CPA Canada Assurance: Strategy and Governance

CPA Canada means Chartered Professional Accountants of Canada. Use this page to isolate Strategy and Governance before returning to mixed CPA Canada Assurance practice.

Topic snapshot

Sample questions

These questions are original Finance Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Strategy and Governance

Linden Packaging Ltd. is a private company reporting under ASPE and is being audited to satisfy its bank. EBITDA covenant compliance depends on Q4 revenue. During planning, you review a governance memo:

• The five-member board includes the CEO, CFO, operations VP, the CEO’s spouse, and one independent director with finance experience.
• Minutes show quarterly meetings lasted 20 minutes and resolutions were approved from management-prepared packages, with no recorded discussion of estimates, revenue recognition, or covenant compliance.
• In December, the controller told the independent director that sales staff were being pressured to record shipments still in the warehouse. The independent director requested a special board meeting; the CEO cancelled it and told the CFO to “handle it internally.”
• Two days before year-end, the board approved a CEO bonus plan and a revised shipping policy by email using only the CFO’s summary.

What is the most appropriate conclusion for planning the audit?

• A. The independent director’s finance experience offsets the management-dominated board, so the governance facts do not materially affect engagement risk.
• B. The governance concerns should be addressed only in a management letter after the audit because they do not affect the audit plan.
• C. The cancelled meeting and email approvals indicate weak oversight of management pressure, increasing engagement risk and requiring a more skeptical, risk-responsive audit approach to revenue and management override.
• D. The board’s formal approval of the revised shipping policy supports management credibility, so revenue cut-off work can rely mainly on the approved policy.

Best answer: C

What this tests: Strategy and Governance

Explanation: Board activities affect audit planning when they show whether those charged with governance provide effective oversight of management. Here, the entity has covenant pressure, year-end revenue risk, and a CEO bonus tied to performance. The board did not actively challenge management, did not document discussion of significant estimates or covenant compliance, and allowed the CEO to cancel a special meeting after a controller raised a revenue cut-off concern. Those facts weaken the control environment and raise questions about management credibility. The audit team should respond during planning, such as by increasing professional skepticism, reassessing risks related to revenue cut-off and management override, and considering appropriate communication with those charged with governance.

• Independent expertise helps only if the director can exercise effective oversight; the CEO’s cancellation of the meeting limits that safeguard.
• Formal email approval is not strong evidence of oversight when it was based only on a CFO summary under covenant and bonus pressure.
• Waiting until after the audit ignores that governance weaknesses affect assessed risk, evidence needs, and planned procedures.

The board’s failure to challenge management on a high-risk revenue issue weakens the control environment and raises concerns about management credibility.

Question 2

Topic: Strategy and Governance

You are a senior on an Assurance engagement to assess governance processes for a Canadian private company seeking new bank financing. The board-approved criteria require: complete and timely regulatory filings, documented evidence of filing review, escalation of significant code-of-conduct matters, and reliable quarterly reporting to the audit committee.

Your workpaper notes the following:

• The regulatory filing calendar is maintained by the CFO in a personal spreadsheet, with no backup owner.
• Filing confirmations are not retained; the CFO tells the audit committee each quarter that “all filings are current.”
• Two provincial filings were submitted late when the CFO was away.
• Code-of-conduct certifications are collected annually by HR, but exceptions are not summarized for the audit committee.
• An unresolved conflict-of-interest disclosure from a senior sales manager has not been reported outside HR.

Which recommendation should be communicated as the best governance response?

• A. Limit audit committee reporting to compliance matters that have already resulted in fines or legal claims, to avoid unnecessary operational detail.
• B. Update the code of conduct and require annual employee training, while leaving filing responsibility and exception reporting with the CFO and HR.
• C. Ask the CFO to provide a signed annual representation confirming that all regulatory filings were submitted on time and all code matters were resolved.
• D. Implement a centralized compliance register with filing owners, due dates, evidence retention, exception tracking, and direct escalation of significant code matters to the audit committee.

