-1-
CSA Notice of Publication Amendments to National Instrument 52-108 Auditor Oversight
Changes to Companion Policy 52-108 Auditor Oversight
January 13, 2022 Introduction The Canadian Securities Administrators (the CSA or we) are publishing the following materials: • Amendments to National Instrument 52-108 Auditor Oversight (the Amendments); • Changes to Companion Policy 52-108 Auditor Oversight (the CP Changes);
(collectively, the Revisions). The Amendments require actions by reporting issuers and participating audit firms that will assist the Canadian Public Accountability Board (CPAB) in accessing audit working papers of component auditors, particularly in certain foreign jurisdictions. The CP Changes provide guidance on how we will interpret and apply the Amendments.
In connection with the Revisions, CPAB has also issued guidance on their website to provide additional insight to auditors on the processes they will employ to operationalize the Amendments.
The original proposals were published on October 3, 2019. We received 6 comment letters, which were all from audit firms. The list of commenters and a summary of comments is attached as Annex A.
The text of the Revisions is contained in Annexes B and C of this Notice. Local amendments, if any, are in Annex D of this Notice. This Notice will also be available on the websites of CSA jurisdictions, including:
www.lautorite.qc.ca www.albertasecurities.com www.bcsc.bc.ca www.nssc.novascotia.ca
www.fcnb.ca www.osc.gov.on.ca www.fcaa.gov.sk.ca www.msc.gov.mb.ca
-2-
Provided all necessary ministerial approvals are obtained, the Amendments will come into force on March 30, 2022.
Substance and purpose The Revisions aim to respond to challenges CPAB has had in getting access to audit work performed by an audit firm in a foreign jurisdiction that forms part of the audit evidence supporting an auditor’s report issued by a participating audit firm (a PAF). An audit firm performing such audit work is commonly referred to as a ‘component auditor’.
The Amendments require a reporting issuer to give notice in writing to a component auditor that meets the significance thresholds (a significant component auditor) that the reporting issuer permits the significant component auditor to provide CPAB with access to its audit work relating to the audit of the reporting issuer’s financial statements if that access is requested by CPAB.
The Amendments also require a reporting issuer to give notice in writing to a significant component auditor that the reporting issuer permits the significant component auditor to enter into an agreement with CPAB governing access to the audit work the significant component auditor has performed in relation to a component of the reporting issuer (a CPAB access agreement) if the component auditor does not voluntarily provide access to CPAB upon request. If, despite a reporting issuer’s permission and CPAB’s request, the component auditor does not enter into a CPAB access agreement, a PAF is, after a prescribed period of time for transition, not permitted to use the audit firm as a significant component auditor.
Background A reporting issuer may have operations in a foreign jurisdiction that differs from its head office jurisdiction. This may present challenges for the reporting issuer’s auditor due to different languages, laws and business practices in a foreign jurisdiction. In responding to those challenges, a PAF may ask a component auditor to perform work that forms part of the audit evidence supporting the PAF’s auditor’s report. A component auditor could be a member of the PAF’s international network, or an unrelated foreign or domestic audit firm.
If a PAF decides to use the work of a component auditor, the PAF must comply with Canadian Auditing Standard 600 Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) (CAS 600), which specifies that the PAF is responsible for the direction, supervision and performance of the overall audit. Although CAS 600 requires the PAF to document the type of work performed by a component auditor and the PAF’s review of such work, there is no requirement for the PAF to retain in its files a copy of the work performed by the component auditor.
In order to assess whether sufficient audit evidence has been obtained to support the PAF’s audit opinion, CPAB has determined that it needs access to a substantial portion of the audit work performed. However, CPAB has encountered some instances where a substantial portion of the
-3-
audit work has been performed by a component auditor in a foreign jurisdiction, and CPAB was not allowed access to such audit work.
Summary of the Revisions The Revisions: • introduce the definition of a significant component auditor, namely a component auditor that
o performs audit work involving financial information related to a component, whose activities the reporting issuer has the power to direct on its own or jointly with another person or company, and
o meets one of the quantitative metrics relating to hours of work, fees paid, or relative size of the component’s assets or revenue;
• require a reporting issuer to give notice in writing to a significant component auditor that the reporting issuer permits the significant component auditor to provide CPAB with access to records relating to the component auditor’s audit work performed for a reporting issuer audit;
• require a reporting issuer to give notice in writing to a significant component auditor involved in the audit of its financial statements that the reporting issuer permits the significant component auditor to enter into a CPAB access agreement if the reporting issuer receives a copy of a notice from its PAF stating that a significant component auditor has failed to provide CPAB access to the significant component auditor’s records related to audit work performed. A CPAB access agreement is a written agreement between CPAB and a significant component auditor governing access by CPAB to the significant component auditor’s records related to audit work it has performed in relation to a component of a reporting issuer. The terms and conditions set out in a CPAB access agreement, including the manner and conditions for when access is to be provided, must be agreed to by CPAB and the significant component auditor;
• require a PAF to no longer use a public accounting firm as a significant component auditor after a prescribed period of time, if the PAF receives notice that the public accounting firm has failed to enter into a CPAB access agreement after being requested to do so. A PAF may use another significant component auditor that undertakes in writing to provide CPAB access to its audit work or has entered into a CPAB Access Agreement in respect of the reporting issuer.
Summary of changes compared to the original proposals The Revisions are substantially similar to the original proposals, except for the following: • The quantitative metrics for the significant component auditor definition have been revised. The numerator in some calculations now refers to the total audit hours or fees pertaining to the audit of the financial statements instead of the total audit hours or fees pertaining to the PAF.
