COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.

3063 Quality Reviewer Responsibilities
Jul-2019

Overview

An engagement quality control review is an objective evaluation of significant matters, including identified risks and significant judgments made by the engagement team, and the team’s conclusions reached in formulating the engagement report. A quality reviewer performs his or her review in a timely manner at appropriate stages of the audit. An assurance report is not dated until the completion of the engagement quality control review.

This section describes the responsibilities of a quality reviewer.

CPA Canada Assurance Standards

Office

Annual Audit

Performance Audit, Special Examination, and Other Assurance Engagements

CSQC 1.36 The firm shall establish policies and procedures setting out the nature, timing and extent of an engagement quality control review. Such policies and procedures shall require that the engagement report not be dated until the completion of the engagement quality control review. (Ref: Para. A42-A43)

CSQC 1.A42 The engagement report is not dated until the completion of the engagement quality control review. However, documentation of the engagement quality control review may be completed after the date of the report.

CSQC 1.A43 Conducting the engagement quality control review in a timely manner at appropriate stages during the engagement allows significant matters to be promptly resolved to the engagement quality control reviewer’s satisfaction on or before the date of the report.

CSQC 1.37 The firm shall establish policies and procedures to require the engagement quality control review to include:

(a) Discussion of significant matters with the engagement partner;

(b) Review of the financial statements or other subject matter information and the proposed report;

(c) Review of selected engagement documentation relating to significant judgments the engagement team made and the conclusions it reached; and

(d) Evaluation of the conclusions reached in formulating the report and consideration of whether the proposed report is appropriate. (Ref: Para. A44)

CSQC 1.A44 The extent of the engagement quality control review may depend, among other things, on the complexity of the engagement, whether the entity is a listed entity, and the risk that the report might not be appropriate in the circumstances. The performance of an engagement quality control review does not reduce the responsibilities of the engagement partner.

CSQC 1.38 For audits of financial statements of listed entities, the firm shall establish policies and procedures to require the engagement quality control review to also include consideration of the following:

(a) The engagement team’s evaluation of the firm’s independence in relation to the specific engagement;

(b) Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and the conclusions arising from those consultations; and

(c) Whether documentation selected for review reflects the work performed in relation to the significant judgments and supports the conclusions reached. (Ref: Para. A45-A46)

CSQC 1.A45 Other matters relevant to evaluating the significant judgments made by the engagement team that may be considered in an engagement quality control review of an audit of financial statements of a listed entity include:

  • Significant risks identified during the engagement and the responses to those risks.
  • Judgments made, particularly with respect to materiality and significant risks.
  • The significance and disposition of corrected and uncorrected misstatements identified during the engagement.
  • The matters to be communicated to management and those charged with governance and, where applicable, other parties such as regulatory bodies.

These other matters, depending on the circumstances, may also be applicable for engagement quality control reviews for audits of the financial statements of other entities as well as reviews of financial statements and other assurance engagements.

Considerations specific to public sector audit organizations

CSQC 1.A46 Although not referred to as listed entities, as described in paragraph A16, certain public sector entities may be of sufficient significance to warrant performance of an engagement quality control review.

CSQC 1.A16 Listed entities as referred to in paragraphs C25 and CA14 are not common in the public sector. However, there may be other public sector entities that are significant due to size, complexity or public interest aspects, and which consequently have a wide range of stakeholders. Therefore, there may be instances when a firm determines, based on its quality control policies and procedures, that a public sector entity is significant for the purposes of expanded quality control procedures.

CSQC1.39 The firm shall establish policies and procedures to address the appointment of engagement quality control reviewers and establish their eligibility through:

(a) The technical qualifications required to perform the role, including the necessary experience and authority; and (Ref: Para. A47)

(b) The degree to which an engagement quality control reviewer can be consulted on the engagement without compromising the reviewer’s objectivity. (Ref: Para. A48)

CSQC1.A48 The engagement partner may consult the engagement quality control reviewer during the engagement, for example, to establish that a judgment made by the engagement partner will be acceptable to the engagement quality control reviewer. Such consultation avoids identification of differences of opinion at a late stage of the engagement and need not compromise the engagement quality control reviewer’s eligibility to perform the role. Where the nature and extent of the consultations become significant the reviewer’s objectivity may be compromised unless care is taken by both the engagement team and the reviewer to maintain the reviewer’s objectivity. Where this is not possible, another individual within the firm or a suitably qualified external person may be appointed to take on the role of either the engagement quality control reviewer or the person to be consulted on the engagement.

