Common Practice Inspection Deficiencies in 2018-2019

The purpose of the Practice Review Program is to protect the public through assessing firms’ and practitioners’ compliance with professional standards, and by taking appropriate follow-up or remedial action in cases of non-compliance. The Practice Review Program further protects the public by providing an educational experience to firms. Practice reviews are performed on the offices of registered firms on a risk-adjusted cycle, typically every three years, and in the case of a newly registered firm, within its first year of operation.

During the reviews, Practice Review Officers (PROs) might identify reportable deficiencies related to material areas, assertions and disclosures where accounting or assurance standards were not met. Based on the nature and extent of reportable deficiencies identified, the PRO assesses a firm/office into one of three categories:

• Meets requirements: no further action is required though the firm/office is still expected to address the reportable deficiencies identified, and the firm will be reviewed in the next cycle;
• Meets requirements with a specific course of action: if the firm/office provides a satisfactory course of action as to how the reportable deficiencies will be addressed, the firm will be reviewed in the next cycle; or
• Does not meet requirements: the firm will be required to have a follow-up review within a year at a cost to the firm, along with other potential consequences required by the Public Practice Committee (the Committee).

A firm/office’s assessment and the related reportable deficiencies are reviewed by professional staff before being provided, on an anonymous and redacted basis, to the Public Practice Committee for final approval. The Committee is comprised of 20 CPA members and two public representatives, including the Committee Chair, and is appointed by the CPABC Board of Directors.

A. 2018-2019 Practice Review Results

During the 2018-19 review year, 809 (2017-18: 995) public practice offices were reviewed with an overall pass rate of 92% (2017-18: 90%). Of the total reviews completed, 406 (2017-18: 485) of the offices perform assurance work and the remaining 403 (2017-18: 510) offices do not perform any assurance engagements.

For the 406 (2017-18: 485) offices which perform assurance engagements:

• 84% (2017-18: 79%) were assessed by the Committee as either meeting requirements or meeting requirements with an acceptable action plan from the office; and
• 16% (2017-18: 21%) were assessed by the Committee as not meeting requirements and thereby requiring a follow-up review of the office, of which 7% (2017-18: 14%) were also required to have a supervised practice.

Of the 403 (2017-18: 510) offices which do not perform any assurance engagements:

• 99% (2017-18: 99%) were assessed by the committee as either meeting requirements or meeting requirements with an acceptable action plan from the office; and
• 1% (2017-18: 1%) were assessed by the committee as not meeting requirements and thereby requiring a follow-up review of the office.

Included in the practice reviews of the 809 offices were follow-up reviews of 84 offices. For those follow-up reviews:

• 88% (2017-18: 76%) were assessed by the committee as either meeting requirements or meeting requirements with an acceptable action plan from the office; and
• 12% (2017-18: 24%) were assessed by the committee as not meeting requirements and thereby requiring a follow-up review of the office, all of which were also required to have a supervised practice (2017-18: 71%).

For the firms assessed as not meeting the standards of the Practice Review Program, there were some notable findings:

• Many firms performed engagements outside the core area of their practice or in an area where they did not have substantial previous experience. Examples of this would be a firm that primarily does tax work performing its first review engagement, or a firm that focuses on not-for-profit clients performing an audit of a private enterprise.
• A number of firms were assessed as not meeting the requirements of the Practice Review Program due to insufficient or inconsistent documentation. Typically, firms would fill in checklists using “Y” or “N”, with no other explanations of work performed or the results obtained.
• Some firms had files which contained material errors, resulting from either not identifying or not applying the appropriate CPA Canada Handbook standards to an accounting or assurance issue.

Factors Considered by Public Practice Committee

In determining the action to be taken following a practice review, particularly if the firm was assessed as not meeting requirements for a second consecutive time, the Public Practice Committee’s considerations include, but are not limited to:

• the degree to which the requirements of the Practice Review Program have been met;
• the nature and severity of any identified deficiencies;
• the adequacy of the firm’s action plan and/or analysis for restatement and commitment towards rectification of issues identified;
• the cooperation of the member/firm and commitment towards improving overall firm quality;
• public interest; and
• on a follow-up review, the results of the previous practice review of the member/firm and the degree to which the member/firm addressed deficiencies identified in the initial review.

B. Key Practice Review Observations

Below are critical observations arising from practice reviews. These might not be the most common identified deficiencies; however, they are considered some of the more significant deficiencies which may have a greater impact on the quality of work performed. The absence of sufficient evidence to support work performed in these areas commonly resulted in an office being assessed as “Not meeting standards” by the Committee.