•
The Amendments require a reporting issuer to permit the significant component auditor to provide CPAB access to their work, and if requested by CPAB, to enter into a CPAB
-4-
access agreement. These changes are intended to prevent the reporting issuer from delaying or impeding CPAB’s access to the audit work, and replace the previously proposed requirement for the reporting issuer to take reasonable steps to direct the significant component auditor to provide access or enter into a CPAB access agreement.
Questions Please refer your questions to any of the following: British Columbia Securities Commission Carla-Marie Hait, Chief Accountant and CFO, British Columbia Securities Commission 604-899-6726 | chait@bcsc.bc.ca
Anita Cyr, Associate Chief Accountant, British Columbia Securities Commission 604-899-6579 | acyr@bcsc.bc.ca
Alberta Securities Commission Cheryl McGillivray, Chief Accountant and CFO, Alberta Securities Commission 403-297-3307 | cheryl.mcgillivray@asc.ca
Anne Marie Landry, Associate Chief Accountant, Alberta Securities Commission 403-297-7907 | annemarie.landry@asc.ca
Ontario Securities Commission Cameron McInnis, Chief Accountant, Ontario Securities Commission 416-593-3675 | cmcinnis@osc.gov.on.ca
Mark Pinch, Associate Chief Accountant, Ontario Securities Commission 416-593-8057 | mpinch@osc.gov.on.ca
Adrian Roomes, Senior Legal Counsel, Ontario Securities Commission 647-291-1579 | aroomes@osc.gov.on.ca
Autorité des marchés financiers Suzanne Poulin, Chief Accountant and Director, Direction de l'information financière Autorité des marchés financiers 514-395-0337 Ext: 4411| suzanne.poulin@lautorite.qc.ca
Geneviève Laporte, Senior Analyst, Direction de l’information financière, Autorité des marchés financiers 514 395-0337, ext. 4294 | genevieve.laporte@lautorite.qc.ca
Annex A SUMMARY OF COMMENTS AND CSA RESPONSES
This annex summarizes the comment letters and our responses to these comments. This annex contains the following sections: 1. Introduction 2. List of Commenters 3. Responses to comments received on the original proposals published on October 3, 2019
1. Introduction In this annex, we consolidated and summarized the comments and our responses by the general themes of the comments. We have included section references to the Revised Materials for convenience.
In connection with the Revisions, CPAB has issued guidance on their website to provide additional insight to auditors on the processes CPAB will employ to operationalize the Amendments (the CPAB Guidance). If a comment pertains to the manner in which CPAB plans to operationalize the Amendments, the response will direct the reader to refer to the CPAB Guidance.
2. List of Commenters We received comment letters on the original proposals from the following: • Deloitte LLP • Ernst & Young LLP • Grant Thornton LLP • KPMG LLP • MNP LLP • PricewaterhouseCoopers LLP
-2-
3. Responses to Comments Received on the Revised Materials
Proposed amendments to NI 52-108 Issue
General Comments General support of CPAB access of component auditor work for inspection purposes
General concern with CPAB access of component auditor work for inspection purposes
Comment
Four commenters stated support for CPAB obtaining enhanced access to significant component auditor files that they seek as part of their inspection process.
One commenter believes the responsibility for ensuring the standards under which component auditors are involved in an audit of reporting issuers rests with the group auditor [and not CPAB].
The commenter believes the proposed amendments would result in the following:
•
• •
•
challenges in finding significant component auditors,
potential for higher audit fees charged to reporting issuers, and the possibility that the capital markets in Canada will become less competitive
the group audit could lose valuable knowledge as local firms have expertise in the foreign jurisdiction in areas such as tax, cultural, governmental, business practices, etc.
The commenter also points out that:
• the number of Canadian reporting issuers captured is a small piece of the market,
Response
We thank commenters for their noted support.
The purpose of CPAB is to promote publicly and proactively, high quality external
audits of reporting issuers. CPAB achieves this purpose, in part, by conducting inspections of participating audit firms to
assess whether reporting issuer audits are being performed in compliance with professional standards.
CPAB has determined that the inspection of component auditor information is necessary in some cases to assess compliance with
professional standards. We have amended securities requirements to assist CPAB in obtaining access to inspect that information.
International approach to audit oversight
•
•
•
-3-
there will likely be restrictions in place in certain higher-risk countries (e.g., China), which does not resolve CPAB’s concerns,
requiring a PAF to replace a significant component auditor would be unfair and lack consistency across all reporting issuers since it is driven by CPAB’s inspection process, which is based on a sample of files selected each year, and
CPAB file reviews often take place several months after the issuer have released their financial statements. Requiring the replacement of significant component auditors in situations where CPAB has been prevented from inspecting the work as described above will not be timely.
We recognize that challenges may remain on access to
component auditor files that are needed for an inspection. However, the Revisions are intended to assist in responding to the significant challenges that CPAB has had in getting access to inspect audit work performed by an audit firm in a foreign jurisdiction.
One commenter stated their view that an international cooperation We agree that CPAB should among national audit oversight authorities on questions such as access to continue to enhance their firms’ working papers within their respective jurisdictions is the optimal cooperation with other national solution. This promotes efficient use of audit oversight authority oversight regulators, which may resources and avoids inefficient or duplicative regulatory burden on lead to fewer circumstances reporting issuers and audit firms. Any new model adopted in Canada where a CPAB access agreement should be deployed no more widely than necessary to fill the gaps left is needed to facilitate access. by the current state of international cooperation among at the audit oversight authority level. CPAB should continue to prioritize enhancement of international cooperation amongst national oversight regulators on areas such as access to work papers.
