COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
1011 CPA Canada Standards in the Context of a Direct Engagement
Chartered Professional Accountants of Canada (CPA Canada) was established by the Canadian Institute of Chartered Accountants (CICA) and The Society of Management Accountants of Canada (CMA Canada) on January 1, 2013, under the Canada Not-for-profit Corporations Act, to support Canadian provincial accounting bodies that were unifying under the CPA banner. The Certified General Accountants Association of Canada (CGA-Canada) integrated with CPA Canada on October 1, 2014, completing the unification of Canada’s accounting profession at the national level.
CPA Canada supports the setting of accounting, auditing, and assurance standards for businesses, not-for-profit organizations, and government. The standards that the Office of the Auditor General (OAG) complies with are set by the Auditing and Assurance Standards Board (AASB) for the CPA Canada.
In 2003, the OAG determined that direct engagements (such as performance audits and special examinations) will be conducted as “assurance engagements” and that, as such, it will apply the standards for assurance engagements set, at the time, by CICA. Compliance with these standards helps ensure rigour in the OAG’s audit process and the credibility of its audits.
The CPA Canada requirements applicable for direct engagements are set out in the following CPA Canada Assurance Handbook sections:
- CSQC1—Canadian Standard on Quality Control
- CSAE 3001—Canadian Standard on Assurance Engagements 3001: Direct Engagements
The requirements specific to direct engagements are found in CSAE 3001. These requirements are written as numbered paragraphs. Application and other explanatory material is cited in brackets within the paragraph it relates to. For example, paragraph 71 states, “The assurance report shall be in writing and shall contain a clear expression of the practitioner’s conclusion about the underlying subject matter. (Ref: Para. A4, A159-A161).” In this case, the content of the paragraph represents the requirement. The application and other explanatory material found in para A4, A159, A160, and A161 is guidance on how to apply the requirement.
Note: The CSAE 3001 requirement in paragraph 32 relates to the need to revise the terms of the engagement on recurring engagements. This requirement is not covered in the Direct Engagement Manual because recurring engagements do not apply to OAG.
CSAE 3001 Requirements
Introduction to CSAE 3001
1. This Canadian Standard on Assurance Engagements (CSAE) deals with direct engagements. A direct engagement is an assurance engagement in which the practitioner evaluates the underlying subject matter against applicable criteria and aims to obtain sufficient appropriate evidence to express, in a written direct assurance report, a conclusion to intended users other than the responsible party, about the outcome of that evaluation. (Ref: Para. A22-A23)
2. CSAE 3000 deals with attestation engagements other than audits or reviews of historical financial information, which are dealt with in Canadian Auditing Standards (CAS) and, CSRE 2400 respectively. CSAE 3000 and CSAE 3001 have the same status and authority; each deals with a different category of assurance engagement. Appendix 2 provides illustrations of differences between attestation engagements and direct engagements.
3. Direct engagements have many features in common with attestation engagements undertaken under CSAE 3000. Fundamental concepts related to matters such as level of assurance, risk and materiality (or significance) are the same. However, direct engagements also have features that are clearly distinct from those of attestation engagements. For example, performance audits of public sector entities are typically direct engagements, and have the following features not shared by attestation engagements:
- The party responsible for the underlying subject matter being reported on does not make a public assertion regarding whether the entity’s performance conformed with suitable criteria.
- The practitioner usually decides on what the nature and scope of the underlying subject matter to be reported on will be. This decision is made pursuant to the mandate of the public sector auditor set out in law or regulation. The decision is based on knowledge of the entity’s activities and the risks it faces.
- The practitioner normally decides on the applicable criteria to be used for the engagement, deriving such criteria from relevant sources (for example, pertinent laws or regulations, policies, directives, and guidelines) and seeking agreement from the party responsible for the underlying subject matter that the criteria are suitable.
4. This CSAE contains requirements and application and other explanatory material specific to reasonable and limited assurance direct engagements.
