Audit Methodology Update—Fall 2017
Nov-2017
Audience: Auditors working on
- special examinations, or
- performance audits tabling in Spring 2018 or after.
Effective date: Immediately upon release
This update highlights changes to direct engagements methodology (performance audits and special examinations). It includes changes to the Direct Engagement Manual, TeamMate audit procedures, templates and guidance.
Key changes in this update are:
- Revision of letter templates to improve clarity and message.
- Revision of the manual, templates, guidance, and TeamMate to more accurately reflect the roles and responsibilities for managing the practice.
- Review and, as needed, revision of all templates to ensure they contain appropriate guidance regarding security labelling.
- Review and, as needed, revision of all templates to ensure they comply with requirements of the 2016 Treasury Board Policy on Communications and Federal Identity.
- Clarification and updating of CODI procedures and requirements for controlling key documents.
- Improvement of guidance for use of the templates for risk-based planning and scoping.
- First steps to incorporate the new “core systems and practices” approach to planning special examinations.
- Full update of the 4th E Practice Guide (now called The Environment and Sustainable Development Guide), as well as updates of other guidance documents and templates of the ESD internal specialist.
This Fall 2017 update includes:
- Updates to Direct Engagement Manual
- Updates to templates and guidance
- Updates to TeamMate audit procedures
- Performance audits library
- Special examinations library
Teams that have not yet started using the previous versions of these tools must use the updated versions.
If you have any questions on methodology for performance audits or special examinations, please contact the Direct Engagement Practice Team (DEPT) through the DEPT mailbox.
1. Updates to Direct Engagement Manual
The following table describes the changes made to the Direct Engagement manual.
Section of the manual |
Changes made as a result of the update |
SoQC Sections |
|
1031 Ethical requirements relating to an assurance engagement |
Added two new policies to address rule 213 of the CPA Ontario Code of Professional Conduct and to address rule 11(4) of the CPA Quebec Code of Professional Conduct. |
1052 Audit procedures for obtaining audit evidence |
Updated guidance on what inquiry involves. |
1081 Selection of engagements quality control reviews and appointment of quality reviewers |
Revised the wording of the OAG policy to be consistent with the definition of listed entities. |
1192 Confidentiality, safe custody, integrity, accessibility, and retrievability of engagement documentation |
Changed the name of a Direct Engagement manual section reference. |
3065 Team members |
Removed reference to DE manual section 8011 in related sections. |
Glossary |
Added the following new definitions: Annual Report, IT dependencies, Relevant control. |
Direct Engagement Sections |
|
How to Use the Direct Engagement Manual |
Deleted statement that the CSAE 3001 standards are not on the public web version. The standards are now available in the public web version of our manual. |
101 Overview of Performance Audits |
Updated the Office vision, as of January 2017. Revised guidance on:
|
102 Overview of Special Examinations |
Added a note that special examinations are now reproduced in the AG’s reports to Parliament. Inserted explanation of “core” systems and practices. Revised wording of special examination conclusions. |
1510 Selection of performance audit topics |
Updated for the annual performance audit planning process, in line with changes to committees and new roles and responsibilities. |
2010 Project Management |
Updated for new roles and responsibilities including budget management. |
2040 Discussions with the Auditor General |
Revised policy to add clarity on the early auditor general’s engagement meeting. Updated for new roles and responsibilities. Revised guidance on planning phase AG briefings—not mandatory if the AG attended the advisory committee. |
2050 Advisory Committee meetings |
Revised guidance on planning phase AG briefings—not mandatory if the AG attended the advisory committee. Updated for new roles and responsibilities. |
4010 Understanding the subject matter in planning an audit |
Added clarification of procedure regarding the “three inquiries.” |
4020 Risk assessment |
Added guidance on “core” systems and practices for special examinations. Updated for new roles and responsibilities . |
4025 Internal Controls |
Updated guidance on the requirement to obtain an understanding of internal control, including the nature of work to evaluate the design and implementation of controls. Added guidance on “core” systems and practices for special examinations. |
4042 Audit Scope and approach |
Added policy and guidance on “core” systems and practices for special examinations. |
4043 Audit Criteria |
Added policy and guidance on “core” systems and practices for special examinations. |
4044 Developing the audit strategy: audit logic matrix |
Added policy and guidance on “core” systems and practices for special examinations. |
4090 Audit plan summary for performance audits |
Updated for new roles and responsibilities. |
4100 Special examination plan |
Added guidance regarding ensuring the Crown corporation has a clear understanding of the basis upon which they will be examined. Updated guidance to indicate that the special examination plan might be treated as a controlled document, if the engagement leader deems it necessary. It is no longer mandatory that the special examination plan be controlled. |