One commenter asked for clarification on whether CPAB will work with Please refer to CPAB Guidance their auditor oversight counterparts, where available, in the component for more information. auditor’s jurisdiction to conduct the inspection?
A revised CAS 600 – Special Considerations – Audits of Group
One commenter noted that the IAASB is currently revising ISA 600, which will be adopted in Canada as revised CAS 600, so it may be prudent to delay finalization of the proposed amendments until the revised CAS 600 is issued.
CAS 600 is not anticipated to address the access to working papers issue for an audit oversight regulator. As such, we
Financial Statements should be considered before implementing securities legislation
Clarification of CPAB inspection scope for component auditors
-4-
One commenter noted that, if CPAB does not believe that ISA/CAS 600 provides sufficient information as to what is sufficient appropriate audit evidence to support the work performed by the component auditor, then this should be addressed through the standard setting process for ISA/CAS 600 Revised versus through a National Instrument. If the aim is to address a practice issue, we would suggest that such an issue could be more appropriately managed through the continued development of application guidance.
One commenter noted that the proposed amendments do not address whether CPAB’s review of the component auditor working papers will be focussed on establishing whether the group auditor complied with CAS 600 or if the review extends beyond the requirements of CAS 600 to an inspection of the component auditor’s file. If CPAB’s review scope exceeds that which would be required by the group auditor under CAS 600 and the group auditor is held accountable by CPAB beyond the requirements of CAS 600, group auditors may respond by also performing oversight beyond what would be required by CAS 600. This could lead to redundancies and higher costs for reporting issuers without commensurate benefits.
do not agree that the Revisions should be delayed until CAS 600 is potentially revised.
Please refer to CPAB Guidance for more information.
The commenter notes their view that CPAB’s inspection should be a focus on reviewing component auditor documentation that is relevant to the significant risks of material misstatement of the group financial statements.
Specific Jurisdictional Restrictions
One commenter notes that Annex C indicates that “The CPAB access agreement would not necessarily result in CPAB having immediate access to inspect work in each of the noted countries if the agreement identifies specific jurisdictional restrictions that continue to prevent access”. The commenter interprets this to mean that if there are valid legal impediments in a local jurisdiction preventing the component auditor from providing CPAB with access, the component auditor can
Staff do not agree with the commenters view. Please refer to CPAB Guidance for more information.
-5-
sign an access agreement with CPAB and would not be barred from acting as a component auditor while these impediments remained in place. The commenter’s view is that this is an important clarification that should be included in the Instrument (emphasis added), and that it would be helpful to clarify what CPAB and/or the CSA consider to be valid legal impediments.
One commenter asked for clarification of whether the requirement for an Please refer to CPAB Guidance access agreement will only be imposed in circumstances where it has for more information. been determined by CPAB that there is no impediment under the laws of the component auditor’s jurisdiction to allow for the inspection of records? Will CPAB take a flexible approach to disclosure in order to work within the laws of the local jurisdiction, such as through the inspection of records within the local jurisdiction as opposed to requiring disclosure in Canada?
One commenter noted their view that, in some circumstances, component auditors may not be able to fully meet conditions of the Instrument; for example, due to potential conflicts with local laws and regulation. In such circumstances, the recourse under the proposals would be for the PAF to reperform the audit procedures if allowed under local laws and regulations. This may cause the PAF and reporting issuer to incur significant costs relating to travel and in some cases relating to reperforming procedures that may have already been done by the predecessor component auditor or by the component auditor retained for the purposes of performing the statutory audit, if needed. It may also have an impact on the quality of the audit due to the lack of experience with the local standards and regulations. If the PAF cannot perform the work due to local laws or regulations, then the proposals provide no recourse.
If a component auditor is subject to specific jurisdictional restrictions that prevent access, then this should be addressed with CPAB when entering into a CPAB access agreement. Please refer to CPAB Guidance for more information.
Treatment of ‘privileged information’
Request for further guidance on how CPAB would apply Revisions
CPAB representations on ability to access component audit working papers if requirements were in place
-6-
One commenter asked for clarification of how CPAB will treat materials which are considered privileged by the reporting issuer or component auditor?
One commenter asked for clarification of whether CPAB intends to use access agreement on a routine basis, or will they only be requested in circumstances where other alternatives have first been exhausted? If so, what will those other alternatives be?
One commenter asked for clarification on what CPAB’s expectations will be for the group auditor, taking into account that they will often have little or no ability to cause a component auditor to take a particular action. Does CPAB expect that group auditors will include a requirement in the engagement agreement with component auditors to allow for inspection of records by CPAB?
One commenter noted that Annex C states that CPAB represented that if the proposed rules were in place, component auditors in China, Mexico and Tunisia would be able to enter into a CPAB access agreement if they so choose. Since the content of the CPAB access agreement has not been shared with all the contemplated parties, the commenter notes that it is difficult to definitively determine whether that will be the case, as component auditors may have different interpretations of the relevant legislation in that region.
Staff Notice Questions Any limitation or Two commenters stated that they do not anticipate any specific concerns with limitations or concerns inclusion of components where the One commenter noted that, in cases of joint control, there could be reporting issuer has implementation challenges for reporting issuers where the other entity or power to direct jointly person is not a reporting issuer and is not subject to any legal obligation with another person or to direct the significant component auditor to provide CPAB with company? access. The Companion Policy should address this situation and what
Please refer to CPAB Guidance for more information.
Please refer to CPAB Guidance for more information.
Please refer to CPAB Guidance for more information.
