CHARTERED PROFESSIONAL ACCOUNTANTS OF ONTARIO ACT, 2017

Citation: Chartered Professional Accountants of Ontario v. Kostich et al, 2026 ONCPA 3

Date: February 12, 2026

IN THE MATTER OF: Allegations against STEVE KOSTICH, CPA, CA, under Rule 206.1 of the CPA Ontario Code of Professional Conduct and Allegations against FELICE IORIO, CPA, CA, under Rules 202.1 and 206.1 of the CPA Ontario Code of Professional Conduct.

BETWEEN:

Chartered Professional Accountants of Ontario

Professional Conduct Committee

-and-

Steve Kostich and Felice Iorio

APPEARANCES:

For the Professional Conduct Committee:

Lily Harmer and Hailey Bruckner,

Counsel

For Steve Kostich and Felice Iorio:

Present

John Finnigan, James Hardy and Rebekah O’Hare, Counsel

Heard:

May 6, 7 and 10, June 24, October 16, 21, 23 and 28, November 5 and 6, 2024, January 29 and 30, February 20 and 27, 2025

Decision and Order effective:

February 12, 2026

Release of written reasons:

February 12, 2026

[1] The Professional Conduct Committee (“PCC”) of the Chartered Professional Accountants of Ontario (“CPA Ontario”) alleged that Felice Iorio (“Iorio”) failed to perform professional services with due care when accepting an audit engagement, contrary to Rule 202.1 of the CPA Code of Professional Conduct (“the Code”). The PCC also alleged that Iorio failed to perform professional services in accordance with generally accepted standards of practice of the profession, contrary to Rule 206.1 of the Code in relation to two audits for two consecutive years.

[2] The PCC alleged that Steve Kostich (“Kostich”) failed to perform professional services in accordance with generally accepted standards of practice of the profession, contrary to Rule 206.1 of the Code in relation to two audits for two consecutive years.

[3] Iorio and Kostich (“the Members”) practice public accounting and are partners of Deloitte LLP (“Deloitte”) in the firm’s Vaughan office. Iorio was the lead engagement partner for audits of the non-consolidated financial statements of Bondfield Construction Company Limited (“BCCL”) and the combined consolidated financial statements of the Bondfield Group including BCCL and other related companies in the related group of companies (collectively “Bondfield” or “the Bondfield Group”) for the fiscal years ended December 31, 2013 (“the 2013 Audits”) and December 31, 2014 (“the 2014 Audits”). Kostich was the lead engagement partner for the fiscal years ended December 31, 2015 (“the 2015 Audits”) and December 31, 2016 (“the 2016 Audits”).

[4] Following the initiation of a complaint by CPA Ontario Standards Enforcement, the PCC retained the services of Paul Rhodes (“Rhodes”) and Ian Wintrip (“Wintrip”) to investigate the Members’ roles as engagement partners and to determine whether the various audits were performed in accordance with the generally accepted standards of practice of the profession.

[5] The Members initially contested the Allegations of professional misconduct (“Allegations”) against them. Rhodes, who was qualified as an expert witness, was the only witness called by the PCC at the hearing. After the PCC had called its evidence, the Members began cross-examining Rhodes. Shortly after the commencement of Rhodes’ cross-examination, the parties jointly requested an adjournment of the hearing and they engaged in negotiations. Upon the resumption of the hearing, the Members ceased challenging the Allegations. The PCC filed written submissions and materials in support of their position on findings of professional misconduct. The Members neither filed nor made any submissions in reply.

[6] This hearing was held to determine whether the PCC had proven, on a balance of probabilities, that the Members had committed professional misconduct as alleged.

The Members

[7] Iorio began practicing as a CPA in 1993 with a mid-sized public accounting firm which merged with Deloitte in or around 2008. His practice focused on private companies, including audit, review, notice to reader and tax work. His experience, relevant to the Bondfield audits, includes having worked with real estate entities with development and construction operations. Bondfield was one of Iorio’s largest construction clients.

