component auditor are affected by factors such as previous experience with or knowledge of the component auditor, and the degree to which the group engagement team and the component auditor are subject to common policies and procedures, for example (CAS 600.A33):

  • Whether the group engagement team and a component auditor share:

    • common policies and procedures for performing the work (e.g., audit methodologies);
    • common quality control policies and procedures; or
    • common monitoring policies and procedures.

  • The consistency or similarity of:

    • laws and regulations or legal system;
    • professional oversight, discipline, and external quality assurance;
    • education and training;
    • professional organizations and standards; or
    • language and culture.

OAG Guidance

In determining the procedures to follow in obtaining an understanding of a component auditor the group engagement team considers various factors in addition to those mentioned in CAS 600.A33, such as:

  • The significance of the component, its materiality to the group financial statements, and the identified significant risks of material misstatements of the group financial statements related to the component.

  • The level of work to be requested of the component auditor (e.g., audit of financial information, audit of one or more account balances, classes of transactions or disclosures or, specific procedures).

  • The complexity of the component, including the extent of specialised knowledge or industry experience required.

  • Whether or not the component auditor is another OAG audit team subject to OAG's quality management systems.

Relevant sources of information considered by the group engagement team when obtaining an understanding of the component auditor may include:

  • Previous experience and involvement with the component auditor (e.g., whether meetings/discussions have occurred recently with the component auditor to obtain an understanding of the component and its environment or whether the group audit engagement team has recently reviewed relevant parts of the component auditor's audit documentation).

The results of these procedures will also be a consideration when determining the nature, timing, and extent of the group engagement team's involvement in the work of the component auditors (OAG Audit 2324).

Procedures to obtain an understanding of the component auditor and sources of evidence

CAS Requirement

If the group engagement team plans to request a component auditor to perform work on the financial information of a component, the group engagement team shall obtain an understanding of whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent (CAS 600.19(a)).

The group engagement team shall request the component auditor to communicate matters relevant to the group engagement team's conclusion with regard to the group audit. Such communication shall include whether the component auditor has complied with ethical requirements that are relevant to the group audit, including independence and professional competence (CAS 600.41(a)).

CAS Guidance

The factors for understanding the component auditor interact and are not mutually exclusive. For example, the extent of the group engagement team's procedures to obtain an understanding of Component Auditor A, who consistently applies common quality control and monitoring policies and procedures and a common audit methodology or operates in the same jurisdiction as the group engagement partner, may be less than the extent of the group engagement team's procedures to obtain an understanding of Component Auditor B, who is not consistently applying common quality control and monitoring policies and procedures and a common audit methodology or operates in a foreign jurisdiction. The nature of the procedures performed in relation to Component Auditors A and B may also be different (CAS 600.A34).

Where independent oversight bodies have been established to oversee the auditing profession and monitor the quality of audits, awareness of the regulatory environment may assist the group engagement team in evaluating the independence and competence of the component auditor. Information about the regulatory environment may be obtained from the component auditor or information provided by the independent oversight bodies (CAS 600.A36).

Quality management at the engagement level is supported by the firm's system of quality management and informed by the specific nature and circumstances of the audit engagement. In accordance with CSQM 1, the firm is responsible for communicating information that enables the engagement team to understand and carry out their responsibilities relating to performing engagements. For example, such communications may cover policies or procedures to undertake consultations with designated individuals in certain situations involving complex technical or ethical matters, or to involve firm-designated experts in specific engagements to perform audit procedures related to particular matters (e.g., the firm may specify that firm-designated credit experts are to be involved in auditing expected credit loss allowances in audits of financial institutions) (CAS 220.A4).

Some firm-level responses to quality risks are not performed at the engagement level but are nevertheless relevant when complying with the requirements of this CAS. For example, firm-level responses that the engagement team may be able to depend on when complying with the requirements of this CAS include (CAS 220.A6):

  • Personnel recruitment and professional training processes;

  • The information technology (IT) applications that support the firm's monitoring of independence;

  • The development of IT applications that support the acceptance and continuance of client relationships and audit engagements; and

  • The development of audit methodologies and related implementation tools and guidance.

Ordinarily, the engagement team may depend on the firm's policies or procedures in complying with the requirements of this CAS, unless (CAS 220.A10):

  • The engagement team's understanding or practical experience indicates that the firm's policies or procedures will not effectively address the nature and circumstances of the engagement; or

  • Information provided by the firm or other parties, about the effectiveness of such policies or procedures suggests otherwise (e.g., information provided by the firm's monitoring activities, external inspections or other relevant sources, indicates that the firm's policies or procedures are not operating effectively).

If the engagement partner becomes aware (including through being informed by other members of the engagement team) that the firm's responses to quality risks are ineffective in the context of the specific engagement or the engagement partner is unable to depend on the firm's policies or procedures, the engagement partner communicates such information promptly to the firm in accordance with paragraph 39(c) as such information is relevant to the firm's monitoring and remediation process. For example, if an engagement team member identifies that an audit software program has a security weakness, timely communication of such information to the appropriate personnel enables the firm to take steps to update and reissue the audit program. See also paragraph A71 in respect of sufficient and appropriate resources (CAS 220.A11).