Please refer to CPAB Guidance for more information.
Although commenters noted that another party in the joint control arrangement may not support providing CPAB access to working papers, staff do not agree that this possibility is a reason to exclude components in the case of a joint control arrangement. Reporting issuers
-7-
would constitute “reasonable steps” for reporting issuers in this circumstance.
One commenter noted their view that, if an entity is jointly controlled by a reporting issuer and a non-reporting issuer, the non-reporting issuer will not be subject to the same restriction in its selection of component auditor. As such, the commenter believes this could cause delays and additional costs to the reporting issuer, in the event the non-reporting issuer does not allow a change in component auditor.
Section 7.1 – Definitions CPAB access One commenter believes further clarity should be provided to specify agreement what “…significant component auditor’s records related to audit work…” means in the context of CPAB’s inspection of a significant component auditor. Specifically, is CPAB looking for access to perform a full file inspection, or will focus only be on the component auditor’s records relate to the specific focus area(s)?
CPAB access- limitation notice
One commenter believes that, for clarity, the definition should include the condition that a written notice is only issued when a significant component auditor has failed to provide CPAB with access despite there being no legal or regulatory restrictions to do so. To facilitate this change, the definition could be amended as follows: “…means a written notice issued by CPAB that a significant component auditor, despite there being no legal or regulatory restrictions to do so, has failed to provide CPAB was access…”
should ensure this issue is considered and addressed with respect to its joint arrangements.
Staff further note that if there is a legal or regulatory restriction that prevents access to working papers, then this should be addressed with CPAB when entering into a CPAB access agreement. Please refer to CPAB Guidance for more information.
Please refer to CPAB Guidance for more information.
We do not agree with the proposed revision.
The current wording states that this notice is issued when a significant component has failed to provide access upon CPAB’s request. Our intention is for this notice to be issued in all circumstances when voluntary access is not provided, regardless of whether there are legal or regulatory restrictions,
CPAB no-access notice
-8-
One commenter believes that, for clarity, the definition should include the condition that a written notice is only issued when a significant component auditor has failed to provide CPAB with access despite there being no legal or regulatory restrictions to do so. To facilitate this change, the definition could be amended in manner similar to what was recommended for the” CPAB access-limitation” definition.
in order to trigger the request for a component auditor to enter into a CPAB access agreement.
Please refer to CPAB Guidance for more information on how legal or regulatory restrictions will be considered by CPAB.
We do not agree with the proposed revision. The notice is intended to be a notification to participating audit firms that they may no longer use the identified public accounting firm as a significant component auditor based on the transition timing set out in the rule.
Please refer to CPAB Guidance for more information on how legal or regulatory restrictions will be considered by CPAB.
Significant component Two commenters noted that the definition differs from the PCAOB auditor definition of ‘playing a substantial role’. Below is the notable feedback from the comments:
In response to the comments we have revised the definition.
• The PCAOB’s rule uses a denominator of total audit hours or fees for all participants (group and component teams), rather than only to principal auditor hours/fees only.
• Reference made to PCAOB Release No. 2003-007, which refers to total engagement hours, rather than hours spent by the reporting issuer’s auditor, in commentary relating to the test of significance
-9-
• There are significant interpretational issues as to how to measure costs and fees associated with component audits. For example, in many cases a statutory audit may be completed at a lower materiality level in conjunction with procedures performed for the group auditor. Interpretational guidance on matters such as this would be necessary for the requirements, as drafted, to be consistently applied.
• By applying the PCAOB’s rule to the example contained in CP Section 7.1 that refer to 80 hours spent by the reporting issuer’s auditor and 20 hours spent by the component auditor would result in a significance calculation of 20% (20 hours / 100 hours). It is not clear to us if this was an intended difference in application, however we believe there is merit in amending the definition (and the example in the CP) such that the calculations under the NI and the PCAOB rule would result in a consistent determination of significance.
One commenter noted that there may be operational issues with using the most recent financial period to assess significance, especially when component auditors are from another network firm. For example, hours and fee information may be difficult for the group auditor and/or the reporting issuer to obtain prior to the audit report date.
Although there may circumstances where hours and fee information are not complete prior to the audit report date, in circumstances where there is reason to believe the significant component auditor definition would apply, the reporting issuer and auditor should ensure the provision for access requirement in subsection 7.2(1) is complied with before the date of the auditor’s report.
-10-
One commenter advised the CSA to be cautious when providing a We have retained the term as definition in a National Instrument of a concept that is also defined in originally proposed. We do not ISA/CAS 600 since there is risk that the two definitions will not be anticipate confusion in aligned. This could confuse auditors and cause application issues to arise application given that our when auditors are required to meet the requirements of both the National definition is unlikely to be Instrument and the group auditing standard. With the current ISA 600 in similar to what would be the process of being revised, there is an even greater risk that the included in an auditing standard. definitions could be misaligned.
Section 7.2 – Reporting Issuer to Direct Provision of Access “All reasonable steps” The paragraph requires all reporting issuers to take “all reasonable In response to the comments we language in paragraph steps” to direct all significant components to provide CPAB with access. have revised the paragraph to 7.2(1) Below are comments with respect to this sentence: remove reference to “all reasonable steps”. One commenter notes there is no guidance in the Companion Policy on how to interpret “reasonable steps” and whether these steps are only applicable if CPAB selects a file for inspection or if these steps are applicable for every engagement where there are significant components. If the latter, it may not be reasonable to assume data would be available to determine whether a component auditor is significant prior to the auditor report date. We believe these matters should be clarified in the Companion Policy.
