Practice Review Program Overview
The purpose of CPABC’s Practice Review Program (PRP) is to protect the public through assessing a practitioner’s/firm’s compliance with the CPA Canada Handbook standards, and by requiring appropriate follow-up or remedial action in instances of non-compliance. The PRP further protects the public by providing an educational experience to practitioners and firms. Practice reviews are performed on a risk-adjusted cycle, which typically occur once every three years, and in the case of a newly registered firm, within its first year of operation.
During a practice review, the Practice Review Officer (PRO) may identify reportable deficiencies related to material areas, assertions, and disclosures where accounting or assurance standards are not met. Based on the nature and significance of the reportable deficiencies identified, the PRO assesses an inspection as one of the following three categories:
- Meets Requirements: no further action is required but the firm is still expected to address the reportable deficiencies (if any), and the firm will be reviewed in the next cycle;
- Meets Requirements with Action Plan: the firm is required to provide an action plan which includes detailing how the reportable deficiencies will be addressed and if deemed satisfactory, the firm will then be reviewed in the next cycle; and
- Does Not Meet Requirements: the firm will be required to have a follow-up review within one year, at a cost to be borne by the firm, along with other potential requirements by the Public Practice Committee (the “Committee”).
A practitioner’s/firm’s assessment and the related reportable deficiencies are reviewed by professional staff, prior to being submitted to the Committee for final approval on an anonymous and redacted basis. The Committee comprises twenty CPA members and two public representatives who meet four times a year to discuss and approve various matters, including the practice review results of firms.
In determining the action to be taken following a practice review, particularly if the firm was assessed as not meeting requirements for a second consecutive time, the Committee’s considerations include, but are not limited to:
- the nature and severity of the identified deficiencies, taking into account public interest;
- the adequacy of the practitioner’s/firm’s action plan and/or analysis for restatement and commitment towards rectification of issues identified;
- the cooperation of the practitioner/firm and commitment towards improving overall firm quality; and
- on a follow-up review, the results of the previous practice review of the practitioner/firm and the degree to which the practitioner/firm addressed deficiencies identified in the initial review.
COVID-19 has continued to be a challenge for practitioners and firms. For the past 2 years, CPABC’s conducted all practice reviews remotely as desk reviews, to protect the public and the health and safety of our staff and practitioners. Starting April 2022, in-person inspections have resumed for practitioners and firms provided it is deemed appropriate and safe. Home-based practices will continue to be performed as desk reviews.
The next section of this article focuses on key practice review observations from the past inspection year (April 1, 2021 to March 31, 2022), which includes the most significant areas where practitioners/firms failed to meet standards. Thereafter, the report will examine areas of focus for the 2022-23 inspection year.
2021-2022 Practice Review Highlights
During the 2021-22 inspection year, 937 (2020-21: 859) practice inspections were completed with an overall pass rate of 94% (2020-21: 95%). Of the total inspections completed:
- 376 (2020-21: 292) of the inspections, or 40% (2020-21: 34%), were practices that performed assurance engagements; and
- 561 (2020-21: 567), or 60% (2020-21: 66%), were practices that did not perform any assurance engagements (“non-assurance”).
For the 376 inspections of practices which performed assurance engagements:
- 88% (2020-21: 84%) were assessed by the Public Practice Committee (the “Committee”) as “Meets Requirements” or “Meets Requirements with Action Plan”; and
- 12% (2020-21: 16%) were assessed by the Committee as “Does Not Meet Requirements” and, therefore, required a follow-up review of the office, of which 9% (2020-21: 11%) were also required to have a supervised practice.
Of the 561 inspections of practices which did not perform any assurance engagements:
- 97% (2020-21: 99%) were assessed by the Committee as “Meets Requirements” or “Meets Requirements with Action Plan”; and
- 3% (2020-21: 1%) were assessed by the Committee as “Does Not Meet Requirements” and, therefore, required a follow-up review of the practice.