OAG Guidance

For component auditors that are from another OAG audit team, it is appropriate for the group engagement team to give consideration to their knowledge of the OAG's common audit methodologies, policies, procedures and quality management systems, unless concerns have been identified through office communications or from other information available.

For component auditors that are from an external firm, the nature, timing, and extent of procedures performed by the group engagement team to obtain an understanding may, by necessity, comprise more two-way communication to gather the information needed from the component auditor.

The tables in Procedures for another OAG audit team and Procedures for external firms summarize procedures that may be undertaken to obtain an understanding of a component auditor in the first year of work, distinguishing between a component auditor that is another OAG audit team and a component auditor from an external firm.

The group auditor considers if these procedures are sufficient to obtain an understanding of the component auditor. Findings from performing these procedures may indicate that additional procedures will be needed to obtain an understanding, in which case the group engagement team needs to refer to the further guidance in The Need for Additional Procedures to Obtain an Understanding in the First Year block.

Procedures for another OAG audit team

OAG Guidance

CAS 600.19

Procedures for another OAG audit team

(a) Compliance with ethical requirements, particularly independence
  • The group auditor is able to take into account that the relevant OAG audit team applies the OAG's common audit methodologies, policies, procedures and systems, including independence systems and other office policies and procedures regarding independence and compliance with ethical requirements.
  • The group auditor may also consider previous work experience, if any, with the component auditor's engagement team and other relevant factors which may impact this judgement.
  • If the group auditor believes additional steps are necessary to evaluate a component auditor's compliance with ethical requirements, including independence, the group auditor may find it useful to contact Audit Services.

For additional guidance related to compliance with ethical standards, see OAG Audit 2328.

(b) Professional competence
  • The OAG’s system of quality management is designed to provide assurance that the engagement teams apply OAG policies and methodology regarding the conduct of audits. The group auditor considers if there is evidence to the contrary, for example, where communicated by the Office or by the component auditor.
  • As part of this, the group auditor considers previous work experience, if any, with the component auditor's engagement team and other relevant factors which may impact this judgement.
  • The group auditor considers the competence of the component auditors, including, to the extent necessary, industry knowledge, and competence in assessing compliance with applicable financial reporting framework and GAAS (see OAG Audit 2329 re financial reporting framework and GAAS considerations).

(c) Sufficient involvement of the group auditor in the work of the component auditor
  • Consider the nature and extent of involvement expected to be needed in light of:
    • The group engagement leader's overall responsibility for managing and achieving quality on the group audit, and the need for them to be sufficiently and appropriately involved throughout the group audit such that they have the basis for determining whether the significant judgments made, and conclusions reached, are appropriate given the nature and circumstances of the engagement;
    • significance of the component;
    • significant risks of material misstatement of the group financial statements;
    • group engagement team's evaluation of the design of entity-level controls and determination whether they have been implemented; and
    • understanding of the component auditor.
  • Consider the need to communicate the planned extent of the group auditor's involvement to the component auditor to obtain confirmation that it will be achievable.

See OAG Audit 2324.

(d) Regulatory environment that actively oversees auditors

The group auditor will be able to rely on the procedures carried out under (a) to (c) above when working with another OAG audit team since they share the same external oversight environment.
Procedures for external firms / auditors

OAG Guidance

CAS 600.19

Procedures for external firm/auditor

(a) Compliance with ethical requirements, particularly independence
  • Obtain confirmation from the external firm/auditor that their firm has implemented a system of quality management that is intended to align to the objectives of CSQM 1.
  • Obtain written confirmation of:
    • compliance with ethical requirements, including independence, relevant to the group audit; and
    • GAAS and financial reporting framework competence and necessary special skills (e.g., industry knowledge).
  • Consider previous work experience, if any.
  • Other procedures the group engagement team performs:
    • Discuss the component auditor with colleagues in the OAG or with a reputable third party who has knowledge of the component auditor.

For additional guidance related to compliance with ethical requirements, see OAG Audit 2329.

(b) Professional competence
  • Communicate instructions regarding the expected competencies and capabilities required of the component engagement team and obtain the component engagement leader's confirmation that the component engagement team has the skills necessary to perform the work requested.
  • Obtain an understanding of the component audit firm's professional standing.
  • Obtain written confirmation from the external firm component auditor that they have sufficient and appropriate resources to perform the work requested, including sufficient time.
  • Apply judgment to determine whether additional information needs to be communicated to or requested from external firm/auditor.

For additional guidance related to professional competence, see OAG Audit 2329.

