Practice Review Program Overview
The purpose of the Practice Review Program is to protect the public through assessing a practitioner’s/firm’s compliance with professional standards, and by taking appropriate follow-up or remedial action in cases of non-compliance. The Practice Review Program further protects the public by providing an educational experience to firms. Practice reviews are performed on the offices of registered firms on a risk-adjusted cycle, which typically occurs once every three years, and in the case of a newly registered firm, within its first year of operation.
During the practice reviews, Practice Review Officers (PROs) may identify reportable deficiencies related to material areas, assertions, and disclosures where accounting or assurance standards are not met. Based on the nature and significance of the reportable deficiencies identified, the PRO assesses an inspection into one of three categories:
- Meets Requirements: no further action is required but the firm is still expected to address the reportable deficiencies (if any), and the firm will be reviewed in the next cycle;
- Meets Requirements with Action Plan: the firm is required to provide an action plan which includes detailing how the reportable deficiencies will be addressed and if deemed satisfactory, the firm will then be reviewed in the next cycle; and
- Does Not Meet Requirements: the firm will be required to have a follow-up review within one year at a cost to borne by the firm, along with other potential consequences required by the Public Practice Committee (the “Committee”).
A firm’s assessment and the related reportable deficiencies are reviewed by professional staff before being submitted to the Committee for final approval on an anonymous and redacted basis. The Committee is comprised of 20 CPA members and two public representatives who meet four times a year to discuss and approve various matters, which include the practice review results of firms.
In determining the action to be taken following a practice review, particularly if the firm was assessed as not meeting requirements for a second consecutive time, the Committee’s considerations include, but are not limited to:
- the degree to which the requirements of the Practice Review Program have been met;
- the nature and severity of the identified deficiencies;
- the adequacy of the firm’s action plan and/or analysis for restatement and commitment towards rectification of issues identified;
- the cooperation of the member/firm and commitment towards improving overall firm quality;
- public interest; and
- on a follow-up review, the results of the previous practice review of the member/firm and the degree to which the member/firm addressed deficiencies identified in the initial review.
As a result of the COVID-19 pandemic, we recognize this past year may have been challenging for practitioners and firms who had to significantly transition their practices. In March 2020, CPABC’s Practice Review Program shifted entirely for inspections of all firms to be performed remotely, in order to protect the public and the health and safety of our staff and practitioners. The return to in-person inspections will be re-assessed in the fall of 2021 based on public health measures and guidelines at that time.
The next section of this article focuses on key practice review observations from the 2020-21 inspection year (from April 1, 2020 to March 31, 2021), which include the most significant areas where firms did not meet standards. The following section will examine the areas of focus in the 2021-22 inspection year.
2020-2021 Practice Review Highlights
During the 2020-21 inspection year, 859 (2019-20: 810) practice inspections were completed with an overall pass rate of 94% (2019-20: 94%). Of the total inspections completed:
- 292 (2019-20: 328) of the inspections, or 34% (2019-20: 40%), were practices that performed assurance engagements; and
- 567 (2019-20: 482), or 66% (2019-20: 60%), were practices that did not perform any assurance engagements (“non-assurance”).
For the 292 inspection of practices which performed assurance engagements:
- 84% (2019-20: 86%) were assessed by the Public Practice Committee (the “Committee”) as “Meets Requirements” or “Meets Requirements with Action Plan”; and
- 16% (2019-20: 14%) were assessed by the Committee as “Does Not Meet Requirements” and, therefore, required a follow-up review of the office, of which 11% (2019-20: 11%) were also required to have a supervised practice.
Of the 567 inspections of practices which did not perform any assurance engagements:
- 99% (2019-20: 99%) were assessed by the Committee as “Meets Requirements” or “Meets Requirements with Action Plan”; and
- 1% (2019-20: 1%) were assessed by the Committee as “Does Not Meet Requirements” and, therefore, required a follow-up review of the practice.
Lastly, included in the 859 practice inspections were 45 follow-up reviews of practices (i.e., firms that were assessed as “Does Not Meet Requirements” in their previous inspection). For these follow-up reviews:
- 89% (2019-20: 81%) were assessed by the Committee as “Meets Requirements” or “Meets Requirements with Action Plan”;
- 11% (2019-20: 19%) were assessed by the Committee as “Does Not Meet Requirements” and thereby, requiring a re-inspection of the office, of which 100% (2019-20: 86%) were also required to have a supervised practice.
