Audit Notes PDF

Summary

These notes cover recent developments in auditing, particularly regarding fraud, and the importance of audit quality. The document also discusses professional skepticism and the role of auditors in assessing profitability.

Full Transcript

Notes by Prof
October 17, 2024 7:48 PM

September 13

CPAB 2023 evolving fraud landscape (recently issued, so NOT in course outline, but is included in
Brightspace):

This is the second time in 3 years that CPAB has put out an emphasis on fraud document

Fraud is evolving extremely rapidly and society is often not prepared to counter this omnipresent threat

The accounting profession is seen as a major line of defense against fraud, so we have to be quite
knowledgeable in newer techniques that fraudsters are using

Older people in society often tend to not be aware of fraud, and so may often end up victimized. Please
make sure that at least say your grandparents do not get victimized

AUDIT QUALITY has been an important issue in the audit profession for the past century, it is constantly
being discussed, and extensive research being done on it. However, the EXPECTATION GAP seems at
times to be growing faster than our e orts to address audit quality

Today the official CPA Canada Handbook section for fraud is CAS 240, which we may or may not have
time to see in detail

All stakeholders need to be hyper-vigilant to the risk of fraud

“Be relentlessly curious” (page 3)

Any good accountant / auditor needs to fully understand how a company is PROFITABLE, what are the
factors necessary for profitability. A very large number of accountants / auditors do not understand
this, many don’t care, and a few even argue, sometimes vehemently, that we are not responsible for it,
that it is not even part of what we need to know

Some auditors do not understand how a company earns its money, this needs to change, an auditor
must pursue asking questions till they understand

PROFESSIONAL SKEPTICISM is extremely important. Many times auditors might fall victim to human
tendency to assume that the people we deal with would not mislead us. As auditors, we have a
professional requirement to exercise professional skepticism. In the past, many audit failures have
resulted from insufficient professional skepticism. The Institute has in the past at times issued
communications reminding auditors responsibility for this

CPAB 2020 interim:

Revenue recognition IFRS 15

insufficient challenge of fair value estimates

Business combinations, example of Chrysler, thru Daimler-Chrysler thru Fiat-Chrysler thru Stellantis,

ACTG 4P63 AUDIT Page 1
Business combinations, example of Chrysler, thru Daimler-Chrysler thru Fiat-Chrysler thru Stellantis,
with business overview and reasonings, organizational culture incompatibility

insufficient or incorrect understanding of underlying accounting and business processes

CONFIRMATION BIAS

RISK ANALYSIS, very prevalent in all modern businesses, due diligence, will be an important part of your
MAJOR PROJECT

Major personnel changes are a red flag

PROFESSIONAL SKEPTICISM

COMPONENT AUDITORS (CAS 600), auditor of subsidiary is often changed to be the same as the auditor
of the parent company for efficiency purposes, audit planning must be done by all component auditors
working together, COMPONENT MATERIALITY, rare example of major mistake in the CPA Canada
Handbook, many auditors are quite uncomfortable with statistical auditing, up to about 2005 all audit
textbooks had statistical auditing appendices with formulas and tables, today accounting firms have
numbers (materiality, sample sizes, etc.) calculated by software into which staff auditor enters
requested information

QUESTION FROM STUDENT:

Application of materiality

Audit sample chosen from population, obtain IDENTIFIED MISSTATEMENT in sample, PROJECT into
population to get POINT ESTIMATE of misstatement in population

It is NOT sufficient to then compare this number to materiality to determine whether we can conclude
that the population is not materially misstated

Need to consider SAMPLING ERROR (risk that the sample is not representative of the population) and
NON-SAMPLING ERROR (risk that the auditor errs in their conclusions)

Big 4 accounting firms have audit partners who are also PhDs in statistics somewhere in the world

Big 4 accounting firms assume that non-sampling error is zero. This is based on reasoning that the firm
hires good people with good education and qualifications, that these people are highly motivated and
pay good attention to detail, that the accounting firm has good review procedures (work of the junior
gets reviewed by the senior, etc.)

So sampling error is then added to the point estimate before comparing to materiality

This can then be reversed, subtract sampling error from materiality and then compare to point
estimate. This is how PERFORMANCE MATERIALITY was first obtained

PERFORMANCE MATEERIALITY = MATERIALITY - SAMPLING ERROR (assuming non-sampling error =
0)

Today auditors routinely take say 75% of materiality to define performance materiality. Most auditors
today are unaware of above formula, which seems to have been lost to history

ACTG 4P63 AUDIT Page 2
RULES OF PROFESSIONAL CONDUCT (in CPA ONTARIO Handbook, NOT CPA Canada Handbook):

If a CPA does ‘public accounting’, a public accounting license is required in Ontario

This can include any advice (such as tax advice) a CPA gives to another party, so beware

If say a church basement non-profit organization asks you to be the ‘auditor’ of their F/Ss, you cannot do
that without a public accounting license, and then perform audit with due diligence. This can often
result in a person who knows nothing about accounting to then put their name as ‘auditor’ of the club

Having a CPA behind your name means you have to be more careful about giving any advice to a non-
accountant. You may be sued for PROFESSIONAL NEGLIGENCE should things go south, even if there is
no compensation. Remember, professional negligence is different from other types of court cases

September 17

CM2.0, 5 yrs ahead instead of 5 yrs back

CPAB 2020 interim (7p) p7
Audit committee

RANGE OF ESTIMATE
Say warrantee estimate $5M +- $3M
Need % confidence
Confidence interval
Risk & confidence are complementary terms
Audit risk definition CAS 200 (13) (c)
Qualitative or quantitative
Deloitte partner 1950s developed MUS
Qualitative high medium low
Quantitative 5% 2% 1%
CAS 540 needs to include %age and confidence

CPAB 2020 (47p):
P 6 CONVERGENCE of accounting / auditing theory with MANAGEMENT THEORY

ACTG 4P63 AUDIT Page 3
P 6 CONVERGENCE of accounting / auditing theory with MANAGEMENT THEORY
Cultivate proactive, adaptive and innovative culture
Drive targeted, systemic changes to accelerate audit quality improvements
P 15 common inspection findings
30% significant findings rate, far too high
RETROSPECTIVE REVIEW: look at mgt track record of say warrantee provision, 1 yr, 2 yrs, 3 yrs
INTERNAL CONTROL
Complex issue
COSO 1992, 2013, 2017, again MGT THEORY!

