Unofficial Consolidated Versions

Decision Information

52-108CP - Auditor Oversight - Companion Policy - Unofficial Consolidated Version

Collection Unofficial Consolidated Versions
Date 2022-03-30
Decision type Companion Policy
Jurisdiction Manitoba Securities Commission
Subjects 5 - Ongoing Requirements for Issuers and Insiders
Law National Instrument

Decision Content

Companion Policy 52-108CP

Auditor Oversight

 

Introduction

 

CPAB is an independent oversight body for public accounting firms that audit financial statements of reporting issuers. The purpose of CPAB is to promote high quality external audits of reporting issuers. It is responsible for developing and implementing an oversight program that includes regular inspections of participating audit firms. CPAB’s primary means of assessing the quality of audits is through the inspection of selected high-risk sections of audit files and elements of a participating audit firm’s system of quality control.

 

The purpose of National Instrument 52-108 is to contribute to public confidence in the integrity of financial reporting by reporting issuers by requiring:

 

       a reporting issuer to engage an auditor that has entered into a participation agreement with CPAB in connection with CPAB’s program of practice inspections and the establishment of practice requirements,

 

       a participating audit firm to be in compliance with specified remedial actions imposed by CPAB,

 

       a participating audit firm to deliver a notice to the regulator or, in Quebec, the securities regulatory authority, if CPAB imposes specified remedial actions, including the termination of an audit engagement or the engagement of an independent monitor to observe and report on compliance with professional standards, and

 

       a participating audit firm to deliver a notice to the reporting issuer’s audit committee or the person or company responsible for reviewing and approving financial statements, of its reporting issuer clients if the firm failed to address a defect in the firm’s system of quality control that was previously identified by CPAB.

 

The purpose of this Companion Policy is to state the view of the securities regulatory authorities on various matters related to the Instrument.

 

Section 1 - Definition of Participating Audit Firm

 

Many of the requirements in the Instrument are linked to the definition of participating audit firm in section 1. For example, section 5 of the Instrument imposes a notice requirement on a participating audit firm in a number of circumstances, including where CPAB requires the firm to terminate an audit engagement. CPAB may impose a remedial action on a participating audit firm that specifically pertains to one or more individuals involved in a professional capacity with the participating audit firm. If a remedial action imposed by CPAB on a participating audit firm specifically pertains to an individual acting in a professional capacity with the participating audit firm, this remedial action would be included in the content of a notice to the regulator or, in Quebec, the securities regulatory authority in accordance with paragraph 5(2)(c).

 

Section 1 - Definition of Professional Standards

 

The definition of professional standards refers to the standards listed in section 300 of CPAB rules, which are standards relating to auditing, ethics, independence and quality control.

 

Subsection 5(1) and Paragraph 6(1)(b) Notice to the Regulator or the Securities Regulatory Authority

 

Both subsection 5(1) and paragraph 6(1)(b) of the Instrument require a participating audit firm to deliver a notice to the regulator or, in Quebec, the securities regulatory authority. “Regulator” and “securities regulatory authority” are defined in NI 14-101 – Definitions. Each participating audit firm that is subject to either of these provisions must deliver the notice to the regulator or, in Quebec, the securities regulatory authority, in each jurisdiction in which the firm is appointed by one or more reporting issuers to prepare an auditor’s report with respect to their financial statements. The securities regulatory authorities will consider the notice requirement in each of these provisions of the Instrument to have been satisfied if the notice is sent to auditor.notice@acvm-csa.ca and identifies each jurisdiction that is to receive notice.

 

Subsection 5(1) Remedial Action Imposed by CPAB

 

Subsection 5(1) of the Instrument requires a participating audit firm to deliver a notice to the regulator or, in Quebec, the securities regulatory authority, of certain remedial actions imposed by CPAB. CPAB may refer to an item in subsection 5(1) of the Instrument as a recommendation, a requirement, a restriction or a sanction, or CPAB may use a different term. A participating audit firm must deliver the notice under section 5 of the Instrument if the remedial action is described in that section, without regard to how CPAB refers to it. For example, a notice is required by subparagraph 5(1)(a)(i) of the Instrument if CPAB requires a participating audit firm to terminate an audit engagement regardless of whether CPAB refers to it as a recommendation, requirement, restriction, sanction or uses a different term.

