COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
3071 Review of audit work and documentation
Dec-2023
Overview
Review ensures that the work performed supports the conclusions reached, that the evidence obtained is sufficient and appropriate to support the audit observations and conclusions, and that the audit work is appropriately documented.
This section outlines the principles of review, the need to adequately plan and assign responsibilities for review, the use of review notes, review considerations when experts are used, and documenting evidence of review.
OAG Policy
The engagement leader shall take responsibility for reviews being performed, according to Office review policies and procedures. [Nov-2011]
The review of audit work shall be performed on the basis that more experienced team members, including the engagement leader, review the work performed by less experienced team members. [Nov-2011]
Review and sign-off of engagement documentation by more junior team members shall precede those of more senior team members. [Nov-2011]
The engagement leader shall ensure that detailed file reviews are conducted on a timely basis at appropriate stages during the engagement and before the date of the assurance engagement report. [Nov-2011]
Reviewers shall ensure that all necessary work has been carried out and has been appropriately documented based on the experienced auditor principle. [Nov-2011]
OAG Guidance
Refer to OAG Audit 3062 Engagement Leader Responsibilities for additional guidance and policies outlining engagement leader responsibilities for review.
Principles of review
The “experienced auditor principle” states that auditors prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand
-
the nature, timing and extent of the audit procedures performed to comply with professional standards and applicable legal and regulatory requirements;
-
the results of the audit procedures performed and the audit evidence obtained; and
-
significant matters arising during the audit (including observations), the recommendations and conclusions reached thereon, and significant professional judgments made in reaching those conclusions.
The review process consists of
-
discussions between a reviewer and the preparer—all or part of the team, including an individual team member;
-
review of documented evidence, including documents in both electronic and any external hard copy files; and
-
the review and approval of conclusions including the support for those conclusions.
Whether these elements are undertaken at the same or at different times, and regarding particular areas of the audit or the audit as a whole depends on the engagement circumstances. It is critical that reviewers do more than just discuss the audit file with the auditor; they must review the file themselves before signing off. This review helps ensure that auditors recognize the importance of the requirement to properly document evidence in the file. The aim of review is to determine that
-
the audit work has been performed according to the original or a modified audit plan (Annual Audit 1052 and Direct Engagement 4045);
-
The nature, timing and extent of the procedures performed are consistent with the audit strategy and plan and extent of the procedures are documented in enough detail to enable an experienced auditor, having no previous connection with the audit, to understand the audit procedures performed and results, including the evidence obtained and its source, as well as the response to exceptions or any significant matters arising, and the conclusions reached (including the underlying rationale for the conclusions);
-
in annual audits, account balances being tested have been agreed or reconciled to entity accounting records (as applicable to the engagement);
-
the audit objectives of the planned and executed procedures have been achieved;
-
the results of audit procedures and evidence obtained, including, where appropriate, any exceptions noted and their resolution, are clearly reflected in the audit documentation and the conclusions reached are consistent with the results of the work performed;
-
significant matters have been identified and raised for further consideration;
-
consultations have taken place, where appropriate, and the resulting advice documented and implemented;
-
documentation (OAG Audit 1161) is appropriate and in compliance with OAG policy and assurance standards, clear, and concise and is free of excessive information, with cross-referencing to other documentation as appropriate;
-
documentation accurately and sufficiently describes the procedures performed, evidence obtained and conclusions reached;
-
the audit file and documentation within is organized in a logical manner to provide a clear link to the significant findings or issues;
-
consideration has been given to the potential impact of findings on the audit strategy and plan for that FSLI and other areas of testing; and
-
the evidence obtained is sufficient and appropriate to support the observations, recommendations, and conclusions in the report.
The following principles of review are applied to every assurance engagement:
-
There is always one level of review, and more experienced team members review work performed by less experienced team members.
-
Higher risk audit areas may require two levels of review.
-
All audit documentation, including file attachments and external hard copy files, and other related documents, is subject to at least one level of review.
-
Reviewers use their professional judgment to determine if they are satisfied with the completeness and appropriateness of the work done and its documentation. The level of detail involved in a review can vary, depending on the audit risk and significance.
-
Reviews are conducted on a timely basis.
-
Evidence of review (sign-off) is included in the audit file (OAG Audit 1161).
Planning reviews
The review process begins with briefing team members and continues with coaching to help team members do the work correctly the first time. This process covers what needs to be documented, including who will review what and when.
The audit team needs to schedule and budget time for review, considering the complexity of the engagement and size of the engagement team to determine how much review planning is needed and what to record to provide evidence that it has been done. For example, for smaller engagements with a two-person field team, it may be sufficient simply to record that the plan is to have audit areas reviewed as soon as practicable upon completion of work, with the engagement leader reviewing higher risk areas (in particular, significant risks) earlier than others. On other engagements, the plan may be more detailed and may include a project management element, with identification of the specific dates by which the audit areas are to be completed and reviewed.
Performing reviews
The review process the engagement team adopts is based on the experience and judgment of the engagement leader and senior team members. OAG Audit 3062 Engagement leader responsibilities for audit quality and OAG Audit 1162 Engagement leader review: minimum documentation requirements provide further guidance on the engagement leader’s review responsibilities, including the extent of the engagement leader’s review.
Engagement team members perform a critical self-review of their own work before the assigned reviewer reviews the file. After the team member has completed the critical self-review and addressed any matters identified for further work and/or documentation, the team member’s audit documentation is ready for review by the designated reviewer. OAG Audit 3065 Team members provides further guidance on team member responsibilities.
