Inspection Process

Inspection Process 

CPAB's vision is to contribute to public confidence in the integrity of financial reporting of public companies (reporting issuers or RIs) in Canada by effective regulation and by promoting quality, independent auditing. This is primarily achieved through the inspection of selected high-risk sections of audit files of reporting issuers and by an evaluation of the elements of quality control of the firms who audit them. Each year, CPAB inspects all firms that audit 100 or more reporting issuers. We also inspect, at least every two years, firms with between 50 and 99 reporting issuer audits. Over three years, the majority of the 150 Canadian audit firms registered with CPAB are inspected.  Many of the foreign firms are subject to oversight by other audit regulators in their jurisdiction.  These firms are inspected periodically based on CPAB's risk analysis.   

Risk-based approach

Risk analysis and assessment are embedded throughout CPAB. This is reflected in our overall research and analysis of the RI population, ongoing environmental scanning (including media monitoring), risk-based selection of RIs and risk-based allocation of CPAB resources to inspections.

CPAB identifies and rates RIs and audit firms that may represent the most significant risks to the investing public. By assessing the RI's risk on a standalone basis with risk factors associated with the audit firm, CPAB develops a comprehensive view of risk for RIs.  These are used to identify audits that have the highest risk of a material error or misstatement. This model takes into account the general economy, the RI's industry, financial stability, size and foreign exposure, management's track record, the audit firm's risk profile, and the engagement partner's experience, including past inspection results.

Elements of quality control

In preparing for each firm inspection, CPAB asks the audit firm for information relating to the following six elements of quality control:

    • Leadership responsibilities for quality within the firm
    • Ethical requirements (including independence)
    • Acceptance and continuance of client relationships and specific engagements
    • Human resources (including training)
    • Engagement performance
    • Monitoring (by firms of their quality control systems and of their application)

The inspection team evaluates the information provided in light of the firm's Composite Risks, including prior inspection results, and determines the Elements to be reviewed. The team is particularly interested in changes to processes and, for firms inspected annually, maintains an evergreen document as a record of procedures in respect of each Element.

The results of individual file inspections also help determine Elements to be examined. While the primary focus of inspections is on the quality of the audit work, as evidenced in the audit files, deficiencies identified may cause the inspector to look at aspects of the firm's quality control processes.  For example, CPAB may ask to see performance evaluations and training taken by the staff on the engagement or if the RI is outside the audit firm's comfort zone, we may ask to see the client acceptance procedures that were performed.

Inspection of files

For each individual file selected, CPAB asks the engagement team to prepare a profile, which describes key metrics, such as the names of senior engagement team members, specialists used, the hours charged etc. It also identifies key engagement deliverables. The engagement profile is usually given to CPAB two weeks prior to the file inspection and provides the inspector an opportunity to get familiar with the RI and its issues prior to the initial meeting with the engagement team. The inspector will review publicly available information such as the financial statements and Management's Discussion and Analysis, as well as any file-specific information identified in or attached to the profile.

The file inspection typically begins with a meeting between the CPAB inspection and engagement teams. This provides CPAB with additional background on the audit engagement and includes a high-level discussion of the audit approach to the focus areas.

It is important to note that CPAB does not inspect the entire audit file (not a cover to cover review). Usually, inspectors consider between two and four focus areas as a basis for assessing the quality of audit work in a selected file. These areas are generally material high-risk financial statement items requiring more complex estimates and judgments (e.g., impairment of long-lived assets, fair values of financial instruments, provision for warranties etc.) by RI management and which present the most challenge to the engagement team. The inspection of an individual focus area covers the various stages of the audit process: planning, evaluation and reliance on internal controls, execution, evaluation of results, financial statement presentation and disclosure, and reporting to the audit committee.

In addition to the focus areas, selected core areas are reviewed for each file. These include such items as materiality, risk assessment and fraud.

Findings and inspection reporting

Before the inspector drafts a significant inspection finding, they confirm with the engagement team that CPAB has been provided with all available audit evidence. This ensures that the inspector has all the facts before coming to a final conclusion on the matter. The inspector consults with other CPAB staff having expertise in the particular area in question, as appropriate, and then discusses the proposed finding with the inspection team leader.

Once the inspection team determines that a significant inspection finding has been identified, it is referred to a panel of CPAB executives for review. This serves as a quality control check and is intended to ensure consistent treatment of similar findings across all inspections. Once it is agreed that the matter is a significant inspection finding, the inspector documents the finding in writing in an Engagement Findings Report (EFR). The EFR is then reviewed and approved by the team leader and CPAB executives and presented to the engagement team.

CPAB usually expects to receive a firm's written response to a significant inspection finding within 10 business days.

In most cases, CPAB requires the engagement team to perform more audit work in the current year, to be satisfied there is not a material error in the financial statements that requires restatement. The engagement team must also provide CPAB with evidence and the results of the additional audit work undertaken. If it is decided that a restatement is necessary, CPAB requires the audit firm to advise the RI, including its audit committee. The inspection team follows up to make sure the restatement has occurred. In other cases, the disposition might require the engagement team to add considerable evidence to the audit file of the audit work that was performed but not evidenced in the audit file. Frequently, CPAB's dispositions will also require changes to the firm's audit approach going forward.

It is important to note that the audit firm is required to implement CPAB's recommendations and must do so in a timely manner. Failure to comply could lead to disciplinary action.

Inspection reporting

At the conclusion of the firm inspection, CPAB meets with firm leadership to discuss the overall inspection results, then issues its inspection report (a private communication between CPAB and the firm). The inspection report includes a summary of the findings, as well as recommendations to improve audit quality. In particular, CPAB highlights the top three to five recommendations that it believes will have the most impact on improving audit quality.

Each firm shares their file-specific significant inspection findings, and CPAB's public inspections report, with their clients' audit committees as per their participation in the Protocol for Audit Firm Communication of CPAB Inspection Findings with Audit Committees (Protocol). The public report includes common inspections findings and questions for audit committee consideration to encourage more robust discussions among management, the firm and audit committees and to support audit committees in their oversight responsibilities.

The audit firm must implement the recommendations to CPAB's satisfaction within a prescribed period of time, which is typically no more than 180 days. Most commonly, CPAB will identify specific actions that the firm must take in connection with its audits of the upcoming calendar year ends. In all cases, CPAB follows up to ensure its recommendations have been satisfactorily implemented.

Evolving inspection strategy

To better identify and understand impediments to improving firm quality systems and consistency in how audits are performed, CPAB plans to evolve its inspection approach in 2018 to incorporate additional operational reviews of the effectiveness of firm structure, accountabilities, quality processes, and culture. Click here for more details. We believe that strong control processes and procedures at both the firm and engagement level will be fundamental to achieving further ongoing  improvements in overall audit quality.

 


​​​​Before each inspection, we ask the audit firm for information relating to the following six ele​​ments of quality control:
  • Leadership and tone at the top
  • Independence and ethics
  • Client acceptance and continuance
  • Human resources and professional development
  • Engagement performance
  • Quality monitoring
​​​​​An EFR 1 is a significant finding that the audit firm must respond to in writing. It means we have identified a significant GAAS or GAAP deficiency that:
  • Relates to a material financial balance or transaction stream
  • Has the potential to result in a material misstatement in the financial statements
  • Will be included as a file-specific finding in the firm inspection report​​​

Join our mailing list

Receive news and Information from CPAB.

Have a concern?

Contact our confidential, anonymous hotline.

Participating Firms

See CPAB registered audit firms. Full List