Annual Audit Manual

• How to Use the Annual Audit Manual
• Foreword
• Copyright
• Glossary
• 100 Overview
  • 101 Annual Audit Manual—Preface
  • 102 Using the Annual Audit Manual
• 200 OAG Audit
  • 202 Audit Program—Overview
• 1000 Audit Quality and Auditor Objectives
  • 1010 Nature and Scope of an Audit in Accordance with CASs
    • 1011 Canadian Auditing Standards and financial reporting considerations
    • 1012 Audit quality, including roles and responsibilities for audit quality
  • 1020 Conduct of an Audit in Accordance with CASs
    • 1021 Compliance with CAS objectives and CAS requirements
    • 1022 Departures from CAS objectives and CAS requirements
  • 1030 Ethical Requirements Relating to an Assurance Engagement
    • 1031 Ethical requirements relating to an assurance engagement
  • 1040 Professional Skepticism and Judgment
    • 1041 Applying professional skepticism
    • 1042 Applying professional judgment
    • 1043 Assurance skills and techniques
  • 1050 Sufficient Appropriate Audit Evidence and Audit Risk
    • 1051 Sufficient appropriate audit evidence
    • 1052 Audit procedures for obtaining audit evidence
    • 1054 Nature and limitations of an audit of financial statements
  • 1070 Job Rotation
    • 1071 Job rotation
  • 1080 Selection of Engagement Quality Reviews and Appointment of Engagement Quality Reviewers
    • 1081 Selection of engagement quality reviews and appointment of engagement quality reviewers
  • 1090 Complaints and Allegations
    • 1091 Complaints and allegations
• 1100 Audit Documentation and Review
  • 1101 Introduction
  • 1110 Nature, Purpose and Extent of Audit Documentation
    • 1111 Nature, purpose, and extent of audit documentation
    • 1112 Entity documentation and electronic (including email) audit evidence
    • 1113 Documenting audit work
  • 1120 Timely Preparation of Audit Documentation
    • 1121 Timely preparation of audit documentation
  • 1140 Documentation of Significant Matters and Related Significant Professional Judgments
    • 1141 Identifying significant matters
    • 1142 Evaluating, resolving, and communicating significant matters
    • 1143 Documenting significant matters and related significant professional judgments
  • 1150 Other Documentation Requirements and Considerations
    • 1151 Other documentation considerations
  • 1160 Documenting Review of Audit Documentation
    • 1161 Evidencing the extent of review of audit documentation
    • 1162 Engagement leader review: minimum documentation requirements
    • 1163 Engagement quality reviewer: minimum documentation requirements
  • 1170 Assembly of the Final Audit File
    • 1171 Assembly of the final audit file
    • 1172 Modifications to audit documentation after final assembly
    • 1173 Matters arising after the date of the assurance engagement report
    • 1174 File freezing
  • 1180 Multiple Reports Issued from the Same File
    • 1181 Multiple reports: documentation issues
  • 1190 Retention of Audit Documentation
    • 1191 Retention policies and procedures
    • 1192 Confidentiality, safe custody, integrity, accessibility, and retrievability of engagement documentation
    • 1193 Communications with a successor auditor
• 2000 Overall Engagement Considerations
  • 2010 Project Management
    • 2011 Maximizing the benefits of effective project management
    • 2012 Performing project management activities
    • 2013 Using the audit working paper software for project management
  • 2040 Using Detailed Electronic Data
    • 2041 Data auditing (Using detailed electronic entity data and data analysis tools in audit procedures)
    • 2042 Considerations for using detailed electronic entity data in audit procedures
    • 2043 Examples of using detailed electronic entity data
  • 2050 Using System-Generated Reports
    • 2051 Using system-generated reports
  • 2080 Contracted Out Audits
• 2100 Materiality
  • 2101 Introduction
  • 2102 Overall Materiality
  • 2103 Performance Materiality
  • 2104 Materiality for Particular Classes of Transactions, Account Balances or Disclosures
  • 2105 De Minimis SUM Posting Level