 

Subparagraph 5(1)(a)(iii) Engagement of an External Reviewer or Supervisor

 

Subparagraph 5(1)(a)(iii) of the Instrument requires a participating audit firm to deliver a notice to the regulator or, in Quebec, the securities regulatory authority, if CPAB requires a participating audit firm to engage an external reviewer or supervisor to oversee its work. One example of when a participating audit firm would notify the regulator is when CPAB requires the firm to engage an external engagement quality control reviewer to perform a technical review of one or more audits performed by the firm.

 

Subparagraph 5(1)(a)(iv) – Limitation on a Participating Audit Firm from Accepting New Reporting Issuer Audit Clients

 

Subparagraph 5(1)(a)(iv) of the Instrument requires a participating audit firm to deliver a notice to the regulator or, in Quebec, the securities regulatory authority, if CPAB limits the type or number of new reporting issuer audit clients the firm accepts. The securities regulatory

authorities consider this type of limitation to include restrictions on accepting audit engagements of reporting issuers in a particular industry. For example, a participating firm that is limited for any period of time from auditing the financial statements of mining companies is subject to subparagraph 5(1)(a)(iv) in the Instrument even if the firm may continue to audit reporting issuers in other industries.

 

The securities regulatory authorities also consider the term “new reporting issuer audit client” to refer to any reporting issuer the financial statements of which were not audited by the participating audit firm for the reporting issuer’s most recently completed financial year. For example, if a participating firm was asked to audit the financial statements of a reporting issuer for the first time in respect of its 2013 fiscal year, that issuer would be a new reporting issuer audit client of the firm. Similarly, if a participating audit firm had audited the reporting issuer’s 2011 financial statements but did not audit the 2012 financial statements, the securities regulatory authorities would also consider the issuer to be a new reporting issuer audit client of the firm in respect of the 2013 financial statement audit.

 

Paragraph 5(1)(b) Notice Required at Discretion of CPAB

 

Paragraph 5(1)(b) of the Instrument requires a participating audit firm to deliver a notice to the regulator or, in Quebec, the securities regulatory authority, at the discretion of CPAB. One example of when CPAB may require a participating audit firm to notify the regulator is when the firm failed to comply with a remedial action within the period CPAB required.

 

Subsection 5(2) Contents of Notice

 

Subsection 5(2) of the Instrument sets out the content requirements for a notice delivered to the regulator or, in Quebec, the securities regulatory authority, by a participating audit firm.

 

Paragraph 5(2)(a) requires a participating audit firm to include a description of how the participating audit firm failed to comply with professional standards. The description included in the notice should be substantially similar to the description CPAB has provided the participating audit firm. There may be situations in which the description may need to be modified to remove reference to information protected by professional secrecy in Quebec.

 

Paragraph 5(2)(c) requires a participating audit firm to include a description of each remedial action that CPAB imposed on the firm, as described by CPAB. This includes, but is not limited to, remedial actions referred to in subsection 5(1). For example, if CPAB requires a participating audit firm to engage an independent monitor under subparagraph 5(1)(a)(ii) of the Instrument and also imposes additional remedial actions on the firm other than those referred to in subsection 5(1), the notice must include a complete description of such other remedial actions.

 

Section 7.1 Definition of Component and Component Auditor

 

The terms “component” and “component auditor” have the same meaning as “component” and “component auditor” in Canadian GAAS. As a result, the terms are interpreted in a manner consistent with how the terms are used in Canadian Auditing Standard 600 Special

Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) (CAS 600).

 

In CAS 600, the term “component” means an entity or business activity for which a group or component management prepares financial information that should be included in the group financial statements, and the term “component auditor” means an auditor who, at the request of the group engagement team, performs work on financial information related to a component for the group audit.

 

Section 7.1 Definition of CPAB Access Agreement

 

The Instrument does not prescribe the content to be included in a CPAB access agreement. It is not intended to be equivalent to a “participation agreement”. The terms and conditions set out in a CPAB access agreement, including the manner and conditions for when access is to be provided, will be agreed to by CPAB and the significant component auditor.