CSQC 1.40 The firm shall establish policies and procedures designed to maintain the objectivity of the engagement quality control reviewer. (Ref: Para. A49-A51)

CSQC 1.A49 The firm is required to establish policies and procedures designed to maintain objectivity of the engagement quality control reviewer. Accordingly, such policies and procedures provide that the engagement quality control reviewer:

  • Where practicable, is not selected by the engagement partner;
  • Does not otherwise participate in the engagement during the period of review;
  • Does not make decisions for the engagement team; and
  • Is not subject to other considerations that would threaten the reviewer’s objectivity.

CSQC 1.A51 In the public sector, a statutorily appointed auditor (for example, an Auditor General, or other suitably qualified person appointed on behalf of the Auditor General) may act in a role equivalent to that of engagement partner with overall responsibility for public sector audits. In such circumstances, where applicable, the selection of the engagement quality control reviewer includes consideration of the need for independence from the audited entity and the ability of the engagement quality control reviewer to provide an objective evaluation.

CSQC 1.41 The firm’s policies and procedures shall provide for the replacement of the engagement quality control reviewer where the reviewer’s ability to perform an objective review may be impaired.

CAS 220.19 For audits of financial statements of listed entities, and those other audit engagements, if any, for which the firm has determined that an engagement quality control review is required, the engagement partner shall:

(a) Determine that an engagement quality control reviewer has been appointed;

(b) Discuss significant matters arising during the audit engagement, including those identified during the engagement quality control review, with the engagement quality control reviewer; and

(c) Not date the auditor’s report until the completion of the engagement quality control review. (Ref: Para. A24-A26)

CAS 220.A24 CAS 700 requires the auditor’s report to be dated no earlier than the date on which the auditor has obtained sufficient appropriate evidence on which to base the auditor’s opinion on the financial statements. In cases of an audit of financial statements of listed entities or when an engagement meets the criteria for an engagement quality control review, such a review assists the auditor in determining whether sufficient appropriate evidence has been obtained.

CAS 220.A25 Conducting the engagement quality control review in a timely manner at appropriate stages during the engagement allows significant matters to be promptly resolved to the engagement quality control reviewer’s satisfaction on or before the date of the auditor’s report

CAS 220.A26 Completion of the engagement quality control review means the completion by the engagement quality control reviewer of the requirements in paragraphs 20-21 and, where applicable, compliance with paragraph 22. Documentation of the engagement quality control review may be completed after the date of the auditor’s report as part of the assembly of the final audit file. CAS 230 establishes requirements and provides guidance in this regard.

CAS 220.20 The engagement quality control reviewer shall perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the auditor’s report. This evaluation shall involve:

(a) Discussion of significant matters with the engagement partner;

(b) Review of the financial statements and the proposed auditor’s report;

(c) Review of selected audit documentation relating to the significant judgments the engagement team made and the conclusions it reached; and

(d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of whether the proposed auditor’s report is appropriate. (Ref: Para. A27-A29, A31-A33)

CAS 220.A27 Remaining alert for changes in circumstances allows the engagement partner to identify situations in which an engagement quality control review is necessary, even though at the start of the engagement, such a review was not required.

CAS 220.A28 The extent of the engagement quality control review may depend, among other things, on the complexity of the audit engagement, whether the entity is a listed entity, and the risk that the auditor’s report might not be appropriate in the circumstances. The performance of an engagement quality control review does not reduce the responsibilities of the engagement partner for the audit engagement and its performance.