  • 2106 Revising Materiality Levels
  • 2107 Documenting Materiality
• 2200 Communication
  • 2210 Communication with Those Charged with Governance
    • 2211 Introduction
    • 2212 Those charged with governance
    • 2213 Communication process
    • 2214 Required communications for all engagements
    • 2215 Good practice communication for all engagements
  • 2220 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
    • 2221 Introduction
    • 2222 Determination of significant deficiencies
    • 2223 Communication to those charged with governance
    • 2224 Communication to management
    • 2225 Contents of the communication
• 2300 Group Audits
  • 2310 Introduction—Group Audit Considerations
    • 2311 Introduction—Group audit considerations
    • 2312 Responsibilities of the group engagement leader
    • 2313 Group audit guidance roadmaps
    • 2314 Documentation
  • 2320 Initial Engagement Activities
    • 2321 Acceptance and continuance as group auditor
    • 2321.1 Sharing Acceptance and Continuance information on a Group Audit
    • 2322 Obtaining an understanding of the group as part of A&C
    • 2323 Identifying components
    • 2324 Evaluating group auditor's planned involvement in the work of component auditors
    • 2325 Engagement letters
    • 2326 Understanding the component auditors
    • 2328 Compliance with Ethical Requirements, including those related to independence
    • 2329 Sufficient and Appropriate Resources
  • 2330 Overall Audit Strategy and Audit Plan
    • 2331 Obtaining an understanding of the group, its components, and their environments as part of our risk assessment procedures
    • 2332 Risk assessment at the group level
    • 2333 Determining materiality in group audits
    • 2334 Optional component materiality framework
    • 2335 Determining the type of work to be performed on the financial information of components
    • 2336 Responsibilities of the component auditor in different types of work to be performed on the financial information of components
  • 2340 Communication
    • 2340.1 Planned Direction and Supervision of Component Auditors and Review of Their Work
    • 2340.2 Group Engagement Team Planning
    • 2341 Communicating instructions to component auditors
    • 2342 Communicating among group engagement teams and component auditors during the audit
    • 2343 Communicating results at completion to group engagement team
    • 2344 Communicating with group management and those charged with governance of the group
    • 2345 Component auditor's report
  • 2350 Consolidation Process
    • 2351 Consideration in auditing the consolidation process
  • 2360 Completion and Reporting
    • 2361 Review of the work performed by component auditors
    • 2362 Evaluating the sufficiency and appropriateness of audit evidence obtained
    • 2363 Subsequent events
    • 2364 Modification to the opinion
    • 2365 Group Engagement Leader - Taking Overall Responsibility for Quality
  • 2370 Special Reporting Considerations
    • 2372 Use of our work and reports by other auditors where OAG is not the group auditor
  • 2380 Shared Service Centers Audits
    • 2381 Introduction to shared service centres audits
    • 2382 Planning and scoping of SSC audit work
    • 2383 Execution of fieldwork
    • 2384 Reporting on SSC work
    • 2385 Communication
    • 2386 Independence, applicable GAAS and access considerations
• 3000 Initial Engagement Activities
  • 3001 Introduction
  • 3010 Acceptance and Continuance
    • 3011 Acceptance and continuance
  • 3030 Independence
    • 3031 Independence
  • 3040 Terms of the Audit Engagement
    • 3041 Introduction
    • 3042 Preconditions for an audit
    • 3043 Agreement on audit engagement terms
    • 3044 Recurring audits
    • 3045 Acceptance of a change in the terms of the audit engagement
    • 3046 Additional considerations in engagement acceptance
    • 3047 Solicitor-client privilege letter
  • 3050 Initial Audit Engagements
    • 3051 Initial audit engagements
    • 3052 Auditing procedures for opening balances