 

Section 7.1 - Definition of Significant Component Auditor

 

A component controlled or jointly controlled by a reporting issuer

 

The definition of significant component auditor refers to a component auditor that performs audit work involving financial information related to a component of a reporting issuer if the reporting issuer has the power to direct on its own or jointly with another person or company. Financial information related to a component that a reporting issuer does not have power to direct, at least jointly, is excluded from the definition.

 

For example, under IFRS, a subsidiary or joint arrangement are captured by the reference noted above in the significant component auditor definition, whereas an investment that is accounted for using the equity method of accounting, or a variable interest entity that a reporting issuer does not have power to direct on its own or jointly with another person or company, is not captured.

 

Determination of what constitutes an ‘audit hour’ or ‘audit fee’

 

The term ‘hours’ in this Instrument refers to ‘audit hours’ and is intended to include any hours that are billed in respect of a financial period as ‘audit fees’ or ‘audit-related fees’ (other than hours pertaining to the review of interim financial report), as those terms are described in Forms 52-110F1 Audit Committee Information Required in an AIF and 52-110F2 Disclosure by Venture Issuers (52-110 Forms).

 

The term ‘fees’ in this Instrument is intended to include any fees that are billed in respect of a financial period as ‘audit fees’ or ‘audit-related fees’ (other than fees pertaining to the review of interim financial report), as those terms are described in the 52-110 Forms.

Determination of percentage of audit hours spent by a component auditor on a financial statement audit

 

Paragraph (a) in the definition of significant component auditor applies if the number of hours spent by the component auditor performing audit work in respect of the financial period is 20% or more of the total hours spent on the audit of the reporting issuer’s financial statements relating to that period.

 

For example, if a reporting issuer audit took 100 hours to complete, and the reporting issuer’s auditor performed 80 hours of audit work, and the component auditor performed 20 hours of audit work, paragraph (a) of the definition would apply since the hours spent by the component auditor would be 20% (20 hours / 100 hours) of the audit hours spent by the reporting issuer’s auditor.

 

Determination of percentage of audit fees paid to a component auditor for the financial statement audit

 

Paragraph (b) of the definition of significant component auditor applies if the amount of fees paid to the component auditor for audit work in respect of the financial period is 20% or more of the total fees paid for the audit of the reporting issuer’s financial statements relating to that period.

 

For example, if a reporting issuer paid $100,000 for the audit of its financial statements, and

$80,000 of the fee was paid to the reporting issuer’s auditor for its audit work, while $20,000 of the fee was paid to the component auditor for its audit work, paragraph (b) of the definition would apply since the percentage of fees paid to the component auditor would be 20% ($20,000 /

$100,000).

 

Determination of number of audit hours a component auditor spent on a significant component

 

Subparagraph (c)(i) of the definition of significant component auditor applies if a reporting issuer has a component with assets that represent 20% or more of the reporting issuer’s consolidated assets at the end of the financial period, or revenues that represent 20% or more of the consolidated revenues for that financial period, and it has the power to direct the activities of the component on its own or jointly with another person or company. If subparagraph (c)(i) applies, subparagraph (c)(ii) of the definition would be considered.

 

Subparagraph (c)(ii) of the definition of significant component auditor applies if the number of hours spent by the component auditor performing audit work in respect of the financial period exceeds 50% of the total hours spent on audit work relating to the component that meets the application requirements in subparagraph (c)(i) of the definition.

 

For example, assume a reporting issuer has a subsidiary (Component A) that has revenues representing 30% of the consolidated revenues of the reporting issuer, and therefore satisfies subparagraph (c)(i) of the definition. If the audit of Component A took 10 hours to complete and the component auditor performed 6 hours of the audit work and the reporting issuer’s auditor performed 4 hours of the audit work, the work performed by the component auditor would satisfy

subparagraph (c)(ii) of the definition. The component auditor would have performed 60% (6 hours / 10 hours) of the total hours to audit the component for the reporting issuer audit. The component auditor would therefore meet the definition of a significant component auditor.

 

In the example above, the 6 hours of work performed by the component auditor would represent the amount of time spent to perform audit work in connection with the audit of the reporting issuer’s financial statements. If additional audit work was performed to support the completion of a separate audit engagement (e.g., the audit of the standalone financial statements of Component A), those audit hours would be excluded from the calculation in subparagraph (c)(ii).