1. Audit Engagements
    
   1. Auditing Revenue (CAS 240 and CAS 330)
      
      Revenue is an area in audits which often has unique risks and correspondingly has a greater susceptibility to material misstatement. Risks might arise both from complex recognition requirements related to the characteristics of revenue streams and the presumptive risk of fraud when accounting for revenue.
      
      We have identified instances in which practitioners did not plan and perform appropriate audit procedures to respond to these risks. For example, audit teams might not have evaluated different types of revenue which give rise to fraud risks. As a result, procedures might not have been performed to address the risks related to each significant revenue stream in an entity.
       
   2. Audit Sampling (CAS 530)
      
      When conducting substantive procedures, an auditor commonly tests less than 100 percent of a balance or transaction stream. Instead they will test a sample. When selecting a sample, practitioners should:
       
      • select a representative sample;
      • perform appropriate audit procedures; and
      • evaluate results to obtain reliable, relevant and sufficient appropriate evidence to form a conclusion on the population as a whole.
         
      It is critical that the sample represents the population. For example, a practitioner might employ a standard sample size without regard to the nature of the population and the objectives of the procedure. Practitioners must ensure that all items in a population have an equal chance of being selected. Where populations can be disaggregated, i.e., in situations where there are multiple revenue streams, each distinct sub-population should be sampled independently.
       
   3. Substantive Analytics (CAS 520)
      
      Substantive analytical procedures are often used on their own or in conjunction with other substantive procedures to provide evidence to support the audit opinion. In general, substantive analytical procedures are most effective when evaluating large volumes of transactions in a highly predictable environment.
      
      In determining which audit procedures to design to address audit risks, practitioners should carefully consider the suitability of using substantive analytical procedures. The suitability of an analytical procedure will depend upon the practitioner's assessment of how effective it will be in detecting a misstatement that may cause the financial statements to be materially misstated.
      
      The performance of simple year-over-year analytics generally do not meet the criteria of a substantive analytical procedure. Effective substantive analytical procedures require the development of expectations using reliable and accurate information, the determination of appropriate thresholds for further investigation and follow­up on outliers through discussion with management and by obtaining corroborating evidence.
       
   4. Auditing of Accounting Estimates (CAS 540)
      
      With increasing frequency, auditors are encountering areas in which estimates and judgment are essential in performing the audit. Some estimates may be complex and determined using information that may not be reliable or may be subject to management bias. These complex estimates might include the determination of percentage of completion in revenue recognition, impairment or recoverability of loans or investments and obsolescence in inventory.
      
      When planning the audit, practitioners should make a robust assessment of the areas where complex estimates are used and develop audit procedures that address the associated risks. For example, when auditing the valuation of loans receivable (including those with related parties), practitioners should obtain evidence to support the recoverability of such loans. The procedure of reconciling or confirming the balance of a loan might provide evidence of its existence but provides no evidence to support valuation. Procedures performed to assess valuation might include the evaluation of forecasts or projections and the critical assumptions used by management in determining recoverability.
       
   5. Use of Information Prepared by an Entity (CAS 500)
      
      In the course of performing an audit the practitioner will often rely on information produced by the entity (IPE). This reliance is expected to increase in the future as systems and procedures become more automated. Practitioners might not always be aware of the extent of their use and reliance on IPE and should consider creating a listing of IPE when planning an audit. Examples of common audit sources which use IPE include aged accounts receivable listings, inventory obsolescence reports and cash flow projections.
      
      When performing an audit, practitioners will need to develop a validation approach to be able to rely on evidence that includes IPE. For example, when evaluating the adequacy of the allowance for doubtful accounts, practitioners often rely on an aged accounts receivable listing. In that case the practitioner should perform procedures to confirm that invoices have been properly classified in aging categories.
       
   6. Other Areas
      
      Additional areas where audit deficiencies were identified are as follows:
       