7030 Drafting the audit report |
Updated guidance on the practitioner’s signature in a performance audit or a special examination. Updated the guidance on the jurisdiction and location of the report. Added consultation with Report Communications. |
7040 Audit conclusion |
Revised wording of special examination conclusions. Revised guidance on significant deficiency for special examinations. |
8019 Submitting the principal’s (PX) draft and transmission draft |
Revised guidance to clarify that if the entity requests draft documents in both official languages, then the draft is to be sent in both languages simultaneously. Added guidance for providing copies of report to entity after DM draft. Updated for new roles and responsibilities. Added requirement for performance audits to send the PX draft to Editorial Services for a substantive edit before sending it to the entity. Such an edit may also be needed for a special examination. |
8020 Recommendations and entity responses |
Revised information regarding the action plans to the Public Accounts Committee. Performance audit reports tabled by the CESD are not referred to the Public Accounts Committee, so there is no requirement for action plans from entities in response to CESD reports. Updated for new roles and responsibilities. |
8030 Subsequent events |
Updated for new roles and responsibilities. |
8090 Preparation for tabling of performance audit reports |
Updated guidance on briefing notes to the AG before tabling. Teams no longer need to include potential questions and answers in the briefing notes. |
9020 Management of controlled documents |
Revised policy to allow two hard copies of controlled documents. Revised guidance on entity responsibility for third parties that they identify. Added statement to indicate that the special examination plan might be treated as a controlled document, if the engagement leader deems it necessary. It is no longer mandatory that the plan be controlled. Revised guidance for clarity. |
9070 Parliamentary committee hearings for performance audits |
Added clarification that the DX may also contribute as a witness to the parliamentary committee hearings. |
11010 Studies |
Revised wording—PAPMC to PAPOC |
2. Updates to templates and guidance
Audit teams are encouraged to refer to the table of changes below, for a detailed description of the nature and extent of changes made to the direct engagement templates and guidance.
With the exception of those documents identified as being specific to performance audits or special examinations, all templates and guidance documents listed below apply to both practices.
Template/Guidance Document |
Changes made as a result of the update |
4th E Practice Guide |
Title is now: Environment and Sustainable Development Guide. Updated to provide more information on UN Sustainable Development Goals, which must be considered during the planning phase of a Direct Engagement and when preparing a Strategic Audit Plan. Screening questions for ESD in the FRIT have changed, and the Environmental Risk Screening Tool has been withdrawn. |
Audit Plan Summary (Performance Audits) |
Added optional text to indicate that the OAG:
Updated for new roles and responsibilities. |
Audit Plan Summary Letter to the Deputy Head (Performance Audits) |
Revised for clarity and consistency with other letter templates. Updated for new roles and responsibilities. |
Audit Report Submission (Performance Audit) |
Added requirement for audit team to inform the Comptroller if the list of entities changes. Updated for new roles and responsibilities. |
Auditor General’s Involvement and Advisory Committee Meetings (Performance Audits) Auditor General’s Involvement and Advisory Committee Meetings (Special Examinations) |
Updated to clarify when AG briefings are optional, including consistency with revised policy on the early auditor general’s engagement meeting. Updated list of invitees for certain meetings. Updated to clarify that audit teams are not responsible for the 200 word message. Updated for new roles and responsibilities. |
Checklist for Preparing the Principal’s (PX) Draft |
Updated to indicate that substantive edit of PX draft is mandatory before issuance. |
Checklist for Preparing the Transmission Draft and Final Report (Performance Audits) |
Updated for new roles and responsibilities. |
Checklist for Sign-offs in TeamMate (Performance Audits) Checklist for Sign-offs in TeamMate (Special Examinations) |
Updated for new roles and responsibilities. |
Checklist—Assurance on the Application of Reporting Standards and Policies |
Updated guidance regarding independence and ethical requirements, as well as the location of the report. Updated guidance regarding the signature of the report and use of the OAG logo. Updated for new roles and responsibilities. |
CODI Guidance for OAG Employees |
Updated guidance for when an entity wishes to share an OAG protected document with non-entity officials. Updated guidance for when the audit team shares an OAG protected document with a third party. Revised policy now allows two hard copies of controlled documents. |
CODI Instructions for Entity Officials |
Updated guidance for when an entity wishes to share an OAG protected document with non-entity officials. Revised policy now allows two hard copies of controlled documents. |
Controls Assessment (CAT) |
Updated instructions for:
|
Dashboard for the Performance Audit Practice Management Committee (PAPMC) (Performance Audits) |
Removed this document, as the dashboard process has been discontinued. |