Lastly, included in the 937 practice inspections were 34 follow-up reviews of practices (i.e., practitioners/firms that were assessed as “Does Not Meet Requirements” in their previous inspection). For these follow-up reviews:
- 97% (2020-21: 89%) were assessed by the Committee as “Meets Requirements” or “Meets Requirements with Action Plan”;
- 3% (2020-21: 11%) were assessed by the Committee as “Does Not Meet Requirements” and thereby, requiring a re-inspection of the office.
For practitioners/firms assessed as “Does Not Meet Requirements” of the PRP, there were some notable findings:
- In a large number of these inspections, there was inadequate work and/or insufficient documentation around key assertions of material balances and classes of transactions in their assurance engagements inspected;
- The occurrence of one (or more) material error(s) which was the result of not identifying or not applying the appropriate CPA Canada Handbook standard to an accounting or assurance issue;
- Some practitioners/firms performed engagements outside of their core area of practice or in an area where they did not have substantial previous experience (“dabbling”). An example of this would be a practice that primarily does review engagements and accepts an audit client, or a practice that focuses on owner-managed private companies and takes on a not-for-profit client; and
- Some practitioners/firms early adopted the new CSRS 4200 Compilation engagement standard, but missed key requirements under the new standard.
Key Practice Review Observations
The items identified below may not be the most commonly identified deficiencies; however, they are considered some of the more significant items which can have a greater impact on the overall quality of work performed. The absence of sufficient evidence to support work performed in one or more of these areas could result in an inspection being assessed a “Does Not Meet Requirements” by the Committee.
1. Audit Engagements
- The auditor did not document the design and performance of substantive audit procedures for each material class of transactions, account balance, and disclosure.
CAS 330 paragraph 18; CAS 500 paragraph 6
- The auditor did not document the design and performance of audit procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements.
CAS 240 paragraph 33
- When the auditor used audit sampling to provide a reasonable basis to draw conclusions about the population from which the sample was selected, the documentation did not reflect how the auditor met the requirements of the standard. The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level and select items for the sample in such a way that each sampling unit in the population has a chance of selection. The auditor shall perform audit procedures on each item selected for the sample, with a replacement item selected if the procedure is not applicable to the selected item or treat it either as a misstatement in a test of detail if the auditor is unable to apply the designed audit procedure on it (and project the misstatements found to the population) or as a deviation in a control test. The auditor shall then evaluate the results of the sample and whether it was provided a reasonable basis for conclusions about the population that had been tested.
CAS 530 paragraphs 6-15
- Subsequent event procedures did not cover the period from the date of the financial statements to the date of the auditor’s report, or as near as practicable thereto.
CAS 560 paragraphs 6-8
- When identifying and assessing the risks of material misstatement due to fraud, the auditor did not, based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions gave rise to such risks. If the auditor has concluded that the presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor shall include in the audit documentation the reasons for that conclusion.
CAS 240 paragraphs 27, 48
- The written representation from management was not appropriately dated as near as practicable to the date of the auditor's report. Written representations are necessary audit evidence; as such, the auditor's opinion cannot be expressed, and the auditor's report cannot be dated, before the date of the written representations. Furthermore, because the auditor is concerned with events occurring up to the date of the auditor's report that may require adjustment to or disclosure in the financial statements, the written representations are dated as near as practicable, but not after, the date of the auditor's report on the financial statements.
CAS 580 paragraph 14
- Documentation of risk assessment procedures with respect to obtaining an understanding of the entity and its environment, the applicable financial reporting framework and the entity's system of internal control did not include the entity's information system and communication relevant to the preparation of the financial statements
CAS 315 paragraphs 13-16, 25, 38
- When designing and performing substantive analytical procedures, either alone or in combination with tests of details, the auditor did not evaluate the reliability of data from which the auditor's expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation.
CAS 520 paragraph 5
- The risk of material misstatement, including the risk of material misstatement due to fraud, was not identified, and assessed at the financial statement level and at the assertion level for classes of transactions, account balances, and disclosures to provide a basis for designing and performing further audit procedures.