      • Lack of documentation of fraud risk factors as part of the assessment of the risks of material misstatement within audit planning. This was particularly identified as an issue in audits of smaller entities and not-for-profit organizations. 
      • Insufficient documentation and/or execution of substantive audit procedures on material classes of transactions and account balances in the following areas:
        • accounts payable completeness and cut-off;
        • payroll completeness, accuracy and cut-off;
        • revenue, particularly for long-term contracts and transactions with multiple elements;
        • expense completeness and cut-off;
        • accounts receivable valuation;
        • collectability of loans receivable, particularly from related companies;
        • classification of preferred shares as debt or equity;
        • inventory count procedures and valuation;
        • related party transactions;
        • contingencies, particularly with respect to review of legal expenses and consideration of confirmations;
        • journal entry testing;
        • subsequent events review; and
        • going concern analysis.
      • Communication with those charged with governance did not include one or more of the following items (or, in some cases, there was no communication with those charged with governance):
        • The auditor’s responsibilities in relation to the financial statement audit 
        • An overview of the planned scope and timing of the audit 
        • The written representations that the auditor is requesting from management 
        • Significant matters arising from the audit that were discussed, or subject to correspondence with management 
        • Other matters arising from the audit that are significant to the oversight of the financial reporting process
           
2. Review Engagements
   
   This is the first year in which the implementation of the new review engagement standard (Canadian Standard on Review Engagements 2400) was included in the Practice Review Program. The most significant changes resulting from the implementation of CSRE 2400 were requirements to:
    
   • Design and perform review procedures for all material balances.
   • Identify and focus on areas where material misstatement is likely to arise.
   • Inquire with management and others within the entity regarding specific items, including the going concern assumption, significant accounting estimates, related parties, fraud and non­compliance with laws and regulations.
   • Expand documentation of the understanding of the entity's accounting systems and records.
   • Communicate specific items to management and those charged with governance.
   • Issue a new review engagement report with revised wording and requirements.
   
   While most practitioners were successful in transitioning to CSRE 2400, the following are some areas for improvement.
    
   1. Understanding of the accounting system and accounting records (CSRE 2400.43 & .44)
      
      Understanding the accounting system and records used by an entity is vital to identifying areas where a material misstatement is likely to arise. This allows the practitioner to focus analysis and inquiry on these areas. We identified instances where this documentation could be improved. For example, documentation often consisted of brief accounting system notes which were superficial and did not result in a meaningful analysis. Practitioners should document accounting systems and records in greater detail which will result in a higher quality review.
       
   2. Areas where material misstatements are likely to arise (CSRE 2400.45 & .46)
      
      A critical element of CSRE 2400 is the identification of areas where material misstatements are likely to arise. If this assessment is not completed and documented, it is possible that appropriate inquiries and analytical procedures may not be designed and performed. Inquiry and analytical procedures are required for all material items in the financial statements, including disclosures.
      
      When a practitioner has identified an area where material misstatement is likely to arise, additional procedures should be performed to address the area. Examples of such areas include a transaction or event outside of the normal course of business, and a subsequent event. These areas may not necessarily be material items in the financial statements.
       
   3. Inquiries of management and others within the entity (CSRE 2400.47)
      
      Evidence obtained through inquiry is often the principal source of understanding concerning the entity's activities, management's actions during the year and their plans. CSRE 2400 includes an extensive list of required inquiries of management and others within the entity, including inquiries regarding significant estimates, related parties, the existence of fraud or illegal acts, going concern considerations and subsequent events.
      
      Application of professional skepticism in evaluating responses provided by management is important to enable the practitioner to evaluate whether there are any matters that would cause the practitioner to believe the financial statements may be materially misstated. Practice reviews have identified that this analysis is sometimes performed as a perfunctory exercise. For example, we often found one-word responses to inquiries where a more detailed response should be provided.
      
      Documentation requirements for a review engagement under CSRE 2400 are specifically addressed in paragraphs 104-107 of the standard. In particular, documentation should be sufficient for an experienced practitioner, having no previous connection with the engagement, to understand:
       
      • the nature, timing, and extent of the procedures performed (including who performed the work and the date it was completed, and who reviewed the work and the date and extent of the review);
      • the results obtained from the procedures performed and the practitioner’s conclusions arising from those procedures; and
      • significant matters arising during the engagement, the practitioner’s conclusions and significant professional judgements made to reach those conclusions.
         
      The primary areas where documentation and/or performance of review engagements procedures were insufficient are as follows:
       
      • Inter-relationship/comparison of revenues, expenses, gross margin, operating ratios and balance sheet items. 
      • Cut-off of accounts payable and enquiries for any unrecorded liabilities.
      • Completeness of payroll and related accruals.
      • Inventory valuation, client’s count procedures and cut-off, especially when there is a risk that some items are slow moving.
      • Valuation and classification of accounts receivable, particularly when there are related party balances.
      • Sales cut-off, particularly when an entity is a contractor or would use the percentage of completion method to recognize revenue.
      • Evidence of work performed to determine if the entity’s classification of preferred shares as either debt or equity was appropriate.
      • Discussions with management and performance of additional procedures regarding any potential contingencies, commitments and subsequent events.
         