While the engagement leader is ultimately responsible for the performance of the audit and the quality of the audit file, team members with the appropriate knowledge and experience to act in this role are usually assigned review responsibilities (with the engagement leader’s coaching, if necessary). Each file is reviewed by an individual more experienced than the individual who prepared the file. It must be clear when and how reviewers are to bring matters to the attention of senior team members and/or the engagement leader.
Where the opportunity exists, performing reviews on-site can result in better development of team members as well as more immediate access to entity personnel in resolving review questions or comments.
In-person discussions should be conducted where possible during the reviews of most audit areas and procedures. Larger team discussions involving either all or part of the team involved in a work area may also help reviewers form a view of the adequacy of the work performed, the quality of the documentation, and the appropriateness of the conclusions.
There may be circumstances where face-to-face discussion cannot take place and a remote review is necessary, which may still achieve the objectives. A remote discussion generally involves the reviewer speaking to the team member while both have access to the audit file. Remote discussions may not be as efficient as in-person discussions since there may be less access to evidence if both the preparer and reviewer are off-site or there may be a need for more documentation in the file to explain what work has been completed to allow the reviewer to understand the work performed and assess its quality.
At the end of fieldwork, the team manager and the engagement leader discuss and if necessary, perform an overall final review of the audit file, for example, in conjunction with the final review of the financial statements, to be satisfied that all audit work has been reviewed, significant review notes are resolved, and there is sufficient audit evidence to support the final conclusions. This does not mean that the entire audit file will be reviewed; however, the engagement leader considers significant areas, as well as significant matters (OAG Audit 1141 Identifying significant matters), to ensure there is adequate support for the report and to enable sign off of the reporting and completion steps in the audit file.
When an engagement quality reviewer (EQR) is appointed, the EQR is responsible for objectively evaluating, before the assurance engagement report is dated, the significant judgments the engagement team made and the conclusions it reached in formulating the audit report. However, the engagement leader has overall responsibility for the engagement, including the quality of work done, the documentation, the significant judgments, and opinion. The EQR’s review does not reduce the responsibilities of the engagement leader. OAG Audit 3063 provides guidance on the role of the quality reviewer.
Raising and responding to review notes
The reviewer informs the auditor who prepared the work as well as previous reviewers of any significant changes to be made, and ensures they understand the corrections needed and reasons for the corrections. Issues should be discussed with senior team members and/or the engagement leader as appropriate as soon as they are identified. This allows issues to be appropriately addressed and documented at an early stage of the process.
Reviewers should provide notes to auditors to identify questions, desired follow-up actions, documentation concerns, etc. The reviewer is responsible for subsequently following up to determine that open review notes have been satisfactorily addressed.
The preparer is responsible for
-
promptly and thoroughly responding to these review notes;
-
performing additional procedures where needed and updating the documentation as appropriate;
-
communicating audit findings, including adjustments identified and potential modifications to the audit plan, to more senior members of the engagement team; and
-
notifying the reviewer when the review notes have been addressed.
Review notes are documented either in the audit file or in another manner, unless the preparer can address them during the review and the reviewer can observe evidence that the comment has been adequately addressed. Review notes should not be used to document audit evidence. Audit working papers should stand alone as a record of work done in an audit. Matters that have been raised during review and coaching should be addressed and documented in the working papers. In the audit working paper software, a reviewer marks a coaching note as cleared only when he or she is satisfied that the review comments raised have been appropriately addressed.
Reviewing the work of team members with expertise in a specialized area of accounting or auditing or the work of specialists
Some examples of specialists who assist in audits are
-
actuaries, to determine actuarially computed liabilities or other amounts;
-
environmental experts, with respect to environmental liabilities and contingent liabilities, and site clean-up costs or other environmental issues;
-
lawyers, to determine whether the rights, title, and interest in financial assets have been legally transferred or other legal issues;
-
appraisers (for example, of real estate, works of art, and antiques);
-
IT Audit specialists, for complex aspects of information systems or project management and system implementation;
-
Data analytics specialists (for example, performing complex audit data analytics, reviewing models created by the audited entities);
-
various aspects of management, for example, governance, values and ethics, or human resources; and
-
tax experts, for particularly complex or unusual tax issues.
Based on the significance of the specialist’s involvement in the engagement (consulting, coaching, or conducting audit procedures) and on the risk associated with the use of the specialist’s work and findings, the engagement leader should obtain sufficient appropriate evidence concerning the specialist’s work and findings in order to consider and conclude on the reasonableness of
-
the relevance, completeness, and accuracy of source data used by the specialist;
-
the specialist’s assumptions and methods and, where applicable, their consistency with those used in prior periods; and
-
the specialist’s findings and conclusions in relation to the objective of the engagement and their consistency with other audit evidence.
The engagement leader should also conclude on the significance of the specialist’s findings in relation to the whole audit and the engagement leader’s overall conclusion on the subject matter.
The extent of the Office’s review of the specialist’s work could vary considerably based on the significance of the specialist’s involvement in the engagement and the level of assurance derived from his or her work. For example, if the specialist provided knowledge and advice verbally, then review of the specialist’s work may be limited. However, if the specialist actually completes audit work, then review of his or her work should be more formal.
Evidence of review
When the reviewer has completed the review of each audit area within the file, evidence of the review should be indicated by electronic signature on the working papers and audit procedures summaries.
OAG Audit 1161, OAG Audit 1162, and OAG Audit 1163 provide detailed guidance on evidence and documentation of reviews and engagement leader and engagement quality reviewer requirements.