For firms assessed as “Does Not Meet Requirements” of the Practice Review Program, there were some notable findings:
- In more than half of these inspections, there was inadequate work and/or insufficient documentation around key assertions of material balances and classes of transactions in their assurance engagements inspected;
- Another common significant finding was the occurrence of one (or more) material error(s) which was the result of not identifying or not applying the appropriate CPA Canada Handbook standard to an accounting or assurance issue;
- Some firms performed engagements outside of their core area of practice or in an area where they did not have substantial previous experience (“dabbling”). An example of this would be a practice that primarily does review engagements and accepts an audit client, or a practice that focuses on owner-managed private companies and takes on a not-for-profit client;
- Some firms that performed review engagements did not take into account the additional procedures and related documentation required under CSRE 2400 compared to the previous review standards (Section 8100/8200); and
- Some firms early adopted the new CSRS 4200 Compilation engagement standard, but missed some of the key requirements under the new standard.
Key Practice Review Observations
The items identified below may not be the most commonly identified deficiencies; however, they are considered some of the more significant items which can have a greater impact on the overall quality of work performed. The absence of sufficient evidence to support work performed in one or more of these areas could result in an inspection being assessed a “Does Not Meet Requirements” by the Committee.
1. Audit Engagements
Auditing Revenue (CAS 240 and CAS 330)
Revenue is an area in audits which often has unique risks and correspondingly has a greater susceptibility to material misstatement. Risks may arise both from complex recognition requirements related to the characteristics of revenue streams and the presumptive risk of fraud when accounting for revenue. We have identified instances in which practitioners did not plan and perform appropriate audit procedures to respond to these risks. For example, audit teams may not have evaluated different types of revenue which give rise to fraud risks. As a result, procedures may not have been performed to address the risks related to each significant revenue stream in an entity.
Auditing of Accounting Estimates (CAS 540)
The audit of accounting estimates that involve significant assumptions and judgments is an area where we have seen practitioners not perform adequate procedures. Practitioners must continue to apply professional skepticism when reviewing information provided by management which may not be reliable or contain biases. As a result, there could be an over-reliance on management’s representations; therefore, practitioners must seek out and evaluate unbiased third party evidence which will corroborate or contradict management’s position. Other instances involve the audit of forecasts or projections where the practitioner should evaluate each critical assumption used by management by pursuing independent evidence.
Additional areas where audit deficiencies were identified are as follows:
- Lack of documentation and/or performance of risk assessment procedures relating to obtaining and understanding of the entity and its environment (CAS 315).
- No documentation of discussions with management and/or those charged with governance relating to fraud (CAS 240).
- Journal entries testing for unauthorized entries and management override (CAS 240).
- Insufficient documentation and/or execution of substantive audit procedures on material classes of transactions and account balances in the following key areas (CAS 330 and 500):
- Completeness of accounts payable (search for unrecorded liabilities);
- Cut-off and completeness of operating expenses;
- Completeness, accuracy and cut-off of payroll expenses;
- Cut-off of revenue, particularly when there are long-term contracts and the percentage of completion method is applied;
- Accuracy for the recognition of contribution revenue as it relates to the restricted fund method versus the deferral method for NPOs;
- Valuation of accounts receivable (allowance for doubtful accounts, review of subsequent payments);
- Collectability of loans receivable, particularly from related parties;
- Existence and completeness of inventory (count procedures) and valuation (obsolescence, slow-moving inventory); and
- Going concern analysis, especially with respect to the impact of COVID-19.
2. Review Engagements
The Canadian Standard on Review Engagements 2400 (CSRE 2400) was effective for reviews of financial statements for periods ending on or after December 14, 2017. As firms are typically inspected on a three-year cycle, we just completed the inspections of all remaining firms that would have transitioned to CSRE 2400. While most practitioners were able to successfully apply this new standard, we continued to encounter key areas that still require improvement relating to insufficient procedures and/or documentation of understanding the entity, its accounting systems and records (CSRE 2400.43 and .44), identification of areas where material misstatements are likely to arise (CSRE 2400.45) and inquiries of management and others within the entity (CSRE 2400.47).
