Annual Audit Manual
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
2341 Communicating instructions to component auditors
Dec-2023
In This Section
CAS Requirement
The group engagement team shall communicate its requirements to the component auditor on a timely basis. This communication shall set out the work to be performed, the use to be made of that work, and the form and content of the component auditor’s communication with the group engagement team. It shall also include the following (CAS 600.40):
(a) A request that the component auditor, knowing the context in which the group engagement team will use the work of the component auditor, confirms that the component auditor will cooperate with the group engagement team.
(b) The ethical requirements that are relevant to the group audit and, in particular, the independence requirements.
(c) In the case of an audit or review of the financial information of the component, component materiality (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) and the threshold above which misstatements cannot be regarded as clearly trivial to the group financial statements.
(d) Identified significant risks of material misstatement of the group financial statements, due to fraud or error, that are relevant to the work of the component auditor. The group engagement team shall request the component auditor to communicate on a timely basis any other identified significant risks of material misstatement of the group financial statements, due to fraud or error, in the component, and the component auditor’s responses to such risks.
(e) A list of related parties prepared by group management, and any other related parties of which the group engagement team is aware. The group engagement team shall request the component auditor to communicate on a timely basis related parties not previously identified by group management or the group engagement team. The group engagement team shall determine whether to identify such additional related parties to other component auditors.
The group engagement team shall request the component auditor to communicate matters relevant to the group engagement team’s conclusion with regard to the group audit. Such communication shall include (CAS 600.41):
(a) whether the component auditor has complied with ethical requirements that are relevant to the group audit, including independence and professional competence;
(b) whether the component auditor has complied with the group engagement team's requirements;
(c) identification of the financial information of the component on which the component auditor is reporting;
(d) information on instances of non-compliance with laws or regulations that could give rise to a material misstatement of the group financial statements;
(e) a list of uncorrected misstatements of the financial information of the component (the list need not include misstatements that are below the threshold for clearly trivial misstatements communicated by the group engagement team (see paragraph 40(c));
(f) indicators of possible management bias;
(g) description of any identified significant deficiencies in internal control at the component level;
(h) other significant matters that the component auditor communicated or expects to communicate to those charged with governance of the component, including fraud or suspected fraud involving component management, employees who have significant roles in internal control at the component level or others where the fraud resulted in a material misstatement of the financial information of the component;
(i) any other matters that may be relevant to the group audit, or that the component auditor wishes to draw to the attention of the group engagement team, including exceptions noted in the written representations that the component auditor requested from component management; and
(j) the component auditor’s overall findings, conclusions or opinion.
The engagement partner shall take overall responsibility for managing and achieving quality on the audit engagement, including taking responsibility for creating an environment for the engagement that emphasizes the firm's culture and expected behaviour of engagement team members. In doing so, the engagement partner shall be sufficiently and appropriately involved throughout the audit engagement such that the engagement partner has the basis for determining whether the significant judgments made, and the conclusions reached, are appropriate given the nature and circumstances of the engagement (CAS 220.13).
CAS Guidance
When this CAS expressly intends that a requirement or responsibility be fulfilled by the engagement partner, the engagement partner may need to obtain information from the firm or other members of the engagement team to fulfil the requirement (e.g., information to make the required decision or judgment). For example, the engagement partner is required to determine that members of the engagement team collectively have the appropriate competence and capabilities to perform the audit engagement. To make a judgment on whether the competence and capabilities of the engagement team is appropriate, the engagement partner may need to use information compiled by the engagement team or from the firm's system of quality management (CAS 220.A23).
Within the context of the firm’s system of quality management, engagement team members from the firm are responsible for implementing the firm’s policies or procedures that are applicable to the audit engagement. As engagement team members from another firm are neither partners nor staff of the engagement partner’s firm, they may not be subject to the firm’s system of quality management or the firm’s policies or procedures. Further, the policies or procedures of another firm may not be similar to that of the engagement partner’s firm. For example, policies or procedures regarding direction, supervision and review may be different, particularly when the other firm is in a jurisdiction with a different legal system, language or culture than that of the engagement partner’s firm. Accordingly, if the engagement team includes individuals who are from another firm, different actions may need to be taken by the firm or the engagement partner to implement the firm’s policies or procedures in respect of the work of those individuals (CAS 220.A24).