P 19 SPECIALISTS CAS 620
Wide variety, e.g., actuaries (pension fund), geology engineers (oil & gas reserves) How to determine if
auditor can rely on them:
1. are they members in good standing with a college that regulates them
2. look at their portfolio of work they have done with other clients
3. look at qualifications of key personnel at consulting firm
Sometimes audit partners may be reluctant to use specialists because of the cost (sometimes more than
$1000 per hour)

GOING CONCERN
Definition, must include in salient note to F/Ss
Must also draw attention to going concern note in audit report itself
(note that up to Dec 14 2010, it was forbidden to make reference to going concern in audit report, but
on Dec 15 2010 and afterwards it was mandatory)

CPAB 2021 inspections insights (7p):
P 3 excellent illustration of good audit vs bad, please prepare for next meeting Please read for next
meeting

September 20

When you do assignment, be careful to LABEL files appropriately, be very USER-FRIENDLY! Don’t let
user do a lot of work just to understand what you have done in your report

ACTG 4P63 AUDIT Page 4
user do a lot of work just to understand what you have done in your report

In your down time, you might consider listening to interviews with large multinational companies’
CEOs. This can be a very productive use of your time, and doesn’t require much energy on your part
Much better student engagement if real life companies are studied, as opposed to fictitious companies
in textbooks
CONVERGENCE of accounting / auditing theory with MANAGEMENT THEORY (ex of COSO 2017)
One can have very sophisticated models in companies, even in relatively simple applications Neural
networks, AI
AI can be dangerous (Elon Musk quote), one of biggest industries in the world is the military, which say
may decide to use drones to attack targets, and then may get out of control if one is not super careful

CPAB 2021 inspections insights (7 pp):
P 3 very nice side-by-side comparison of good audit and bad audit
Importance of senior management involvement at start of audit, in audit planning
Early involvement of specialists
It is important that management understand what an audit is. For even medium sized companies, this is
often not the case, and auditors may have to hand-hold the client
Importance of stand-back evaluation (numerous audit failures over the decades have been caused by
auditors not doing this, resulting in audit failures, including massive frauds)

Common inspection findings:
Inappropriate use of point estimates and ranges
Audit of estimates CAS 540
Examples of estimates CAS 540 paragraph A1: depreciation, lawsuits, allowance for doubtful accounts,
warranty obligations, employee benefits, share-based payments (seen in depth previously), fair value
goodwill, impairment, revenue recognition on long-term contracts, discount rate, interest rate, future
events
Inventory obsolescence (very technical audit test, not described in any audit textbook, pass your finger
along shelf and see how much dust there is LOL)
Financial instruments, stock options, Black & Scholes model, PDE (Partial Differential Equation).
PDEs are very important because much of the laws of nature in the world are governed by them
Another example of estimate, audit of inventory, $1M population size, $100K sample size, IDENTIFIED
MISSTATEMENT $5K, PROJECTED MISSTATEMENT then is $50K. But this is only an estimate because
there is at least SAMPLING RISK (the risk that the sample is not representative of the population) to
consider
CAS 540 talks about point estimates and range. We may have say $50K +- $10K, or say $50K +- $20K.
What determines the range? To follow FULLY SCIENTIFIC PRINCIPLES, one MUST have a confidence
interval percentage associated with the range. Hopefully at one point the Handbook will evolve to
include that.

ACTG 4P63 AUDIT Page 5
Is it say a 75% confidence interval, is it a 50% confidence interval, etc.?
That percentage is determined by looking at the audit as a whole. Broadly speaking, if we have good
CONTROLS, then we can have more confidence that the numbers produced by the system are more
reliable and so we can use a lower percentage confidence interval in substantive auditing. If the
controls are weak then we would have to use a higher percentage confidence interval. This is done so
that at the end of the day the AUDIT RISK number is at an appropriately low level. Audit risk is the risk
that we sign o on the audit report on F/Ss that are materially misstated

The CPAB in Canada is the counterpart of the PCAOB in the US
The CPAB publishes now twice a year Public Reports, which is a report card on how audit firms have
performed audits. As much as a third of all audits audited by the CPAB get a ‘significant findings’ grade,
highly embarrassing that it is so high
In the US, the PCAOB audits yearly all audit firms that have more than 100 RIs (Reporting Issuers), and
audits at least once every 3 years those who audit less than 100 RIs
The PROTOCOL was set up in Canada in 2014 as a way to confidentially communicate any
‘significant findings’ of an audit firm to the Audit Committee of the audit client of the firm. This
CPAB document has been UPLOADED to Brightspace

CPA CANADA HANDBOOK structure:
2 parts of Handbook, Accounting and Assurance / Auditing
Audit part starts with international standard ISA (International Standard of Auditing) which is then
converted word for word to a CAS (Canadian Auditing Standard), using the same numbering system (so
say ISA 200 becomes CAS 200). These are identical except for changes necessitated by Canadian
context.
Change from Canadian standards to international standards on Dec 15, 2010. First 34 CASs came out.
But many standards could not be translated because of important Canadian differences. If the change
could be contained to a few paragraphs, then the international standard was translated to an
international standard, and initially those Canadian paragraphs were identified by a C in front of a
paragraph number, but that fell by the wayside a few years later.
CASs consist of paragraphs 1, 2, 3, etc., and then followed by Application paragraphs A1, A2, A3, etc.,
and then by Appendices if needed
Handbook standards are changed or initialed by an EXPOSURE DRAFT to allow interested parties to
respond. If needed, there can be a re-exposure draft.
Many Handbook sections have a BFC (Basis For Conclusion) part, which details the discussion that went
into the thinking that produced that Handbook section
The style and length of a Handbook section often results from which decade it came out or was
updated. More recently, Handbook sections tend to be monster in length. What might have been say a
5 to 10 page standard in the 1980s can now be a 50 to 70 page standard in the 2010s and 2020s. I will
not give you a large Handbook section to read in depth unless it is extremely important (such as CAS 315
on risk analysis)