One commenter believes that the proposed amendments should clarify that “reasonable steps” would not involve any actions that would be contrary to applicable laws and regulations, including privacy laws, and should address other considerations such as confidentiality obligations and legal privilege, which are relevant to the provision of CPAB access.
One commenter is not clear what would be considered to constitute “reasonable steps” by a reporting issuer, particularly in light of the fact that the reporting issuer in many cases will have no relationship with the component auditor and will have no rights or interest in
-11-
their working papers. Is a reasonable step to obtain confirmation in writing from the component auditor that a CPAB access agreement would be signed if requirement by CPAB? Would it be considered reasonable if such agreements were obtained only from component auditors whether the component was expected to be significant based on budgeted audit hours and costs recognizing that actual amounts may not be known until after the audit report is signed?
One commenter is unclear why this requirement exists in all instances and in advance of any CPAB access-limitation notice. The commenter also believes that any effort by reporting issuers should only be required once access has been denied, despite there being no legal or regulatory restrictions to do so.
The requirement has been retained to ensure that, prior to an audit report being issued, the reporting issuer has agreed, and component auditor understands, that CPAB is permitted to inspect component auditor working papers. This requirement permits the component auditor to provide access voluntarily, instead of entering into a CPAB access agreement, if it so chooses.
Section 7.3 – Failure to Voluntarily Provide Access to Inspect a Significant Component Auditor’s Records Title of section One commenter believes the title should be clarified to include the We do not agree. The concept of “despite there being no legal or regulatory restrictions to do requirements in Section 7.3 so”. apply if a CPAB access-limitation notice is issued, which would occur when a significant component auditor has failed to provide CPAB access to its working papers upon request. Such notice is issued regardless of whether there are legal or regulatory restrictions
Delivery requirement in paragraph 7.3(1)(c)
-12-
preventing the significant component auditor from complying with CPAB’s request.
Any legal or regulatory restrictions impacting access should be addressed with CPAB when entering into a CPAB access agreement. Please refer to CPAB Guidance for more information.
The subparagraph requires the PAF to deliver a copy of the notice to the Consistent with existing “regulator or securities regulatory authority’. One commenter believes notification requirements in this could be simplified such that the PAF only need to deliver the notice sections 5 and 6 of NI 52-108, to the “principal regulator”. staff have determined that notice needs to be provided to each regulator or securities regulatory authority that is impacted.
As noted in the Companion Policy, the securities regulatory authorities will consider the delivery requirement to be satisfied if a copy of the notice is sent to auditor.notice@acvm-csa.ca.
Section 7.4 – Failure of a Significant Component Auditor to Enter into a CPAB Access Agreement if Requested to Do So Request to reconsider One commenter notes the following concerns that the issuance of a A no-access notice is issued if a CPAB no-access CPAB no-access notice could lead to scenarios where the firms best significant component auditor notice placed to audit the components are prevented from doing so when such chooses not to enter into a component auditors are often better placed to perform the audit work CPAB access agreement. locally for multiple reasons, including access to component
-13-
management, language, knowledge of local laws and regulations and awareness of local risks. Therefore, the commenter believes the proposed amendments should provide sufficient implementation guidance to ensure that circumstances where there are legitimate jurisdictional impediments to access do not result in the issuance of a CPAB no-access notice.
If there are legitimate jurisdictional impediments to access (e.g., legal restrictions), then this should be addressed with CPAB when entering into a CPAB access agreement.
Please refer to CPAB Guidance for more information on how legal or regulatory restrictions will be considered by CPAB
Requirement not to One commenter is of the view that, if a change in component auditor is use component auditor required, the PAF and reporting issuer should be notified at least 270 within 180 days of days before year-end, to allow for sufficient time and to reduce the risk year end if receive a of additional costs being incurred. The comment believes that by the CPAB no-access first 180 days of the fiscal year, the component auditor may have started notice the planning and at least some audit procedures, resulting potential additional costs for the reporting issuer.
Companion Policy Section 7.1 – One commenter believes what constitutes an audit hour and audit fee Determination of what should be limited to any hours and fees that are considered ‘audit fees’ constitutes an ‘audit as described in Forms 52-110F1 and 52-110F2, and should not include hour’ or ‘audit fee’ those hours and fees that are captured within the description of ‘audit related fees’ as audit related fees may include peripheral items that are not directly related to the conduct of the audit.
We do not agree. We think that 180 days provides sufficient time for an audit firm to revise its audit plan to address a change in component auditor with minimal impact on cost since the notification would occur prior to an auditor engaging with an issuer in connection with its second quarter reporting.
Staff do not agree with the commenter that the calculation should be limited to what are considered ‘audit fees’ as described in Forms 52-110F1 and 52-110F2.
However, after further consideration, staff have determined that fees pertaining
Section 7.1 – Examples of assessing significance based on hours or fees
-14-
One commenter believes there could be confusion as to whether the denominator [in the fees example] should be 100 or 80? For example, if the total hours incurred to perform an audit were 2,200 for the following parties;
to the review of the issuer’s interim financial report, which are to be classified as ‘audit-related fees in accordance with NI 52-110, may be excluded.
The guidance in Section 7.1 has been revised to address this view.
This guidance has been revised to reflect changes made to the definition.
• Group auditor – 1,000 • Component A – 1,000 • Component B – 200 Based on the example, the auditor of component B would be considered a significant component auditor, although the work effort based on hours with respect to component B represents less than 10% of the overall effort.
Anticipated Costs of Proposed Amendments Costs to appoint a new Two commenters believe the costs associated with appointment of a new Staff acknowledge that there are auditor component auditor as a result of a CPAB no-access notice could be various factors that can impact substantially higher than estimated in Annex C of the proposed the amount of time and cost in amendments. the period of transition.
