Annual Audit Manual
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
5021 Understanding the entity and its environment
Sep-2022
In This Section
CAS Objective
The auditor shall perform risk assessment procedures to obtain an understanding of (CAS 315.19):
-
The following aspects of the entity and its environment:
- The entity’s organizational structure, ownership and governance, and its business model, including the extent to which the business model integrates the use of IT;
- Industry, regulatory and other external factors; and
- The measures used, internally and externally, to assess the entity’s financial performance;
-
The applicable financial reporting framework, and the entity’s accounting policies and the reasons for any changes thereto; and
-
How inherent risk factors affect susceptibility of assertions to misstatement and the degree to which they do so, in the preparation of the financial statements in accordance with the applicable financial reporting framework, based on the understanding obtained in (a) and (b).
Understanding the entity and its environment
CAS Guidance
The auditor’s understanding of the entity and its environment, and the applicable financial reporting framework, assists the auditor in understanding the events and conditions that are relevant to the entity, and in identifying how inherent risk factors affect the susceptibility of assertions to misstatement in the preparation of the financial statements, in accordance with the applicable financial reporting framework, and the degree to which they do so. Such information establishes a frame of reference within which the auditor identifies and assesses risks of material misstatement. This frame of reference also assists the auditor in planning the audit and exercising professional judgement and professional skepticism throughout the audit, for example, when (CAS 315.A50):
-
Identifying and assessing risks of material misstatement of the financial statements in accordance with CAS 315 or other relevant standards (e.g., relating to risks of fraud in accordance with CAS 240 or when identifying or assessing risks related to accounting estimates in accordance with CAS 540);
-
Performing procedures to help identify instances of non-compliance with laws and regulations that may have a material effect on the financial statements in accordance with CAS 250;
-
Evaluating whether the financial statements provide adequate disclosures in accordance with CAS 700;
-
Determining materiality or performance materiality in accordance with CAS 320; or
-
Considering the appropriateness of the selection and application of accounting policies, and the adequacy of financial statement disclosures.
-
The auditor’s understanding of the entity and its environment, and the applicable financial reporting framework, also informs how the auditor plans and performs further audit procedures, for example, when (CAS 315.A51):
-
Developing expectations for use when performing analytical procedures in accordance with CAS 520;
-
Designing and performing further audit procedures to obtain sufficient appropriate audit evidence in accordance with CAS 330; and
-
Evaluating the sufficiency and appropriateness of audit evidence obtained (e.g., relating to assumptions or management’s oral and written representations).
OAG Guidance
Obtaining an understanding of the entity and its environment, including the applicable financial reporting framework, is a continuous, dynamic process of gathering, updating, and analyzing information throughout the audit. Our understanding establishes a frame of reference that enables us to tailor the risk assessment.
|
Why is this important? It is through this robust process to understand the entity and its environment that engagement teams are better able to identify and assess the risks of material misstatement specific to the entity. Identification and assessment of risks specific to the entity and its environment facilitates the development of audit responses that effectively and efficiently address the identified risks of material misstatement. |
OAG Audit 5020 discusses in more detail the understand the entity and its environment element of the OAG Risk Assessment Process illustrated below.
We obtain an understanding regarding the entity-specific risks, through research and analysis regarding:
- the entity, including its business model, organizational structure, ownership and governance;
- the environment in which the entity operates, including industry, regulatory and other external factors;
- the measures used by stakeholders to assess the entity’s financial performance;
- the entity’s selection and application of accounting policies and the reasons for any changes thereto.
A variety of sources are available to develop our understanding in these areas. These sources provide different perspectives and can be of great value to our risk assessment. We develop a robust understanding by making use of available and relevant information. The table below provides additional details of what our understanding includes, as well as some examples of how we can obtain relevant information in these areas.
|
What we understand |
Potential sources of information to obtain our understanding |
| The entity’s objectives and strategies, such as new products and services or expansions of the entity’s Business |
|
| The operating model the entity has developed to create, deliver and capture value |
|
| The scope and scale of operations, including markets or geographic or demographic spheres. |
|
| The extent to which IT is integrated with the entity’s business model, including interactions with customers, suppliers, lenders and other stakeholders. |
|
| Expectations of stakeholders and management incentives. |
|
| Business risks that give rise to risks of material misstatement |
|
| Current events and trends within the entity’s industry |
|
| Industry developments, such as the lack of personnel or expertise to deal with the changes in the industry |
|
| Legal and regulatory framework applicable to the entity |
|
Our understanding is developed through a combination of our own research, taking into account how the entity compares against its industry, its competitors and/or peers, and discussions with entity personnel. Based on the understanding we have obtained; we evaluate management’s view of their business and assess management’s risk assessment. We apply professional skepticism and challenge management’s views and assessment of risks, where necessary. Part of forming our understanding is considering various sources of information about the entity and its environment and designing our risk assessment procedures in a manner that is not biased towards obtaining audit evidence that may be corroborative of our original expectations or towards excluding audit evidence that may be contradictory to our original expectations.
Related Guidance
Our understanding of the entity is also important foundational information that can be useful in other areas of audit work. Some of these areas and the related OAG Audit guidance, include:
- Materiality—OAG Audit 2100,
- Related party transactions—OAG Audit 7531,
- Appropriateness of management’s use of the going concern basis of accounting—OAG Audit 7523,
- Use of risk assessment analytical procedures—OAG Audit 5012.2,
- Auditing accounting estimates and related disclosures—OAG Audit 7070.