Even though we went international in 2010, there are still many Handbook sections that remain
Canadian because of the sometimes significant differences between Canada and the international

ACTG 4P63 AUDIT Page 6
Canadian because of the sometimes significant differences between Canada and the international
forum. Some of these topics have eventually been converted to international standards, after
significant debate and disagreement as to how to proceed.
One example is audit of a PROSPECTUS (a document associated with an IPO, Initial Public
Offering)). When a company goes public, it has to file with a securities commission (such as SEC or OSC,
Ontario Securities Commission). There can be substantial differences between the requirements of
such commissions from one country to the next. Because of this, these Handbook sections remain
Canadian. For an audit of a prospectus, the Handbook sections are HB 7150 and HB 7200, which are
strictly Canadian audit standards, NOT international.
In Canada, the AASB (Audit and Assurance Standards Board) sets the official CPA Canada Handbook
audit / assurance standards
In some cases, the AASB and the OSC collaborate to see what might be an acceptable audit standard for
both parties. This may then be quite different from the international standard
Another example is a REVIEW ENGAGEMENT. This was originally a Canadian standard and after a large
amount of heated debate, was eventually converted from the old Canadian standard HB 8100 and HB
8200 to the current international standard CSRE 2400
A review engagement under CSRE 2400 is a lower assurance engagement that is normally done in place
of an audit, usually as a way to reduce cost for smaller and medium sized firms
However, an INTERIM REVIEW ENGAGEMENT, under the Canadian standard HB 7600, is a lower
assurance engagement that is in addition to a yearly audit, which covers quarterly F/Ss. This Handbook
section has been agreed to by both the AASB and OSC, is specific to Canada, and would be very difficult
to convert to an international standard

If you have a CEO who is perpetrating fraud, they often choose auditors they feel they can manipulate
and pull the wool over their eyes
Must have a public accounting license to do public accounting, even if there is no compensation
involved

September 24

Instructions for Major Project uploaded to Brightspace. Please look for company of interest to you.
DRAFT of Project required in a few weeks

CPAB 2021 inspections insights (7 pp):
P 3 very nice side-by-side comparison of good audit and bad audit
Importance of senior management involvement at start of audit, in audit planning
Early involvement of specialists
It is important that management understand what an audit is. For even medium sized companies, this is

ACTG 4P63 AUDIT Page 7
It is important that management understand what an audit is. For even medium sized companies, this is
often not the case, and auditors may have to hand-hold the client
Importance of stand-back evaluation (numerous audit failures over the decades have been caused by
auditors not doing this, resulting in audit failures, including massive frauds)

Common inspection findings:
Inappropriate use of point estimates and ranges
Audit of estimates CAS 540
Many aspects of today’s business companies can be extremely COMPLEX. We have to know how to
handle all possible situations
Can have complex estimates, complex impairment calculations, fair value estimates
Complex valuation, some specialist firms deal only with valuations
Sometimes need to challenge management estimates

In many calculations, such as say deciding whether to invest in a new major piece of equipment, where
one might include marginal revenues and marginal costs, it can often happen that people forget to
include ALL the costs. It can often happen that variable overhead costs may be forgotten (ex cost of
space, whether in o ice or factory).
Cost of pollution is a real cost. In some systems, one can purchase carbon o sets. Methane (produced
by say cow flatulence and burping) is 30 times more potent than carbon dioxide for global warming
(now called global boiling by the UN)
Cost of volunteer work (often done by women) is often ignored
Example of nuclear power plant. Often costs (can be very major) of decommissioning are not
considered in initial analysis of whether to build one or not. Liability in case of an accident not provided
for

First BILLION DOLLAR fraud (Equity Funding)
All employees in company knew about fraud (they got their kicks from fooling the auditor), only the
auditors didn’t know
Employees found ways to look at audit files to see which cases would be requested by the auditor the
following day, and then had an all-night party where the fraudulent paperwork was generated
Newly installed computer system had effect of scaring people to not implement proper controls

Revenue recognition over time (IFRS 15) can be quite complex, performance obligations, costs incurred,
expected gross margin
Large multinationals can have many thousands of contracts with suppliers, customers, etc. auditors can
use specialized software to help analyze contracts, and significantly reduce audit time. Such software
works by analyzing words and phrases in contracts

ACTG 4P63 AUDIT Page 8
Remember, an auditor must audit EVERY number in the F/Ss!

Internal control (I/C) deficiencies are important. Remember, there are 2 broad audit procedures, audit
the system that produces the numbers (audit of controls), and audit of the actual numbers themselves
(substantive testing). The better the controls over the system that produces the numbers, the more
trustworthy the numbers are, and so less substantive audit work needs to be done
I/C weaknesses need to be communicated to mgt, and mgt needs to act on them. Audit committee can
help bring about improvements in I/C

CPAB 2022 interim inspections (8 pp):
Firm system of QUALITY MANAGEMENT evaluations
Handbook sections CSQM 1, CSQM 2, don’t have time to go into too much detail
Used to be called Quality Control, CSQC 1, but now, with the convergence of Management Theory
towards Accounting / Auditing Theory, the name Control has changed to Management
After audit partner in charge of audit file signs o , accounting firms need to have additional procedures
before a file is released. A minimum is a second partner review, someone who has a fresh set of eyes to
look at the file. In a larger accounting firm, you have a Quality Management dept, which has to also sign
o on the audit report

Auditor independence, Rules of Professional Conduct in CPA Ontario Handbook (note NOT CPA Canada
Handbook)
If one owns say 100 share of GM, then is one independent for purposes of being the auditor of GM?
Most auditors, but not all, would say yes

CLIMATE THEMATIC REVIEW
This topic is becoming more and more important for our profession climate change wineries in France
purchasing land in UK so that when climate warms, grapes can be grown further north in appropriate
climate. Niagara wine industry can only exist because of microclimate created in part by the escarpment

THIRD PARTY SERVICE PROVIDER (CAS 402, CSAE 3416)
Third party service providers may run a significant portion of the reporting issuer’s operations,
processing transactions, holding assets
Cloud computing, payroll company (all calculations and deductions in payroll MUST be exactly
calculated, no matter how small)
Service provider has 2 audits, regular audit, and special audit (third party service provider) on controls in
company. These special audits are often done quarterly so as to better match year-ends of service
providers and clients

Bill of lading, shipping document

ACTG 4P63 AUDIT Page 9
Private equity, can be used as an alternative to raising capital publicly in registering with a Securities
Commission

CPAB 2022 annual inspections (23 pp):
Restatements (embarrassing)
Have never heard of psychedelics industry
Issues with revenue recognition, long-lived assets, business combinations, financial instruments

Issues with INVENTORY
Inventory can be complex
Units (each, dozen, box, etc.)
Location (consignment, multiple locations across country, etc.)

