Annual Audit Manual
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
7072 Understand the Entity and Its Environment
Sep-2020
In This Section
The Entity’s Transactions, Events and Conditions
Requirements of the Applicable Financial Reporting Framework
Nature of Accounting Estimates the Auditor Expects to be Included in the Financial Statements
CAS Requirement
When obtaining an understanding of the entity and its environment, the applicable financial reporting framework and the entity’s system of internal control, as required by CAS 315, the auditor shall obtain an understanding of the following matters related to the entity’s accounting estimates. The auditor’s procedures to obtain the understanding shall be performed to the extent necessary to obtain audit evidence that provides an appropriate basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels (CAS 540.13).
Obtaining an Understanding of the Entity and Its Environment and the Applicable Financial Reporting Framework
(a) The entity’s transactions and other events or conditions that may give rise to the need for, or changes in, accounting estimates to be recognized or disclosed in the financial statements.
(b) The requirements of the applicable financial reporting framework related to accounting estimates (including the recognition criteria, measurement bases, and the related presentation and disclosure requirements); and how they apply in the context of the nature and circumstances of the entity and its environment, including how the inherent risk factors affect susceptibility to misstatement of assertions.
(c) Regulatory factors relevant to the entity’s accounting estimates, including, when applicable, regulatory frameworks related to prudential supervision.
(d) The nature of the accounting estimates and related disclosures that the auditor expects to be included in the entity’s financial statements, based on the auditor’s understanding of the matters in 13(a)-(c) above.
Obtaining an Understanding of the Entity’s System of Internal Control
(e) The nature and extent of oversight and governance that the entity has in place over management’s financial reporting process relevant to accounting estimates.
(f) How management identifies the need for, and applies, specialized skills or knowledge related to accounting estimates, including with respect to the use of a management’s expert.
(g) How the entity’s risk assessment process identifies and addresses risks relating to accounting estimates.
(h) The entity’s information system as it relates to accounting estimates, including:
i. How information relating to accounting estimates and related disclosures for significant classes of transactions, account balances or disclosures flows through the entity’s information system; and
ii. For such accounting estimates and related disclosures, how management:
a. Identifies the relevant methods, assumptions or sources of data, and the need for changes in them, that are appropriate in the context of the applicable financial reporting framework, including how management:
i. Selects or designs, and applies, the methods used, including the use of models;
ii. Selects the assumptions to be used, including consideration of alternatives, and identifies significant assumptions; and
iii. Selects the data to be used;
b. Understands the degree of estimation uncertainty, including through considering the range of possible measurement outcomes; and
c. Addresses the estimation uncertainty, including selecting a point estimate and related disclosures for inclusion in the financial statements.
(i) Identified controls in the control activities component over management’s process for making accounting estimates as described in paragraph 13(h)(ii).
(j) How management reviews the outcome(s) of previous accounting estimates and responds to the results of that review.
CAS Guidance
Paragraphs 19-27 of CAS 315 require the auditor to obtain an understanding of certain matters about the entity and its environment, the applicable financial reporting framework and the entity’s system of internal control. The requirements in paragraph 13 of this CAS relate more specifically to accounting estimates and build on the broader requirements in CAS 315 (CAS 540.A19).
Changes in circumstances that may give rise to the need for, or changes in, accounting estimates may include, for example, whether (CAS 540.A23):
- The entity has engaged in new types of transactions;
- Terms of transactions have changed; or
- New events or conditions have occurred.
OAG Guidance
When developing an understanding of the entity’s information system, including business processes relevant to the entity’s financial reporting in accordance with OAG Audit 5034, consider the nature of the entity’s transactions and other events that may give rise to the need for, or changes in, accounting estimates to be recognized or disclosed in the financial statements.
As indicated in the introductory wording of CAS 540.13, the procedures performed to obtain this understanding are to be performed to the extent necessary to provide an appropriate basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. As a result, the nature, timing and extent of the risk assessment procedures will vary in relation to the level of estimation uncertainty assessed for each accounting estimate. As discussed further in the Interrelationships Between Inherent Risk Factors section in OAG Audit 7073.3, our assessment of estimation uncertainty for each accounting estimate will also reflect consideration of other inherent risk factors, including subjectivity and complexity.
Circumstances (or changes thereto) that may give rise to the need for, or changes in, accounting estimates may be identified when performing risk assessment procedures to understand the entity and its environment, including:
-
Understanding the entity and its environment and the applicable financial reporting framework (OAG Audit 5020);
-
Consideration of applicable laws and regulations (OAG Audit 7510);
-
Understanding related parties and related party transactions (OAG Audit 7530);
-
Reviewing minutes of meeting of shareholders and those charged with governance (OAG Audit 7560); or
-
Reviewing significant contracts and other agreements entered into by the entity (OAG Audit 7570).