CAS 220.A29 When CAS 701 applies, the conclusions reached by the engagement team in formulating the auditor’s report include determining:

  • The key audit matters to be included in the auditor’s report;
  • The key audit matters that will not be communicated in the auditor’s report in accordance with paragraph 14 of CAS 701, if any; and
  • If applicable, depending on the facts and circumstances of the entity and the audit, that there are no key audit matters to communicate in the auditor’s report.

In addition, the review of the proposed auditor’s report in accordance with paragraph 20(b) includes consideration of the proposed wording to be included in the Key Audit Matters section.

CAS 220.A32 In the public sector, a statutorily appointed auditor (for example, an Auditor General, or other suitably qualified person appointed on behalf of the Auditor General), may act in a role equivalent to that of engagement partner with overall responsibility for public sector audits. In such circumstances, where applicable, the selection of the engagement quality control reviewer includes consideration of the need for independence from the audited entity and the ability of the engagement quality control reviewer to provide an objective evaluation.

CAS 220.21 For audits of financial statements of listed entities, the engagement quality control reviewer, on performing an engagement quality control review, shall also consider the following:

(a) The engagement team’s evaluation of the firm’s independence in relation to the audit engagement;

(b) Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and the conclusions arising from those consultations; and

(c) Whether audit documentation selected for review reflects the work performed in relation to the significant judgments and supports the conclusions reached. (Ref: Para. A30-A33)

CAS 220.A30 Other matters relevant to evaluating the significant judgments made by the engagement team that may be considered in an engagement quality control review of a listed entity include:

  • Significant risks identified during the engagement in accordance with CAS 315, and the responses to those risks in accordance with CAS 330, including the engagement team’s assessment of, and response to, the risk of fraud in accordance with CAS 240.
  • Judgments made, particularly with respect to materiality and significant risks.
  • The significance and disposition of corrected and uncorrected misstatements identified during the audit.
  • The matters to be communicated to management and those charged with governance and, where applicable, other parties such as regulatory bodies.

These other matters, depending on the circumstances, may also be applicable for engagement quality control reviews for audits of financial statements of other entities.

CSAE 3001.40 For those engagements, if any, for which a quality control review is required by law or regulation or for which the firm has determined that an engagement quality control review is required:

(b) The engagement quality control reviewer shall perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the assurance report. This evaluation shall involve: (Ref: Para. A74)
(i) Discussion of significant matters with the engagement partner;
(ii) Review of the proposed assurance report;
(iii) Review of selected engagement documentation relating to the significant judgments the engagement team made and the conclusions it reached; and
(iv) Evaluation of the conclusions reached in formulating the assurance report and consideration of whether the proposed assurance report is appropriate.

CSAE 3001.A74 Other matters that may be considered in an engagement quality control review include:
(a) The engagement team’s evaluation of the firm’s independence in relation to the engagement;
(b) Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and the conclusions arising from those consultations; and
(c) Whether engagement documentation selected for review reflects the work performed in relation to the significant judgments and supports the conclusions reached.

OAG Policy

The quality reviewer shall be and remain to be independent and objective of the engagement team and the entity throughout the engagement period. [Nov-2011]

Another eligible quality reviewer shall be assigned if the independence or objectivity of the quality reviewer has been impaired. [Nov-2011]

The quality reviewer shall conduct the engagement quality control review in a timely manner at appropriate stages of the audit. [Nov-2011]

An assurance report shall not be dated until the completion of the engagement quality control review. [Nov-2011]

The quality reviewer shall review selected documentation related to the significant judgments that the audit team made and to the conclusions it reached. The reviewer shall determine if the documentation supports the conclusions reached by the audit team. The reviewer shall document his/her review, any disagreements, and the resolutions to those disagreements. [Nov-2015]

OAG Guidance

Nature of an engagement quality control review

The engagement quality control review standards in CSQC 1.38 and .A45, and CAS 220.21 and .A30, specify additional procedures for engagement quality control reviews of listed entities. Similar guidance is found in CSAE 3001.40. The Office makes no distinction between the engagement quality control review for listed entities and for non-listed entities; a quality reviewer is expected to cover the same matters, whether the review is in relation to a listed entity or a non-listed entity. The Office views the additional procedures as "best practice" and has extended these procedures to all engagement quality control reviews.

