Annual Audit Manual

COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.

2328 Compliance with Ethical Requirements, including those related to independence
Dec-2023

In This Section

Understanding the component auditor’s compliance with ethical requirements, including those related to independence

Procedures for ethical requirements

Procedures for independence

Concerns with ethical and independence requirements

Understanding the component auditor’s compliance with ethical requirements, including those related to independence

CAS Requirement

The engagement partner shall have an understanding of the relevant ethical requirements, including those related to independence, that are applicable given the nature and circumstances of the audit engagement (CAS 220.16).

The engagement partner shall take responsibility for other members of the engagement team having been made aware of relevant ethical requirements that are applicable given the nature and circumstances of the audit engagement, and the firm’s related policies or procedures, including those that address (CAS 220.17):

  1. Identifying, evaluating and addressing threats to compliance with relevant ethical requirements, including those related to independence;
  2. Circumstances that may cause a breach of relevant ethical requirements, including those related to independence, and the responsibilities of members of the engagement team when they become aware of breaches; and
  3. The responsibilities of members of the engagement team when they become aware of an instance of non‑compliance with laws and regulations by the entity.

CAS Guidance

When performing work on the financial information of a component for a group audit, the component auditor is subject to ethical requirements that are relevant to the group audit addition to those applying to the component auditor when performing a statutory audit in the component auditor’s jurisdiction. The group engagement team therefore obtains an understanding whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit, sufficient to fulfill the component auditor’s responsibilities in the group audit (CAS 600.A37).

OAG Guidance

OAG employees should adhere to the OAG Code of Values, Ethics and Professional Conduct and other relevant ethical requirements, including independence, set out in rules of professional conduct/code of ethics applicable to the practice of public accounting issued by the various professional accounting bodies in Canada. Employees who belong to a professional association may also be governed by the codes and by‑laws of that body.

When applying the provisions of CAS 600.A37, the group engagement team refers to those codes as the ethical requirements that are relevant to the group.

Procedures for ethical requirements

OAG Guidance

Group auditor responsibilities—OAG component auditors

It is the responsibility of the group auditor to identify the ethical requirements, including those related to independence, that are relevant to the group audit.

The group engagement leader obtains evidence that the OAG component auditor is aware of the relevant requirements by performing the following:

  • Relying on the Office system of quality management (SoQM) including the independence policies, systems and procedures.
  • Communicating to the component auditor the ethical requirements, including those related to independence, relevant to the group audit. This includes any incremental requirements applicable in the group auditor's territory with which the component engagement team members need to comply. These requirements are communicated as part of the group audit instructions provided to the component auditors. If engagement circumstances change, resulting in further requirements becoming relevant, the group engagement team communicates those further requirements to the component auditor on a timely basis.
  • Obtaining an "Acknowledgment of Receipt” from the component auditor, in which the component auditor confirms that:
    • The component auditor is not aware of any information that indicates that members of the engagement team may not be sufficiently aware of the ethical requirements relevant to the engagement, and
    • The component auditor will comply with the relevant ethical requirements as described in the group auditor's instructions, including incremental ethical requirements relevant to the group audit.

If engagement circumstances change, resulting in further ethical requirements becoming relevant, the group auditor engagement team obtains an updated acknowledgment from the component engagement team.

The group engagement team may determine that further procedures are necessary. This is a matter of judgment and would be determined by the group engagement leader based on the circumstances of the engagement. Examples of further procedures include, but are not limited to, the following:

  • The group engagement team may hold a team planning discussion with the component auditor to emphasize the importance of complying with ethical requirements, including those related to independence.
  • The group engagement team may consider whether to provide additional information to the component auditor regarding the provisions of the ethical requirements relevant to the work to be performed by the component auditor. For example, if there are more restrictive group auditor ethical or independence requirements that apply to the component auditor and the requirements are newly adopted or this is the first year the component auditor is involved in the group auditor, the group auditor may decide to provide additional information to the component auditor or require that the component auditor complete training (provided by either the group auditor or component auditor) on the relevant topic.                                                                     

Written independence confirmations

For OAG component team members, the group engagement team may rely on the independence policies, systems, and procedures in place at the OAG and, therefore, written confirmations from OAG component teams confirming their independence are not required.

Obtaining such a confirmation does not reduce the group engagement leader's responsibility to fulfill the underlying CAS 220 requirements. In other words, while the component auditor may provide a confirmation to the group engagement leader that independence threats or breaches have been appropriately assessed and actions taken, the group engagement leader is still required by CAS 220.18 and 20 to take appropriate action with respect to such threats or breaches when they become aware of them. OAG Audit 1031 provides further guidance on this topic.

Group auditor responsibilities—External component auditors

It is the responsibility of the group engagement team to identify the ethical requirements, including those related to independence, that are relevant to the group audit, and communicate those requirements to the non‑OAG component auditor.

The group engagement leader obtains evidence that the non‑OAG component auditor is aware of the relevant requirements by performing the following:

  • Obtaining a confirmation from the component auditor that their firm has implemented a system of quality management that is intended to align to the objectives of CSQM 1.
  • Communicating to the component auditor the ethical requirements, including those related to independence, relevant to the group engagement. This includes any incremental requirements applicable in the group engagement team's territory with which the component auditor need to comply. These requirements are communicated as part of the group engagement team's instructions to the component auditor. If engagement circumstances change, resulting in further requirements becoming relevant, the group engagement team communicates those further requirements to the component auditor on a timely basis.
  • Obtaining a confirmation from the component auditor, in which the component engagement leader confirms that the component auditor is aware of the relevant ethical requirements as communicated in the group engagement team’s instructions and will comply with those requirements.