Best answer: D

What this tests: Strategy and Governance

Explanation: Effective governance requires more than having a code of conduct or relying on verbal updates. The audit committee needs timely, reliable, and complete information about compliance obligations and significant conduct issues. A centralized compliance register strengthens accountability by assigning owners and due dates, preserving evidence of filings and reviews, tracking exceptions, and creating a clear escalation path. In this situation, the CFO’s personal spreadsheet and verbal reporting failed when the CFO was away, and HR’s handling of code exceptions prevented the audit committee from learning about an unresolved conflict-of-interest matter. The best response improves both the filing controls and the information-flow mechanism supporting audit committee oversight.

• A CFO representation alone does not create filing controls, retain evidence, or ensure independent escalation of exceptions.
• Reporting only fines or legal claims is too late; oversight should include significant risks and unresolved breaches before they become penalties.
• Training may support ethical culture, but it does not correct the missing filing evidence, backup responsibility, or audit committee reporting gap.

This addresses the weak filing control, lack of evidence, unresolved conduct matter, and unreliable information flow to the audit committee.

Question 3

Topic: Strategy and Governance

During planning for the annual audit of Riverside Youth Services, a Canadian not-for-profit organization, you review governance because the main funder requires the board to demonstrate independent oversight over restricted grant spending. The governance workpaper notes:

• 9 voting directors: CEO/board chair, CFO/treasurer, 3 founding family members, 2 long-time donors, 1 employee representative, and 1 recently appointed independent CPA.
• One founding family member owns the building leased to the organization; the conflict is disclosed annually, but that director remains on the finance/audit committee.
• The finance/audit committee is chaired by the CFO and includes the CEO, the conflicted director, and the independent CPA.
• Committee minutes show management presents budgets and grant spending reports, but there is no written mandate requiring the committee to challenge management or report to the full board.
• The board has no skills/diversity matrix or term limits, and most directors come from the same donor network rather than the communities served.

Management says this structure is efficient because insiders understand the organization. Which assessment and assurance response is most appropriate?

• A. Assess the composition as adequate because the committee includes a CPA and long-serving insiders who understand the organization’s restricted grant activities.
• B. Recommend that the external auditor become a voting member of the finance/audit committee until the board recruits additional independent directors.
• C. Defer communication until year end and include the matter only as a management-letter point if misstatements are found in restricted grant spending.
• D. Assess the composition as a governance and control environment weakness, communicate it to those charged with governance, and recommend an independent non-management committee chair, broader independent representation, a skills/diversity matrix, and a formal reporting mandate.

Best answer: D

What this tests: Strategy and Governance

Explanation: Effective board and committee composition should support independent challenge of management, clear accountability to the board, and a mix of skills, perspectives, and stakeholder representation. Here, management chairs and sits on the committee responsible for financial oversight, a conflicted director remains on that committee, and one independent CPA does not offset the concentration of insiders and related parties. The absence of a written mandate, formal reporting to the full board, term limits, and a skills/diversity matrix further weakens oversight. For an audit, this is not just a governance preference; it affects the control environment and may increase risk around restricted grant reporting. The appropriate response is timely communication to those charged with governance and recommendations that strengthen independence, diversity, accountability, and oversight.

• Insider knowledge and one CPA director do not overcome management dominance, conflicts of interest, and weak committee accountability.
• Having the external auditor vote on the committee would compromise the auditor’s independence and blur oversight responsibilities.
• Waiting for misstatements ignores the planning impact of a weak control environment and the funder’s need for independent oversight.

The facts show weak independence, limited diversity, unclear accountability, and ineffective oversight, all of which affect governance and audit risk.

Question 4

Topic: Strategy and Governance

RCL Manufacturing Ltd. is a private company reporting under ASPE. Your firm is planning the year-end audit, which is required by RCL’s bank. The planning file includes this governance excerpt:

Board: CEO/founder (chair), CFO, operations VP, founder's spouse, and one independent director.
Audit committee mandate: Review annual financial statements and meet with external auditors.
Audit committee members: CEO, CFO, and operations VP.
Communication protocol: All audit questions and proposed audit findings are first sent to the CFO, who decides what is placed on the audit committee agenda.
The independent director receives quarterly board packages but is not on the audit committee.

