4090 Audit Plan Summary for Performance Audits
Aug-2021

Overview

The OAG provides the audited entities with a summary of the audit plan (including audit objective, criteria, and scope and approach) and requests that the deputy head of each audited entity formally acknowledge responsibility for the subject matter of the audit and acknowledge the terms of the engagement, including the suitability of the criteria as a basis for concluding on the audit objective. This is done through a document called the audit plan summary.
 

OAG Policy

The audit team shall

  • submit the audit plan summary to the deputy head of each audited entity to seek acknowledgement of the terms of the engagement, and
  • inform the deputy head of each audited entity of any subsequent significant changes to the audit plan summary. [Nov-2016]

As part of the letter sent to the deputy head of each audited entity with the audit plan summary, the audit team shall seek entity management’s acknowledgement of the suitability of the audit criteria. When the audit team is unable to obtain such acknowledgement, the engagement leader shall consider the effect, if any, on the audit work and the audit report and shall document the assessment. [Nov-2016]

As part of the letter sent to the deputy head of each audited entity with the audit plan summary, the audit team shall seek entity management’s acknowledgement of management’s responsibility for the subject matter as it relates to the objective(s) of the audit. When the audit team is unable to obtain such acknowledgement, it shall obtain other evidence that the audited entity is responsible for the underlying subject matter, such as a reference to legislation or regulation. In addition, the engagement leader shall consider the effects of the lack of entity management’s acknowledgement, if any, on the audit work and conclusion and document the assessment. [Nov-2016]

OAG Guidance

What CSAE 3001 Means for the Audit Plan Summary

CSAE 3001 requires that the engagement leader confirms that there is a common understanding between the audit team and the audited entity concerning the terms of the engagement. Seeking such acknowledgment may help to avoid misunderstandings. The CSAE 3001 also requires the audit team to seek the audited entity management’s acknowledgement of its responsibility for the subject matter, as well as the suitability of the criteria for the audit. This is key to ensuring that the entity does not indicate later in the audit that it disagrees with key terms of the engagement.

In terms of OAG practices, these requirements are included in the letter accompanying the audit plan summary that is sent to the deputy head of the audited entity at the end of planning phase. The audited entity acknowledges the terms of the engagement along with its responsibility as set out in the audit plan summary and acknowledges that the criteria set out in the document are suitable as a basis for concluding on the audit objective.

Identifying Who is Responsible for the Subject Matter Under Audit

Within the framework of ministerial accountability to Parliament, as stated by the Privy Council Office, deputy heads

  • are responsible and accountable for a wide range of duties including policy advice, program delivery, internal departmental management, and interdepartmental coordination; and

  • carry a general obligation of accountability to the Treasury Board for the overall management capacity and performance of the department.

For this reason, the request for acknowledgement is sent to the deputy head of the entity being audited by the engagement leader.

Drafting the Audit Plan Summary

When preparing an audit plan summary, the audit team must use the OAG-approved template. The content of the template may be modified according to the professional judgment of the engagement leader to best suit the information needs of the audited entity. However, the audit team should be familiar with the relevant CSAE 3001 requirements to ensure that modifications made do not compromise these requirements.

The audit plan summary communicates key terms of the engagement to the audited entity. It includes key information from the final audit logic matrix (OAG Audit 4044  Developing the audit strategy: audit logic matrix), including the audit objective (OAG Audit 4041 Audit objective), scope and approach (OAG Audit 4042 Audit scope and approach), audit criteria and their sources (OAG Audit 4043 Audit criteria), and a summary of management’s responsibility for the subject matter of the audit. The objective of the audit plan summary is to provide sufficient information to enable entity management to understand the terms of the engagement, confirm its responsibility for the audit subject matter, and acknowledge the suitability of the audit criteria.

Once the audit plan summary is drafted, it should be reviewed and approved by the engagement leader after having been previously discussed with internal and external specialists according to the consultation process in place (OAG Audit 3081 Consultations). The engagement leader, in consultation with the assistant auditor general, may also decide that the Auditor General’s input will be sought on the scope of the engagement.

In most cases, information in the audit plan summary will later be included in the About the Audit section of the audit report (OAG Audit 7030 Drafting the audit report).

Communicating the Audit Plan Summary to the Audited Entity

The draft audit plan summary is communicated to entity management for review and comment before it is finalized. This is frequently accomplished by holding a discussion meeting with the responsible parties. Communicating the draft audit plan summary to entity’s management allows for a common understanding of what areas the audit team will examine and why, and provides an opportunity for management to comment on the content of the plan, including the audit criteria.

After the audit plan summary is finalized, the engagement leader must take into account the comments obtained from entity management, and review and approve the audit plan summary before sending it to the deputy head. The plan is accompanied by a transmission letter that includes an “acknowledgement letter template” to facilitate the deputy head’s comments and acknowledgement of the terms of the engagement, including the suitability of the audit criteria and the responsibility for the subject matter. It is important to note that this step does not delay progress of the audit—including, in some cases, early examination work. This should be made clear to the entity from the outset.

If there are any changes to the key terms of the audit (including objective, criteria, and scope and approach) after the entity signs off on the audit plan summary, these changes and their rationale are approved by the engagement leader, discussed with the quality reviewer (if any), and communicated to the audited entity. If changes are significant, the engagement leader should consider whether a revised audit plan summary should be provided to the entity. In these circumstances, the engagement leader shall not disregard evidence that was obtained before the change.

Changes to the terms of the engagement after the Plan was sent to the Entity

Sometimes in the course of the examination phase, circumstances require changes to the audit plan, to the criteria, to the examination approach, or to the level of resources. For example, the audit team may modify:

  • The objective of the performance audit, where additional risks or other changes to the risks have been identified;

  • The scope of the performance audit, as a result of a change in legislation, a change in the responsible party, or a change in the focus of the performance audit by the audit team; or

  • The applicable criteria, based on the audit team’s knowledge of the underlying subject matter.

Such changes and their rationale are documented in the audit file and approved by the engagement leader, discussed with the quality reviewer (if any), and, if significant, communicated to the audited entity.

When the audit team modifies the objective of the performance audit or the applicable criteria, the audit team may consider it necessary to seek acknowledgment of the change from the entity to avoid misunderstandings.

The practitioner should not agree to a change in the terms of the engagement if there is no reasonable justification for doing so.

Unresolved Differences

If there is a disagreement regarding the acknowledgement of management’s responsibility or the suitability of the audit criteria, or if the entity fails to respond to the audit plan summary, the engagement leader and audit team should work closely with entity management immediately to reach a resolution. If the disagreement is not resolved or a suitable response is not received, the engagement leader, in consultation with the assistant auditor general should take the issue to the Auditor General to decide on further action.

If the audit team is not able to obtain the entity’s written acknowledgement of its responsibility for the subject matter as it relates to the objective of the audit, the audit team is required by CSAE 3001 to obtain further evidence that the audited entity is responsible for the subject matter. The audit team may consult with Legal Services, as needed, to clarify the entity’s mandate and/or legal obligations. The engagement leader must also consider the impact of not obtaining this confirmation on the audit work and the audit conclusion. This assessment and actions taken by the team should be documented in the audit file.

If the audit team is not able to obtain the entity’s acknowledgement of the suitability of criteria, the engagement leader must consider the effect, if any, on the audit work and the audit report. This assessment and actions taken by the team in response should be documented in the audit file.

Any unresolved disagreement related to management responsibility for the subject matter or suitability of the audit criteria must be disclosed in the audit report, typically in the About the Audit section (OAG Audit 7030 Drafting the audit report).