Engagement quality control review requirements

COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.

1081

Engagement quality control reviews are an objective evaluation of significant matters, including identified risks and significant judgments made by the engagement team, and the team’s conclusions reached in formulating the engagement report. A quality reviewer performs his or her review in a timely manner at appropriate stages of the audit. An assurance report is not dated until the completion of the engagement quality control review.

This section describes the process for selecting which assurance engagements require a quality reviewer and the appointment of quality reviewers.

Office

Annual Audit

Performance Audit, Special Examination, and Other Assurance Engagements

CSQC1.35 The firm shall establish policies and procedures requiring, for appropriate engagements, an engagement quality control review that provides an objective evaluation of the significant judgments made by the engagement team and the conclusions reached in formulating the report.

Such policies and procedures shall:

(a) Require an engagement quality control review for all audits of financial statements of listed entities;

(b) Set out criteria against which all other audits and reviews of historical financial information and other assurance engagements shall be evaluated to determine whether an engagement quality control review should be performed; and (Ref: Para. A41)

(c) Require an engagement quality control review for all engagements, if any, meeting the criteria established in compliance with subparagraph 35(b).

Criteria for an Engagement Quality Control Review (Ref: Para. 35(b))

CSQC1.A41 Criteria for determining which engagements, other than audits of financial statements of listed entities, are to be subject to an engagement quality control review may include, for example:

The nature of the engagement, including the extent to which it involves a matter of public interest.
The identification of unusual circumstances or risks in an engagement or class of engagements.
Whether laws or regulations require an engagement quality control review.

CSQC1.39 The firm shall establish policies and procedures to address the appointment of engagement quality control reviewers and establish their eligibility through:

(a) The technical qualifications required to perform the role, including the necessary experience and authority; and (Ref: Para. A47)

(b) The degree to which an engagement quality control reviewer can be consulted on the engagement without compromising the reviewer’s objectivity. (Ref: Para. A48)

Sufficient and Appropriate Technical Expertise, Experience and Authority (Ref: Para. 39(a))

CSQC1.A47 What constitutes sufficient and appropriate technical expertise, experience and authority depends on the circumstances of the engagement. For example, the engagement quality control reviewer for an audit of the financial statements of a listed entity is likely to be an individual with sufficient and appropriate experience and authority to act as an audit engagement partner on audits of financial statements of listed entities.

CAS 220.A32 In the public sector, a statutorily appointed auditor (for example, an Auditor General, or other suitably qualified person appointed on behalf of the Auditor General), may act in a role equivalent to that of engagement partner with overall responsibility for public sector audits. In such circumstances, where applicable, the selection of the engagement quality control reviewer includes consideration of the need for independence from the audited entity and the ability of the engagement quality control reviewer to provide an objective evaluation.

CAS 220.A33 Listed entities as referred to in paragraphs 21 and A30 are not common in the public sector. However, there may be other public sector entities that are significant due to size, complexity or public interest aspects, and which consequently have a wide range of stakeholders. Examples include state owned corporations and public utilities. Ongoing transformations within the public sector may also give rise to new types of significant entities. There are no fixed objective criteria on which the determination of significance is based. Nonetheless, public sector auditors evaluate which entities may be of sufficient significance to warrant performance of an engagement quality control review.

An engagement quality control review shall be required and a quality reviewer will be assigned for all financial audits of a listed entity. [Jun-2018]

The assignment of a quality reviewer for all other assurance engagements shall be based on the level of risk associated with the assurance engagement. [Nov-2011]

The Assistant Auditor General, Audit Services shall approve engagement quality control reviews and assignments. [Sep-2014]

The Assistant Auditor General, Audit Services, is responsible for evaluating all assurance engagements and approving engagement quality control review assignments. He or she will consider the Selection Criteria in this guidance and consult with the assistant auditors general of the applicable practice when evaluating the level of risk associated with an assurance engagement.

The Assistant Auditor General, Audit Services, completes this process at least annually and revisits it as new risk factors or changes in circumstances arise.

An engagement quality control review is required and a quality reviewer will be assigned for all financial audits of a listed entity. For purposes of complying with this policy, listed entities are those entities whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the regulations of a recognized stock exchange or other equivalent body.