Which assurance response best addresses the impact of this governance structure?

• A. Treat the structure as a governance and control-environment risk, and arrange direct communication of significant audit matters with the full board or independent director instead of relying only on CFO-filtered communication.
• B. Accept the audit committee as the primary oversight body because it has a written mandate to meet with the external auditors.
• C. Decline the engagement because a private company audit cannot proceed unless the audit committee is composed entirely of independent directors.
• D. Communicate findings only through the CFO because the approved protocol assigns the CFO responsibility for audit communications.

Best answer: A

What this tests: Strategy and Governance

Explanation: Effective governance affects both audit planning and auditor communication. Although RCL has an audit committee on paper, its members are all management, and the CFO controls which audit matters reach the committee. This weakens independent oversight and creates a control-environment concern, especially because the audit is needed by an external lender. The auditor should not treat management-filtered communication as sufficient communication with those charged with governance. A better response is to plan with increased professional skepticism and arrange direct access to the full board or an independent director for significant audit matters, including risks, significant findings, and any limitations in communication flow. A private company is not automatically required to have a fully independent audit committee, but the auditor must consider how the actual governance structure affects risk assessment and communication.

• A written mandate does not overcome the fact that the audit committee is controlled by management.
• CFO-filtered communication is inappropriate when the CFO is part of management and can restrict matters reaching oversight.
• Lack of a fully independent audit committee may increase risk, but it does not automatically require declining a private company audit.

Management dominates the audit committee and filters auditor communication, so planning should reflect elevated governance risk and ensure access to appropriate oversight.

Question 5

Topic: Strategy and Governance

You are assisting with a governance review for Cedar Community Services, a not-for-profit organization that receives municipal funding and is overseen by a volunteer board. The board approves all vendor contracts over $250,000.

During the review, you note the following:

• Two board directors and their spouses own 40% of a maintenance vendor.
• The vendor received a three-year $650,000 contract approved at a board meeting.
• The minutes show both directors participated in the discussion and voted on the contract.
• Cedar has a procurement policy requiring three quotes, and management obtained the quotes.
• Cedar has no written requirement for annual director declarations, transaction-specific disclosure, recusal, or documentation of conflicts.
• The external audit found no material misstatement in the amounts recorded for the contract.

The audit committee asks which governance response should be recommended first. Which response is most appropriate?

• A. Establish an accountability program that publishes quarterly budget-to-actual results and service outcomes to municipal funders.
• B. Adopt a conflict-of-interest policy requiring annual declarations, disclosure of specific interests, recusal from discussion and voting, and documentation in the minutes.
• C. Ask the external auditor to expand year-end testing of the maintenance expense balance before recommending any governance change.
• D. Create an independent internal audit function to reperform the procurement analysis for all contracts after they are approved by the board.

Best answer: B

What this tests: Strategy and Governance

Explanation: A conflict-of-interest policy is needed when decision makers may benefit personally from transactions they approve or influence. The issue is not primarily whether the maintenance expense was recorded accurately or whether management obtained three quotes. The governance weakness is that directors with a financial interest in the vendor participated in board discussion and voting, with no formal disclosure, recusal, or documentation process. A well-designed policy helps protect board independence, transparency, and stakeholder trust. It should require periodic declarations, disclosure when a specific matter arises, recusal from relevant deliberations and votes, and clear minute documentation. Other mechanisms may be useful in different circumstances, but they do not directly address conflicted board decision making here.

• Reperforming procurement after approval may detect pricing issues, but it does not prevent conflicted directors from influencing decisions.
• Publishing performance and budget results supports accountability to funders, but it does not address personal financial interests in board approvals.
• Expanding external audit testing focuses on financial statement evidence, not the board governance process that allowed the conflict to occur.

The key governance risk is that directors with a personal financial interest participated in approving a significant contract, so a conflict-of-interest policy directly addresses the deficiency.