The majority of firms that were assessed as not meeting standards in review engagements did not adequately perform and/or document their inquiry and analysis for key material areas and assertions (CSRE 2400.46). The lack of appropriate procedures were most commonly identified in the following material areas of the financial statements:
- Inter-relationship/comparison of revenues, expenses, gross margin, operating ratios and balance sheet items;
- Cut-off of accounts payable and inquiries for any unrecorded liabilities;
- Completeness of payroll and related accruals;
- Inventory valuation, client’s count procedures and cut-off, especially when there is a risk that some items are slow moving;
- Sales cut-off, particularly when an entity is a contractor or would use the percentage of completion method to recognize revenue;
- Collectability of accounts receivables, notes receivables and related party receivables;
- Compliance with lender covenants and the related impact as a result of misclassifications in the financial statements (i.e., related party debt that contains no repayment terms or a signed waiver has not been obtained and the debt has been incorrectly classified as non-current); and
- Classification of retractable or mandatorily redeemable preferred shares issued in a tax planning arrangement which may be impacted by the amendments in Part II Section 3856 (effective for years beginning on or after January 1, 2021).
3. Quality Control - Monitoring (CSQC 1.48 and 1.49)
A firm’s quality control system should be designed and implemented to improve overall engagement quality, and ensure that the firm does not issue financial statements that have material errors or inadequate work performed. Similar to previous years, we continue to find practitioners have not performed an ongoing evaluation of the quality control system, nor have they ensured cyclical monitoring is completed. The absence of effective monitoring can have a negative impact on quality and is a significant factor in the decision to re-inspect a practicing office. Although sole practitioners may not have internal resources to comply with these requirements, they may consider exploring reciprocal arrangements with other practitioners to fulfill their monitoring obligations.
Practitioners should be aware that the current standards on quality control (CSQC 1) will be replaced by CSQM 1 and CSQM 2 as of December 15, 2022, for assurance engagements and as of December 15, 2023 for related services engagements (which include compilation and trust engagements). Please refer to Appendix 1 for additional information on these changes.
4. Compilation (Section 9200) and Tax Engagements
Practitioners/firms that perform non-assurance work have continued to be highly successful in meeting the requirements of the Practice Review Program (as indicated in the Practice Review Highlights section). Firms often included working papers in their file documentation to support the numbers in the Notice to Reader financial statements not being false or misleading; however, in those instances when working papers contained conflicting information which was not addressed or resolved, this led to requirements not being met. In addition, when firms had no underlying documents in their file to substantiate the numbers, this also caused firms to not meet the requirements.
With respect to tax engagements, specifically T1s and T2s, issues encountered were due to a lack of knowledge of compliance procedures, such as adherence to client filing deadlines, lack of retention of key documents, and not obtaining signed T183s from a client when the returns were e-filed.
Additional common deficiencies noted in tax engagements are as follows:
- The statement of business activities and/or the statement of rental income in the T1 and/or the schedule 100 and 125 in the T2 did not include tax disclaimers indicating that the information was prepared solely for income tax purposes without audit or review from information provided by the taxpayer.
- Lack of documentation for an accountant’s consideration and assessment of independence, especially when bookkeeping services were provided.
- The financial statements contained notes that explicitly referred to being prepared in accordance with GAAP (i.e., ASPE).
- No documentation within the file regarding foreign assets or income.
The new compilation engagement standard (CSRS 4200), which is effective for periods ending on or after December 14, 2021, is significantly different from the current compilation standard (Section 9200). Therefore, it is highly recommended that practitioners understand the new standard by reviewing the Handbook, attending the CSRS 4200 professional development course offering, and referring to CPA Canada’s CSRS 4200 resource page for further guidance.
Focus Areas for the 2021-22 Practice Inspection Year
1. Compilation Engagements (CSRS 4200)
As indicated above, the new compilation engagement standard is effective for periods ending on or after December 14, 2021, with early adoption permitted. As the previous standard has not changed in the last 35 years, it is anticipated that this revised standard will have a significant impact on practitioners/firms that offer compilation (or non-assurance) services.
Here is a list of some of the notable differences in the new standard:
- There are scope exclusions where certain services being performed do not require the completion of a compilation engagement (CSRS 4200 para 2).
- Prior to acceptance or continuance of a compilation engagement, the practitioner must make inquiries of management regarding the intended use of the compiled financial information, including whether that information is intended to be used by a third party (CSRS 4200 para 22).
