Audit Quality Assessments

Our Audit Quality Assessment program is a two-pronged approach that includes file and quality management systems inspections. Each year, CPAB inspects all firms that audit 100 or more reporting issuers. We also inspect, at least every two years, firms with between 50 and 99 reporting issuer audits. Over three years, the majority of Canadian audit firms registered with CPAB are inspected. Many of the foreign firms are subject to oversight by other audit regulators in their jurisdiction. These firms are inspected periodically based on CPAB's risk analysis. 

Risk analysis and assessment are embedded throughout CPAB. CPAB identifies and rates RIs and audit firms that may represent the most significant risks to the investing public. By assessing the reporting issuer’s (RI) risk on a standalone basis with risk factors associated with the audit firm, CPAB develops a comprehensive view of risk for RIs. These are used to identify audits that have the highest risk of a material error or misstatement. This model considers the general economy, the RI's industry, financial stability, size and foreign exposure, the audit firm's risk profile, and the engagement partner's experience, including past inspection results.

In preparing for each firm inspection, CPAB asks the audit firm for information related to the following six elements of quality control:

  • Leadership responsibilities for quality within the firm.
  • Ethical requirements (including independence).
  • Acceptance and continuance of client relationships and specific engagements.
  • Human resources (including training).
  • Engagement performance.
  • Monitoring (by firms of their quality control systems and of their application).

The inspection team evaluates the information provided considering the firm's Composite Risks, including prior inspection results, and determines the Elements to review. The team is particularly interested in process changes and, for annually inspected firms, maintains an evergreen document as a record of procedures in respect of each Element.

Individual file inspections results also help determine Elements to be examined. While the primary focus of inspections is on the quality of the audit work, as evidenced in the audit files, deficiencies identified may cause the inspector to look at aspects of the firm's quality control processes. For example, CPAB may ask to see performance evaluations and training taken by the staff on the engagement or if the RI is outside the audit firm's comfort zone, we may ask to see the client acceptance procedures that were performed.

For each individual file selected, CPAB asks the engagement team to prepare a profile outlining key metrics including the names of senior engagement team members, specialists used, the hours charged etc. It also identifies key engagement deliverables. The engagement profile is usually given to CPAB two weeks prior to the file inspection and provides the inspector an opportunity to get familiar with the RI and its issues prior to the initial meeting with the engagement team. The inspector will review publicly available information such as the financial statements and Management's Discussion and Analysis, as well as any file-specific information identified in or attached to the profile.

The file inspection typically begins with a meeting between the CPAB inspection and engagement teams. This provides CPAB with additional background on the audit engagement and includes a high-level discussion of the audit approach to the focus areas.

It is important to note that CPAB does not inspect the entire audit file (not a cover to cover review). Usually, inspectors consider between two and four focus areas as a basis for assessing the quality of audit work in a selected file. These areas are generally material high-risk financial statement items requiring more complex estimates and judgments (e.g., impairment of long-lived assets, fair values of financial instruments, provision for warranties etc.) by RI management and which present the most challenge to the engagement team. The inspection of an individual focus area covers the various stages of the audit process: planning, evaluation and reliance on internal controls, execution, evaluation of results, financial statement presentation and disclosure, and reporting to the audit committee. Core areas such as materiality, risk assessment and fraud are also reviewed for each file.

Quality Management Systems (QMS) support firms as they manage risk, emphasize governance and accountability, and deploy well trained professionals.

CPAB’s audit quality assessment program includes an evaluation of the effectiveness of QMS at Canada’s four largest audit firms. Beginning in 2021, CPAB will complete preliminary evaluations at other selected annually inspected firms and at the remaining annually inspected firms in conjunction with the firm’s implementation of ISQM 1 and ISQM 2.

Click here to access the June 2020 publication on QMS assessments. This document outlines the assessment criteria and key concepts developed to drive firms to implement targeted improvements to the design and operation of systems of quality control that support audit quality. The publication also outlines our expectations of the firm’s testing and evidence to support its evaluation against the model, the QMS evaluation framework, how we plan to communicate results and best practices observed from previous inspection cycles.

Before an inspector drafts a significant inspection finding, they confirm with the engagement team that CPAB has been provided all available audit evidence. This ensures that the inspector has all the facts before making a conclusion. The inspector also consults with other CPAB staff with expertise in the area in question, as appropriate, and then discusses the proposed finding with the inspection team leader.

Once the inspection team determines that a significant inspection finding has been identified, it is referred to a panel of CPAB executives for review. This serves as a quality control check and is intended to ensure consistent treatment of similar findings across all inspections. Once it is agreed that the matter is a significant inspection finding, the inspector documents the finding in writing in an Engagement Findings Report (EFR). The EFR is then reviewed and approved by the team leader and CPAB executives and presented to the engagement team.

CPAB usually expects to receive a firm's written response to a significant inspection finding within 10 business days.