    • 3053 Audit conclusions and reporting on opening balances
  • 3060 Engagement Team
    • 3061 Engagement team: assigning and managing tasks
    • 3062 Engagement leader responsibilities for audit quality
    • 3063 Engagement quality reviewer responsibilities
    • 3064 Team manager
    • 3065 Team members
    • 3066 Assistant auditor general
    • 3067 Working arrangement with joint auditor
  • 3070 Review of Audit Work and Documentation
    • 3071 Review of audit work and documentation
    • 3072 Documentation of Work Performed Using Technology Solutions as Part of an Audit
    • 3073 Direction, Supervision and Review Considerations When Using Technology Solutions
  • 3080 Consultations, Including where Differences of Opinion
    • 3081 Consultations
    • 3081.1 Summary of matters for consultations
    • 3082 Resolution of differences of opinion
  • 3090 Use of Auditor's Experts
    • 3091 Introduction
    • 3092 Determining the need to use an auditor’s expert
    • 3093 Determing the procedures to perform when using auditor’s experts
    • 3094 Evaluating the competence, capabilities and objectivity of the auditor’s expert and obtaining an understanding of the field of expertise
    • 3095 Agreeing terms and arrangements with the auditor’s expert
    • 3096 Evaluating the adequacy of the auditor’s expert’s work
    • 3097 Reference to the auditor’s expert in the auditor’s report
  • 3100 Specialists in Accounting or Auditing
    • 3101 Specialists in accounting or auditing
    • 3102 Involvement of IT Audit
    • 3103 Involvement of tax specialists
    • 3104 Involving a Controls Assurance specialist
  • 3110 Management’s Experts
    • 3111 Management’s experts
• 4000 Planning Activities
  • 4001 Introduction
  • 4010 Team Planning Meetings
    • 4011 Purpose, attendance and timing of the team planning meetings
    • 4013 Required discussions
    • 4014 Other discussions at the team planning meetings
    • 4016 Documentation and actions from team planning meetings
  • 4020 Audit Strategy
    • 4021 Establish an audit strategy
    • 4022 Develop and document the audit strategy
    • 4023 Planning activities
    • 4024 Develop the testing strategy
    • 4025 Timing of understanding and evaluation of internal controls
    • 4026 Strategy in relation to indirect ELCs
    • 4027 Strategy in relation to significant risks
    • 4028 IT testing strategy
      • 4028.1 Introduction
      • 4028.2 Is testing ITGCs likely to be efficient and effective?
      • 4028.3 ITGC testing
      • 4028.4 Testing IT dependencies with and without ITGC reliance
  • 4030 Audit Plan
    • 4031 Develop and document an audit plan
    • 4032 Summary of comfort
  • 4040 Planning Sign-off
    • 4041 Planning sign-off
  • 4050 Changes to the Audit Strategy and Plan
    • 4051 Changes to the audit strategy and plan
• 5000 Identify and Assess Audit Risks of Material Misstatement
  • 5001 Introduction
  • 5010 Risk Assessment Procedures
    • 5011 Risk assessment procedures and related activities
    • 5012 Develop initial expectations about risks of material misstatement and the classes of transactions, account balances and disclosures that may be significant
      • 5012.1 Overview
      • 5012.2 Use of risk assessment analytical procedures
      • 5012.3 Develop initial expectations about risks of material misstatement and the classes of transactions, account balances and disclosures that may be significant
    • 5013 Determine the competencies and capabilities required to perform risk assessment activities
  • 5020 Understanding the Entity and Its Environment, and the applicable financial reporting framework
    • 5021 Understanding the entity and its environment
    • 5022 Organizational structure, ownership and governance, and business model
    • 5023 Extent to which the entity’s business model integrates the use of IT
    • 5024 Industry, regulatory and other external factors
    • 5025 Measures used, internally and externally, to assess the entity’s financial performance
    • 5026 Understanding the Entity’s Climate-Related Risks