If engagement circumstances change, resulting in further ethical requirements becoming relevant, the group engagement team obtains an updated acknowledgment from the component auditor.

Written independence confirmations

When asked to confirm independence, component auditors will be required to confirm to the group engagement team, at a minimum, the following:

  • That they are not aware of any local entities that would be considered to be related entities of the parent that are not included in the list of entities provided by the group engagement team. If they are aware of such entities, they need to provide a list of the entities to the group engagement team.
  • That they are not aware of any past or existing professional services or business arrangements or alliances between the component auditor’s firm and the entities indicated on the list of entities provided by the group engagement team that could be reasonably thought to bear on independence in respect of the group and the component. If they are aware of such services or arrangements, they need to provide a list of the services or arrangements to the group engagement team.
  • That they are not aware of any other circumstances that could be reasonably thought to bear on independence in respect of the group and the component. If they are aware of such circumstances, they need to provide a list of the circumstances to the group engagement team and evaluate the impact of such services or arrangements on their independence.

For non‑OAG component auditors, written confirmation of their compliance with professional standards relating to ethical requirements are required to be obtained according to CAS 600.41(a). In the initial communication with non‑OAG component auditors, the group engagement team needs to communicate the ethical requirements that are relevant to the group audit. This requirement is covered in the Group Audit (GA) External Firms (non‑OAG) Letter of Instructions Template.

If the component engagement team will not be able to comply with any of the relevant ethical requirements, the component engagement leader notifies the group engagement leader on a timely basis. The component engagement leader and group engagement leader agree on the actions to be taken to address the matter.

Component auditor responsibilities

The component auditor is responsible for complying with ethical requirements, including those related to independence, relevant to the engagement. The component engagement leader takes responsibility for other members of the component engagement team having been made aware of the ethical requirements relevant to the engagement. In doing so, the component engagement leader relies on the independence policies, systems, and procedures in place at the OAG.

In addition, during the team planning meeting(s), the component engagement leader discusses the importance of adhering to ethical requirements, including personal independence requirements, with the component engagement team. As part of these discussions, the component engagement leader highlights specific or incremental requirements that are relevant to the group audit based on engagement circumstances. Reminders about the importance of complying with ethical requirements, including those related to independence, may also be reiterated during taking stock meetings, as the component engagement leader judges to be appropriate.

The component engagement leader notifies the group engagement leader as soon as possible if the component engagement team does not have an understanding of any incremental requirements applicable to the group auditor with which they need to comply. The component engagement leader and group engagement leader work together to determine the actions to be taken to address the matter. For example, the group engagement team may provide additional information to the component auditor about the incremental requirements; or the group and component engagement leaders may decide to provide training about the incremental ethical requirements to certain members of the component engagement team.

At the completion of the audit, and before issuing the interoffice audit report to the group auditor, the component engagement leader concludes whether the component auditor has complied with the ethical requirements, including those related to independence, that are relevant to the component engagement. OAG Audit 1031 includes considerations the engagement leader takes into account in evaluating the engagement team's compliance with relevant ethical requirements, including those related to independence.

Related Guidance

Refer also to the following OAG Audit sections:

OAG Audit 1031 Ethical Requirements Relating to an Assurance Engagement.

OAG Audit 3031 Independence.

OAG Audit 3062 Engagement Leader Responsibility for Audit Quality—Considering the Results of the Quality Monitoring Process.

Procedures for independence

OAG Policy

OAG

For OAG audit teams, the group engagement team may rely on the independence policies, systems, and procedures in place at the OAG and, therefore, written confirmations from OAG component teams confirming their independence are not required. [Oct‑2012]

External Firms / Auditors

For external component auditors, written confirmation of their compliance with professional standards relating to independence needs to be obtained. [Oct‑2012]

Concerns with ethical and independence requirements

CAS Requirement

If a component auditor does not meet the independence requirements that are relevant to the group audit, or the group engagement team has serious concerns about the component auditor’s ethical requirements, the group engagement team shall obtain sufficient appropriate audit evidence relating to the financial information of the component without requesting that component auditor to perform work on the financial information of that component (CAS 600.20).

CAS Guidance

The group engagement team cannot overcome the fact that a component auditor is not independent by being involved in the work of the component auditor or by performing additional risk assessment or further audit procedures on the financial information of the component (CAS 600.A39).

OAG Guidance

In situations where the component auditor is not independent in accordance with the requirements relevant to the group audit or, in situations where the group engagement team has serious concerns about the component auditor’s understanding of or ability to comply with the relevant ethical requirements, including those related to independence, the group engagement team cannot use the work of the component auditor and needs to find an alternative source for audit evidence over the financial information of the component.

In some circumstances where the group engagement team has less than serious concerns about ethical requirements, they may be able to overcome these concerns by, for example, increasing their involvement in the work of the component auditor, being involved in the risk assessment, or performing further audit procedures on the financial information of the component.