Browse CPA Canada PEP and CFE Study Guides

CPA Canada Assurance Cheat Sheet for Risk, Evidence, and Reporting

May 12, 2026

Assurance checkpoints for engagement setup, risk assessment, procedures, evidence, reporting, ethics, and communication.

On this page

Use this cheat sheet after reading the Assurance guide pages. It compresses the response habits needed for engagement setup, risk assessment, evidence design, conclusion formation, reporting, ethics, and communication.

Universal Assurance Response

Step Question Output
1. Engagement What is the objective, assurance level, user, subject matter, and criteria? Engagement framing.
2. Risk What could go wrong, and which assertion, criterion, or objective is affected? Specific risk or deficiency.
3. Procedure What evidence would address that risk? Nature, timing, extent, and source.
4. Evidence Is the evidence sufficient, appropriate, reliable, and consistent? Evidence evaluation.
5. Consequence What changes in documentation, report wording, communication, or next work? Conclusion and action.

Assurance Evidence Flow

    flowchart LR
	    A["Engagement objective"] --> B["Risk or assertion"]
	    B --> C["Procedure choice"]
	    C --> D["Evidence quality"]
	    D --> E["Conclusion"]
	    E --> F["Report or communication"]

Use the flow to keep procedure writing connected to the engagement objective. A procedure that does not address the risk or assertion usually creates weak evidence even if the wording sounds technical.

Topic Triggers

Topic Trigger Response move
Financial Reporting Accounting policy, estimate, disclosure, working paper, or management communication appears. Connect reporting issue to risk, evidence, skepticism, and communication.
Strategy and Governance Board, audit committee, compliance, accountability, or information flow appears. Explain how governance affects risk, oversight, independence-sensitive communication, or controls.
Audit and Assurance Engagement acceptance, criteria, materiality, assertion, evidence, exception, fraud indicator, report, or quality issue appears. Classify the engagement, design or evaluate procedures, and state reporting or communication consequences.
Finance Ratio, benchmark, trend, cash flow, or valuation assumption appears. Use finance analysis as assurance evidence and identify follow-up work.

Engagement Classification Filter

Classify the work before writing procedures.

Case cue Ask next Strong response
Audit, review, compilation, special report, agreed-upon procedure, or consulting language What assurance level and report are expected? Frame the engagement and evidence threshold.
Management request or user need Who will rely on the work and for what decision? Identify users, subject matter, and criteria.
Independence, competence, confidentiality, or conflict issue Can the engagement proceed as planned? State safeguard, modification, or decline recommendation.
Unclear criteria or subject matter Are criteria suitable and available to users? Recommend clarifying criteria before performing work.
Limitation, missing evidence, or management refusal Does this affect conclusion or report wording? State more work, scope limitation, modification, or communication.

Evidence Strength Checks

Procedure quality depends on evidence quality, not technical-sounding wording.

Evidence source Strength question Use when
Inquiry Is it corroborated by stronger evidence? Initial understanding, explanation, or follow-up.
Inspection Does the document come from a reliable source? Contracts, invoices, minutes, title, support, reconciliations.
Recalculation Are inputs complete and accurate? Valuation, tax, estimate, ratio, allocation, or schedule testing.
Confirmation Is external response reliable and relevant? Existence, rights, obligations, balances, terms.
Observation Does the procedure only show what happened at one time? Controls, inventory, process understanding.
Reperformance Does repeating the control or calculation address the assertion? Control effectiveness or calculation accuracy.
Analytical evidence Are expectations precise enough? Trend, ratio, going concern, valuation support, or unusual relationship follow-up.

Common Mistakes

Mistake Correction
Applying audit logic to every engagement. Classify the engagement and assurance level first.
Naming independence but not resolving it. State whether the engagement can proceed, needs safeguards, or must be declined.
Choosing inquiry as the default procedure. Ask whether stronger external, documentary, recalculation, observation, or reperformance evidence is needed.
Finding a control deficiency without audience. Decide whether management, the audit committee, those charged with governance, or users need communication.
Reporting a conclusion without enough evidence. Explain whether more work, modified wording, or limitation communication is required.

Communication And Reporting Checks

If the issue is Ask Output
Misstatement or disclosure issue Is it material and pervasive? Adjustment, disclosure, report effect, or further work.
Control deficiency Who needs to know and how severe is it? Effect, risk, recommendation, and communication audience.
Independence or ethics Can safeguards reduce the threat? Proceed with safeguards, modify scope, or decline.
Scope limitation Can alternative procedures obtain evidence? More work, modified conclusion, or withdrawal consideration.
Uncertain evidence Is evidence sufficient and appropriate? Caveat, further procedure, specialist, or report consequence.

Procedure Selection Tests

If the issue is Stronger response asks
Existence or occurrence Can inspection, observation, confirmation, or reperformance support that the item or event exists?
Completeness Can external source documents, sequence checks, cutoff work, or reconciliation identify omissions?
Valuation or measurement Can recalculation, model review, source testing, sensitivity, or specialist evidence support the amount?
Rights, obligations, or ownership Can contracts, title documents, confirmations, or board minutes support the claim?
Disclosure or presentation Can checklist review, financial statement tie-out, and user-focused analysis support the wording?
Control deficiency What is the effect, likelihood, severity, compensating control, and communication audience?

Response Sentence Frames

Need Sentence frame
Engagement “The engagement is [type], so the objective is [objective] for [users] using [criteria].”
Risk “The risk is [risk] because [case fact] affects [assertion/criterion/objective].”
Procedure “The practitioner should [procedure] using [source] to obtain evidence about [risk/assertion].”
Evidence “This evidence is [strong/weak/incomplete] because [reliability/relevance/sufficiency reason].”
Consequence “The result should be [more work/report effect/communication/safeguard/quality review] because [reason].”

Final Review Compression

Before a timed Assurance case, run this sequence:

Question Purpose
What engagement is this? Prevents audit-only logic.
Who are the users and criteria? Anchors objective and evidence threshold.
What risk or assertion is affected? Prevents generic procedure lists.
What evidence directly addresses it? Forces procedure quality.
What changes in report, communication, or next work? Forces consequence.

Last-Minute Checklist

Before leaving an Assurance response, confirm that each issue has an engagement context, risk or criterion, procedure or evidence evaluation, conclusion, and communication consequence.

Revised on Monday, June 15, 2026
Study Plan
FAQ