COMPLETENESS is a major issue in our profession. It is so easy to miss things because one forgets to
think of it

Quantity estimate of stones from quarry, chemicals in pile in yard, amount of say chocolate in huge bin,
cattle, logs in logging, oil in huge mega-containers (careful about mixed with water, oil floats on top of
water, need to have special equipment to determine quantity), etc.
Count cattle, can use say drone
Pile of chemicals, can have spontaneous combustion, have to be careful how to store, may be in tall
donut shape, you may not be able to see format from ground level, can send up drone, may need to use
high school geometry to calculate quantity. Don’t wear your best suit to this audit! Great Salad Oil
Swindle of 1963

Talent and Resource Management
FIRM CULTURE

CPAB 2023 interim inspections (8 pp):

CPAB 2023 annual inspections (77 pp):
Appropriateness of accounting policies

Inventory held with third parties, not necessarily consignment

GOVERNANCE (entire course on this topic in MAcc program)

ACTG 4P63 AUDIT Page 10
GOVERNANCE (entire course on this topic in MAcc program)

Emerging technologies, including AI

CLIMATE THEMATIC REVIEW (emphasized even more)

FRAUD (emphasized even more)

September 27

Best suggestion for selecting company for your Major Project, select industry that you are PASSIONATE
about!

Always go back to FIRST PRINCIPLES! If there is a requirement, go back to the
source to see where it comes from! And where does the SOURCE come from?
What is the ROOT CAUSE for that document, including SOCIETAL root cause?
What was it that generated that document, what was the NECESSITY that made
the change to come about?

What is the ROOT CAUSE of the SEC? Of COSO (and CoCo)? Of SOX? How did these come about? SEC
(Securities and Exchange Commission):
Before WW1, only rich people invested in the stock market. After WWI, with all the soldiers coming
back, the Spanish flu broke out (killing an estimated 50 million people), and the mood of celebration
caused everyday people to start investing in the stock market. However, there were no protective rules,
so fraudsters had a field day, causing massive frauds in the 1920s. the result of all these abuses was the
stock market crash of 1929 which caused the Great Depression of the 1930s with its signature long soup
kitchen lines. The SEC was formed with 1933 and 1934 legislation which required all public companies
to register with the SEC and follow strict SEC rules
COSO (Committee of Sponsoring Organizations, not very descriptive) (and CoCo, standing for ‘Criteria of
Control’, in Canada):
In 1980, new US president de-regulated large sections of economy. Though parts of this were good by
reducing red tape for businesses, this also significantly helped fraudsters by making their lives so much
easier. 1980s was known as ‘decade of greed’. One CEO used the expression ‘greed is good!’ in just
one industry, the savings and loan industry (NOT the banking industry, that is separate), amount lost to

ACTG 4P63 AUDIT Page 11
one industry, the savings and loan industry (NOT the banking industry, that is separate), amount lost to
fraud was about $500 billion ($1.5 trillion in today’s dollars). These abuses led to many in the investing
public to point their finger at the accounting profession, which then set up the Treadway Commission
(and the Macdonald Commission in Canada) to look into the problems of the accounting profession.
Both Commissions came out with a number of recommendations, the most important of which was a
challenge to the accounting profession to rethink its understanding of controls. This led to the
formation of the COSO principles in 1992 (and CoCo in Canada in 1995). Many new approaches to
controls were brought in, perhaps the most important being the addition of so-called ‘SOFT CONTROLS’
(having a respectful work environment, taking pride in one’s work, etc.) in addition to the more
traditional notion of controls (put a fence around inventory, separation of incompatible duties, etc.).
Even in Canada, CoCo was soon forgotten about (even though it remains in the CPA Canada Handbook
collection) and everyone in the world today uses the COSO I/C over F/R standard SARBANES-OXLEY ACT
(SOX):
The Enron (and many other companies, Worldcom, Global Crossing, etc.) fiasco in 2001 surprised and
shocked the investment community, especially as all this happened under the very noses of the SEC, the
most powerful regulatory body in the world. The US president took to national television and publicly
said, ‘we don’t trust the auditors any more, we are now going to audit the auditors’. This led to the SOX
act of 2002, which created the PCAOB (CPAB in Canada followed a few years later) and more onerous
requirements of SOX legislation.
The 2 most important sections of SOX are Section 302 and 404.
Any company filed with the SEC must follow SOX requirements
Sec 302 (Corporate Responsibility for Financial Reports): senior mgt (typically CEO, VP Finance, and
Controller) must explicitly accept personal responsibility for F/Ss
ASIDE: Foreign Corrupt Practices Act (FCPA) of 1977 (Canada adopted similar legislation in 1998):
it is illegal for any US company to pay a bribe to an overseas agent for purposes of obtaining a contract.
Person who pays such bribe is subject to penalties, including jail time
Sec 404 (Management Assessment of Internal Controls): mgt must accept responsibility for INTERNAL
CONTROLS OVER FINANCIAL REPORTING
Second requirement of Sec 404 is that auditor must also have an audit report on INTERNAL CONTROLS
OVER FINANCIAL REPORTING. So 2 audit reports are required

Additional comments on CONTROLS: 1 controls are COSTLY, 2 controls are generally designed to
prevent a SINGLE person, working by themselves, from perpetuating a fraud or making an error.
Controls are generally NOT designed to prevent COLLUSION, because that involves more cost. These
comments are typically not seen in textbooks