5. This CSAE is premised on the basis that:
(a) The members of the engagement team and the engagement quality control reviewer (for those engagements where one has been appointed) are subject to relevant rules of professional conduct / code of ethics applicable to the practice of public accounting and related to assurance engagements, issued by various professional accounting bodies, or other professional requirements, or requirements in law or regulation, that are at least as demanding; and (Ref: Para. A31-A34)
(b) The practitioner who is performing the engagement is a member of a firm that is subject to CSQC 1, 3(4) or other professional requirements, or requirements in law or regulation, regarding the firm’s responsibility for its system of quality control, that are at least as demanding as CSQC 1. (Ref: Para. A60-A65)
6. Quality control within firms that perform assurance engagements, and compliance with ethical principles, including independence requirements, are widely recognized as being in the public interest and an integral part of high-quality assurance engagements. Professional accountants in public practice will be familiar with such requirements. If a competent practitioner other than a professional accountant in public practice chooses to represent compliance with this or other CSAEs, it is important to recognize that this CSAE includes requirements that reflect the premise in the preceding paragraph.
7. This CSAE covers direct engagements. Where a subject-matter-specific CSAE is relevant to the subject matter of a particular direct engagement, that CSAE applies in addition to this CSAE. (Ref: Para. A22-A23)
8. Not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that are not assurance engagements, as defined by paragraph 14(a) (and therefore are not covered by the CSAEs) include:
(a) Engagements covered by standards dealing with related services engagements, such as agreed-upon procedure and compilation engagements;
(b) The preparation of tax returns where no assurance conclusion is expressed; and
(c) Consulting (or advisory) engagements, such as management and tax consulting. (Ref: Para. A1)
9. An assurance engagement performed under the CSAEs may be part of a larger engagement. In such circumstances, the CSAEs are relevant only to the assurance portion of the engagement.
10. The following engagements, which may be consistent with the description in paragraph 14(a), are not considered assurance engagements in terms of the CSAEs:
(a) Engagements to testify in legal proceedings regarding accounting, auditing, taxation or other matters; and
(b) Engagements that include professional opinions, views or wording from which a user may derive some assurance, if all of the following apply:
(i) Those opinions, views or wording are merely incidental to the overall engagement;
(ii) Any written report issued is expressly restricted for use by only the intended users specified in the report;
(iii) Under a written understanding with the specified intended users, the engagement is not intended to be an assurance engagement; and
(iv) The engagement is not represented as an assurance engagement in the professional accountant’s report.
11. This CSAE is effective for direct engagements where the assurance report is dated on or after June 30, 2017.
12. In conducting a direct engagement, the objectives of the practitioner are:
(a) To obtain either reasonable assurance or limited assurance, as appropriate, about whether the underlying subject matter conforms, in all significant respects, with the applicable criteria;
(b) To express a conclusion regarding the outcome of the measurement or evaluation of the underlying subject matter through a written report that conveys either a reasonable assurance or a limited assurance conclusion and describes the basis for the conclusion; and (Ref: Para. A2-A4)
(c) To communicate further as required by this CSAE and any other relevant CSAEs.
13. In all cases when reasonable assurance or limited assurance, as appropriate, cannot be obtained and a qualified conclusion in the practitioner’s assurance report is insufficient in the circumstances for purposes of reporting to the intended users, this CSAE requires that the practitioner disclaim a conclusion or withdraw (or resign) from the engagement, where withdrawal is possible under applicable law or regulation.
15. For the purposes of this CSAE and other CSAEs, references to “appropriate party(ies)” should be read hereafter as “the responsible party, or the engaging party, as appropriate.” (Ref: Para. A21, A37)
16. The practitioner performing a direct engagement shall comply with this CSAE and any subject matter-specific CSAEs relevant to the engagement.
17. The practitioner shall not represent compliance with this or any other CSAE unless the practitioner has complied with the requirements of this CSAE and any other CSAE relevant to the engagement. (Ref: Para. A22-A23)
18. The practitioner shall have an understanding of the entire text of a CSAE, including its application and other explanatory material, to understand its objectives and to apply its requirements properly. (Ref: Para. A24-A29)
19. Subject to the following paragraph, the practitioner shall comply with each requirement of this CSAE and of any relevant subject-matter-specific CSAE unless, in the circumstances of the engagement the requirement is not relevant because it is conditional and the condition does not exist. Requirements that apply to only limited assurance or reasonable assurance engagements have been presented in a columnar format with the letter “L” (limited assurance) or “R” (reasonable assurance) after the paragraph number. (Ref: Para. A30)
20. In exceptional circumstances, the practitioner may judge it necessary to depart from a relevant requirement in a CSAE. In such circumstances, the practitioner shall perform alternative procedures to achieve the aim of that requirement. The need for the practitioner to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the engagement, that procedure would be ineffective in achieving the aim of the requirement.