In particular, the firm's policies or procedures may require the firm or the engagement partner to take different actions from those applicable to personnel when obtaining an understanding of whether an individual from another firm (CAS 220.A25):
-
Has the appropriate competence and capabilities to perform the audit engagement. For example, the individual would not be subject to the firm's recruitment and training processes and therefore the firm's policies or procedures may state that this determination can be made through other actions such as obtaining information from the other firm or a licensing or registration body. Paragraphs 26 and A62-A66 of CAS 600 contain guidance on obtaining an understanding of the competence and capabilities of component auditors.
-
Understands the ethical requirements that are relevant to the group audit engagement. For example, the individual would not be subject to the firm's training in respect of the firm's policies or procedures for relevant ethical requirements. The firm's policies or procedures may state that this understanding is obtained through other actions such as providing information, manuals, or guides containing the provisions of the relevant ethical requirements applicable to the audit engagement to the individual.
-
Will confirm independence. For example, individuals who are not personnel may not be able to complete independence declarations directly on the firm's independence systems. The firm's policies or procedures may state that such individuals can provide evidence of their independence in relation to the audit engagement in other ways, such as written confirmation.
If effective two-way communication between the group engagement team and the component auditors does not exist, there is a risk that the group engagement team may not obtain sufficient appropriate audit evidence on which to base the group audit opinion. Clear and timely communication of the group engagement team's requirements forms the basis of effective two-way communication between the group engagement team and the component auditor (CAS 600.A57).
The group engagement team's requirements are often communicated in a letter of instruction. Appendix 5 contains guidance on required and additional matters that may be included in such a letter of instruction. The component auditor’s communication with the group engagement team often takes the form of a memorandum or report of work performed. Communication between the group engagement team and the component auditor, however, may not necessarily be in writing. For example, the group engagement team may visit the component auditor to discuss identified significant risks or review relevant parts of the component auditor’s audit documentation. Nevertheless, the documentation requirements of this and other CASs apply (CAS 600.A58).
Where a member of the group engagement team is also a component auditor, the objective for the group engagement team to communicate clearly with the component auditor can often be achieved by means other than specific written communication. For example (CAS 600.A60):
-
access by the component auditor to the overall audit strategy and audit plan may be sufficient to communicate the group engagement team’s requirements set out in paragraph 40; and
-
a review of the component auditor’s audit documentation by the group engagement team may be sufficient to communicate matters relevant to the group engagement team’s conclusion set out in paragraph 41.
Required and Additional Matters Included in the Group Engagement Team’s Letter of Instruction (CAS 600 Appendix 5)
Matters required by this CAS to be communicated to the component auditor are shown in [underlined] text.
Matters that are relevant to the planning of the work of the component auditor:
-
A request for the component auditor, knowing the context in which the group engagement team will use the work of the component auditor, to confirm that the component auditor will cooperate with the group engagement team [CAS 600.40(a)].
-
The timetable for completing the audit.
-
Dates of planned visits by group management and the group engagement team, and dates of planned meetings with component management and the component auditor.
-
A list of key contacts.
-
The work to be performed by the component auditor, the use to be made of that work [CAS 600.40(preface)], and arrangements for coordinating efforts at the initial stage of and during the audit, including the group engagement team's planned involvement in the work of the component auditor.
-
The ethical requirements that are relevant to the group audit and, in particular, the independence requirements [CAS 600.40(b)], for example, where the group auditor is prohibited by law or regulation from using internal auditors to provide direct assistance, it is relevant for the group auditor to consider whether the prohibition also extends to component auditors and, if so, to address this in the communication to the component auditors.
-
In the case of an audit or review of the financial information of the component, component materiality (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures), and the threshold above which misstatements cannot be regarded as clearly trivial to the group financial statements [CAS 600.40(c)].
-
A list of related parties prepared by group management, and any other related parties that the group engagement team is aware of, and a request that the component auditor communicates on a timely basis to the group engagement team related parties not previously identified by group management or the group engagement team [CAS 600.40(e)].