    • 5027 Understand the applicable financial reporting framework, and the entity’s accounting policies
    • 5028 Understand how inherent risk factors affect susceptibility of assertions to misstatement
    • 5029 Scalability
  • 5030 Understand the entity’s system of internal control, including IT environment
    • 5031 Entity’s system of internal control and its relevance to the audit
    • 5032 Components of internal control—Control environment
    • 5033 Components of internal control—The entity’s risk assessment process
    • 5034 Components of internal control—The Information system and communication
    • 5035 Components of internal control—Control activities
      • 5035.1 Identify controls that address risks of materials misstatement at the assertion level
      • 5035.2 Identify the risks arising from the use of IT and the related ITGCs
      • 5035.3 Segregation of duties
      • 5035.4 Information processing objectives
      • 5035.5 Evaluate design and implementation of controls
      • 5035.6 Scalability
    • 5036 Components of internal control—The entity’s process to monitor the system of internal of controls
    • 5037 Control deficiencies within the entity’s system of internal control
  • 5040 Identify and Assess Risks of Material Misstatement
    • 5041 Identify risks of material misstatement
    • 5042 Determine relevant assertions and significant FSLIs
    • 5043 Assess risks of material misstatement
      • 5043.1 Risk assessment framework
      • 5043.2 Assess risks at the financial statement level
      • 5043.3 Assess risks at the FSLI assertion level
    • 5044 Perform Overall Evaluation
• 5500 Fraud
  • 5501 Introduction
  • 5502 Fraud Risk Factors
  • 5503 Discussions Among the Engagement Team
  • 5504 Risk Assessment and Related Activities
  • 5505 Assessment of the Risk of Material Misstatement Due to Fraud
  • 5506 Responses to the Risks of Material Misstatements Due to fraud
  • 5507 Examples of Possible Audit Procedures to Address the Assessed Risks of Material Misstatement Due to Fraud
  • 5508 Management Override of Controls
  • 5509 Journal Entries
  • 5510 Evaluation of Audit Evidence to Identify Previously Unrecognized Risks of Fraud
  • 5511 Examples of Circumstances that Indicate the Possibility of Fraud
  • 5512 Fraud Communications
  • 5513 Involvement of the Internal Specialist for Fraud
  • 5514 Using CAATs in Attempting to Detect Fraud
  • 5515 Fraud In the Public Sector
• 6000 Develop and Execute Controls Tests
  • 6030 Using the Work of an Internal Audit Function
    • 6031 The role of the internal audit function
    • 6032 Evaluate ability to use the work of an internal audit function
    • 6033 Determining the nature and extent of work of the internal audit function that the Office finds appropriate to use
    • 6034 Evaluating the work of the internal audit function
    • 6035 Using internal auditors to provide direct assistance
  • 6040 Service Organizations
    • 6041 Use of service organizations
    • 6042 Understanding of services provided by a service organization
    • 6043 Service organization audit evidence
    • 6044 Reporting by the auditor
  • 6050 Develop and Execute a Controls Test Plan
    • 6051 Test of controls and their importance
    • 6052 Nature of controls tests
    • 6053 Extent of controls tests
    • 6054 Testing automated controls
    • 6055 Determine whether evidence is available for the whole period
    • 6056 Using controls evidence obtained in prior audits
    • 6057 Execute and evaluate results of planned controls procedures
    • 6059 Document controls testing
• 7000 Develop and Execute Substantive Tests
  • 7001 Introduction
  • 7010 Develop and Execute the Substantive Test Plan
    • 7011 Determine the level of evidence required from substantive procedures
    • 7011.1 Audit guidance for specific financial statement areas
    • 7013 Select the appropriate type of substantive procedures to perform
    • 7014 Determine the evidence needed from substantive procedures
    • 7015 Timing of substantive audit procedures
    • 7016 Execute substantive procedures and document results