- When there will be third party reliance on the compiled financial information, management must acknowledge that the third party either is in a position to request and obtain further information or has agreed with management on the basis of accounting to be applied (CSRS 4200 para 23).
- The requirement of an engagement letter (or other suitable form of written agreement) which captures the new required components (CSRS 4200 para 24-25).
- The practitioner must document that they have obtained knowledge related to the entity’s business and operations, accounting system and records and the basis of accounting used, and, where applicable, the accounting policies used, in the preparation of the compiled financial information (CSRS 4200 para 27).
- Note disclosure in the compiled financial information on the basis of accounting applied in the preparation of the compiled financial information (CSRS 4200 para 28).
- The basis of accounting is selected by management. It is expected that compiled financial information prepared in accordance with a general-purpose framework (i.e., ASPE) will be rare.
- The new compilation report includes responsibility paragraphs (related to management and the practitioner) along with the nature and scope of the compilation engagement (CSRS 4200 para 37-38).
Lastly, under the current compilation standard (Section 9200), practitioners should be using the appropriate tax disclaimer ("prepared solely for income tax purposes without audit or review from information provided by the taxpayer") on financial information included in tax filings such as the GIFI (Schedules 100 and 125) or personal tax schedules such as the T776 (Statement of Real Estate Rentals) or the T2125 (Statement of Business or Professional Activities), especially when copies are provided to the client (Section 9200.03). When CSRS 4200 becomes effective, practitioners who perform T1 and/or T2 only engagements will no longer be able to include a disclaimer on the tax returns. Under the new standard, the only communication which would be allowed to be included on these returns would be a full compilation engagement report, which would consequently require that the engagement includes performance of all of the related compilation engagement procedures.
2. Tax Engagements - Documentation
As a best practice, and in order to support clients if the returns are audited by CRA, all tax issues identified during the preparation of income tax returns should be documented by practitioners in the file and there should be documentation to support the eligibility of various expenses and deductions.
Practice inspection of tax engagements is typically performed at a high-level for compliance and accuracy of the information included in personal (T1) and corporate (T2) income tax returns. In order to further protect the public and support the knowledge and proficiency of members, PROs will continue to focus on the following key areas where documentation should be included:
- Eligibility of business-use-of-home expenses claimed in personal income tax returns.
- The recipient of charitable donations in personal and corporate income tax returns to support eligibility for tax credit/deduction.
- The share structure, in particular the ownership of the shares, disclosed in the corporate income tax return.
- The tax documentation supporting shareholder balances and knowledge of the related tax impact.
- Appropriate support for rental and business activities in personal income tax returns.
- Appropriate completion of the GIFI on corporate income tax returns.
Practitioners are reminded of Rule 205 in the CPABC Code of Professional Conduct, which requires that members do not sign or associate with any letter, report, statement, representation or financial statement which they know, or should know, is false or misleading. If practitioners note any items during the preparation of a client’s tax return that may appear to be false or misleading, they should raise the item with their client in a timely manner and ensure they are satisfied with their client’s response before continuing the engagement.
3. COVID-19 Impact on Engagements
In the past year, the COVID-19 pandemic has impacted, both positively and negatively, the operations of organizations across various industries, and may continue to impact these organizations as the public health guidelines continue to evolve. As a result, there has been an added emphasis for practitioners to conduct proper procedures at the planning stage of their engagements to understand their clients’ operations and, in particular, any past or planned changes.
In the last inspection year, we found that practitioners/firms did respond appropriately by considering many of the key accounting issues in their engagement files; however, there were some common deficiencies identified relating to the following areas:
- Assurance Engagements
- Professional skepticism with respect to management’s assessment of the entity’s ability to continue as a going concern;
- Disclosure and accounting treatment of government assistance (such as year-end accruals related to CEWS, forgivable portion of CEBA loans); and
- Disclosure of COVID-19 as a subsequent event or as an event that could materially impact the operations of the entity.
- Non-assurance Engagements
- Treatment of the forgivable portion of the CEBA loans for tax purposes.
For the current inspection cycle, the PROs will continue to monitor that practitioners have appropriately assessed and documented the key considerations of COVID-19 in their client engagement files. CPA Canada has developed many accounting and assurance resources, including considerations for the impact of COVID-19 on key financial statement assertions and balances. Additionally, CPABC has compiled online resources that include important information from the profession, government, and health authorities regarding COVID-19, as well as other information to support our members.