3. Quality Control
   
   A well thought-out and executed quality control system should be encouraged and reinforced with remedial action. If designed and implemented effectively, overall quality improves, and deficiencies decrease.
   
   One of the most effective components of quality control is the completion of monitoring as required by Canadian Standards on Quality Control 1 (CSQC1.48-54). This monitoring is vital to ensure that the firm identifies and corrects any breakdown in quality controls in a timely manner. Practitioners should assess overall quality control annually and review completed assurance engagements on a cyclical basis.
   
   We have identified some situations where monitoring was not performed in sufficient depth and/or was performed by inappropriate individuals or not performed at all, which has resulted in a firm failing to meet standards.
   
   A common challenge for sole practitioners or smaller partnerships is the lack of sufficient independence within the practice to perform cyclical monitoring activities independently. In these instances, most practitioners fulfil their cyclical monitoring obligations by engaging an external monitoring service provider.
   
   To have a positive effect on quality, it is essential that monitoring results are shared within the practice and that any corrective action is planned and executed in a timely manner. To achieve the benefits of monitoring, it is not enough to simply record the results. It is critical to develop and execute a plan of action to address the areas identified for improvement.
   
   It is important to be aware of the proposed quality management standards (see Appendix) which might replace the current CSQC1 standards.
    
4. Compilation and Tax Engagements
   
   Most firms include working papers in their files to support that information in the Notice to Reader financial statements is not false or misleading. Issues have been encountered when working papers contained conflicting figures or additional information that had not been addressed. When firms have no supporting documentation whatsoever for a Notice to Reader set of financial statements the file would not meet the requirements of the Practice Review Program.
   
   Tax engagements encountered issues due to a lack of knowledge of compliance procedures, such as adherence to client’s filing deadlines, lack of retention of key documents, and not obtaining signed T183s from a client when the returns were e-filed.
   
   Additional common deficiencies are as follows: 
    
   • Lack of documentation for an accountant’s consideration and assessment of independence, especially if bookkeeping services were provided.
   • The financial statements contained notes that explicitly referred to GAAP.
   • The statement of business activities and/or the statement of rental income in the T1 and/or the schedule 100 and 125 in the T2 did not include tax disclaimers indicating that the information was prepared solely for income tax purposes without audit or review from information provided by the taxpayer.
   • No documentation within the file regarding foreign assets or income.
      
   It is important to note that the Compilation standard is changing; see Appendix 1 for more information about the proposed Compilation standard.

C. New and Emerging Industries

Increasingly, practitioners are engaging clients in the cryptocurrency and cannabis industries. Each of these industries has unique risks that might require the use of experts in order to develop and execute adequate assurance procedures.

Practitioners who engage cryptocurrency clients might have little or no experience in this field. It can be challenging to obtain evidence to support the existence, ownership, and valuation of crypto assets, thus a control reliance approach is likely required. It is expected that valuation experts will be required in many of these engagements. Revenue generated through cryptocurrency transactions rely on blockchain technology which is a new and complex electronic recording system. As a result, information technology experts might be critical for the successful execution of these engagements.

Cannabis entities can take many forms including cultivation, production of medicinal products or distribution and sales of related products. The most challenging issues arise with respect to the accounting for biological assets (the cannabis plants). As complex estimates are frequently used, expert valuation services are likely required. The regulatory aspects of this industry must also be considered during planning and throughout the engagement as non-compliance with these regulations could have significant ramifications to the entity. This industry is also currently undergoing frequent mergers and acquisitions which creates unique accounting issues.

During the 2019 practice review year, our PROs will be targeting assurance engagements in these two industries due to the unique nature of the risks and assurance issues and the increased potential for errors. Practice review continues to closely monitor developments in these and other emerging industries in British Columbia.

Appendix – New Standards Not Yet Effective

1. Quality Management
   
   In February 2019, the International Auditing and Assurance Standards Board (IAASB) issued an Exposure Draft on quality management at the firm and engagement level. Accordingly, the Accounting and Assurance Standards Board (AASB) followed by issuing an Exposure Draft on quality management at the firm and engagement level in Canada in April 2019. The Canadian Exposure Draft proposes to adopt the new international standard unchanged except for an amendment to the relevant independence and other ethical requirements to allow reference to Canadian requirements.
   