CAS 240 paragraph 26; CAS 315 paragraphs 28, 30-34
- The auditor's risk assessment included an expectation that controls at the service organization were operating effectively. The auditor did not obtain and read a type 2 report on the service organization’s controls and determine whether the service auditor’s report provides sufficient appropriate audit evidence about the effectiveness of the controls to support the auditor’s risk assessment.
CAS 402 paragraphs 16-17
2. Review Engagements
- The practitioner did not sufficiently document the inquiry and analytical procedures performed on the material items and/or areas in the financial statements where material misstatements are likely to arise. In obtaining sufficient appropriate evidence as the basis for a conclusion on the financial statements as a whole, the practitioner shall design and perform analytical procedures on material items in the financial statements and focus on addressing areas in the financial statements where material misstatements are likely to arise. The documentation shall be sufficient to enable an experienced practitioner, having no previous connection with the engagement, to understand the nature, timing, and extent of the procedures performed to comply with CSRE 2400 and applicable legal and regulatory requirements.
CSRE 2400 paragraphs 46, 104
- The documentation of the practitioner's inquiries of management and others within the entity, as appropriate, did not include some or all the inquiries required by paragraph 47. In a review, inquiry includes seeking information of management and other persons within the entity, as the practitioner considers appropriate in the engagement circumstances. The practitioner may also extend inquiries to obtain non-financial data if appropriate. Evaluating the responses provided by management is integral to the inquiry process.
CSRE 2400 paragraph 47
- The documentation of the practitioner's understanding of the entity's accounting systems and accounting records was not completed or partially completed. The understanding establishes a frame of reference within which the practitioner plans and performs the review engagement and exercises professional judgment throughout the engagement. Specifically, the understanding needs to be sufficient for the practitioner to be able to identify areas in the financial statements where material misstatements are likely to arise, to inform the practitioner's approach to designing and performing procedures to address those areas.
CSRE 2400 paragraphs 43, 44
- The practitioner did not obtain an understanding of the entity and its environment, and the applicable financial reporting framework, to identify areas in the financial statements where material misstatements are likely to arise and thereby provide a basis for designing procedures to address those areas.
CSRE 2400 paragraphs 43, 44
- Based on the practitioner's understanding, the practitioner did not identify areas in the financial statements where material misstatements are likely to arise.
CSRE 2400 paragraph 45
- The date of the written representations was not as near as practicable to, or was after, the date of the practitioner's report.
CSRE 2400 paragraph 73
- In documenting the nature, timing and extent of procedures performed the practitioner did not record who reviewed work, the date and extent of the review, significant matters arising during the engagement, the practitioner's conclusions reached thereon, and significant professional judgments made in reaching those conclusions.
CSRE 2400 paragraphs 104 - 107
- The engagement letter, agreeing the terms of the engagement with management or those charged with governance, was not obtained prior to performing the engagement.
CSRE 2400 paragraph 34
- There was no documentation that the practitioner had completed an assessment with respect to the acceptance and continuance of the client relationship and review engagement. This assessment shall be undertaken at the beginning of the current review engagement.
CSRE 2400 paragraph 27
- The practitioner did not include an emphasis of matter paragraph immediately after the paragraph that contains the practitioner's conclusion on the financial statements, under the heading "Emphasis of Matter," or other appropriate heading, when it was necessary to highlight the existence of a material uncertainty relating to an event or condition that may cast significant doubt on the entity's ability to continue as a going concern, and draw attention to the note in the financial statements that discloses the matter.
CSRE 2400 paragraphs 95, 96, 99
3. Compilation (Section 9200 and CSRS 4200) and Tax Engagements
As the new standard (CSRS 4200) came into effect for compiled financial information for periods ending on or after December 14, 2021, practitioners/firms may have files inspected under both Section 9200 and CSRS 4200 during one inspection year. The new compilation standard represents a significant departure from Section 9200. It is highly recommended that practitioners understand the new standard. Practitioners should review the Handbook, attend the CSRS 4200 professional development course, and refer to CPA Canada’s CSRS 4200 resource page for further guidance.