Example of BCE 2023 annual report:
4 documents (p 115 mgt responsibility for F/R, p 112 mgt responsibility for I/C over F/R, p 116 audit
report for F/R, p 113 audit report for I/C over F/R)
Notice explicit mention of Treadway Commission
Remember that any audit must have a STANDARD against which to compare.
For audit of F/Ss, we use say IFRS, ASPE, and even say special audits such as contract between 2
companies and adherence to legislation
For audit of I/C over F/R, COSO is the general standard used world-wide

ACTG 4P63 AUDIT Page 12
For audit of I/C over F/R, COSO is the general standard used world-wide

Critical Audit Matter (CAM) is used in US filings whereas Key Audit Matters (KAM, CAS 701) is used
internationally to give additional information on matter(s) that the auditor found more difficult and had
to spend more audit time on (in the BCE audit, there was 1 CAM, on Goodwill and intangible assets). In
a KAM (or CAM in the US). There is typically a description of the issue giving rise to auditor difficulty, and
a description of the auditor’s approach to more precisely address the issue

Please read for next time pp. 60-64 (5 pp, forgot to include in course outline), and pp. 90-100 (11 pp),
EXTENSIVE RISK ANALYSIS. This can give you some idea of how to do your own risk analysis for your
Major Project

October 1

BCE and Stellantis annual reports

Importance of expectation gap, and how this gap is perceived by many to have been widening over the
past century

In terms of the audit report, Europe has long been experimenting with different ways of decreasing the
expectation gap. They have a longer experience of alternate audit reports. This can be seen by say
comparing the audit reports of BCE (2 pages long) vs Stellantis (headquartered in Netherlands, 10 pages
long, with a lot more detail).

Change in the current audit report have been reflected in the official international standards for about 5
years, whereas Europe has experimented with it for about 15 years

A criticism in the previous audit reports (till about 5 years ago), even with the later versions that had
significantly more content and explanations, has been that you can have 1,000 different companies with
1,000 different audit reports, and that the audit reports are all exactly the same for every single
company. There has been no customization of audit reports to the individual company, in contrast to
user expectations

KAM (Key Audit Matters, CAS 701), called CAM (Critical Audit Matters) in the US, are a way to customize
the audit report. A KAM is an audit issue that the auditor found especially challenging, and so describes
it in detail in the audit report. Please have a look at these KAM (CAM) in the BCE and especially
Stellantis audit reports. You will need to know about these for your Major Project

ACTG 4P63 AUDIT Page 13
Stellantis audit reports. You will need to know about these for your Major Project

Last time we saw the 4 reports in the BCE annual report. Please also have a good detailed look at the
risk analyses in both the BCE and Stellantis annual reports. These touch on numerous issues of high
importance in the analyses of companies. Such an extensive risk analysis is expected of you in the Major
Project

In BCE please also add pages 60-64 (I forgot to include these in the course outline).

Some risk analysis from BCE report:
Importance of positive customer experience
It is crucial to have what customers will want in the near-term. Some examples of what can go wrong: 1
electric cars, car manufacturers spend billions of dollars investing in new factories to build electric cars,
only to find out that the market for such cars has cooled substantially (because of high cost of electric
vehicles, pollution issues, etc.); 2 a number of years ago the wine tastes of customers worldwide
suddenly switched from red wine to white wine, something that would have been exceedingly difficult
to predict, and something that winemakers had to suddenly scramble to adapt to changing customer
tastes
Security of data, there are data hacks happening all the time
Attracting, developing and retaining talent can be hard. There was one example of a highly effective
CEO was nearing the end of his reign because of advancing age, and the company actually had a KAM to
describe that
Collective agreements (example of striking longshoremen)
Switch from 4G to 5G. Why is 5G more capable? Law of electrical engineering, higher frequency signals
can carry a higher bandwidth. However, 5G, as with any higher frequency signal, becomes more line-of-
sight, and so needs more towers. It can be instructive to watch video of say ocean waves in middle of
ocean coming across a small island, lower frequency waves will go around the island, higher frequency
waves will be partially blocked by the island Massive supply-chain issues (examples: pandemic, ‘friend-
shoring’) Importance of ESG, EDI, etc.
Aggressive competition. In cut-throat environment, it is more difficult to make profits
Technological advances
Changing consumer behaviour
Plummeting birth rate (1.4 in Canada, as opposed to 2.1 replacement rate), implying less customers

Please have in-depth look at the risk analysis of BOTH the BCE and Stellantis cases!

Stellantis annual report:
Note length of audit report (10 pages), starting on page 416 N.V. is Dutch way of saying Inc., Ltd, etc.
Can have BOTH terminology, ‘presents fairly’, and ‘gives a true and fair view’. The latter comes from UK,
and is used worldwide, whereas the former is used in US and Canada (which a century earlier used the
latter)

ACTG 4P63 AUDIT Page 14
latter)
Note 2 audit opinions: the usual one with respect to IFRS (but note EU or European Union version of
IFRS), and also with respect to the laws of the country, in this case Netherlands, which requires an
additional standard
Note audit report highly variable and adapted to specific company the audit report is referring to.
Modern audit reports tend to be highly adaptable to the specific company, in high contrast to how audit
reports were just a short 5 years ago
Note the specific mention of MATERIALITY figure, in this case roughly a thousand million Euro (the Euro
is the official currency in much of Europe)

Provision vs contingency:
IAS 37, Provisions and Contingencies (IFRS) vs HB 3290 Contingencies (ASPE)
Note terminology differences
Please note that in IFRS a PROVISION is a liability which is recognized (reflected in the F/Ss) whereas a
CONTINGENCY in NOT recognized (NOT reflected in the F/Ss), whereas in ASPE the terminology
CONTINGENCY is used for BOTH cases

October 4

PLEASE UNDERSTAND THAT THESE DRAFT NOTES ARE NOT INTENDED TO STAND ALONE. THEY ARE
INTENDED TO SUPPLEMENT THE ACCOMPANYING ONE SPECIFIC CLASS DISCUSSION ON

THAT ONE SPECIFIC DATE. THERE ARE NUMEROUS NUANCES THAT CAN ONLY COME
ACROSS WITHIN THE CONTEXT OF THE CLASS DISCUSSION, MAKING THE DRAFT NOTES AT TIMES
SUBSTANTIALLY INCOMPLETE BY THEMSELVES WITHOUT THE ACCOMPANYING CLASSROOM CONTEXT.