One of the commenters noted that the potential costs depend on many factors such as the amount of time required on the part of both management and the new auditor in the transitional period, the physical location of the new auditor, and the level of oversight required of the new component auditor versus the original one. Such
However, staff do not believe such costs would be substantial when compared to the total audit fees associated with the audit. As noted in the “Anticipated
-15-
costs are likely to be passed to the reporting issuers, potentially without corresponding benefits to audit quality
The other commenter notes that Annex C did not consider the cost of the proposal process, the transition costs and the loss of efficiencies that may have been gained in previous audits. The commenter also noted that the PAF may incur costs to assess the new component auditor, as well as increased costs related to additional supervision in the period of transition. These costs may ultimately be billed through to the reporting issuer as additional fees.
Costs of Proposed Amendments” discussion, it is
anticipated that if the audit work being performed is identical then the fees for such work would be substantially similar.
The decision on whether the additional costs of the PAF and component auditor are passed to the reporting issuer as additional fees will need to be discussed by those parties.
ANNEX B THE MANITOBA SECURITIES COMMISSION MSC RULE 2022-1 (SECTION 149.1, THE SEURITIES ACT)
AMENDMENTS TO NATIONAL INSTRUMENT 52-108 AUDITOR OVERSIGHT
1. National Instrument 52-108 Auditor Oversight is amended by this Instrument.
2. The following is added after Part 3:
PART 3.1 SIGNIFICANT COMPONENT AUDITOR’S WORKING PAPERS
Definitions 7.1 In this Part,
“component” has the same meaning ascribed to it in Canadian GAAS; “component auditor” has the same meaning ascribed to it in Canadian GAAS; “CPAB access agreement” means a written agreement between CPAB and a significant component auditor governing access by CPAB to the significant component auditor’s records related to audit work the significant component auditor has performed in relation to a component of a reporting issuer;
“CPAB access-limitation notice” means a written notice issued by CPAB that a significant component auditor has failed to provide CPAB with access to the significant component auditor’s records related to audit work the significant component auditor has performed in relation to a component of a reporting issuer;
“CPAB no-access notice” means a written notice issued by CPAB that a significant component auditor has failed to enter into a CPAB access agreement;
“significant component auditor” means, with respect to a financial period of a reporting issuer, a component auditor that performs audit work involving financial information related to a component of the reporting issuer if the reporting issuer has the power to direct the component on its own or jointly with another person or company and if any of the following apply:
(a) the number of hours spent by the component auditor performing audit work in respect of the financial period is 20% or more of the total hours spent on the audit of the reporting issuer’s financial statements relating to that period;
(b) the amount of fees paid to the component auditor for audit work in respect of the financial period is 20% or more of the total fees paid for the audit of the reporting issuer’s financial statements relating to that period;
(c) both of the following apply: (i) the assets or revenues of the component are 20% or more of the reporting issuer’s consolidated assets at the end of the financial period or the reporting issuer’s consolidated revenues for that period;
-2-
(ii) the number of hours spent by the component auditor performing audit work in respect of the financial period exceeds 50% of the total hours spent on audit work relating to the component in connection with the audit of the reporting issuer’s financial statements relating to that period.
Reporting Issuer to Permit Provision of Access 7.2(1) If an audit of a reporting issuer’s financial statements for a financial period involves audit work performed by a significant component auditor for the financial period, the reporting issuer must give notice in writing to the significant component auditor that the reporting issuer permits the significant component auditor to provide CPAB with access to the significant component auditor’s records relating to that audit work if that access is requested by CPAB.
7.2(2) The notice referred to in subsection (1) must be given on or before the date of the auditor’s report on the reporting issuer’s financial statements referred to in subsection (1).
Failure to Voluntarily Provide CPAB with Access to a Significant Component Auditor’s Records 7.3(1) If a participating audit firm receives a CPAB access-limitation notice, the participating audit firm must, not more than 5 business days after receipt of the notice, deliver a copy of the notice to all of the following:
(a) the reporting issuer identified in the notice; (b) the audit committee of that reporting issuer; (c) the regulator or securities regulatory authority for that reporting issuer. 7.3(2) If a reporting issuer receives a copy of a CPAB access-limitation notice with respect to a significant component auditor, the reporting issuer must, not more than 5 business days following the receipt of the copy of the notice, give notice in writing to the significant component auditor that the reporting issuer permits the significant component auditor to enter into a CPAB access agreement.
Failure of a Significant Component Auditor to Enter into a CPAB Access Agreement if Requested to Do So 7.4(1) If a participating audit firm receives a CPAB no-access notice, the participating audit firm must, not more than 15 business days after receipt of the notice, deliver a copy of the notice to all of the following:
(a) each reporting issuer audited by the participating audit firm if the public accounting firm identified in the notice was a significant component auditor for the reporting issuer’s most recently completed financial period for which an auditor’s report has been issued;
(b) the audit committee of each reporting issuer referred to in paragraph (a); (c) the regulator or securities regulatory authority for each reporting issuer referred to in paragraph (a). 7.4(2) If a participating audit firm receives a CPAB no-access notice, the participating audit firm must not,
(a) subject to subsection (3), use the public accounting firm referred to in the notice as a significant component auditor in respect of an audit of any reporting issuer’s financial statements for a financial period ending more than 180 days after the date of the notice, or
(b) in respect of an audit of a reporting issuer’s financial statements for a period ending more than 180 days after the date of the notice, use any other public accounting firm as a significant component auditor in respect of a component of the reporting issuer, if audit work in the current or preceding year was done by the public accounting firm referred to in the notice, unless the other public accounting firm satisfies
-3-
one or both of the following and delivers a notice stating that fact to the participating audit firm and CPAB at least 90 days before the participating audit firm issues its auditor’s report in respect of the audit:
(i) the other public accounting firm gives an undertaking to CPAB in writing to provide CPAB with prompt access to its records relating to audit work performed on financial information related to the component of the reporting issuer;
(ii) the other public accounting firm has entered into a CPAB access agreement in respect of the reporting issuer.