  • 7020 Evaluate Sufficiency and Appropriateness of Audit Evidence
    • 7021 Evaluate the sufficiency and appropriateness of audit evidence
    • 7022 Taking stock meetings
  • 7030 Substantive Analytics
    • 7031 Introduction
    • 7032 Suitability of analytical procedures
    • 7033 Use of substantive analytical procedures
    • 7033.1 Evaluate reliability of data and develop an independent expectation
    • 7033.2 Defining a significant difference or threshold
    • 7033.3 Compute differences
    • 7033.4 Investigate and corroborate significant differences
    • 7034 Best practices to overcome potential pitfalls in applying analytical procedures
    • 7035 Common ratios and knowledge management tools
  • 7040 Tests of Details
    • 7041 Using tests of details
    • 7041.1 Application of tests of details
    • 7041.2 Documentation of tests of details
    • 7042 Targeted testing
    • 7043 Accept-reject testing
    • 7043.1 A five-step approach to performing accept-reject testing
    • 7044 Audit sampling
    • 7044.1 Eight-step approach to performing non-statistical audit sampling
    • 7044.2 Eight-step approach to performing statistical audit sampling
  • 7050 External Confirmations
    • 7051 Using external confirmations
    • 7052 External confirmation procedures
    • 7053 Evaluating results of external confirmation procedures
    • 7054 Bank confirmations—Specific considerations
    • 7055 Accounts receivable confirmations—Specific considerations
  • 7060 Physical Inventory Observation
    • 7061 Introduction
    • 7062 Planning to attend physical inventory counting
    • 7063 Performing test counts at annual physical inventory counting
    • 7064 Cycle counts
    • 7065 Testing final inventory records
    • 7066 Inventory count conducted other than at the date of the financial statements
    • 7067 Unable/impractical to attend physical inventory counting
    • 7068 Inventory under custody and control of a third party
    • 7069.1 Testing Inventory Costs
    • 7069.2 Inventory Cut-Off Testing
    • 7069.3 Planning and Executing Tests of Inventory Lower of Cost or Net Realizable Value
  • 7070 Auditing Accounting Estimates and Related Disclosures
    • 7071 Introduction
    • 7072 Understand the Entity and Its Environment
    • 7073.1 Step 1: Perform Risk Assessment Procedures
    • 7073.2 Step 2: Set Roles and Responsibilities
    • 7073.3 Step 3: Determine Risk of Material Misstatement and Testing Approach
    • 7073.4 Step 4: Test Method(s)
    • 7073.5 Step 5: Test Significant Assumptions
    • 7073.6 Step 6: Test Data
    • 7073.7 Step 7: Evaluate Work of Specialists and Experts
    • 7073.8 Step 8: Address Estimation Uncertainty and Test Disclosures
    • 7073.9 Step 9: Consider Management Bias
    • 7073.10 Step 10: Perform Overall Evaluation
    • 7074 Completion Procedures
• 7500 Other Audit Procedures
  • 7510 Consideration of Law and Regulations
    • 7511 Responsibilities in relation to laws and regulations
    • 7512 Audit procedures relating to compliance with laws and regulations
    • 7513 Actions on discovery of possible non-compliance with laws and regulations
    • 7514 Reporting considerations
  • 7520 Going Concern
    • 7521 Introduction
    • 7522 Risk assessment procedures and related activities
    • 7523 Evaluating management’s assessment
    • 7524 Additional audit procedures when events or conditions are identified
    • 7525 Audit conclusions and reporting
  • 7530 Related Parties
    • 7531 General considerations required for related party relationships and transactions
    • 7532 Risk assessment procedures for related party transactions
    • 7533 Responses to the risks of material misstatements associated with related party relationships and transactions
    • 7534 Evaluating disclosures, representations and communications
  • 7540 Litigation and Claims
    • 7541 Identify and assess completeness of litigation and claims
    • 7542 Communication with Entity’s External Legal Counsel
  • 7550 Segment Information
    • 7551 Segment information
  • 7560 Minutes of Meetings
    • 7561 Minutes of meetings