CAS Guidance
Obtaining an understanding of the requirements of the applicable financial reporting framework provides the auditor with a basis for discussion with management and, where applicable, those charged with governance about how management has applied the requirements of the applicable financial reporting framework relevant to the accounting estimates, and about the auditor’s determination of whether they have been applied appropriately. This understanding also may assist the auditor in communicating with those charged with governance when the auditor considers a significant accounting practice that is acceptable under the applicable financial reporting framework, not to be the most appropriate in the circumstances of the entity (CAS 540.A24).
In obtaining this understanding, the auditor may seek to understand whether (CAS 540.A25):
-
The applicable financial reporting framework:
- Prescribes certain criteria for the recognition, or methods for the measurement of accounting estimates;
- Specifies certain criteria that permit or require measurement at a fair value, for example, by referring to management’s intentions to carry out certain courses of action with respect to an asset or liability; or
- Specifies required or suggested disclosures, including disclosures concerning judgments, assumptions, or other sources of estimation uncertainty relating to accounting estimates; and
-
Changes in the applicable financial reporting framework require changes to the entity’s accounting policies relating to accounting estimates.
OAG Guidance
When responding to assessed risks, we consider if management has appropriately evaluated and applied the criteria, if any, provided in the applicable financial reporting framework to support the selected method. Audit procedures performed as part of obtaining our understanding of the entity and its environment in accordance with CAS 315 assist us in understanding the requirements of the applicable financial reporting framework and provide a basis for assessing and responding to the related risks. See OAG Audit 5020 for detailed guidance on understanding the entity and its environment and the applicable financial reporting framework.
Financial reporting frameworks typically include specific guidance related to accounting estimates. For example, conditions for recognition or methods for measurement, such as fair value, required or permitted disclosures or requirements for management in determining a point estimate. Financial reporting frameworks also often include requirements to disclose information about the assumptions management makes about the future and other major sources of estimation uncertainty. Disclosure requirements in more complex financial statement areas, such as financial instruments, can be extensive and may require management to develop specific accounting estimates to fulfil the disclosure requirements (e.g., estimate of the possible impact that application of a new financial reporting standard that has been issued but is not yet effective will have on the entity’s financial statements in the period of initial application).
In some cases, the applicable financial reporting framework may prescribe the method of measurement for an accounting estimate (for example, a particular model that is required when measuring a fair value estimate). In many cases, however, the applicable financial reporting framework does not prescribe the method of measurement or may allow for multiple methods of measurement.
When the applicable financial reporting framework does not prescribe a particular method to be used, some matters that we may consider in obtaining an understanding of the method used or, when applicable, the model used to make accounting estimates include:
-
How management took into account the nature of the accounting estimate when selecting a particular method; or
-
Whether the entity operates in a business, industry, or environment in which there is a method commonly used to make the particular type of accounting estimate.
There may be higher risks of material misstatement, for example, in cases when management is departing from a method commonly used in their particular business, industry or environment.
Financial reporting frameworks may provide guidance for management on selecting point estimates when alternatives exist. For example, a financial reporting framework may require that the point estimate selected be the alternative that reflects management’s judgment of the most likely outcome, whereas another may require the use of a discounted probability-weighted expected value.
Note that we may regard potential misstatement in the disclosures related to estimates as a significant risk, where we consider those disclosures to have significant influence on the decisions made by the users of financial statements and therefore require special audit consideration. We may also consider whether it is appropriate to determine materiality as lower than overall materiality for key disclosures relevant to estimates, for example in relation to the industry in which the entity operates, in accordance with OAG Audit 2104.
CAS Guidance
Obtaining an understanding of regulatory factors, if any, that are relevant to accounting estimates may assist the auditor in identifying applicable regulatory frameworks (for example, regulatory frameworks established by prudential supervisors in the banking or insurance industries) and in determining whether such regulatory framework(s) (CAS 540.A26):
-
Addresses conditions for the recognition, or methods for the measurement, of accounting estimates, or provides related guidance thereon;
-
Specifies, or provides guidance about, disclosures in addition to the requirements of the applicable financial reporting framework;
-
Provides an indication of areas for which there may be a potential for management bias to meet regulatory requirements; or
-
Contains requirements for regulatory purposes that are not consistent with requirements of the applicable financial reporting framework, which may indicate potential risks of material misstatement. For example, some regulators may seek to influence minimum levels for expected credit loss provisions that exceed those required by the applicable financial reporting framework.
OAG Guidance
Consider the existence of any regulatory factors that are relevant to accounting estimates when obtaining the general understanding of the legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates as required by CAS 250.
