Regulatory Assessments

CPAB inspects selected high-risk sections of public accounting firm audit engagement files and evaluates the system of quality management of those firms.

Audit Quality Assessments

Our Audit Quality Assessment program is a two-pronged approach that is conducted during a CPAB inspection and includes system of quality management assessments and file inspections. Each year, CPAB inspects all firms that audit 100 or more reporting issuers. We also inspect, at least every two years, firms which audit between 50 and 99 reporting issuers. The remaining firms are inspected periodically based on CPAB's risk analysis and in accordance with the CPAB Rules.

Risk-based approach

Risk analysis and assessment are embedded throughout CPAB’s processes. CPAB identifies reporting issuers and audit firms that may represent the most significant risks to the investing public. By assessing the reporting issuer's risk on a standalone basis with risk factors associated with the audit firm, CPAB develops a comprehensive view of risk for reporting issuers. These are used to identify audits that have the highest risk of a material error or misstatement. This model considers the general economy, the reporting issuer's industry, financial stability, size and foreign exposure, the audit firm's risk profile, and the engagement partner's experience, including past inspection results.

System of quality management assessments

The consistent execution of quality audits requires both a strong system of quality management and a firm culture that demonstrates a commitment to quality including reinforcing the importance of the profession’s public interest responsibility. Firm leadership must dedicate enough resources to ensure robust systems of quality management are designed, implemented and comply with the Canadian Standard on Quality Management (CSQM 1).

Our continued focus on a firm’s system of quality management, including firm implementation of CSQM 1, considers the nature and circumstances of the firm and its public company audit engagements. CPAB’s 2025-2027 strategic plan recognizes the importance of a firm's system of quality management and includes a commitment to address ethics, culture and governance at audit firms. A firm’s system of quality management is not a separate activity within the firm but is the integration of a culture that demonstrates a commitment to quality.

Click here to access the September 2024 publication, Strengthening audit quality through systems of quality management, a communication to all audit firms registered with CPAB. This document provides insights into practices observed at firms with robust controls and processes in three areas – governance and leadership (including firm culture), risk assessment and monitoring and remediation – as we have observed that these are the building blocks for CSQM 1.

CPAB’s audit quality assessment program includes an evaluation of the effectiveness of the system of quality management.

File Inspections

CPAB’s risk-based methodology for choosing audit files for inspection (and the specific focus areas for those files) is targeted towards high-risk audit areas of more complex reporting issuers or areas where the audit firm may have less expertise. It is not designed to select a representative sample of a firm’s audit work. Our inspections do not look at every aspect of every file, therefore, the absence of significant findings in our review of a particular audit file does not mean that all aspects of the audit were fully compliance with professional standards, nor should it mean that any significant findings identified would be the only findings had CPAB reviewed every aspect of the file. Results should not be extrapolated across a firm’s entire audit portfolio, but instead viewed as an indication of how firms address their most challenging audit situations.

For each individual file selected, CPAB requires the engagement team to prepare a profile outlining key information including the names of senior engagement team members, specialists used, the hours charged etc. The profile also identifies key engagement deliverables. The engagement profile is delivered to CPAB two weeks prior to the file inspection and provides the inspection team an opportunity to get familiar with the audit of the reporting issuer prior to the initial meeting with the engagement team. The inspection team will review publicly available information such as the financial statements and Management's Discussion and Analysis, as well as any file-specific information identified within the profile.

The file inspection typically begins with a meeting between the CPAB inspection and firm engagement teams. This provides CPAB with additional background on the audit engagement and includes a high-level discussion of the audit approach to the focus areas.

It is important to note that CPAB does not inspect the entire audit file (not a cover to cover review). Usually, the inspection team will consider between two and four focus areas as a basis for assessing the quality of audit work in a selected file. These areas are generally material high-risk financial statement items requiring more complex estimates and judgments by RI management and which present the most challenge to the engagement team (e.g., impairment of long-lived assets, fair values of financial instruments, provision for warranties etc.). The inspection of an individual focus area covers the various stages of the audit process: planning, evaluation and reliance on internal controls, execution, evaluation of results, financial statement presentation and disclosure, and reporting to the audit committee. Core areas such as materiality, risk assessment and fraud are also reviewed for each file.