Engagement and Solicitor-Client Privilege Letter (Special Examinations) |
Revised for clarity and consistency with other letter templates. Updated for new roles and responsibilities. |
Engagement Risk Assessment (ERAT) |
Added requests for additional details about the planned audit such as product code and entities scoped in. ERAT is now to be submitted to DEPT. Updated for new roles and responsibilities. |
Entity PX Draft Audit Report Letter (Performance Audits) |
Revised for clarity and consistency with other letter templates. Revised information regarding the action plans to the Public Accounts Committee. Performance audit reports tabled by the CESD are not referred to the Public Accounts Committee, so there is no requirement for action plans from entities in response to CESD reports. Updated for new roles and responsibilities. |
Entity PX Draft Audit Report Letter (Special Examinations) |
Revised for clarity and consistency with other letter templates. |
Entity Scoped Out of the Audit Letter (Performance Audits) |
Revised for clarity and consistency with other letter templates. Updated for new roles and responsibilities. |
Entity Translation of Final Audit Report Letter (Performance Audits) |
Revised for clarity and consistency with other letter templates. |
Entity Transmission Draft Audit Report Letter Entity Hard Copy Transmission Draft Audit Report Letter (Performance Audits) |
Revised for clarity and consistency with other letter templates. Revised to clarify that if the entity requests draft documents in both official languages, then the draft is to be sent in both languages simultaneously. Updated wording for requesting confirmation that the “report is factually accurate.” Revised information regarding the action plans to the Public Accounts Committee. Performance audit reports tabled by the CESD are not referred to the Public Accounts Committee, so there is no requirement for action plans from entities in response to CESD reports. Revised policy now allows two hard copies of controlled documents. Updated for new roles and responsibilities. |
Entity Transmission Draft Audit Report Letter Entity Hard Copy Transmission Draft Audit Report Letter (Special Examinations) |
Revised for clarity and consistency with other letter templates. Updated wording for requesting confirmation that the “report is factually accurate.” Revised policy now allows two hard copies of controlled documents. Updated for new roles and responsibilities. |
Environmental Risk Profile for Strategic Audit Planning |
Title is now: Environment and Sustainable Development Risk Profile for Strategic Audit Planning. Merged the Entity-specific table and Sectoral topics table into a single table. |
Findings Blocks for the Special Examination Report Findings Blocks for the Performance Audit Report |
Added guidance that the word count of this template should be a maximum of 2,000 words. |
Functional Risk Identification (FRIT) |
Updated instructions for:
Updated screening questions for Environment and Sustainable Development. |
Guide on Risk-based Planning and Scoping for Direct Engagements |
Updated guidance for completing planning templates, including:
Added guidance for understanding the control environment as the foundation of internal control. Updated for new roles and responsibilities. |
Guidance on Strategic Planning for Performance Audits (Performance Audits) |
Updated for new roles and responsibilities. |
Independent Review Report |
Updated the text and instructions regarding independence and ethical requirements, as well as the location of the report. Updated wording for requesting confirmation that the “report is factually accurate.” |
Instructions for Completing the Performance Audit Report Instructions for Completing the Special Examination Report |
Updated for consistency with changes to Performance Audit Report template and Special Examination Report template. |
Kick-off Meeting Checklist |
Added instructions for teams to discuss health and safety considerations. |
Language Requirements for the Transmission of Specific Federal Performance Audit Documents |
Revisedguidance to clarify that if the entity requests draft documents in both official languages, then the draft is to be sent in both languages simultaneously. |
Letter of Notification and Solicitor-Client Privilege (Performance Audits) |
Revised for clarity and consistency with other letter templates. Updated for new roles and responsibilities. |
Making Performance Audits More Results Oriented (Performance Audits) |
Document has been temporarily removed from INTRAnet, as it is under revision. |
Management Letter |
Updated for new roles and responsibilities. |
Performance Audit Report |
Updated the text and instructions regarding independence and ethical requirements, as well as the location of the report. Updated wording for requesting confirmation that the “report is factually accurate.” |
Performance Audit Sampling Plan |
Title is now: Sampling Plan, to reflect that it can also be used for special examinations. |
Preliminary Assessment of Environmental Risks in Crown Corporations (Special Examinations) |
Changed title to Preliminary Assessment of Environment and Sustainable Development Risks in Crown Corporations. |
PX Draft External Advisers Clearance Letter |
Revised for clarity and consistency with other letter templates. |
Recommended Criteria and Audit Approach for Special Examinations (Special Examinations) |
Replaced document with new document, Special Examination Audit Approach. |
Special Examination Audit Approach (Special Examinations) |