Some topics mentioned include the following (not necessarily complete)

Quiz 1 re-cap, done reasonably well, main question given in advance so you could study it and get a high
mark

ACTG 4P63 AUDIT Page 15
To REPEAT from last meeting (please read NOTES LOL!):
Provision vs contingency:
IAS 37, Provisions and Contingencies (IFRS) vs HB 3290 Contingencies (ASPE)
Note terminology dfferences
Please note that in IFRS a PROVISION is a liability which is recognized (reflected in the F/Ss) whereas a
CONTINGENCY in NOT recognized (NOT reflected in the F/Ss), whereas in ASPE the terminology
CONTINGENCY is used for BOTH cases

Expectation gap, Europe has been more responsive to necessity to change things to respond to
expectation gap
Ex: BCE audit report is 2 pages long, Stellantis audit report is 10 pages long

ASPE standards are always Canadian (NOT international)

Why standards? How did accounting standards develop?
Big push was right after establishment of the SEC, in the 1930s
The first big push to get accounting standards out was geared specifically to the needs at that time, and
in the 1930s, the needs were of large manufacturing companies, so that was what ended up in the CPA
Handbook at the time. It took at least until about 1970 to change that specific focus. In fact, at the very
start of the Handbook of the time, it said explicitly that financial companies, insurance companies and
non-profit organizations were specifically excluded from the Handbook. Service organizations were not
specifically excluded but in reality they were. This only changed around 1970.
When Canada went from Canadian standards to international standards on Dec 15, 2010, smaller and
medium size enterprises (SME, or PME in French) asked for recognition that smaller companies had
different accounting and audit needs than large companies, and that requirements of IFRS were COSTLY.
Canada responded by permitting 2 systems of accounting, ASPE and IFRS.

Technical names in Handbook
Please note that there are a number of ordinary usage English terms that have different technical
meanings in the Handbook. Provision, review, projection, hypothesis, are a few of these. Please be
careful especially with the term review, always specify the Handbook section number, it has different
meanings depending on the section number

In UK, The Economist magazine, one of the top business magazines, uses the terminology
‘thousand million’ instead of ‘billion’. This is because a ‘billion’ has different meanings, either 1,000
million, or a million million. The term used in Europe for ‘billion’ is ‘milliard’ in many languages,
including in French Quebec. The UK has only in recent decades started using the term billion to mean a

ACTG 4P63 AUDIT Page 16
including in French Quebec. The UK has only in recent decades started using the term billion to mean a
thousand million in response to US influence

There is some conflicts of interest that the audit profession has had going back a very long time, at least
a century. In contrast to say a lawyer or consultant or architect who gets paid by the same party that
gets the benefit, the auditor is chosen by, and paid for, by the client being audited, whereas the party
getting the benefit, the shareholders, are the ones getting the benefit
There has always been a possibility in the back of investors’ minds that somehow the auditor and client
may be in cahoots with each other because of this fundamental conflict of interest
It is part of the expectation gap approach to try to lower this conflict of interest, in this particular case,
by providing a lot more information in the audit report, to have a very lengthy audit report that provides
much more information than in the past. In the past, you could have 1,000 different companies with
1,000 different audit reports, and those audit reports are all exactly the same for every single company.
There has been no customization of audit reports to the individual company, in contrast to user
expectations

Another fundamental conflict of interest has been that many larger accounting firms also have a
consulting branch. So when an auditor goes in to a client, there can be some attempt by the auditor to
have the client also get a consulting contract with the consulting branch of the accounting firm. So you
have a very uncomfortable situation that may arise. For example, say the client wants to increase their
bonus payments to employees, there is a temptation to increase the share price and N/I by say adopting
aggressive revenue recognition policies. If the auditor objects to that, then the client may simply hint
that ‘next year we will put up the consulting contracts up for tender’ which is a nice way of saying you
may lose your $10 million yearly consulting fees (as opposed to say a one million dollar audit fee) if you
don’t go along with our accounting policies. This is hardly auditor independence
SOX Section 201 changed all that in 2002. If you were registered with the SEC, you had to follow SOX.
This introduced the concept of ‘prohibited activities’ if you were the auditor

An accounting firm is typically organized as a partnership, LLP. This is because a lawsuit against an
accounting firm for professional negligence is NOT protected by having a corporation, only commercial
lawsuits are protected by incorporation.
In the case of an INSOLVENCY professional firm, which may be appointed by a court order, the
insolvency firm takes over all operations of the company, its assets and liabilities. If by chance it loses
money (unlikely but possible) then having an insolvency professional firm that is incorporated can
protect the personal assets of the owners of the company

If you ever get the chance to work in an M&A (merger & acquisitions) project, that would be a terrific
professional growth opportunity!

Stellantis audit report talks about ‘OTHER INFORMATION’. This refers to information that is in the
annual report that is outside the F/Ss that are also included in the annual report
Auditor has responsibility (CAS 720) to make sure none of the other information in the annual report is
inconsistent with the F/Ss. ALL such information has to be looked at by the auditor to ensure this
This is explicitly mentioned in the Stellantis audit report, along with a lot of additional information, for

ACTG 4P63 AUDIT Page 17
This is explicitly mentioned in the Stellantis audit report, along with a lot of additional information, for
purposes of providing more information to the reader of the audit report

Risk management in Stellantis annual report, starting page 95
Notice terminology, consistent with convergence with management theory
ERM (Enterprise Risk Management) framework
Notice 2017 COSO reference (as opposed to 2013 COSO framework used in North American audit
reports)
2017 COSO refers to inclusion of much of modern management theory

Switch from 4G to 5G in the BCE Annual Report. Why is 5G more capable? Law of electrical engineering,
higher frequency signals can carry a higher bandwidth. However, 5G, as with any higher frequency
signal, becomes more line-of-sight, and so needs more towers. It can be instructive to watch video of
say ocean waves in middle of ocean coming across a small island, lower frequency waves will go around
the island, higher frequency waves will be partially blocked by the island
Earth is curved (with apologies to Flat Earth Society, yes this really exists!), that is why line-of-sight may
be an issue to go beyond the horizon. Line-of-sight also implies that obstacles, like thick walls, might
impede the signal. Nobody ever seems to talk about downsides of 5G
Human sight vs hearing. Hearing is much lower frequency than sight, which permits hearing around a
corner, whereas sight does not work around a corner, you cannot see around a corner
If you consider electricity to be the speed of the electrical SIGNAL (as opposed to the movement of the
electrons themselves), then electrical speed is close to the speed of light. So it is NOT the speed that is
the deciding factor in optical transmission of signals, it is the BAND WIDTH!