The assignment of an engagement quality control review for all other assurance engagements will be based on the evaluation and documentation of the level of risk associated with the assurance engagement done by the Assistant Auditor General, Audit Services. The assurance engagements assessed at an acceptable level of risk to the Office will not require an engagement quality control review.

Selection criteria

The Assistant Auditor General, Audit Services, considers (a) the nature of the entity and engagement and (b) any unusual engagement circumstances and risks when evaluating the level of risk associated with an assurance engagement.

Criteria to assess the nature of the entity and engagement

the accountability relationship of the entity, the importance of its mandate, and the degree to which the entity or program is visible in the public eye;
the political sensitivity including recent parliamentary interest in the entity or the subject matter of the assurance engagement;
the size of the entity or program, the number of entities scoped into the assurance engagement, or the Office’s past experience reporting on the subject matter of the engagement;
the Office’s reporting responsibility for the assurance engagement, including joint-audit engagements, whereby the Office signs an opinion or issues a report together with a public accounting firm or another legislative audit office;
the nature of the entity’s operations, such as the existence of very complex and specialized transactions or issues that require significant professional judgment to evaluate;
the results of the assessment of engagement risk performed by the engagement team, including the acceptance and continuance risk assessment;
the extent of professional judgment and expertise required by the engagement team in order to assess management’s significant judgments and estimates and management’s assessment of significant risks and key measures of performance;
the composition of the engagement team, such as a newly appointed audit principal, significant turnover in the engagement team, or the team’s limited experience with the objectives or subject matter of the engagement;
the engagement leader has been recently promoted, or does not have current audit experience (>2 years); and
is an international engagement.

Criteria to assess unusual engagement circumstances and risks

recent history of difficult or contentious engagement issues, including disagreements with management, negative conclusions in previous reports, and reservations in previous opinions and reports;
uncertainty about the entity’s ability to continue operating as a going concern or to deliver its mandate;
any other specified risk factors, such as known and potential threats to the Office’s independence;
the engagement has recently resulted in a modified opinion; and
significant prior period errors are being identified on a recurring basis.

During the course of an assurance engagement, if an engagement leader identifies new risk factors or changes in circumstances that lead them to believe that an engagement quality control review would be beneficial, they should communicate these concerns to the Assistant Auditor General, Audit Services, in a timely manner.

The appointment and eligibility of the engagement quality control reviewer

The Assistant Auditor General, Audit Services, is responsible for identifying eligible individuals to be appointed as quality reviewers. He or she will consider the criteria established in this policy and consultations when identifying an eligible quality reviewer.

This process will be completed at least annually and revisited as threats to the quality reviewer’s objectivity or changes in circumstances arise.

The Assistant Auditor General, Audit Services, will apply professional judgment and consider the assessed level of risk for the assurance engagement when identifying one or more individuals with sufficient and appropriate authority to fulfill the role of quality reviewer.

The Assistant Auditor General, Audit Services, considers the following eligibility criteria when identifying individuals for appointment as quality reviewers:

sufficient up-to-date technical knowledge in the subject matter relevant to the assurance engagement;
sufficient and appropriate experience and expertise;
independence from the entity, in fact and in appearance;
rotation requirements;
ability to provide an objective evaluation of significant matters, including identified risks, significant judgments, and the conclusions reached;
sufficient and appropriate authority to challenge judgments made by the engagement leader; and
sufficient time to perform the review according to the expected timing of the assurance engagement.

The quality reviewer should be, and be seen to be, free of influences that would impair his or her objectivity from the engagement and the entity (OAG Audit 3031 Independence and OAG Audit 1071 Job rotation).

During the quality reviewer selection process, the Assistant Auditor General, Audit Services, may identify potential threats to the quality reviewer’s objectivity, independence, and authority. Where threats are considered significant, the Assistant Auditor General, Audit Services, may choose to identify, document, and apply safeguards to reduce threats to an acceptable level.

OAG Audit 3063 Quality reviewer responsibilities addresses the degree to which an engagement quality control reviewer can be consulted on the engagement without compromising the reviewer’s objectivity.