NEW document to replace Recommended Criteria and Audit Approach for Special Examinations, and setting out mandatory ‘core’ systems and practices, standard criteria, suggested audit questions and steps, key supporting documentation, and other reference information for internal specialist areas. |
Special Examination Plan (Special Examinations) |
Added instructions regarding the fact that the special examination plan might be treated as a controlled document, if the engagement leader deems it necessary. It is no longer mandatory that the plan be controlled. Added instructions for joint audits to ensure compliance with Federal Identity Program and security requirements. Added instructions regarding “core” systems and practices for special examinations. Added optional text to indicate that the OAG may enquire into other matters of significant concern, should they come to our attention during our examination. |
Special Examination Plan Letter to the Head of the Crown Corporation Special Examination Plan Letter to the Audit Committee of the Board of Directors (Special Examinations) |
Revised for clarity and consistency with other letter templates. Added different options for certain text, to reflect the fact that the special examination plan might be treated as a controlled document, if the engagement leader deems it necessary. It is no longer mandatory that the plan be controlled. Revised policy now allows two hard copies of controlled documents. Updated for new roles and responsibilities. |
Special Examination Report (Special Examinations) |
Added standard text to explain significant deficiencies. Revised wording of special examination conclusions. Updated the text and instructions regarding independence and ethical requirements, as well as the location of the report. Updated wording for requesting confirmation that the “report is factually accurate.” |
Subject Matter Assessment of Risks (SMART) |
Updated instructions for:
|
Summary of SE Roles and Responsibilities (Special Examinations) |
Removed this document, as it is redundant with other templates and guidance. |
Third Party Letter |
Added optional text for when CODI is used. |
What to Expect—A Crown Corporation’s Guide to a Special Examination |
Updated to clarify that the entity is to inform the OAG audit team by email of its language preference for the Special Examination Plan, PX draft, and Transmission draft. Revised guidance to clarify that if the entity requests draft documents in both official languages, then the draft is to be sent in both languages simultaneously. Updated wording for requesting confirmation that the “report is factually accurate.” Updated to reflect the fact that the special examination plan might be treated as a controlled document, if the engagement leader deems it necessary. It is no longer mandatory that the plan be controlled. Revised policy now allows two hard copies of controlled documents. |
What to Expect—An Auditee’s Guide to the Performance Audit Process |
Updated to clarify that the entity is to inform the OAG audit team by email of its language preference for the Audit Plan Summary, PX draft, and Transmission draft. Revised guidance to clarify that if the entity requests draft documents in both official languages, then the draft is to be sent in both languages simultaneously. Updated wording for requesting confirmation that the “report is factually accurate.” Revised policy now allows two hard copies of controlled documents. |
What to Expect—An Auditee’s Guide to the Performance Audit Process (Presentation) (Performance Audits) |
Revised policy now allows two hard copies of controlled documents. Revised slides and notes to clarify that if the entity requests draft documents in both official languages, then the draft is to be sent in both languages simultaneously. This includes the Audit Plan Summary. |
Writing an Audit Report |
Removed this document, as it is redundant with other templates and guidance. |
3. Updates to TeamMate audit procedures
TeamMate audit procedures for both performance audits and special examinations were updated to reflect the changes made to the Direct Engagement Methodology and are reflected in the new TeamStore for performance audit and the one for special examination, that are available as of 2 November 2017.
There were no key structural changes made to either the performance audit or the special examination TeamMate procedures. For a detailed description of the nature and extent of the changes made, refer to:
- For performance audits: Table of Changes to Performance Audit—November 2017
- For special examinations: Table of Changes to Special Examination—November 2017
How these changes affect you:
Audit teams with audit work currently under way, continue using your current TeamMate file. Update your file to incorporate changes that are effective immediately, using the above mentioned tables of changes.
- Import relevant audit procedures, as needed using “Get Programs,” and replace sub-folders and/or audit procedures where work has not yet started.
- Do not make changes to audit procedures that are completed.
- Save the Table of Changes in your TeamMate file under the “Documentation of Significant Judgments” subfolder and link to it as necessary.
Audit teams that have not yet created their TeamMate file (Spring 2019 or later), use the new TeamStore for Performance Audits that incorporates the required changes.
Audit teams that have questions or need assistance with determining what TeamMate changes apply to their current audit, should contact the Direct Engagement Practice Team using the DEPT mailbox.