The purpose of an engagement quality control review is to have an objective evaluation of significant matters, including identified risks and significant judgments made by the engagement team, and the team's conclusions reached in formulating the engagement report. There is no restriction on the scope of the matters considered judgments for this purpose.

The quality reviewer is not responsible for forming a conclusion on the quality of the engagement process as a whole. The quality reviewer should consider compliance with professional standards and Office policies, and the sufficiency of engagement documentation when evaluating significant matters, including identified risks and significant judgments made by the engagement team, and the conclusions the team reached in formulating the auditor's report.

Notwithstanding the involvement of a quality reviewer, the overall responsibility for the assurance engagement and its quality remains with the engagement leader, including compliance with professional standards and applicable legal and regulatory requirements, and the appropriateness of the report issued.

For all assurance engagements assigned an engagement quality control review, the engagement leader is required to

  • determine that a quality reviewer has been appointed;

  • ensure that all significant matters, including identified risks and significant judgments arising during the assurance engagement, are discussed with the quality reviewer;

  • ensure that the report is not dated until completion of the engagement quality control review; and

  • ensure that the engagement quality control review is appropriately documented.

The quality reviewer should proactively estimate the time needed for review, and plan for his or her involvement at appropriate stages during the engagement. The responsibility for ensuring effective and timely involvement of the quality reviewer rests with the engagement leader. Conducting the engagement quality control review in a timely manner at appropriate stages during the engagement allows the team to promptly resolve significant matters, including identified risks and significant judgments made, to the quality reviewer's satisfaction on or before the date of the assurance report.

When concerns about engagement quality come to the attention of the quality reviewer, they should be followed-up and resolved in a timely manner with the appropriate members of the engagement team, including the engagement leader. Any differences of opinion should be resolved with reference to OAG Audit 3082 Resolution of differences of opinion.

Quality reviewer independence and objectivity

In order to maintain his or her objectivity, the quality reviewer is not selected by the engagement leader or an assistant auditor general in the audit practice and does not otherwise participate in the assurance engagement during the period of review other than in the quality reviewer role. The quality reviewer does not make decisions for the engagement team and should not be subject to any other considerations that would threaten his or her objectivity.

The quality reviewer is required to meet the same independence requirements regarding the entity as the members of the assurance engagement team, as outlined in OAG Audit 3031 Independence. The quality reviewer or the engagement leader must report any known or possible threats to the quality reviewer's independence to the Assistant Auditor General, Audit Services, who is responsible for recommending the appointment of quality reviewers (OAG Audit 1081 Selection of engagement quality control reviews and appointment of quality reviewers). If the independence or objectivity of the quality reviewer has been impaired, the Assistant Auditor General, Audit Services, should assign another eligible quality reviewer.

A quality reviewer adheres to the rotational requirements outlined in OAG Audit 1071 Job rotation. Exceptions to the rules for quality reviewer rotation require the approval of the Assistant Auditor General, Audit Services, and the Auditor General, who are responsible for the appointment of quality reviewers.

According to CSQC 1.48(c), quality reviewers are not to be involved in the inspection (i.e., practice review) of engagement files for which they have performed the engagement quality control review.

To maintain his or her objectivity, the quality reviewer avoids being closely associated with the engagement or entity; accordingly, the quality reviewer does not serve in any role other than quality reviewer, either in relation to the engagement for which he or she has been appointed or any other engagement involving that entity.

The quality reviewer can be consulted by the assurance engagement team and should be kept up to date about significant issues on a timely basis. However, these consultations cannot compromise the quality reviewer's eligibility to perform his or her role and make the objective evaluations expected. Where the nature and extent of the consultations become significant, both the engagement leader and the quality reviewer should take care to maintain the quality reviewer's objectivity. If he or she considers it necessary to maintain his or her objectivity, the quality reviewer should inform the engagement leader when consultations should be with another suitably qualified individual.

Formal consultations between the quality reviewer and the engagement team on difficult or contentious matters should be documented according to OAG Audit 3081 Consultations and OAG Audit 3082 Resolution of differences of opinion.