-
Work to be performed on intra-group transactions and unrealized profits and intra-group account balances.
-
Guidance on other statutory reporting responsibilities, for example, reporting on group management’s assertion on the effectiveness of internal control.
-
Where time lag between completion of the work on the financial information of the components and the group engagement team’s conclusion on the group financial statements is likely, specific instructions for a subsequent events review.
Matters that are relevant to the conduct of the work of the component auditor:
-
The findings of the group engagement team's tests of controls of a processing system that is common for all or some components, and tests of controls to be performed by the component auditor.
-
Identified significant risks of material misstatement of the group financial statements, due to fraud or error, that are relevant to the work of the component auditor, and a request that the component auditor communicates on a timely basis any other significant risks of material misstatement of the group financial statements, due to fraud or error, identified in the component and the component auditor’s response to such risks [CAS 600.40(d)].
-
The findings of internal audit, based on work performed on controls at or relevant to components.
-
A request for timely communication of audit evidence obtained from performing work on the financial information of the components that contradicts the audit evidence on which the group engagement team originally based the risk assessment performed at group level.
-
A request for a written representation on component management's compliance with the applicable financial reporting framework, or a statement that differences between the accounting policies applied to the financial information of the component and those applied to the group financial statements have been disclosed.
-
Matters to be documented by the component auditor.
Other information
-
A request that the following be reported to the group engagement team on a timely basis:
- Significant accounting, financial reporting and auditing matters, including accounting estimates and related judgments.
- Matters relating to the going concern status of the component.
- Matters relating to litigation and claims.
- Significant deficiencies in internal control that the component auditor has identified during the performance of the work on the financial information of the component, and information that indicates the existence of fraud.
-
A request that the group engagement team be notified of any significant or unusual events as early as possible.
-
A request that the matters listed in paragraph 41 be communicated to the group engagement team when the work on the financial information of the component is completed.
OAG Guidance
It is important to maintain timely two-way communications between the group engagement team and the component auditor on a group audit throughout the engagement. Early communication between the group engagement team and the component auditor assists in identifying and addressing potential issues as they arise. Clear instructions before the commencement of the group audit help to set expectations for the component auditor’s work and facilitate the group engagement team’s direction and supervision of the component engagement team, and review of their work.
Group auditor responsibilities
The group engagement team develops audit instructions that include all matters that will be of significance to the component auditor in planning, performing and reporting to the group engagement team. Any changes to instructions arising after the initial instructions are issued by the group engagement team, whether due to matters identified by the group engagement team or component auditors, may be communicated by adding a supplemental appendix to the instructions issued by the group engagement team and/or through discussions between the group and component engagement teams and documenting the changes that were communicated.
While communications are often in a letter of instruction, changes affecting the group, for example, be they internal (e.g., reorganizations) or external (e.g., changes in the regulatory environment) may be communicated by way of an appendix to the group instructions, at face-to-face meetings held between the group engagement team and component engagement teams, or through regular newsletter or other forms of communication.
The group engagement team communicates the following matters in the instructions:
-
The responsibility of the component engagement team to perform and document their work in accordance with CAS in order to support the report they will issue to the group engagement team, including the component engagement leader's responsibility for managing and achieving quality on the audit work performed by the component engagement team, through direction and supervision of the component engagement team and review of their work.
-
Clarification of responsibilities of the group engagement team and the component engagement team where overlap may otherwise occur.
-
The relevant ethical requirements, including those related to independence. In confirming compliance with ethical requirements as required by CAS 600.41(a), the component auditors will usually be requested to refer to the OAG Code of Values, Ethics and Professional Conduct and other relevant ethical requirements set out in rules of professional conduct/code of ethics applicable to the practice of public accounting issued by various professional accounting bodies in Canada. For further discussion, see OAG Audit 2328.
-
Information about the parent entity and/or group, including significant developments in the group auditor's location affecting the work of the component engagement team, a list of related parties of which the group engagement team is aware and any significant risks of material misstatement, due to fraud or error, that the group engagement team has identified and may be relevant to the work of the component engagement team.