 

Section 7.2 Reporting Issuer to Permit Provision of Access

 

Section 7.2 requires a reporting issuer to, on or before the date of the auditor’s report on the reporting issuer’s financial statements for a financial period, give notice in writing to the significant component auditor that the reporting issuer permits the significant component auditor to provide CPAB with access to the significant component auditor’s records relating to the audit work performed for those financial statements if that access is requested by CPAB. Effectively, this communication confirms to the significant component auditor that the reporting issuer has no objection with CPAB having access to any information about the reporting issuer that was retained as audit evidence to support the significant component auditor’s audit work.

 

A reporting issuer can give notice to a significant component auditor to provide CPAB with access to inspect the significant component auditor’s records by communicating directly with the significant component auditor (e.g., a letter to the significant component auditor), or indirectly through the reporting issuer’s auditor (e.g., state in the engagement letter with the reporting issuer’s auditor that it shall inform in writing that all significant component auditors involved in the audit that the reporting issuer is permitting them to provide CPAB with access to the records relating to the audit work they perform in connection with the reporting issuer’s audit).

 

Regardless of whether the communication referred to in section 7.2 is received directly from the reporting issuer, or indirectly through the reporting issuer’s auditor, it is important that the reporting issuer’s auditor communicate to the significant component auditor the importance of the significant component auditor providing access to CPAB, and the implications for all involved if access is not voluntarily provided or a CPAB access agreement is not signed, since this could have a significant impact on future audits of the reporting issuer.

 

Subsection 7.3(1) and Subsection 7.4(1) CPAB Access-limitation Notice and CPAB No-access Notice

 

Both subsection 7.3(1) and subsection 7.4(1) of the Instrument require a participating audit firm to deliver a copy of a notice to the regulator or securities regulatory authority. The securities regulatory authorities will consider the delivery requirement to be satisfied if a copy of the notice is sent to auditor.notice@acvm-csa.ca.

 

The Instrument does not prescribe the content of a CPAB access-limitation notice and CPAB no- access notice. If a copy of a CPAB access-limitation notice or CPAB no-access notice is

delivered to the email address identified above, the communication should identify each regulator or securities regulatory authority that is to receive a copy of the notice if such information is not specified in the notice.

 

Subsection 7.3(2) Impact of a Significant Component Auditor Being Permitted to Enter into a CPAB Access Agreement

 

If subsection 7.3(2) applies, the significant component auditor and CPAB would immediately begin the process of negotiating a CPAB access agreement. The negotiations should be completed in a reasonable period of time.

 

Section 7.4 Impact of Participating Audit Firm Receiving a CPAB No-access Notice

 

If a participating audit firm receives a CPAB no-access notice and was planning to use the public accounting firm named in the notice as a significant component auditor for an upcoming reporting issuer audit, it may continue to do so provided that the reporting issuer’s upcoming year end is not more than 180 days after the date of the notice.

 

If a reporting issuer’s upcoming year end is more than 180 days after the date of the notice, the participating audit firm may not use the public accounting firm named in the notice as a significant component auditor for the reporting issuer’s upcoming year end unless CPAB has notified the participating audit firm that the named firm has entered into a CPAB access agreement in respect of the reporting issuer before the reporting issuer’s year end.

 

The participating audit firm also must not use any other public accounting firm as a significant component auditor for the audit of the reporting issuer’s financial statements unless the other public accounting firm delivers a notice to the participating audit firm and CPAB at least 90 days before the issuance of an auditor’s report in respect of that audit stating that it has given an undertaking to CPAB or entered into a CPAB access agreement and, in addition, one or both of the following apply:

 

         the other public accounting firm gives an undertaking to CPAB in writing to provide CPAB with prompt access to its records relating to audit work performed on financial information related to the component of the reporting issuer, or

 

         the other public accounting firm has entered into a CPAB access agreement in respect of the reporting issuer.

 

Participating audit firms should consider how they track the use of component auditors for their reporting issuer clients to meet the requirements of subsection 7.4(1) within the specified time period of 15 business days.

 You are being directed to the most recent version of the statute which may not be the version considered at the time of the judgment.