Practitioners/firms that perform non-assurance work have continued to be successful in meeting the requirements of the PRP (as indicated in the Practice Review Highlights section). Practitioners/firms often included working papers in their file documentation to support the numbers in the Notice to Reader / Compilation Engagement financial statements as not being false or misleading. However, in those instances when working papers contained conflicting information which was not addressed or resolved, this led to requirements not being met. In addition, when practitioners/firms had no underlying documents in their file to substantiate the numbers, this also caused practitioners/firms to not meet the requirements.
In adopting the new CSRS 4200, some practitioners/firms did not sufficiently adopt the requirements of the new standard into their working papers. This led to requirements of the practice inspection not being met. In addition, if a basis of accounting note was not included in the financial information or if the note was misleading (i.e. referred to ASPE when ASPE was not fully adopted), this also caused practitioners/firms to not meet requirements.
With respect to tax engagements, specifically T1s and T2s, issues encountered were due to a lack of knowledge or compliance procedures, such as adherence to client filing deadlines and not obtaining signed T183s from clients prior to e-filing returns. One common deficiency was practitioners not appropriately including the forgivable portion of the Canada Emergency Business Account (CEBA) loan in income. The forgivable portion of the CEBA loan is to be included in income at the time the assistance is received pursuant to paragraph 12(1)(x) of the Income Tax Act, as opposed to when the requirements for forgiveness are met.
Another common deficiency was practitioners’/firms’ inappropriate use of disclaimers. Prior to the effective date of CSRS 4200 (periods ending prior to December 14, 2021), practitioners/firms included a disclaimer on financial information contained within tax returns (i.e. GIFI or T2125 – Statement of Business or Professional Activities) indicating that the information was “prepared solely for income tax purposes without audit or review from information provided by the taxpayer” as outlined in Section 9200. However, subsequent to the effective date of CSRS 4200 (periods ending on or after December 14, 2021), the only appropriate form of communication that can be attached to financial information is a compilation engagement report. If a compilation engagement report is attached to the financial information, then all the requirements of CSRS 4200 would apply.
Additional common deficiencies noted in compilation and tax engagements are as follows:
- Lack of documentation for an accountant’s consideration and assessment of independence, especially when bookkeeping services were provided.
- The financial information contained notes that explicitly referred to being prepared in accordance with GAAP (i.e. ASPE).
- No documentation within the file regarding consideration of foreign income and assets.
4. Quality Control – Monitoring (CSQC 1.48 and 1.49)
Practice review notes that some practitioners/firms have not performed ongoing evaluation of quality control system, nor have they ensured cyclical monitoring is completed. The absence of engagement monitoring activities has a negative impact on engagement quality. See additional discussion below over CSQM 1 and CSQM 2.
Focus Areas for the 2022-23 Practice Inspection Year
1. Compilation Engagements (CSRS 4200)
The new CSRS 4200 Compilation Engagement standard is effective for periods ending on or after December 14, 2021. This new standard will have a significant impact on practitioners/firms that offer compilation services. A core element of the new standard is a note describing the basis of accounting applied in the preparation of the compiled financial information. The basis of accounting note is to assist users in understanding how the financial information was prepared. It is important to note that the selection of the basis of accounting is the responsibility of management.
The following is a list of some of the more notable differences with the new standard:
- There are scope exclusions for when certain services being performed do not require the completion of a compilation engagement (CSRS 4200 para 2).
- Prior to acceptance or continuance of a compilation engagement, the practitioner must make inquiries of management regarding the intended use of the compiled financial information, including whether that information is intended to be used by a third party (CSRS 4200 para 22).
- When there will be third party reliance on the compiled financial information, management must acknowledge that the third party either is in a position to request and obtain further information or has agreed with management on the basis of accounting to be applied (CSRS 4200 para 23).
- The requirement of an engagement letter (or other suitable form of written agreement) which captures the new component requirements (CSRS 4200 para 24-25).
- The practitioner/firm must document that they have obtained knowledge related to the entity’s business and operations, accounting system and records and the basis of accounting used, and, where applicable, the accounting policies used, in the preparation of the compiled financial information (CSRS 4200 para 27).