Significant inspection findings

During an inspection, file inspection findings are communicated to the firm in writing as part of an Engagement Findings Report (EFR). A significant inspection finding is defined as a deficiency in the application of auditing or other relevant professional standards, as defined in Section 300 of CPAB’s Rules, where the audit firm must perform additional audit work to support the audit opinion and/or is required to make significant changes to its audit approach. CPAB requires firms to carry out additional audit procedures to determine the need, if any, to restate the financial statements due to material error, or to substantiate that the firm obtained sufficient and appropriate audit evidence with respect to a material balance sheet item or transaction stream to support their audit opinion.

Should a deficiency be identified by the inspection team that is believed to constitute a significant inspection finding this is first communicated verbally to the firm to allow for a discussion regarding any additional facts or circumstances that the firm would like CPAB to consider in its assessment of the deficiency.

If the inspection team’s conclusion with respect to the significance of the deficiency is unchanged by the additional information the matter is referred to an EFR panel for a decision. All members of the EFR panel have a Chartered Professional Accountant designation and include members of CPAB’s leadership team and senior inspection leaders. The EFR panel serves as a quality control check and is intended to ensure consistent treatment of similar findings across all of CPAB’s inspections.

The inspection team prepares a background document that provides an overview of the audit work performed and CPAB’s concerns. The background document is provided to the firm for their review. Should the firm disagree with CPAB’s concerns, the firm has the opportunity to provide a written submission for consideration by the EFR panel on why the firm believes that sufficient audit work had been performed. The background document and the firm’s written submission, if one is provided, is provided to the EFR panel members for review prior to the panel meeting.

If the EFR panel concludes that the deficiency constitutes a significant inspection finding, the inspection team documents each of the significant findings in the EFR and issues it to the firm. The firm is required to provide CPAB with a written response to each significant finding within 10 business days. The response will include a description of how the firm intends to remediate the identified significant findings.

Inspection reporting

At the end of the firm inspection, CPAB meets with firm leadership to discuss the overall inspection results, then issues its inspection report. The inspection report is a private communication between CPAB and the firm and includes recommendations to improve audit quality, resulting from both file inspections and the evaluation of the firm’s system of quality management. CPAB also issues a condensed individual firm public inspection report (public report) for each audit firm inspected by CPAB in a given year. Note that under amended Rule 413, a participating audit firm may not publish or extract portions of any of CPAB’s inspection reports without CPAB’s consent.

The audit firm must implement the recommendations to CPAB's satisfaction within a prescribed period, which is typically no more than 180 days.

If a firm has not addressed the weaknesses, deficiencies, or recommendations identified in a final inspection report to the satisfaction of CPAB, or has not made a submission to CPAB in accordance with CPAB Rule 414 (remediation of weakness or deficiencies identified in the inspection report), CPAB may make public on its website the relevant portions of the final inspection report that deal with the weaknesses, deficiencies or recommendations that have not been addressed to CPAB’s satisfaction within the required timeline.

Should CPAB determine that a significant weakness, deficiency, or recommendation has not been adequately addressed, the matter will be referred to the Enforcement Screening Panel to determine if formal notice of publication should be issued. Once formal notification of CPAB’s intention to publish under Rule 416 is received by the firm, it will have the ability to contest the publication by filing a petition for a review proceeding under Rule 603.

Publications made pursuant to CPAB Rule 416 are published on CPAB's website. These publications include the relevant portions of a firm's inspection report recommendations with which it failed to comply to CPAB's satisfaction within the required timeline. In accordance with the CPAB Rules and in the interest of ensuring firms comply with recommendations designed to protect the investing public, these notices will remain public until the firm provides CPAB with evidence of satisfactory implementation.

Publications under Rule 416 commenced as of January 1, 2023.

CPAB Protocol

Protocol for audit firm communication of CPAB inspection findings with audit committees.

What is the Protocol?

The Protocol sets out how audit firms communicate CPAB’s inspection findings to audit committees. Please see the Protocol for more details.

How does the Protocol work?

Under the Protocol, audit firms provide the audit committees of all their reporting issuers with CPAB's annual regulatory oversight report. The annual regulatory oversight report highlights CPAB's common findings across its inspections in a given year, as well as recommendations to improve audit quality.

If CPAB inspects a reporting issuer's audit file that year, the audit firm will also provide that reporting issuer's audit committee with significant findings, if any, specific to a reporting issuer's audit file inspection. The significant inspection findings are written by CPAB and include the audit firm’s response to ensure a fair and balanced communication to the audit committee. Audit committee members receiving the information should ensure it remains confidential. The audit firm will confirm to CPAB that the specific inspection findings have been communicated to the audit committee.