Please re-read this lengthy audit report of Stellantis and also the 25 pages of risk analysis for next time

October 8

PLEASE UNDERSTAND THAT THESE DRAFT NOTES ARE NOT INTENDED TO STAND ALONE. THEY
ARE INTENDED TO SUPPLEMENT THE ACCOMPANYING ONE SPECIFIC CLASS DISCUSSION ON
THAT ONE SPECIFIC DATE. THERE ARE NUMEROUS NUANCES THAT CAN ONLY COME ACROSS
WITHIN THE CONTEXT OF THE CLASS DISCUSSION, MAKING THE DRAFT NOTES AT TIMES SUBSTANTIALLY
INCOMPLETE BY THEMSELVES WITHOUT THE ACCOMPANYING CLASSROOM CONTEXT.

SUPPLEMENTARY NOTES

ACTG 4P63 AUDIT Page 18
SUPPLEMENTARY NOTES

Some topics mentioned include the following (not necessarily complete)

Bonus assignment, possible to read book instead of live theatre

Experimentation of audit reports over last few decades
Only in 2018 was there tailoring of audit reports to individual companies

Rebranding of HR departments, to ‘People and Culture’

OFFSHORING to ‘FRIENDSHORING’

JIT taught religiously to generations of accounting / auditing students, then pandemic made it a dirty
word for a while

AI is everywhere but there is one aspect of AI rarely talked about, the huge need for POWER for all that.
You can have a very large facility, such as in say Texas, larger footprint than Pen Centre, with row upon
row of high powered computers, with design for cooling, and backups for power. First backup is huge
batteries, and the diesel-driven generators, must be working 24/7

Near end of Stellantis audit report:
Stellantis audit report talks about ‘OTHER INFORMATION’. This refers to information that is in the
annual report that is outside the F/Ss that are also included in the annual report
Auditor has responsibility (CAS 720) to make sure none of the other information in the annual report is
inconsistent with the F/Ss. ALL such information has to be looked at by the auditor to ensure this
This is explicitly mentioned in the Stellantis audit report, along with a lot of additional information, for
purposes of providing more information to the reader of the audit report

Risk management in Stellantis annual report, starting page 95
Goal in this course is to help you become AWESOME accountants and auditors. You will need to be that
to survive in 5 or 10 years. Please spend AT LEAST ONE HOUR reading these 25 pages of risk analysis in
Stellantis annual report

Notice terminology, consistent with convergence with management theory

ACTG 4P63 AUDIT Page 19
Notice terminology, consistent with convergence with management theory
ERM (Enterprise Risk Management) framework
Notice 2017 COSO reference (as opposed to 2013 COSO framework used in North American audit
reports)
2017 COSO refers to inclusion of much of modern management theory
ERM governance structure
GOVERNANCE is important part of modern businesses. All accountants / auditors must be familiar with
this. In MAcc program, a full course is dedicated to this important topic
Risk appetite
ASIDE: if you go to bank to buy say a mutual fund, the bank (or other licensed such institution) is
required by law to have something that some banks call a ‘know your client’ form that is filled out with
the client. The RISK APPETITE of the client must be gaged. Also required is a measure of how well a
client might weather occasional market dips. This is typically measured by client income and client net
worth
Different individuals may have different risk tolerances
Risk categories p 96
Risk mitigation and monitoring
Increasing importance of CULTURE, important for smooth functioning of modern businesses important
also for say M&A (Mergers & Acquisitions). You CANNOT have incompatible business cultures merging!
It has been tried numerous times with abject failure (and huge financial losses)! Some examples of
incompatible business cultures include highly centralized vs highly decentralized, and approaching by
trial and error vs approaching methodically importance of pickup trucks and large SUVs. A universal law
of business is that LUXURY GOODS have very high profit margins. Why? Because they are bought by
wealthy people who don’t look at price as a deterrent. There are large numbers of very wealthy people
(definition: net worth $20 million +) in any society. On the other hand, there are large segments of the
population who live from paycheck to paycheck. And then there are those whose credit cards are
constantly maxed out importance of global financial markets, general economic conditions,
GEOPOLITICAL INSTABILITY, etc., over which one has no control of difficulties and many hiccups in
transition from internal combustion to electric vehicles difficulties with lithium, cobalt, nickel, etc.
pollution issues in less wealthy countries with poor controls (remember, controls are COSTLY!) there is
greater likelihood of pollution, child labour (there have been CBC documentaries showing negative
impact of our outsourcing certain functions to less wealthy countries), etc.
when I audited manufacturing companies when I worked in the private sector, I would sometimes look
at chemistry books and the periodic table of elements when I returned back to the hotel at the end of
the day. I didn’t want to look like an ignoramus in front of the client personnel
RARE EARTH ELEMENTS: very important elements that are typically used in minute quantities in many
applications, such as say brightening the screen on your computer monitor, small but strong magnets,
etc. US had rare earth mining at one point, but shut it down because of it being highly polluting. In
Canada we have some mined in Labrador New products must be INNOVATIVE, ATTRACTIVE, and
relevant
ability to attract and retain experienced workers. Attracting top management talent such as for
CEOs can be extremely difficult because such talent is rare importance of collective bargaining and
labour unions importance of wholly-owned finance company. People who buy cars usually need
financing, otherwise they would be unable to buy importance of distribution system importance of
HIGH-END CHIPS. Biggest producer of these is in Taiwan. US has recently spent billions to produce in
US, but this process is extremely complex and can take 10 years