[8] In 1996, while still in high school, Kostich began working with Deloitte. In September 2000, after completing his university studies, Kostich joined Deloitte’s Small Audit Practice. He was admitted to Deloitte’s partnership in 2015. Kostich’s clients mainly consisted of large private companies, including architects and engineering companies with elements of construction within those clients, including general contractors, construction management and trades. At the time of the initial Bondfield audits in 2013, Kostich’s comparable experience consisted of one multi-facet service provider of architectural, engineering and construction services.

BCCL and the Bondfield Group

[9] Bondfield was a full-service privately-owned construction company operating in the Greater Toronto Area and Southern Ontario since the mid 1980’s. Bondfield took on large scale construction projects, delivering many award-winning and government-related projects. Bondfield Group encompassed several entities with BCCL being the main operating entity within the Group.

10Bondfield was founded by Ralph Aquino and was owned by the Aquino family. Ralph Aquino (father) was the President and sole director of Bondfield. His son, Steve Aquino was the Vice President, Operations of Bondfield. His other son, John Aquino was the Vice President and General Manager of Bondfield. His daughter, Maria Bot, was not involved in the management of the business, but like her father and brothers, she was a shareholder of Bondfield.

11Deloitte became Bondfield’s external auditor after PricewaterhouseCoopers (“PwC”) abruptly resigned in June 2014 after having acted as auditors for Bondfield for 20 years. At the time of its resignation, PwC had not completed its audit of Bondfield’s financial statements for the year ended December 31, 2013. Iorio, who accepted Bondfield as an audit client, would become the engagement partner for the Bondfield Group and BCCL 2013 Audits and 2014 Audits while Kostich would become the engagement partner for the 2015 Audits and the 2016 Audits.

12Zurich, an insurance company, provided a $1 billion bonding facility to Bondfield. If Bondfield failed to meet its obligations to contractors, subcontractors or laborers, Zurich ensured that the work would be performed (by other contractors, etc.) and payment for the work performed would be made.

13In 2018, when Zurich became concerned about the financial health of Bondfield, it hired Ernst & Young (“EY”) to review Bondfield’s financial situation as a result of liquidity issues Bondfield had been experiencing. On March 5, 2019, BCCL and several other companies in the Bondfield Group filed an application in the Ontario Superior Court of Justice (“the Court”) seeking protection under the Companies’ Creditors Arrangement Act (“CCAA”). The Court appointed EY as a Monitor to conduct a forensic investigation. On October 30, 2019, EY issued its Phase II Investigation Report in the CCAA proceedings, identifying fraudulent payments by Bondfield to Suppliers of Interest for services which were allegedly never provided.

14The forensic investigation, which had access to more detailed information from the Bondfield Group and third parties and was a more thorough investigation than required by generally accepted auditing standards, resulted in concerns regarding the reliability of the 2013 to 2016 Audits led by Iorio and Kostich. Those concerns were summarized by the Court in subsequent court proceedings as follows:

In each of those years, Deloitte showed growth in contract revenue and retained earnings increasing year over year…The Monitor’s investigation found that a) Bondfield’s financial records, prepared under the supervision of John Aquino, vastly overstated the revenues and profitability of its projects in the relevant period…¹

The Complaints and Investigation

15On February 27, 2020, the Globe & Mail published an article regarding two civil suits filed against Deloitte alleging negligence in the performance of the 2013 to 2016 Audits. The lawsuits alleged that $80 million was siphoned from Bondfield as a result of fraudulent activity by John Aquino and others. One of the suits was initiated by Zurich in August 2019. Zurich alleged in its statement of claim, that Deloitte had acted negligently in its conduct of the Bondfield Audits. A second claim was filed by Bondfield’s litigation trustee against Deloitte. Both claims raised concerns regarding the manner in which the Members led the Audits of BCCL and Bondfield Group for the years 2013 to 2016.