Question 6

Topic: Strategy and Governance

Prairie Homes Society is a Canadian not-for-profit that operates subsidized housing. Its board retained a CPA firm to perform an internal audit project over tenant rent receipts after a provincial funder questioned several unexplained arrears adjustments.

The project file notes:

• The audit and risk committee has four voting members: the CEO, the CFO, and two volunteer directors.
• The CFO is responsible for accounting, rent collection, and arrears adjustments.
• The CFO sets the committee agenda, controls the documents provided to the CPA team, and asked that all exceptions be cleared with him before the committee receives any report.
• Preliminary work identified unusual arrears write-offs approved by an accounting supervisor who reports to the CFO.

Which governance improvement would best address the weakness affecting the project?

• A. Increase testing at each housing site and add more arrears reconciliations to the CPA team’s work program before issuing the report.
• B. Require the CFO to approve all findings before they are sent to the audit and risk committee so management can confirm factual accuracy.
• C. Restructure the audit and risk committee so independent non-management directors approve the project scope, receive reports directly, and meet privately with the CPA team.
• D. Ask the CEO to sponsor the project and attend audit and risk committee meetings while the CFO continues to set agendas and coordinate evidence.

Best answer: C

What this tests: Strategy and Governance

Explanation: The key governance weakness is that management, particularly the CFO, controls the committee process and the information flow for a project examining an area under the CFO’s responsibility. This impairs effective oversight and creates a risk that scope limitations, evidence restrictions, or filtered reporting will prevent the board from receiving objective results. A better governance structure gives independent non-management directors authority over the project scope, access to information, direct receipt of reports, and private communication with the CPA team. Additional audit work may be needed, but it does not solve the accountability problem if management can still control what is examined and reported.

• Routing findings through the CFO preserves management control over reporting, which is the central weakness.
• CEO sponsorship still leaves management directing the committee process and does not provide independent oversight.
• More testing may respond to identified risk, but it does not correct the governance structure or reporting line problem.

Independent committee oversight would reduce management influence over scope, evidence access, and reporting on an area controlled by the CFO.

Question 7

Topic: Strategy and Governance

You are planning the annual CAS audit of Maple Harbour Child Care Society, a not-for-profit organization that receives restricted provincial grants. The board has six voting members. The executive director is also the board chair, the treasurer position has been vacant for six months, and the finance committee currently consists of the executive director and the bookkeeper. The executive director approves all year-end journal entries and determines the allocation of shared salaries to restricted grant programs. Directors receive only a one-page cash report prepared by the executive director. Draft financial statements and audit findings are first reviewed with the executive director, who decides what is brought to the board. The audit team has assessed elevated risk for grant expense allocation and management override.

Which governance improvement would best address the weakness affecting the audit?

• A. Create a board-level audit and finance committee of non-management directors, chaired by a financially literate director, with authority to oversee financial reporting and meet directly with the auditor.
• B. Have the external auditor prepare the grant allocation schedule before auditing restricted grant revenue and expenses.
• C. Ask the provincial funder to pre-approve year-end grant allocations and report any concerns directly to the auditor.
• D. Require the executive director and bookkeeper to sign each monthly reconciliation before providing the year-end file to the auditor.

Best answer: A

What this tests: Strategy and Governance

Explanation: The central governance weakness is that management controls both financial reporting and communication with the board. In an audit, the board or an appropriate committee should provide oversight as those charged with governance, particularly where there is elevated risk of management override and judgmental allocations affecting restricted grants. A non-management audit and finance committee with financial literacy and direct access to the auditor would improve accountability, reduce management filtering, and support more effective audit communication. The improvement does not replace audit procedures, but it addresses the governance structure that is making audit evidence and communication less reliable.

• Management sign-off on reconciliations may improve a control activity, but it leaves the same individuals controlling reporting and board communication.
• Auditor preparation of the grant allocation schedule would create a self-review concern and shift management’s responsibility to the auditor.
• Funder pre-approval may help with grant compliance, but it does not replace board oversight or direct communication with those charged with governance.

This directly strengthens independent oversight by those charged with governance and gives the auditor unfiltered access for significant audit and financial reporting matters.

