Print Edition
      April 2011

No cause for panic

By Phil Cowperthwaite + Chi Ho Ng
Illustration: Ryan Snook

Forming a plan for NFPO audits under CAS and a few other steps will help improve service to clients and reduce audit risks

Are you ready to implement the Canadian audit standards (CAS)? The standards are effective for audits of years ending after December 14, 2010. The transition from the old standards may not be as onerous as you might expect. To help with implementation there are a number of tips you can follow.

Read and understand the standards
The audit standards are not a sea change in audit practice. The structure of the audit remains the same: engagement-acceptance procedures followed by planning, risk assessment, response to identified risks, forming an opinion and reporting. However, some requirements are phrased differently from before, many allowing for greater audit efficiencies. If you don’t read and understand the requirements, you may miss some or even perform unnecessary procedures. As a result, your fee recoveries could suffer.

Comprised of 36 standards and 572 requirement paragraphs in more than 800 pages, CAS is a weighty tome. That said, in the majority of small not-for-profit organization (NFPO) audits, several standards will likely not be applicable (for example, standards dealing with reliance on experts and internal auditors). In addition, many of the requirements in standards that are relevant will probably apply only infrequently (for example, those dealing with special-purpose reporting frameworks and management-imposed scope limitations).

But you can only know which requirements are not relevant to your NFPO audits if you read and understand the standards. The good news is the CAS structure makes this relatively easy. Open the book; pick a section; read “CAS 300, Planning an Audit of Financial Statements.” You might be surprised how understandable it is.

Implementation as an exercise in change management
CAS pertaining to NFPO audits is likely to provide a stable platform of standards for the foreseeable future. This is the first time in many auditors’ careers that audit standards are not expected to change to any appreciable extent over the next five to 10 years. Investing time now will pay dividends in the future. Auditors could take this opportunity to treat the implementation of CAS as an exercise in managing change as opposed to learning a new skill. Specifically:

  • appoint an implementation leader in your firm;
  • figure out which standards and which requirements are relevant to your NFPO audits;
  • take time to read the standards. You can do that in manageable chunks over a number of weeks if you start now;
  • as you digest the standards, make a note of the changes you need to make to your current audit methods;
  • inform everyone in your firm of the changes required; and
  • discuss the changes with your clients and col-leagues now.

A bonus is that you will be able to use the same change-management plan when you implement the new NFPO accounting standards, which are effective January 1, 2012.

Talk with your clients now
CAS has some new and very specific communication requirements; use these to your advantage. For example:

  • CAS 210 — “Agreeing the Terms of Audit Engagements” requires management to acknowledge its financial reporting responsibilities in every NFPO audit. The audit is premised on this acknowledgement. Make sure management knows what it has to bring to the table in order for you to do your audit. If you have a hand in drafting the financial statements, this may be an opportunity to explain to your client the safeguards you have put in place to protect your independence. Part of management’s financial reporting responsibilities includes selection of an appropriate financial reporting framework. For fiscal years beginning on or after January 1, 2012, NFPOs must choose to adopt either the new accounting standards for NFPOs as Canadian GAAP or IFRS, with early adoption permitted for both. Consequently, you may also wish to raise issues related to adoption of a new financial reporting framework with your client at this time.
  • CAS 240 — “The Auditor’s Responsibilities Relating to Fraud” and CAS 550 — “Related Parties” require you to ask very specific questions of both management and board members in every NFPO audit. Take a minute to make a tailored checklist of what you need to ask client personnel in your NFPO audit engagements; then ask away. Remember, it is intended to be a two-way conversation.
  • CAS 265 — “Communicating Deficiencies in Internal Control to Management and Those Charged with Governance” requires you to report all significant deficiencies in internal control in writing. CAS 260 — “Communicating with Those Charged with Governance” requires you to report other matters  important to the financial reporting process. Many NFPO clients respect your expertise and appreciate your suggestions. Use these sections to your advantage as an opportunity for enhanced client service.
  • CAS 700 — “Forming an Audit Opinion and Reporting on Financial Statements” requires an audit report that is quite different from the one we have used so far. At some point, go through the new report with management. It might be interested, for example, in why the report, if it includes a scope limitation on the completeness of donations received from the public that is common in many charitable organizations, may not fit on one page. Consider including the expected text of the scope limitation in the engagement and audit-strategy letters that you issue at the beginning of the audit to prevent surprises toward the end.

Dating the independent auditor’s report
One thing that has changed considerably is the dating of the independent auditor’s report, and some up-front planning could forestall a difficult situation. Under the old standards, our audit report is dated on substantial completion of fieldwork. The new CAS, however, states: “The auditor’s report shall be dated no earlier than ... those with the recognized authority have asserted that they have taken responsibility for those statements” (CAS 700.41). This requirement raises two issues:

  • Who has the recognized authority to take responsibility for the financial statements you are auditing: management, the treasurer, the finance committee or the board of directors? Find out in the planning phase of every audit who it is.
  • On what date does the identified responsible party intend to take responsibility for this year’s financial statement being audited?
    Once you have agreed on answers to those two questions with your NFPO client, you will be in a position to plan your subsequent events procedures, the timing of a legal confirmation if applicable and getting the letter of representation signed by the right people. A little planning can help minimize last-minute delays and disappointment at the end of the audit.

Linking risk assessment with audit procedures
Every year many provincial institutes list, as the No. 1 auditor shortcoming — or very near the top — the failure to document and link audit procedures with identification of areas of risk of material misstatement. This may be an opportunity for every-one to take a critical look at file structure and see if it documents the link in an efficient and effective manner. Specifically:

  • Will an experienced colleague be easily able to find in your file the risks of material misstatement you have identified at the assertion and financial-statement levels (CAS 315.25) and those you have classified as significant (CAS 315.27)? Have a look at the actual requirements. They are written very plainly.
  • Will that colleague then be able to see the link that ties the audit procedures you think necessary to the assessed risks? If you have identified any risks of material misstatement and have not performed or documented audit procedures to address those risks, your audit is deficient. If you have performed procedures not tied to a risk, you may have inadvertently over-audited. And in small NFPO audits, over-auditing can play havoc with recoveries.

Summing up
Implementation of CAS should not be cause for panic. Audits under CAS will probably look and feel quite similar to those carried out in the past. But you need to act now, form a plan of attack, talk to colleagues and, most of all, talk to clients at every opportunity. This may be a chance to improve service to your NFPO clients and to reduce your audit risk. Happy auditing.

Phil Cowperthwaite, FCA, is a partner of Toronto CA firm Cowperthwaite Mehta and an IAASB member since 2006. 

Chi Ho Ng, CA, CPA(IL), MBA, is a principal of Auditing and Assurance Standards at the CICA and is currently serving as president of a Legal Aid Ontario clinic

Technical editor: Ron Salole, vice-president, Standards CICA

Past Issues

2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 20062005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997