(c) Sufficient involvement of the group auditor in the work of the component auditor
  • Consider the nature and extent of involvement expected to be needed in light of:
    • The group engagement leader's overall responsibility for managing and achieving quality on the group audit, and the need for them to be sufficiently and appropriately involved throughout the group audit such that they have the basis for determining whether the significant judgments made, and conclusions reached, are appropriate given the nature and circumstances of the engagement;
    • Significance of the component;
    • Significant risks of material misstatement of the group financial statements;
    • Group engagement team's evaluation of the design of entity-level controls and determination whether they have been implemented; and
    • Understanding of the component auditor.
  • Communicate the extent of the group auditor's involvement to the component auditor.
  • Consider requesting information from the component auditor as to whether the group auditor will be able to be involved in the work of the component auditor to the extent necessary.

See OAG Audit 2324.

(d) Regulatory environment that actively oversees auditors

As described in CAS 600.A36 in Group Engagement Team’s Procedures to Obtain an Understanding of the Component Auditor and Sources of Audit Evidence, where independent oversight and quality of monitoring of the audit profession exists, obtain an awareness of this environment sufficient to assist with the evaluation of independence and competency of the component auditor. This awareness may be obtained through inquiry of the component auditor and/or information available from the independent oversight bodies.
The need for additional procedures to obtain an understanding in the first year

CAS Guidance

The group engagement team may obtain an understanding of the component auditor in a number of ways. In the first year of involving a component auditor, the group engagement team may, for example (CAS 600.A35):

  • Evaluate the results of monitoring activities where the group engagement team and component auditor are from a firm or network that operates under and complies with common monitoring policies and procedures;

  • Visit the component auditor to discuss the matters in paragraph 19(a)-(c);

  • Request the component auditor to confirm the matters referred to in paragraph 19(a)-(c) in writing. Appendix 4 contains an example of written confirmations by a component auditor;

  • Request the component auditor to complete questionnaires about the matters in paragraph 19(a)-(c);

  • Discuss the component auditor with colleagues in the group engagement partner's firm, or with a reputable third party that has knowledge of the component auditor; or

  • Obtain confirmations from the professional body or bodies to which the component auditor belongs, the authorities by which the component auditor is licensed, or other third parties.

OAG Guidance

Generally it would be more likely that the additional procedures noted in the CAS guidance above would be applied to component auditors from an external firm/auditor. Typically, the group engagement team would only consider these additional procedures necessary for another OAG audit team in unusual circumstances, for example, significant concerns through:

  • previous experience from the group auditor's involvement in the work of the component auditor; or

  • knowledge of the component auditor from previous experience of the group engagement team members.

Visiting the component auditor will be more important where the component is significant to the group audit. This may also enable the group auditor to enhance their understanding of the component and component management.

Obtaining an understanding of the component auditor subsequent to the first year

CAS Guidance

In subsequent years, the understanding of the component auditor may be based on the group engagement team's previous experience with the component auditor. The group engagement team may request the component auditor to confirm whether anything in relation to the matters listed in CAS 600.19(a)-(c) has changed since the previous year (CAS 600.A35).

OAG Guidance

The group engagement team may request the component auditor to report only on whether anything in relation to relevant ethical requirements, including those related to independence, professional competence, and matters related to the sufficiency of the group engagement team's involvement, have changed since the previous year. 

The group engagement leader and team use their previous experience and knowledge of the component auditor and apply professional judgment to determine the appropriate procedures to perform when updating their understanding.

Where circumstances relating to the component auditor change significantly subsequent to the first year, the group-engagement team obtains their understanding, refer to the guidance in Responding to New Information about the Component Auditor, provided below.

Responding to new information about the component auditor

OAG Guidance

Responding to New Information about the Component Auditor

The group engagement team needs to evaluate new information that comes to its attention after the initial planning of a group audit if that information may impact the group auditor's assessment of their ability to use the work of a component auditor for purposes of the group audit. As part of this evaluation, the group auditor:

  • updates the understanding of the component auditor and considers whether to continue to use the work of the component auditor as audit evidence for purposes of the group audit;

  • determines whether the new information impacts the nature, timing or extent of the work planned to be performed by the component auditor (e.g., new information about the competency of the group auditor's firm to perform certain audit work); and

  • reassesses involvement in the work of the component auditor (e.g., what additional procedures, if any, the group engagement team needs to perform related to the work of the component auditor or the component), including whether to change the group auditor's planned direction and supervision of the component auditor and the review of their work.

Update Understanding of the Component Auditor

When new information comes to the attention of the group engagement leader or team which may impact the ability of the group auditor to use the work of a component auditor, the group engagement team inquires of the component audit engagement leader and others determined to be appropriate by the group engagement leader about the nature of the new information and its implications on the ongoing and previous audit work of the component auditor.

Documenting the procedures performed and the results

OAG Guidance

The procedures performed in obtaining or updating the understanding of the component auditor, and the results of those procedures, and any significant judgments made by the group engagement team are documented in the group auditor's working papers.