4. Emerging Industries
Clients in the crypto-asset and cannabis industries have unique risks that may require the use of experts in order to develop and execute adequate assurance procedures.
Activities in the crypto-asset industry include trading in crypto-assets and crypto-asset mining. Trading in crypto-assets involves trading in virtual currencies such as Bitcoin. Crypto-asset mining is a process whereby a company provides computer processing power for the underlying method of accounting for crypto-asset trading. The fees earned for providing the computer processing are usually paid in a virtual currency. Audits of companies operating in these activities are complex, high-risk and involve difficult-to-verify virtual assets. As a result, information technology experts may be critical for the successful execution of these engagements.
Cannabis entities can take many forms including cultivation, production of medicinal products, or distribution and sales of related products. The most challenging issues arise with respect to the accounting for biological assets (the cannabis plants). As complex estimates are frequently used, expert valuation services are likely required. The regulatory aspects of this industry must also be considered during planning and throughout the engagement, as non-compliance with these regulations could have significant ramifications to the entity. This industry is also currently undergoing frequent mergers and acquisitions which creates unique accounting issues.
The Practice Review Program will continue to target assurance engagements in these industries due to the unique nature of the risks, which include the challenging assurance and accounting issues involved that ultimately increase the potential for material errors.
Appendix 1 - New and Upcoming Standards
CAS 315 (Identifying and Assessing the Risks of Material Misstatement)
This revised standard is effective for audits of financial statements for periods beginning on or after December 15, 2021, and has undergone significant changes. While the audit risk model and the requirement to identify and assess the risks of material misstatement at the financial statement and assertion levels have remained the same, the revised standard requires auditors to execute a more robust risk identification and assessment to promote better responses to the identified risks. In addition, the revised standard introduces new concepts and definitions, enhancements and clarifications to help the auditor apply the audit risk model, and strengthened documentation requirements related to the exercise of professional skepticism. Therefore, it is strongly recommended auditors fully understand the changes and apply them appropriately in their audit engagements.
Canadian Standards on Quality Management
In January 2021, the Auditing and Assurance Standards Board (AASB) unanimously approved the new quality management standards which are CSQM 1, CSQM 2 and CAS 220. These new standards will impact practitioners performing any engagement performed in accordance with the CPA Canada Handbook, including compilations, which were not previously subject to quality control standards.
- Canadian Standard on Quality Management (CSQM) 1: This standard will replace CSQC 1 and is focused on quality management for firms that perform audits or reviews of financial statements, other assurance or related services engagements, which will notably include compilation engagements. Therefore, many sole practitioners and small firms will, for the first time, need to design, implement and operate a system of quality management. As a note, related services engagements do not include tax and consulting services that may be offered by a practitioner, but will include legal and real estate trust engagements.
- Canadian Standard on Quality Management (CSQM) 2: This standard is focused on the importance of the role of Engagement Quality Reviews (EQR), currently referred to as Engagement Quality Control Reviews (EQCR). CSQM 2 has been extracted, updated and expanded in a stand-alone standard which is currently included in CSQC 1. This standard emphasizes the importance of the engagement quality reviewer’s role and discusses the appointment and eligibility of an engagement quality reviewer, along with enhanced performance and documentation requirements of the EQR.
- Canadian Auditing Standard (CAS) 220: The revised standard contains updated requirements and guidance to:
- Emphasize the engagement partner’s responsibilities for quality management at the engagement level;
- Clarify the role and responsibilities of the engagement partner; and
- Modernize the standard for the evolving environment.
The effective date of CSQM 1 and CSQM 2, for audits and reviews of financial statements and other assurance engagements, and CAS 220 is as of December 15, 2022, with the requirement that practitioners and firms will need to evaluate their system within one year of this date. With respect to the implementation of CSQM 1 and CSQM 2 for related services engagements, such as compilation engagements, the effective date will be as of December 15, 2023, with the requirement to evaluate their system within one year of this date.
Practitioners should begin preparing for these upcoming changes relating to the new quality management standard, particularly those firms that only offer compilation engagement services, as there will be additional effort to adopt the new standards.
Further information on the Canadian Standards on Quality Management can be obtained from the CPA Canada website.