- Note disclosure in the compiled financial information on the basis of accounting applied in the preparation of the compiled financial information (CSRS 4200 para 28).
- The basis of accounting is selected by management. It is expected that compiled financial information prepared in accordance with a general-purpose framework (i.e. ASPE) will be rare.
- The new compilation report includes responsibility paragraphs (related to management and the practitioner) along with the nature and scope of the compilation engagement (CSRS 4200 para 37-38).
A core element of the new standard is a note describing the basis of accounting applied in the preparation of the compiled financial information. The basis of accounting note is to assist users in understanding how the financial information was prepared. It is important to note that the selection of the basis of accounting is the responsibility of management.
2. Quality Monitoring (CSQM1 and CSQM 2)
CSQM 1 and CSQM 2 will be replacing CSQC 1 and CSQC 2 as of December 15, 2022, for assurance engagements and as of December 15, 2023 for related services engagements (which include compilation and trust engagements).
Canadian Standard on Quality Management (CSQM) 1: This standard will replace CSQC 1 and is focused on quality management for practitioners/firms that perform audits or reviews of financial statements, other assurance or related services engagements, which will notably include compilation engagements. Therefore, many sole practitioners and small practitioners/firms will, for the first time, need to design, implement and operate a system of quality management. As a note, related services engagements do not include tax and consulting services that may be offered by a practitioner, but will include legal and real estate trust engagements.
Canadian Standard on Quality Management (CSQM) 2: This standard is focused on the importance of the role of Engagement Quality Reviews (EQR), currently referred to as Engagement Quality Control Reviews (EQCR). CSQM 2 has been extracted, updated and expanded in a stand-alone standard which is currently included in CSQC 1. This standard emphasizes the importance of the engagement quality reviewer’s role and discusses the appointment and eligibility of an engagement quality reviewer, along with enhanced performance and documentation requirements of the EQR.
Canadian Auditing Standard (CAS) 220: The revised standard contains updated requirements and guidance to:
- Emphasize the engagement partner’s responsibilities for quality management at the engagement level
- Clarify the role and responsibilities of the engagement partner; and
- Modernize the standard for the evolving environment
Entities in the cryptocurrency industry or holding cryptocurrency assets have unique characteristics and risks. The most popular and widely held cryptocurrency is Bitcoin. During the first half of 2022, the value of Bitcoin declined significantly due to significant turbulence in cryptocurrency markets and the current macroeconomic environment. As a result, practitioners should consider performing an assessment for impairment at the end of each reporting period.
Entities engaged in crypto asset mining are complex, high-risk and involve virtual assets that are difficult to verify. Experts in information technology may be required for the successful execution of these assurance engagements.
4. Tax engagements
As a best practice, and in order to support clients if income tax returns are audited by CRA, all tax issues identified during the preparation of the returns should be documented by practitioners in the file and there should be documentation to support the eligibility of various expenses and deductions.
Practitioner inspections of tax engagements is typically performed at a high-level for compliance and accuracy of the information included in personal (T1) and corporate (T2) income tax returns. In order to protect the public and support the knowledge and proficiency of members, PROs will focus on the following key areas where documentation should be included:
- Appropriate tax treatment of forgivable portion of CEBA loans on the corporate income tax returns.
- Eligibility of business-use-of-home expenses claimed in personal income tax returns.
- The recipient of charitable donations in personal and corporate tax income tax returns to support eligibility of tax credits/deductions.
- The tax documentation supporting shareholder balances and knowledge of the related tax impact.
- Appropriate support for rental and business activities in personal income tax returns.
- Appropriate completion of the GIFI on corporate income tax returns.
Practitioners are reminded of Rule 205 in the CPABC Code of Professional Conduct, which requires that members do not sign or associate themselves with any letter, report, statement, representation or financial statement which they know, or should know, to be false or misleading. If practitioners note any items during the preparation of a client’s tax return that may appear to be false or misleading, they should raise the item with their client in a timely manner and ensure they are satisfied with their client’s response before continuing the engagement.