-
The type of work to be performed by the component auditor in respect of the component (i.e., an audit of the financial information of the component, an audit of one or more account balances, classes of transactions or disclosures, specified procedures or a review of the financial information of the component).
-
The auditing standards applicable to the component auditor’s work.
-
The financial reporting framework applied in the preparation of the financial statements and the corresponding basis of preparation (framework) to be referred to in the report by the component auditor (e.g., local financial reporting framework, International Financial Reporting Standards or the company's accounting manual).
-
A description of specific laws and regulations (e.g., anti-money laundering regulations) applicable to the parent company that could have a direct bearing on the work the component engagement team performs at the component.
-
Reporting formats (e.g., the form of the interoffice report and management representation letter).
To the extent relevant, the group engagement team may communicate the following matters in the instructions:
-
Information obtained and/or planned to be obtained by the group engagement team relating to understanding the group and its environment (OAG Audit 2331), the group risk assessment (OAG Audit 2332), and the group engagement team's assessment of the control environment, including entity-level controls and/or Information Technology General Controls (ITGCs).
-
Plans for the group engagement leader and team's direction and supervision of the component engagement team's work, including, for example, team meetings throughout the audit to discuss topics relevant to the audit:
- Plans for team discussions on the elements of the audit strategy and plan;
-
Plans for the team planning meetings, including expected component auditor attendees; and
-
Plans for team discussions/taking stock meetings during the execution and completion phases of the audit, including planned participation by the group engagement leader and engagement team and/or component engagement leader and team.
-
Plans for the group engagement leader and team's review of the component engagement team's work.
-
Protocols for communications with group and component management, including planned client meetings and the group engagement leader's involvement in them.
-
Any identified formal written communications to component management, those charged with governance of the component and/or regulatory authorities of the component that are relevant to the group audit and which the group engagement leader plans to review prior to issuance.
-
Procedures component engagement teams are expected to perform on matters affecting the elimination of intercompany transactions and accounts and, if appropriate in the circumstances, the uniformity of accounting practices among the components included in the financial statements
-
Any matters that, in the group engagement leader's professional judgment, require consultation.
-
Where an engagement quality reviewer has been assigned for the group engagement, specific arrangements for the coordination of the engagement quality review, including meetings to be held with the engagement quality reviewer to discuss significant matters and significant judgments.
-
The list of key contacts on the group engagement team.
-
Timetable for completion.
-
Archiving and retention requirements.
-
Reporting formats (e.g., the Memorandum of Work Performed and the Report Clearance Summary to be used by each component for purposes of reporting to the group engagement team) (OAG Audit 2343 and OAG Audit 2345).
If no work on a component is required for consolidation purposes, but an audit of the component is required to satisfy local statutory, client or other reporting requirements, the engagement leader responsible for the component is asked to communicate with the group engagement team so that both are aware of the work being performed and of any client service matters. The group engagement team will provide the component team with any information that is required for an effective audit of the component (e.g., a list of related parties and Board decisions taken at group level).
The group engagement team requests the component auditor(s) confirm their receipt and understanding of the group engagement team’s instructions with an “Acknowledgement of Receipt” confirmation, acknowledging that they:
- received the group instructions,
- understand the instructions,
- will comply with the instructions,
- will cooperate with the group engagement team, and
- will provide access to relevant documentation, as appropriate.
The group engagement team requests the component auditor(s) to communicate details of the significant matters and other matters, as required by CAS 600.41 (h) and (i) (including summary of uncorrected misstatements, significant accounting, financial reporting, auditing or taxation matters) include the following:
- the nature of the matter;
- its accounting, auditing, or reporting significance;
- the persons with whom the matter was discussed; and
- conclusions reached the related rationales and the actions taken.
Component auditor responsibilities
The component auditor confirms their receipt and understanding of the group engagement team's instructions with an "Acknowledgment of Receipt" confirmation and communicates details of significant matters and other matters, as requested.
Related Guidance
-
An Interoffice and External Firm/Auditor Letter of Instruction template, which includes the component auditor’s Acknowledgement of Receipt, is included on the INTRAnet to assist group engagement teams with this communication.
-
For further guidance on the group auditor's involvement in the work to be performed by the component auditor, refer to OAG Audit 2324.