ACTG 4P63 AUDIT Page 20
US, but this process is extremely complex and can take 10 years
many cars, for example, during pandemic didn’t have sufficient number of high end chips available
MARKET CANNIBALISM, when introduction of a new product takes away sales of an existing product
SUPPLY CHAIN DISRUPTION
Automotive industry known as being highly competitive, it is hard to make profits, you have to work
hard for it. By contrast, say telecommunications industry, Canada has highest rates in world, don’t have
to work as hard
Importance of affordable interest rates and availability of credit, sudden increase in interest rates could
mean less sales and lower profits
Risk of catastrophes, hurricanes, pandemics, terrorist attacks, etc.
Legal and regulatory environment
Greenhouse gas emissions
Diesel emission investigations, caused by software inserted into car computer system to bypass external
measurement of pollution levels
SAFETY ISSUES. There have been huge changes in safety standards. At one time if a worker fell, they
may become part of a dam or drown in the river below. Nowadays you must have safety harnesses if
you have any height at all, at risk of being immediately dismissed by foreman
CORRUPTION AND BIRBERY. Impossible to avoid, best to have UN bodies working to reduce it a bit year
by year.

Liquidity and access to funding
Pension plan underfunding
Share ownership
Resale issues of some Stellantis shares
Major tax uncertainties, tax residence country, tax treaties
Potential foreign investment tax considerations
France, Netherlands, US, UK, etc. tax consequences

October 11

Discussion about accounting symposium yesterday, main topics were M&A and Private Equity

Daimler-Chrysler merger failure

ACTG 4P63 AUDIT Page 21
Daimler-Chrysler merger failure
You will have opportunities to attend many such conferences in your career, please take advantage of
them!

High importance of PROFESSIONALISM at all times! You should be ready at any time to be sent to a
client and proudly represent the accounting firm. Full professionalism at all times means many things,
no chewing gum, not arriving late, professional dress and demeanour.

SIGNIFICANT CHANGES to CPA Ontario rules. They will no longer be running their own courses, so all
CPA courses will likely be taken at university. The 2 Capstone courses are gone. They give 2027 as
earliest date they expect CM 2.0 to be implemented.

During READING WEEK, work on Major Project, prepare for Quiz 2, start reading AUDIT-RISK-MODEL file
Audit Program folder uploaded to Brightspace, in particular see file AUDIT-PROGRAM-DISCUSSION
Emphasis in audit program being on EFFICIENCY of audit procedures to minimize audit cost

Reminder that Major Project DRAFT is due soon

It takes 10 to 12 years to become fully rounded accountant, well beyond the CFE and CPA designation

Can have as many as 50 revisions to F/Ss before finalized!

Importance of RECENT STANDARD AUDIT REPORTS
It is NOT enough to simply learn what is in the Handbook today, it may change tomorrow
Need to understand how Handbook sections evolved and WHY
Often it is response to expectation gap
Recall 1980, new US president elected, deregulated large segments of economy, one consequence was
much higher level of fraud, finger pointed to accounting profession, leading to formation of Treadway
Commission in US and Macdonald Commission in Canada in the late 1980s
These Commissions had many investor SURVEYS. Results astounded the accounting profession. Many
investors, including sophisticated investors, had major misconceptions about the audit process,
including thinking that auditors owned the F/Ss, thinking that auditors audited 100% of the transactions
instead of only a small sample (supported by SCIENCE of statistical auditing), they had no idea of
MATERIALITY (an item is considered material if it could influence the decision making process of the
user), they thought that the auditors CERTIFIED the F/Ss (giving a guarantee, terminology which many
news anchors use even today), they thought that if a number is given say in N/I then that number is
absolute, assuming that auditor was somehow a god to be so exact), not understanding that accounting
policies used may significantly change results, importance of significant ESTIMATES, importance of
STAND-BACK approach to look at overall picture to see if it makes sense
Use of word ‘examine’ instead of ‘audit’ in weak attempt to lower auditor legal liability

ACTG 4P63 AUDIT Page 22
Use of word ‘examine’ instead of ‘audit’ in weak attempt to lower auditor legal liability
We have seen that one of the consequences of these Commissions already discussed was to emphasize
controls. This challenge to the accounting profession was taken very seriously and in the next 15 years
there was tremendous intellectual energy of the accounting profession put into coming up with new
ways of thinking about controls. This led to the formation of COSO in 1992 in the US and the formation
of CoCo in 1995 in Canada. These standards of control significantly expanded the notion of control, and
in particular brought in the notion of ‘softer’ controls, such as say taking pride in one’s work, having a
respectful workplace, etc.

In the early 1990s the STANDARD AUDIT REPORT was changed in response to the outcome of the
surveys. This was called the 3 paragraph audit report. It addressed many of the issues, including:
indicating explicitly that management was responsible for the F/Ss and the auditor responsible for the
audit report, that audit requires planning, that the auditor obtains reasonable assurance (as opposed to
absolute assurance), that the auditor works on a test basis of say a few percent examination (as
opposed to a 100% audit), explicit mention of assessing the accounting principles used, significant
estimates, a stand-back evaluation of the F/Ss, explicit mention of MATERIALITY
On Dec 15 2010, when Canada went from Canadian Handbook standards to international standards, the
audit report itself changed as well. This was an enhanced report that contained headings, more detailed
information about the audit.
However, the main criticism of even this enhanced audit report was that you could have say 1000 audit
reports for 1000 different companies, and they would all be exactly the same, no tailoring to specific
companies. Even this did not go well for F/S users and the expectation gap
There was extensive experimentation of how to change the standard audit report, especially in Europe,
to try to address the expectation gap
The result was a change, towards the end of 2018, to a new model of the audit report, the so-called
‘auditor reporting’ model, whose main point was to tailor the audit report to each individual company
Since this new audit report could be quite lengthy, the opinion location was changed from the end of
the audit report to the beginning of the audit report. There was now extensive explicit information
provided to the F/S user, including KAM (CAM in the US), individualized to each individual company.
This is the audit report format that is still in effect today

Started AUDIT RISK MODEL topic. Please see file on Brightspace

ACTG 4P63 AUDIT Page 23