Question 8

Topic: Strategy and Governance

Blue Spruce Foods Ltd. is a Canadian private company that prepares audited ASPE financial statements for its lender. The board asks for a governance recommendation after the lender raises concerns about recurring audit findings.

The board has adopted the following governance principles for its audit committee: members should provide oversight independent of management, have direct access to the external auditor and significant compliance information, meet without management when appropriate, and monitor whether management resolves reported issues.

Recent observations include:

• The audit committee is chaired by the CEO and includes the CFO and two outside directors.
• The CEO and CFO set the meeting agenda. The external auditor sends management-letter points to the CFO, who gives the committee a verbal summary.
• The committee has not held an in-camera meeting with the external auditor.
• Compliance hotline complaints go to the VP Operations. Five complaints about sales cutoff practices were closed as training issues and were not reported to the committee.
• The prior-year audit identified a revenue cutoff control weakness. There is no formal tracker for corrective actions, and interim audit work found similar cutoff exceptions this year.

Which recommendation is best supported by these facts?

• A. Make the CFO chair of the committee because the recurring revenue cutoff issues indicate the committee needs stronger technical accounting expertise.
• B. Reconstitute the committee with an independent chair and non-management members, require direct auditor and compliance reporting, and track management’s remediation of findings.
• C. Keep the current committee structure but require the CFO to provide longer written summaries of audit and compliance matters at each meeting.
• D. Ask the external auditor to expand cutoff testing and report only adjusted misstatements to management, since additional audit work addresses the lender’s concern.

Best answer: B

What this tests: Strategy and Governance

Explanation: An effective audit committee must be able to oversee management, not depend on management to decide what the committee sees. Here, management chairs the committee, controls the agenda, filters the external auditor’s findings, and prevents compliance matters from reaching the committee. The recurring cutoff issue also shows weak accountability because prior findings were not tracked to resolution. The strongest recommendation addresses the governance cause: improve independence, create direct information channels from the auditor and compliance process, and require formal follow-up of corrective actions. More detail from management or more audit testing may provide information, but neither fixes management’s control over the committee’s information flow or the absence of remediation accountability.

• Longer CFO summaries still leave management as the gatekeeper and do not provide independent access to audit or compliance information.
• Having the CFO chair the committee would worsen the independence problem, even if technical accounting knowledge is useful.
• Expanded cutoff testing may respond to an audit risk, but it does not correct the audit committee’s oversight, information-flow, or follow-up weaknesses.

The facts show weaknesses in independence, information flow, and accountability, so the committee needs direct oversight mechanisms rather than management-filtered reporting.

Question 9

Topic: Strategy and Governance

MaplePath Housing Society is a Canadian not-for-profit organization with an annual financial statement audit. You are reviewing the audit update memo before the engagement partner meets with the audit committee.

The audit committee’s board-approved mandate requires it to oversee financial reporting and internal controls, review significant audit risks and unadjusted misstatements with the external auditor, monitor auditor independence, oversee confidential compliance complaints and management’s remediation, and meet with the external auditor without management at least annually.

Current-year facts include:

• The CFO prepares the audit committee agenda and minutes; the committee met once for 25 minutes before a board meeting.
• The engagement team identified a significant risk that restricted grant revenue may be recognized before eligibility criteria are met. Proposed unadjusted misstatements exceed planning materiality. The CFO told the team not to send details to the committee and said she will tell the committee “everything is under control.”
• A whistleblower reported that program managers override grant coding controls near year end. Reports go only to the CEO, and no summary has been provided to the committee.
• The committee chair approved the audit fee by email and has not scheduled a private meeting with the external auditor.

Which assessment and response is most appropriate?

• A. The only governance issue is that no private auditor meeting is scheduled; if an in-camera meeting is added, the committee can rely on CFO summaries for risks and misstatements.
• B. The audit committee is not meeting its governance responsibilities; the engagement team should communicate significant audit risks, unadjusted misstatements, independence matters, and compliance-channel concerns directly to the committee and recommend improved information flow and accountability.
• C. The audit committee is meeting its governance responsibilities because it has delegated financial reporting and compliance updates to the CFO and CEO, who are responsible for day-to-day operations.
• D. The engagement team should report these matters only in the management letter after the audit, because audit committee involvement before year-end would reduce management accountability.