7.4(3) Paragraph (2)(a) does not apply to a participating audit firm in respect of a financial period of a reporting issuer ending more than 180 days after the date of the notice if
(a) CPAB has notified the participating audit firm that the significant component auditor has entered into a CPAB access agreement in respect of the reporting issuer before the participating audit firm issues its auditor’s report in respect of the financial period, and
(b) CPAB has not, before the participating audit firm issues its auditor’s report in respect of the financial period, notified the participating audit firm that the significant component auditor has [withdrawn from the CPAB access agreement referred to in paragraph (a).
Application in Québec 7.5 In Québec, the requirements in section 7.2 and subsection 7.3(2) apply to a reporting issuer, provided that an agreement referred to in section 9 of the Chartered Professional Accountants Act (chapter C-48.1) is entered into..
3. Subsection 8(3) is amended by replacing “Except in Ontario” with “Except in Alberta and Ontario”.
4. This Instrument comes into force on March 30, 2022.
5.
6.
In Saskatchewan, despite section 4. above, if this Instrument is filed with the Registrar of Regulations after March 30, 2022, this Instrument comes into force on the day on which it is filed with the Registrar of Regulations.
This Instrument may be cited as MSC Rule 2022-1.
ANNEX C CHANGES TO COMPANION POLICY 52-108CP AUDITOR OVERSIGHT
1. Companion Policy 52-108 Auditor Oversight is changed by this Document. 2. The following is added at the end of the Companion Policy: Section 7.1 – Definition of Component and Component Auditor The terms “component” and “component auditor” have the same meaning as “component” and “component auditor” in Canadian GAAS. As a result, the terms are interpreted in a manner consistent with how the terms are used in Canadian Auditing Standard 600 Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) (CAS 600).
In CAS 600, the term “component” means an entity or business activity for which a group or component management prepares financial information that should be included in the group financial statements, and the term “component auditor” means an auditor who, at the request of the group engagement team, performs work on financial information related to a component for the group audit.
Section 7.1 – Definition of CPAB Access Agreement The Instrument does not prescribe the content to be included in a CPAB access agreement. It is not intended to be equivalent to a “participation agreement”. The terms and conditions set out in a CPAB access agreement, including the manner and conditions for when access is to be provided, will be agreed to by CPAB and the significant component auditor.
Section 7.1 - Definition of Significant Component Auditor A component controlled or jointly controlled by a reporting issuer The definition of significant component auditor refers to a component auditor that performs audit work involving financial information related to a component of a reporting issuer if the reporting issuer has the power to direct on its own or jointly with another person or company. Financial information related to a component that a reporting issuer does not have power to direct, at least jointly, is excluded from the definition.
For example, under IFRS, a subsidiary or joint arrangement are captured by the reference noted above in the significant component auditor definition, whereas an investment that is accounted for using the equity method of accounting, or a variable interest entity that a reporting issuer does not have power to direct on its own or jointly with another person or company, is not captured.
-2-
Determination of what constitutes an ‘audit hour’ or ‘audit fee’ The term ‘hours’ in this Instrument refers to ‘audit hours’ and is intended to include any hours that are billed in respect of a financial period as ‘audit fees’ or ‘audit-related fees’ (other than hours pertaining to the review of interim financial report), as those terms are described in Forms 52-110F1 Audit Committee Information Required in an AIF and 52-110F2 Disclosure by Venture Issuers (52-110 Forms).
The term ‘fees’ in this Instrument is intended to include any fees that are billed in respect of a financial period as ‘audit fees’ or ‘audit-related fees’ (other than fees pertaining to the review of interim financial report), as those terms are described in the 52-110 Forms.
Determination of percentage of audit hours spent by a component auditor on a financial statement audit
Paragraph (a) in the definition of significant component auditor applies if the number of hours spent by the component auditor performing audit work in respect of the financial period is 20% or more of the total hours spent on the audit of the reporting issuer’s financial statements relating to that period.
For example, if a reporting issuer audit took 100 hours to complete, and the reporting issuer’s auditor performed 80 hours of audit work, and the component auditor performed 20 hours of audit work, paragraph (a) of the definition would apply since the hours spent by the component auditor would be 20% (20 hours / 100 hours) of the audit hours spent by the reporting issuer’s auditor.
Determination of percentage of audit fees paid to a component auditor for the financial statement audit
Paragraph (b) of the definition of significant component auditor applies if the amount of fees paid to the component auditor for audit work in respect of the financial period is 20% or more of the total fees paid for the audit of the reporting issuer’s financial statements relating to that period.
For example, if a reporting issuer paid $100,000 for the audit of its financial statements, and $80,000 of the fee was paid to the reporting issuer’s auditor for its audit work, while $20,000 of the fee was paid to the component auditor for its audit work, paragraph (b) of the definition would apply since the percentage of fees paid to the component auditor would be 20% ($20,000 / $100,000).