Prudential supervision is a term used for a type of financial regulation that requires financial entities to manage risks and retain adequate capital as defined by applicable capital requirements (e.g., a national regulator may monitor and enforce specified capital adequacy ratios). In forming an opinion on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework (as required by CAS 700), any financial statement items presented or disclosed to address prudential requirements that form part of that framework would be subject to our audit procedures. This may include, for example, considering capital adequacy requirements that form part of a prudential supervision framework when evaluating management’s going concern assessment. If the prudential requirements are not part of the financial reporting framework, consider whether we may be required, for example under law or regulation, to perform additional procedures and report separately on any matters in the “Other Reporting Responsibilities” section of the auditor’s report.
CAS Guidance
Obtaining an understanding of the nature of accounting estimates and related disclosures that the auditor expects to be included in the entity’s financial statements assists the auditor in understanding the measurement basis of such accounting estimates and the nature and extent of disclosures that may be relevant. Such an understanding provides the auditor with a basis for discussion with management about how management makes the accounting estimates (CAS 540.A27).
OAG Guidance
Independently identifying the nature of accounting estimates and related disclosures we expect an entity to include in its financial statements enables us to consider what measurement basis we expect the entity to have and to consider the risks of material misstatement inherent in that measurement basis. This independent identification also serves to enable a completeness assessment of areas where management may need to develop accounting estimates in order to comply with the applicable financial reporting framework.
Examples of some accounting estimates we might expect to be included in an entity’s financial statements, depending on its circumstances, can be found in the section Examples of Accounting Estimates in OAG Audit 7071. However, it will also be necessary to understand other factors, including the entity’s business, the industry in which it operates and the requirements of the applicable financial reporting framework, in order to develop our expectation as to what estimates and related disclosures are likely to be necessary. For example, we consider whether based on the nature of an entity’s business and industry whether estimates and disclosures related to any uncertain tax treatments are expected to be included by management in the financial statements.
CAS Guidance
In applying CAS 315, the auditor’s understanding of the nature and extent of oversight and governance that the entity has in place over management’s process for making accounting estimates may be important to the auditor’s required evaluation of whether (CAS 540.A28):
-
Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior;
-
The control environment provides an appropriate foundation for the other components of the system of internal control considering the nature and size of the entity; and
-
Control deficiencies identified in the control environment undermine the other components of the system of internal control.
The auditor may obtain an understanding of whether those charged with governance (CAS 540.A29):
-
Have the skills or knowledge to understand the characteristics of a particular method or model to make accounting estimates, or the risks related to the accounting estimate, for example, risks related to the method or information technology used in making the accounting estimates;
-
Have the skills and knowledge to understand whether management made the accounting estimates in accordance with the applicable financial reporting framework;
-
Are independent from management, have the information required to evaluate on a timely basis how management made the accounting estimates, and the authority to call into question management’s actions when those actions appear to be inadequate or inappropriate;
-
Oversee management’s process for making the accounting estimates, including the use of models; or
-
Oversee the monitoring activities undertaken by management. This may include supervision and review procedures designed to detect and correct any deficiencies in the design or operating effectiveness of controls over the accounting estimates.
Obtaining an understanding of the oversight by those charged with governance may be important when there are accounting estimates that (CAS 540.A30):
-
Require significant judgment by management to address subjectivity;
-
Have high estimation uncertainty;
-
Are complex to make, for example, because of the extensive use of information technology, large volumes of data or the use of multiple data sources or assumptions with complex- interrelationships;
-
Had, or ought to have had, a change in the method, assumptions or data compared to previous periods; or
-
Involve significant assumptions.
OAG Guidance
When developing an understanding of the nature and extent of oversight and governance that the entity has in place over management’s process for making accounting estimates, consider the understanding of internal control obtained in accordance with OAG Audit 5031. Specifically consider how our assessment of the control environment and of the entity’s process to monitor the system of internal controls components provide a basis for identification and assessment of the risk of material misstatement related to accounting estimates.
Control environment
The elements of the control environment that may have a particular effect on controls over accounting estimates are:
-
The level of knowledge and experience of management and those charged with governance. The degree of complexity of some activities may mean that only a few individuals within the entity fully understand those activities. This may prompt us to question whether there is adequate management control and oversight by those charged with governance, and may affect our risk assessment and the nature, timing and extent of audit procedures considered necessary.
-
For estimates requiring significant management judgment, our assessment of the direction provided by management and those charged with governance will be negatively impacted where such policies do not provide clear direction, are not approved by those charged with governance (where applicable) or are not in place.
-
Segregation of duties and the assignment of personnel. Estimates activities may be categorized into a number of functions and we consider segregation of duties within those functions. For example, if the method or model underlying an estimate is complex, appropriate segregation of preparer and reviewer responsibilities will likely influence our assessment of the control environment.