CSAE 3001 Application Material
A22. The CSAE includes requirements that apply to all direct engagements, including engagements in accordance with a subject-matter-specific CSAE. In some cases, a subject-matter-specific CSAE is also relevant to the engagement. A subject-matter-specific CSAE is relevant to the engagement when the CSAE is in effect, the subject matter of the CSAE is relevant to the engagement, and the circumstances addressed by the CSAE exist.
A23. The CASs and CSRE 2400 have been written for audits and reviews of historical financial information, respectively, and do not apply to other assurance engagements. They may, however, provide guidance in relation to the engagement process generally for practitioners undertaking an assurance engagement in accordance with this CSAE.
A24. CSAEs contain the objectives of the practitioner in following the CSAEs, and requirements designed to enable the practitioner to meet those objectives. In addition, they contain related guidance in the form of application and other explanatory material, introductory material that provides context relevant to a proper understanding of the CSAE, and definitions.
A25. The objectives in a CSAE provide the context in which the requirements of the CSAE are set, and are intended to assist in:
(a) Understanding what is to be accomplished; and
(b) Deciding whether more needs to be done to achieve the objectives.
The proper application of the requirements of a CSAE by the practitioner is expected to provide a sufficient basis for the practitioner’s achievement of the objectives. However, because the circumstances of assurance engagements vary widely and all such circumstances cannot be anticipated in the CSAEs, the practitioner is responsible for determining the procedures necessary to fulfill the requirements of relevant CSAEs and to achieve the objectives stated therein. In the circumstances of an engagement, there may be particular matters that require the practitioner to perform procedures in addition to those required by relevant CSAEs to meet the objectives specified in those CSAEs.
A26. The requirements of CSAEs are expressed using “shall.”
A27. Where necessary, the application and other explanatory material provides further explanation of the requirements and guidance for carrying them out. In particular, it may:
(a) Explain more precisely what a requirement means or is intended to cover; and
(b) Include examples that may be appropriate in the circumstances.
While such guidance does not in itself impose a requirement, it is relevant to the proper application of the requirements. The application and other explanatory material may also provide background information on matters addressed in a CSAE. Where appropriate, additional considerations specific to public sector audit organizations or smaller firms are included within the application and other explanatory material. These additional considerations assist in the application of the requirements in the CSAEs. They do not, however, limit or reduce the responsibility of the practitioner to apply and comply with the requirements in a CSAE.
A29. Appendices form part of the application and other explanatory material. The purpose and intended use of an appendix are explained in the body of the related CSAE or within the title and introduction of the appendix itself.
All of the audit work to be reported in an audit report shall be conducted according to the Canadian standard on assurance engagements set by the Chartered Professional Accountants of Canada. [Nov-2015]
In Canada, the standard for direct engagements such as the OAG’s performance audits and special examinations, are set by the Auditing and Assurance Standards Board (AASB), an independent institution established by Chartered Professional Accountants Canada (CPA Canada). The authority of the AASB is reflected in federal and provincial legislation and regulations. The AASB’s scope covers audits in the public sector as well as the private and non-profit sectors.
As the legislative audit office of the federal government and of the three territories, the OAG complies with CPA Canada standards in all its products. Audits that adhere to standards set by a recognized and independent professional body give the OAG’s work additional rigour and credibility.
In order to apply the standards to any direct engagement they perform, each audit team member must have an understanding of the CSAE 3001 requirements and related application material. It is important to note that CPA Canada standards are necessary, but not sufficient to conduct the OAG’s direct engagements. Where relevant CPA Canada standards exist, audit team members have to comply with them. Where there are no relevant CPA Canada standards, or when the standards are not specific enough, OAG policies have been developed to include additional requirements with which audit team members must comply.