The involvement of the quality reviewer is not a substitute for normal procedures set up for consultation on technical issues, nor should the assignment of the quality reviewer prevent the engagement leader from consulting, as necessary, with others, including internal or external specialists, etc.

When consulting with the quality reviewer on an accounting, auditing, internal control, or other matter during the engagement, the engagement leader ordinarily develops an initial resolution to the matter before discussing it with the quality reviewer.

The extent to which the quality reviewer may have contact with the entity, and the nature of that contact, needs to be considered in relation to the quality reviewer's continuing ability to remain independent from the engagement and make the objective evaluations expected in his or her role. Management and/or the entity's audit committee would not be expected to have direct contact with the quality reviewer in any way that would impair the quality reviewer's objectivity or where it could be perceived that the quality reviewer was acting as part of the engagement team or participating in an engagement decision-making capacity.

OAG Audit 1081 Selection of engagement quality control reviews and appointment of quality reviewers addresses the criteria used in assessing the technical qualifications required to perform the role of quality reviewer, including the necessary experience and authority.

Extent of an engagement quality control review

The quality reviewer should determine the extent of the engagement quality control review depending on the complexity of the engagement and the risk that the report may not be appropriate in the circumstances. In order for the quality reviewer to be satisfied with the resolution and documentation of significant matters, including identified risks and key judgments, the quality reviewer should raise all questions concerning the significant matters with the engagement leader. For entities where we are communicating key audit matters in our financial audit report, the quality reviewer also reviews key audit matters to be included in the financial audit report. The engagement leader and the engagement team should take appropriate action to address the questions raised by the quality reviewer and communicate to the quality reviewer their resolution and the related supporting documentation.

Quality reviewer minimum review

The quality reviewer should, at a minimum, consider and document his or her objective evaluation of the following, during an engagement quality control review. A Quality Reviewer Checklist helps direct the minimum review expected.

The quality reviewer should

  • review the engagement team's evaluation of independence in relation to the assurance engagement, at the beginning and throughout the engagement, as well as the documentation of identified threats to the relevant ethical requirements, including independence, and the appropriateness of safeguards applied;

  • review the planning process including the engagement leader's assessment that the engagement team collectively has the competencies, resources, and time necessary to perform the assurance engagement; the engagement team's analysis of significant risks arising from the understanding of the entity and its environment, the nature of the assurance engagement and the risks of fraud and error; and the adequacy of the planned responses;

  • throughout the engagement, discuss and review with the engagement leader the significant matters, including identified risks and significant judgments made;

  • review selected documentation relating to all significant matters, including identified risks and significant judgments made to ensure that documents selected for review support the work performed and the conclusions reached by the engagement team;

  • review the appropriateness of the content of draft communications to Parliament, management, those charged with governance, and, where applicable, other parties;

  • evaluate the conclusions reached in formulating the report and consider whether the proposed assurance engagement report is appropriate in the circumstances. For entities where we are communicating key audit matters in our financial audit report, the conclusions reached by the engagement team in formulating the audit report include determining key audit matters to be included in the financial audit report;

  • review whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and whether the conclusions arising from those consultations are appropriately documented in the audit file and the parties consulted have agreed with the documentation of the basis on which the guidance was given and the conclusions reached; and

  • review other significant matters that have come to his or her attention during the course of the engagement quality control review.

The quality reviewer's consideration of the appropriateness of judgments made, particularly regarding materiality and significant risks, includes, as a minimum, a review of the identification of significant risks, high risk transactions, and events, as documented in the audit file, as well as all significant matters. The quality reviewer understands the important and sensitive aspects of the engagement and the reasons for the engagement strategy selected. The quality reviewer makes appropriate challenging inquiries to satisfy him/herself that the judgments made are reasonable. He or she reviews the audit strategy and any significant changes to it, makes further inquiries of the engagement leader and others as necessary, and refers to working papers or other relevant information to assess the audit strategy, including the nature, timing, and extent of procedures to be performed in sensitive or high-risk areas. The quality reviewer considers whether the working papers he or she selected for review provide support for the key judgments and the conclusions reached.

