The report covers several aspects. A key issue it points out is that, when undertaking a financial audit, we must assess the potential risk of errors being present in the financial statements. After that, we must follow procedures to ensure that errors did not occur and that the risk was well managed.
Our colleagues noted that the link between our risk assessment, our risk identification and our work needs improvement. The work we do for each particular risk and the linkage between the various aspects should be clearer.
Information technology is also an issue. We did not have any policies requiring that information technology experts participate in the audits. Now, as a result of this review, we do have such a policy. For all audits, for all the entities with complex systems, we will call upon the services of an information technology expert to improve the risk assessment, but also to better identify possible improvements in terms of financial control. We will then be able to use those assessments for future audits.
The last element is about assessing fraud risks, a standard Canada adopted fairly recently. The auditors noted that the standard is applied very inconsistently, especially when it comes to keeping a record of the conversations we must hold with senior executives, the committee, the board of directors, and so on. We must clarify the policy that regulates all that and how this new auditing standard should be implemented.