Canadian Public Accountability Board publishes audit summit takeaways highlighting risk assessment and IT control gaps at smaller firms

The Canadian Public Accountability Board (CPAB) published a Smaller Firm Series paper summarizing insights from its Public Company Audit Summits held in Toronto, Vancouver and Montreal, aimed at supporting improved audit quality at smaller firms. The publication shares key takeaways and anonymized illustrative scenarios drawn from significant inspection findings to highlight recurring audit quality themes and emerging risks. Across the three events, CPAB convened 129 auditors from 45 firms and used case studies to reinforce the need for a thorough, iterative risk assessment grounded in a deep understanding of the entity, its internal controls, third-party involvement, and information technology. The paper also links audit quality outcomes to firm-level systems of quality management, emphasizing critical client acceptance and continuance decisions, a culture that supports speaking up and proactive risk identification, and timely root cause analysis with action plans. The scenarios cover (i) inventory held entirely by a third party where reliance on confirmations and third-party controls was not supported by sufficient evaluation and testing, and (ii) revenue in a highly automated, paperless environment where a substantive-only approach did not address IT-related risks or the reliability of system-generated reports, with remediation examples including walkthroughs of end-to-end processes, testing relevant controls and involving IT specialists.