In reviewing the content of communications, the quality reviewer considers whether, based on his or her knowledge, it appears that the audit team has appropriately communicated the significant matters relating to planning and those arising during the engagement that are judged to be important and relevant to Parliament, management, those charged with governance, and, where applicable, other parties. This includes consideration of how the engagement leader is satisfied that significant matters have been reported, and whether the communications to these parties address the matters required by professional standards and Office policies and have been properly communicated.

The quality reviewer should exercise professional judgment in considering whether a review of additional documentation is warranted depending on the circumstances of the particular engagement, such as engagement risk and complexity, and the experience of the engagement team.

Handling disagreements

Where the quality reviewer makes recommendations that the engagement leader does not accept and the matter is not resolved to the quality reviewer's satisfaction, the assurance engagement report is not dated until the matter is resolved. OAG Audit 3082 Resolution of differences of opinion outlines the Office's procedures for dealing with differences of opinion including those involving the quality reviewer.

Timing of an engagement quality control review

Quality reviewers are involved at appropriate stages during the engagement so that significant matters may be promptly resolved to their satisfaction before the engagement report is dated. It is not sufficient for quality reviewers simply to be involved at the time the engagement report is being finalized.

The quality reviewer's consideration of independence is sufficiently early in the process to allow for any significant matters relating to independence to be dealt with appropriately.

Independence requires ongoing consideration by the engagement leader and team throughout the engagement. The quality reviewer may consider it helpful to his or her review to understand the process the engagement team undertakes to identify threats to independence and take corrective action or put appropriate safeguards in place in a timely manner.

The quality reviewer discusses with the engagement leader, at key stages during the audit process (i.e., at least at planning and completion sign-off, and more frequently if the quality reviewer considers it necessary), whether any new matters have arisen since his or her initial consideration of independence. The purpose of these discussions is to be satisfied that the conclusions on independence, in the light of new threats identified, remain satisfactory.

The quality reviewer should allow for sufficient time for the review and should be involved at appropriate stages of the engagement. The engagement leader should ensure that the quality reviewer is given adequate notice of when his or her involvement is necessary throughout the engagement.

The engagement quality control review should start sufficiently early in the audit process to allow for timely consultation on significant matters, including identified risks and significant judgments. To meet this objective, the quality reviewer should perform the review as the assurance engagement progresses, starting with the planning of the assurance engagement. In order for the quality reviewer to be satisfied with other significant matters, he or she considers each matter and, where he or she has questions, makes the engagement leader and team are aware of them so they can take appropriate action to address these questions and resolve them.

See OAG Audit 1163 Quality reviewer: minimum documentation requirements

Completion of the engagement quality control review

Completion of the engagement quality control review means the quality reviewer's completion of the minimum review set out in the Quality Review Checklist, including the appropriate resolution of any differences of opinion between the engagement team and the quality reviewer.

The quality reviewer should confirm with the engagement leader the quality reviewer's satisfaction that there are no significant unresolved matters on or before the date of the assurance engagement report. Upon completion of the review, the quality reviewer should be satisfied that nothing has come to his or her attention that calls into question the overall quality of the engagement or the opinion and support for it.

Documentation of the engagement quality control review may be completed after the date of the assurance engagement report, as part of the assembly of the final audit file, provided it does not involve the drawing of new conclusions. During the final assembly period, a quality reviewer may document his or her review of, for example, information from relevant members of the engagement team that the quality reviewer obtained, discussed, and agreed with before the date of the auditor's report.

Related Sections

OAG Audit 1071 Job rotation
OAG Audit 1081 Selection of engagement quality control reviews and appointment of quality reviewers
OAG Audit 1163 Quality reviewer: minimum documentation requirements
OAG Audit 3031 Independence
OAG Audit 3081 Consultations
OAG Audit 3082 Resolution of differences of opinion
OAG Direct Engagement 8095 Submitting the special examination report to the board of directors and making it public
OAG Direct Engagement 8017 Report content approval and date of the report