Determination of number of audit hours a component auditor spent on a significant component Subparagraph (c)(i) of the definition of significant component auditor applies if a reporting issuer has a component with assets that represent 20% or more of the reporting issuer’s consolidated assets at the end of the financial period, or revenues that represent 20% or more of the consolidated revenues for that financial period, and it has the power to direct the activities of the component on its own or jointly with another person or company. If subparagraph (c)(i) applies, subparagraph (c)(ii) of the definition would be considered.
-3-
Subparagraph (c)(ii) of the definition of significant component auditor applies if the number of hours spent by the component auditor performing audit work in respect of the financial period exceeds 50% of the total hours spent on audit work relating to the component that meets the application requirements in subparagraph (c)(i) of the definition.
For example, assume a reporting issuer has a subsidiary (Component A) that has revenues representing 30% of the consolidated revenues of the reporting issuer, and therefore satisfies subparagraph (c)(i) of the definition. If the audit of Component A took 10 hours to complete and the component auditor performed 6 hours of the audit work and the reporting issuer’s auditor performed 4 hours of the audit work, the work performed by the component auditor would satisfy subparagraph (c)(ii) of the definition. The component auditor would have performed 60% (6 hours / 10 hours) of the total hours to audit the component for the reporting issuer audit. The component auditor would therefore meet the definition of a significant component auditor.
In the example above, the 6 hours of work performed by the component auditor would represent the amount of time spent to perform audit work in connection with the audit of the reporting issuer’s financial statements. If additional audit work was performed to support the completion of a separate audit engagement (e.g., the audit of the standalone financial statements of Component A), those audit hours would be excluded from the calculation in subparagraph (c)(ii).
Section 7.2 – Reporting Issuer to Permit Provision of Access Section 7.2 requires a reporting issuer to, on or before the date of the auditor’s report on the reporting issuer’s financial statements for a financial period, give notice in writing to the significant component auditor that the reporting issuer permits the significant component auditor to provide CPAB with access to the significant component auditor’s records relating to the audit work performed for those financial statements if that access is requested by CPAB. Effectively, this communication confirms to the significant component auditor that the reporting issuer has no objection with CPAB having access to any information about the reporting issuer that was retained as audit evidence to support the significant component auditor’s audit work.
A reporting issuer can give notice to a significant component auditor to provide CPAB with access to inspect the significant component auditor’s records by communicating directly with the significant component auditor (e.g., a letter to the significant component auditor), or indirectly through the reporting issuer’s auditor (e.g., state in the engagement letter with the reporting issuer’s auditor that it shall inform in writing that all significant component auditors involved in the audit that the reporting issuer is permitting them to provide CPAB with access to the records relating to the audit work they perform in connection with the reporting issuer’s audit).
Regardless of whether the communication referred to in section 7.2 is received directly from the reporting issuer, or indirectly through the reporting issuer’s auditor, it is important that the reporting issuer’s auditor communicate to the significant component auditor the importance of the significant component auditor providing access to CPAB, and the implications for all
-4-
involved if access is not voluntarily provided or a CPAB access agreement is not signed, since this could have a significant impact on future audits of the reporting issuer.
Subsection 7.3(1) and Subsection 7.4(1) – CPAB Access-limitation Notice and CPAB No-access Notice
Both subsection 7.3(1) and subsection 7.4(1) of the Instrument require a participating audit firm to deliver a copy of a notice to the regulator or securities regulatory authority. The securities regulatory authorities will consider the delivery requirement to be satisfied if a copy of the notice is sent to auditor.notice@acvm-csa.ca.
The Instrument does not prescribe the content of a CPAB access-limitation notice and CPAB no-access notice. If a copy of a CPAB access-limitation notice or CPAB no-access notice is delivered to the email address identified above, the communication should identify each regulator or securities regulatory authority that is to receive a copy of the notice if such information is not specified in the notice.
Subsection 7.3(2) – Impact of a Significant Component Auditor Being Permitted to Enter into a CPAB Access Agreement
If subsection 7.3(2) applies, the significant component auditor and CPAB would immediately begin the process of negotiating a CPAB access agreement. The negotiations should be completed in a reasonable period of time.
Section 7.4 – Impact of Participating Audit Firm Receiving a CPAB No-access Notice If a participating audit firm receives a CPAB no-access notice and was planning to use the public accounting firm named in the notice as a significant component auditor for an upcoming reporting issuer audit, it may continue to do so provided that the reporting issuer’s upcoming year end is not more than 180 days after the date of the notice.
If a reporting issuer’s upcoming year end is more than 180 days after the date of the notice, the participating audit firm may not use the public accounting firm named in the notice as a significant component auditor for the reporting issuer’s upcoming year end unless CPAB has notified the participating audit firm that the named firm has entered into a CPAB access agreement in respect of the reporting issuer before the reporting issuer’s year end.
The participating audit firm also must not use any other public accounting firm as a significant component auditor for the audit of the reporting issuer’s financial statements unless the other public accounting firm delivers a notice to the participating audit firm and CPAB at least 90 days before the issuance of an auditor’s report in respect of that audit stating that it has given an undertaking to CPAB or entered into a CPAB access agreement and, in addition, one or both of the following apply:
•
the other public accounting firm gives an undertaking to CPAB in writing to provide CPAB with prompt access to its records relating to audit work performed on financial information related to the component of the reporting issuer, or
•
-5-
the other public accounting firm has entered into a CPAB access agreement in respect of the reporting issuer.
Participating audit firms should consider how they track the use of component auditors for their reporting issuer clients to meet the requirements of subsection 7.4(1) within the specified time period of 15 business days..
3. These changes become effective on March 30, 2022.