In most cases, CPAB requires the engagement team to perform more audit work in the current year, to be satisfied there is not a material error in the financial statements that requires restatement. The engagement team must also provide CPAB with evidence and the results of the additional audit work undertaken. If it is decided that a restatement is necessary, CPAB requires the audit firm to advise the RI, including its audit committee. The inspection team follows up to make sure the restatement has occurred. In other cases, the disposition might require the engagement team to add considerable evidence to the audit file of the audit work that was performed but not evidenced in the audit file. Frequently, CPAB's dispositions will also require changes to the firm's audit approach going forward.

It is important to note that the audit firm is required to implement CPAB's recommendations and must do so in a timely manner. Failure to comply could lead to disciplinary action.

At the end of the firm inspection, CPAB meets with firm leadership to discuss the overall inspection results, then issues its inspection report (a private communication between CPAB and the firm). The inspection report includes a summary of findings and recommendations to improve audit quality.

Each firm shares their file-specific significant inspection findings, and CPAB's public inspections report, with their clients' audit committees as per their participation in the Protocol for Audit Firm Communication of CPAB Inspection Findings with Audit Committees (Protocol). The public report includes common inspections findings and questions for audit committee consideration to encourage more robust discussions among management, the firm and audit committees and to support audit committees in their oversight responsibilities.

The audit firm must implement the recommendations to CPAB's satisfaction within a prescribed period, which is typically no more than 180 days.

Protocol for audit firm communication of CPAB inspection findings with audit committees

What is the Protocol?

The Protocol sets out how audit firms communicate CPAB’s inspection findings to audit committees. Please see the Protocol for more details.

How does the Protocol work?

Under the Protocol, audit firms provide the audit committees of all their reporting issuer clients with CPAB's annual audit quality assessment report. The annual audit quality assessment report highlights CPAB's common findings across its inspections in a given year, as well as recommendations to improve audit quality.

If CPAB inspects a reporting issuer's audit file that year, the audit firm will also provide that reporting issuer's audit committee with significant findings, if any, specific to a reporting issuer's audit file inspection. The significant inspection findings are written by CPAB and include the audit firm’s response to ensure a fair and balanced communication to the audit committee. Audit committee members receiving the information should ensure it remains confidential. The audit firm will confirm to CPAB that the specific inspection findings have been communicated to the audit committee.

Which audit firms are participating in the Protocol?

An audit firm’s participation in the Protocol is voluntary. Click here to access a list of audit firms participating in the Protocol.

Throughout the inspection cycle CPAB expects firms to resolve audit quality issues as they arise. The CPAB Rules (Rules) provide a framework of remediation and enforcement mechanisms to address audit quality deficiencies at the file and firm levels.

Throughout the inspection process engagement teams and the audit firm are given the opportunity to provide their perspectives and written responses in relation to the facts, findings and recommendations arising from the inspection. Once the inspection process has concluded, to protect the investing public and promote audit quality, unresolved matters may be escalated to our enforcement department to determine if enforcement actions are required. Enforcement actions may include the imposition of an undertaking, requirements, restrictions or sanctions.

An undertaking is a contractual agreement between the firm and CPAB setting out specific components of a remediation plan targeted to address concerns emanating from an inspection or investigation. Requirements typically involve CPAB mandating the firm implement targeted actions or change certain practices to improve audit quality, such as conducting a cultural assessment or providing additional training, etc. Restrictions typically involve CPAB limiting the audit firm’s practice including restricting the firm from taking on new reporting issuer clients, high risk reporting issuer clients or reporting issuer clients in particular industries. Sanctions typically include a public censure or termination of a firm’s status as a participating audit firm.

The initial decision to propose the imposition of enforcement actions is determined by CPAB’s enforcement screening panel where each matter is reviewed, and a recommendation is brought to CPAB’s board of directors for approval.

Following a decision by the board to impose enforcement actions, formal notice is provided to the firm. Pursuant to Rule 700 of the Rules, a firm has 15 days to petition for a review proceeding following the receipt of the notice. If the firm does not petition for a review proceeding, a final written notice is sent at the end of the petition period indicating that the enforcement actions are in effect and the firm must comply with them immediately.

CPAB may commence an investigation when it considers that a Violation Event may have occurred and wishes to seek additional information. A Violation Event includes conduct that breaches the CPAB Rules or standards of professional conduct for the audit profession and may have an impact on the provision of audit services. This includes a failure to comply with enforcement actions imposed on a firm.

Review proceeding process

If a firm files a petition for a review proceeding of enforcement actions imposed on it by CPAB, an independent panel of three review hearing officers is appointed by the hearing officer roster Chair to preside over the review proceeding. The review hearing officers and the Chair are independent of CPAB; they are appointed by CPAB’s Council of Governors.

Following a review proceeding, the review panel will determine whether a Violation Event has occurred and/or whether to accept, reject or vary any of the board approved enforcement actions. If the review panel upholds the approved enforcement actions, the participating audit firm is required to pay CPAB’s costs related to the review proceeding and any investigation that preceded it.