Best answer: B

What this tests: Strategy and Governance

Explanation: An effective audit committee provides oversight, not management execution. It needs direct and timely information about significant audit risks, unadjusted misstatements, control and compliance concerns, and auditor independence so it can challenge management and hold management accountable. Here, management controls the agenda and filters audit and whistleblower information, proposed unadjusted misstatements exceed planning materiality, a fraud or override-related compliance concern has not reached the committee, and no private auditor meeting is planned despite the committee’s own mandate. The appropriate assurance response is direct communication with those charged with governance and a recommendation to strengthen information flow, in-camera access to the auditor, and tracking of management remediation.

• Delegating updates to the CFO and CEO confuses management’s operating role with the audit committee’s oversight role.
• Adding only a private auditor meeting is incomplete because the committee also lacks direct information on risks, misstatements, compliance complaints, and remediation.
• Waiting for a management letter is too late for matters requiring governance attention during the audit and would continue to route key issues through management.

The committee is not receiving direct, complete information needed to oversee reporting, controls, compliance, auditor independence, and management’s response to audit matters.

Question 10

Topic: Strategy and Governance

You are the senior on the audit of Maple Ridge Components Inc., a privately owned Canadian manufacturer reporting under ASPE. During planning, you review the following governance excerpt from the board package:

Board structure:
- 7 directors: the CEO, CFO, COO, two family shareholders employed by the company, and two outside directors.
- Audit committee: CFO as chair, CEO, and one outside director.
- External auditor correspondence is first sent to the CFO, who decides what is forwarded to the audit committee.
- The audit committee meets after year-end to review draft financial statements and management's significant estimates.
- The board mandate says management is responsible for financial reporting and the board provides oversight.

Which interpretation best reflects the assurance planning and communication impact of this governance structure?

• A. The governance structure creates an automatic scope limitation because the auditor cannot communicate with those charged with governance through management.
• B. Management’s dominance of the audit committee weakens independent oversight, so the audit team should consider increased control environment and management override risk and seek direct communication with the board or outside directors.
• C. The CFO’s role as audit committee chair strengthens governance because financial expertise allows the audit team to rely on management’s review of estimates.
• D. The issue is limited to a management letter point because board composition does not affect audit planning for a private company.

Best answer: B

What this tests: Strategy and Governance

Explanation: Governance structure matters because it affects the control environment, accountability, and the reliability of oversight over financial reporting. Here, the audit committee is controlled by management and the CFO filters auditor correspondence before it reaches the committee. That does not automatically prevent the audit, but it raises concerns about independent oversight and management override. In planning, the audit team should consider the effect on risk assessment, especially for significant estimates and judgments, and should ensure significant matters can be communicated to those charged with governance without inappropriate management filtering. For a private company, an audit committee is not necessarily required to be independent, but weak independence is still relevant to assurance planning and communication.

• Treating the CFO’s financial expertise as a basis to rely on management’s estimate review ignores the lack of independent oversight.
• Calling the structure an automatic scope limitation is too strong; the auditor may still obtain access to the board or outside directors.
• Limiting the matter to a management letter point overlooks its effect on risk assessment, professional skepticism, and governance communication.

The excerpt shows management filtering assurance communications and participating in oversight, which affects risk assessment and the route for communicating significant audit matters.

Continue with full practice

Use the CPA Canada Assurance Practice Test page for the full Finance Prep practice bank, mixed-topic practice, timed mock exams, and explanations.

Related focused pages

• Free CPA Canada Assurance Full-Length Practice Exam
• CPA Canada Assurance: Financial Reporting
• CPA Canada Assurance: Audit and Assurance
• CPA Canada Assurance: Finance

Free review resource

Use the full Finance Prep practice page above for the latest review links and practice page.