   The Exposure Draft will result in:
   • A new quality control standard at the firm level called the Canadian Standard on Quality Management 1 (CSQM1) Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements.
   • A new standard for engagement quality reviews called the Canadian Standard on Quality Management 2 (CSQ2) Engagement Quality Reviews.
   • Revisions to CAS 220 Quality Management for an Audit of Financial Statements.
   • The Exposure Draft introduces a new, risk-based approach to achieving quality at the firm level. CSQM1 focuses on the practitioner identifying and responding to risks related to the quality of work performed, including establishing quality objectives, identifying and assessing quality risks, and designing and implementing responses to these risks. By setting out the quality objectives and risks, and some required responses to the risks, firms will be able to adjust their system of quality control to suit the size, nature and types of engagements that are performed. This ability to adjust the quality management system used by the firm allows the standard to work for all sizes of firms. CSQM1 also includes requirements to investigate the root causes of deficiencies so that appropriate action can be taken to effectively remediate deficiencies.
   • The scope of CSQM1 will include all assurance engagements and related service engagements, which include Compilation Engagements (Section 9200 or CSRS 4200), Agreed-upon Procedures Engagements (Sections 9100 and 9110 or CSRS 4400) and Engagements to Report on Supplementary Matters Arising from an Audit or a Review Engagement (CSRS 4460).
   • CSQM2, the engagement level standard, is a separate standard to allow for the scalability of the quality management standard. If there are no engagements that would require an engagement quality review in a firm, then there would be no requirement for the firm to consider CSQM2. This new standard has been revised to be more specific about the engagement partner's responsibilities for leadership and project management, including assessing the competence of the engagement team. Requirements were also improved to recognize that engagement teams may be organized in a variety of ways, such as being located across different geographic regions and to consider the growing role of technology in a financial statement audit.
   • The revised CAS 220 will deal with the responsibilities of the engagement partner for quality management at the engagement level for an audit engagement. The importance of the public interest role of audits is emphasized together with the importance of the application of professional judgment and the exercise of professional skepticism. It sets out the roles and responsibilities of the engagement partner and acknowledges the use of electronic audit technology. To assist practitioners with the application of CAS 220, several application paragraphs have been included in the revised standard. It is expected that the AASB will approve the new standard in the third quarter of 2020 and the standard will become effective approximately 18 months after approval.
      
   Firms will need to prepare for the changes arising from the new quality management standard. Firms that only complete compilation engagements will need to ensure that they are able to meet CSQM1 by the time it becomes effective. The inclusion of related services engagements in CSQM1 makes a significant change to the scope of the new standard in relation to the existing CSQC1.
   
   Further information can be obtained from:
    
   • Audit and Assurance Alert: Quality Management; and
   • the Canadian Standards on Quality Control project page on the Financial Reporting & Assurance Standards Canada website.
      
2. Compilation Engagements
   
   The AASB concluded that there is a need for a new compilation standard that would provide requirements and guidance on the performance of compilation engagements. The AASB staff has conducted research on examples of compiled financial statements issued by public accountants and held consultations with bankers and other lenders, legal counsel, insurers and practitioners. These consultations have assisted the AASB in their consideration of the new standard.
   
   The proposed Canadian Standard on Related Services (CSRS) 4200 is intended to:
    
   • Assist practitioners when performing compilation engagements.
   • Clearly communicate through a revised compilation report the responsibilities of management and the practitioner.
   • Communicate the nature and scope of the engagement and whether an accounting framework has been used in the preparation of the financial statements.
      
   Key issues that will be addressed by the new standard include:
    
   • The identification of services which are within the scope of CSRS 4200.
   • The level of documentation and extent of work required when performing a compilation engagement.
   • The perception of the marketplace that the work performed provides some level of assurance, even though no assurance is provided.
   • The usefulness of financial statements when compiled using a generally accepted financial reporting framework versus a less rigorous framework or no framework.
   • The proposed wording for the new compilation engagement report, specifically the requirement to comply with relevant ethical standards and to report in accordance with a standard in the CPA Canada Handbook.
   
   The scope of CSRS 4200 continues to exclude bookkeeping services; however, the standard will clarify the identification of bookkeeping services for the practitioner. The project was approved in September 2011 and an exposure draft was issued in September 2018. The AASB is currently deliberating feedback received on the exposure draft.  It is expected that the AASB will approve CSRS 4200 in the second half of 2019 and the standard will be effective in 2020 or 2021 after the new standard is issued.
   
   The new standard will be a significant change and practitioners should begin their preparations as soon as the standard is approved.
   
   Further information can be obtained from:
    
   • the Compilation Engagements project page on the Financial Reporting & Assurance Standards Canada website.