The entity’s process to monitor the system of internal controls
An entity’s ongoing monitoring activities may detect and correct any deficiencies in the effectiveness of internal controls over estimates. Consider if there are specific activities within the monitoring of controls component, including any involvement of internal audit or an equivalent function, that may be relevant to the entity’s estimates processes which may provide a source of audit evidence if effectively designed and implemented.
Examples of such activities may include:
- Ongoing monitoring of controls over estimates calculations (e.g., review of controls over the spreadsheet calculations);
- Periodic reviews of the trend of estimates over time, against management’s objectives; or
- Evaluation of the controls around the data used for the related calculations or independent validations of models used.
- See OAG Audit 5031 for further guidance regarding the relevance of the entity’s system of internal control to the audit.
CAS Guidance
The auditor may consider whether the following circumstances increase the likelihood that management needs to engage an expert (CAS 540.A31):-
The specialized nature of the matter requiring estimation, for example, the accounting estimate may involve measurement of mineral or hydrocarbon reserves in extractive industries or the evaluation of the likely outcome of applying complex contractual terms.
-
The complex nature of the models required to apply the relevant requirements of the applicable financial reporting framework, as may be the case in certain measurements, such as level 3 fair values.
-
The unusual or infrequent nature of the condition, transaction or event requiring an accounting estimate.
OAG Guidance
Use of management’s experts
We need to understand the entity’s process for identifying whether sufficient skills and knowledge are necessary to develop an estimate. It is important to consider if the entity has sufficient expertise to develop an appropriate estimate, which may include management engaging an expert. For examples of relevant factors that may indicate a need for an entity to use an expert to develop an estimate, refer to CAS 540.A31. In situations when the entity did not use a management’s expert and we consider it necessary, communicate this to the management or those charged with governance, as appropriate.
In cases where management uses or relies on the work of an expert (management’s expert), follow the guidance in OAG Audit 3110. Common scenarios where a management’s expert may be involved in developing an estimate include:
- Estimating pension, postretirement and other benefit liabilities
- Determining financial instrument fair values
- Determining real estate values
- Evaluating the likely outcome of litigation or other claims
When management’s expert is used to make an estimate, consider if the core assurance team has the required expertise or if an OAG internal specialist or internal expert is needed. It may be necessary to use our specialists or experts to assist the core assurance team in evaluating the work of management’s experts.
CAS Guidance
Understanding how the entity’s risk assessment process identifies and addresses risks relating to accounting estimates may assist the auditor in considering changes in (CAS 540.A32):
-
The requirements of the applicable financial reporting framework related to the accounting estimates;
-
The availability or nature of data sources that are relevant to making the accounting estimates or that may affect the reliability of the data used;
-
The entity’s information systems or IT environment; and
-
Key personnel.
Matters that the auditor may consider in obtaining an understanding of how management identified and addresses the susceptibility to misstatement due to management bias or fraud in making accounting estimates, include whether, and if so how, management (CAS 540.A33):
-
Pays particular attention to selecting or applying the methods, assumptions and data used in making accounting estimates.
-
Monitors key performance indicators that may indicate unexpected or inconsistent performance compared with historical or budgeted performance or with other known factors.
-
Identifies financial or other incentives that may be a motivation for bias.
-
Monitors the need for changes in the methods, significant assumptions or the data used in making accounting estimates.
-
Establishes appropriate oversight and review of models used in making accounting estimates.
-
Requires documentation of the rationale for, or an independent review of, significant judgments made in making accounting estimates.
OAG Guidance
Management risk assessment process
Determine how management identifies business risks relevant to estimates, including how management estimates the significance of the risks, evaluates estimation uncertainty, assesses the likelihood of their occurrence and decides upon actions to manage them. Examples of types of risk that may be specifically related to estimates are:
-
Operational risk, which relates to the specific processing relevant to estimates, for example the proper handling and capture of customer quality issues, impacting the accurate measurement of the provision for warranty costs
-
Valuation risk, which is the risk that the value of the estimates and the related sensitive assumptions are determined incorrectly
-
Credit risk, which relates to the risk that the entity, its customer or counterparty will not settle an obligation for full value, either when due or at any time thereafter (where applicable)
-
Model risk, which is the risk that errors and subjectivity of valuation or other models used to determine the value of certain types of estimates (including fair value estimates) are not properly understood and accounted for
-
Legal risk, which relates to losses resulting from a legal or regulatory action.
Activities to manage the types of risk described above may include:
- Analyzing all estimates separated into the types of risks such as those described above
- Assessing those risks on a sufficiently frequent basis to be able to manage the exposure
- Analyzing the nature of the exposure in detail, so that hedging activity can be undertaken as needed
- Setting limits as to the amount of exposure taken on, relative to the entity’s risk management strategy
- Performing periodic model validation procedures
- Ensuring that there is adequate segregation of duties between the risk function and the accounting staff
- Utilizing specialized skills (e.g., management experts) for complex estimates.