  • 7570 Contracts
    • 7571 Contracts
  • 7580 Testing reconciliations
    • 7581 Testing reconciliations
  • 7590 Use of Computer-Assisted Audit Techniques (CAATs)
    • 7591 Use of computer-assisted audit techniques (CAATs)
    • 7592 Considerations when performing CAATs
    • 7593 Considerations when performing revenue CAATs
• 8000 Reporting
  • 8010 Audit Reporting
    • 8011 Forming an opinion
    • 8012 Audit report
    • 8013 Modified audit opinion
    • 8014 Emphasis of matter and other matter paragraphs
    • 8015 Determine and communicate key audit matters
    • 8016 CAS reporting considerations
  • 8020 Comparative Information
    • 8021 Introduction
    • 8022 Comparative information
    • 8023 Corresponding figures
    • 8024 Comparative financial statements
  • 8030 Other Information
    • 8031 What is an annual report and other information
    • 8032 Obtaining the other information
    • 8033 Reading and considering other information
    • 8034 Material inconsistencies identified
    • 8035 Material misstatements of the other information
    • 8036 Material misstatements in the financial statements or the need to update our understanding of the entity and its environment
    • 8037 Reporting and documentation
  • 8040 Other Reporting Matters
    • 8041 Reporting on special purpose financial statements
    • 8042 Consent letters
• 9000 Completion Activities
  • 9001 Introduction
  • 9010 Summary of Uncorrected Misstatements
    • 9011 Introduction
    • 9012 Accumulation of identified misstatements
    • 9013 Consideration of identified misstatements as the audit progresses
    • 9014 Communication and correction of misstatements
    • 9015 Evaluating the effect of uncorrected misstatements
    • 9016 Written representation and documentation
  • 9020 Overall Conclusion Analytics
    • 9021 Perform overall conclusion analytics
  • 9030 Financial Statements and Financial Statement Disclosure Checklists
    • 9031 Financial statements preparation and audit procedures
    • 9032 Use of financial statement disclosure checklists
  • 9040 Subsequent Events
    • 9041 Introduction
    • 9042 Events occurring between the date of the financial statements and the date of the audit report
    • 9043 Events occurring after the date of the audit report but before the date the financial statements are issued
    • 9044 Events occurring after the financial statements have been issued
  • 9050 Management Representations
    • 9051 Introduction
    • 9052 Management representations as audit evidence
    • 9053 Management and its responsibilities
    • 9054 Formal requirements on written representation
    • 9055 Other written representations
    • 9056 Deficiencies in written representation
  • 9060 Completion Sign-offs
    • 9061 Completion sign-offs
  • 9080 Post-Audit Surveys
    • 9081 Post-audit surveys
• 11000 Auditing Compliance with Authorities and “Other Matters”
  • 11001 Introduction
  • 11002 Guiding Principles for Auditing Authorities
  • 11010 Compliance with Authorities
    • 11011 Understanding our legislative annual audit mandate
    • 11012 Identify and assess risks of non-compliance with authorities
    • 11013 Testing authorities
    • 11014 Evaluating the results
    • 11015 Reporting on compliance with authorities
    • 11016 Examples of reporting a non-compliance with authorities
  • 11020 Other Matters
    • 11021 Historical context of “other matters”
    • 11022 Our legislative responsibility to report “other matters”
    • 11023 Considering “other matters” in annual audits
    • 11024 Reporting “other matters” in accordance with our additional reporting responsibilities
    • 11024.1 Reporting “other matters” in the Public Accounts of Canada
    • 11024.2 Examples of “other matters” reported in Crown corporation auditor’s reports
    • 11024.3 Examples of “other matters” reported in other entities auditor’s report
  • 11030 Executive and Board Compensation
    • 11031 Auditing executive and board compensation, and travel, hospitality, conference and event expenditures
• Methodology Updates