16Between March 2019 and February 2020, the CCAA proceedings, a subsequent investigation, the two lawsuits against Deloitte and the Globe & Mail article brought the Bondfield Audits to light, following which the Standards Enforcement Department of CPA Ontario initiated a complaint in relation to the Audits of BCCL and the Group performed by the Members.

17The PCC retained Rhodes and Wintrip pursuant to sections 47-52 of the Chartered Professional Accountants of Ontario Act, 2017 and the provisions of Regulation 15-1 of CPA Ontario to investigate the Members in their roles as lead engagement partners and their standards of practice in relation to the Audits to determine whether the Audits had been performed in accordance with the generally accepted standards of practice of the profession.

18As a result of their investigation, written reports dated February 17, 2021, were prepared by Rhodes and Wintrip for both Iorio and Kostich. These reports can be found at Tab A and C of the Joint Book of Documents (“Exhibit 1”). As part of their investigation, Rhodes and Wintrip conducted a number of interviews, including interviews with both Members. The documents obtained, reviewed and ultimately relied upon by Rhodes and Wintrip during the course of their investigation are found at Tabs B and D of Exhibit 1. Rhodes was the only witness to testify at the hearing. During the course of his testimony, additional documents were also presented during the course of the hearing and marked as exhibits.

[19] Following the completion of the investigation, on August 8, 2022, the PCC issued Allegations against Iorio and Kostich.

III. PRELIMINARY ISSUES

Issue 1 – Qualification of expert witness

20The PCC sought to have Rhodes qualified as an expert in the area of the standards of practice of the profession. While the Members initially contested his qualifications, after hearing his evidence, the Members conceded his ability to provide opinion evidence in the area of professional accounting standards. The Panel deliberated and accepted Rhodes as an expert witness qualified to provide opinion evidence on the standards of practice of the accounting profession.

Issue 2 – Request to communicate with a witness

21On November 6, 2024, counsel for the PCC brought a motion seeking a direction from the Panel to allow them to communicate with Rhodes, about matters introduced or touched on during examination-in-chief, between the completion of Rhodes’ examination-in-chief and his cross- examination by counsel for the Members. The direction was opposed by the Members. The Panel directed that counsel for the PCC in this matter, as well as in-house counsel observe the requirements of Rule 5.4-2 (a.2) and not discuss with Rhodes his evidence-in-chief or relating to any matter introduced or touched on during examination-in-chief in this proceeding².

IV. ISSUES

22The burden of proof rests with the PCC. The Members initially contested the Allegations made against them, and later, after having engaged in resolution discussions with the PCC chose to cease contesting the Allegations against them. Despite this change in course, the burden of proof continued to remain with the PCC.

23The issues to be addressed by the Panel arising from the Allegations in D-23-028 and D 23-029 are as follows:

a) Did the evidence presented to the Panel establish, on a balance of probabilities, the facts on which the Allegations made by the PCC against Iorio and against Kostich were based?

b) If the facts alleged by the PCC were established on the evidence presented on a balance of probabilities, did the Allegations against Iorio and against Kostich constitute professional misconduct?

V. DECISION ON MISCONDUCT

24With respect to Iorio, the Panel found that the evidence presented by the PCC established, on a balance of probabilities, the facts set out in the following Allegations:

Allegation 1 (a) and (b): that Iorio failed to perform professional services with due care contrary to Rule 202.1 of the Code in that he failed to take sufficient and appropriate steps to address allegations of suspected fraud and other audit risks made by the predecessor auditor, and to maintain professional skepticism and exercise appropriate professional judgment in accepting the engagement to audit the Bondfield Group and BCCL for the year ended December 31, 2013;
Allegation 2 (a) to (r): that Iorio failed to perform professional services in accordance with generally accepted standards of practice of the profession contrary to Rule 206.1 of the Code in connection with numerous significant aspects of the audits of Bondfield’s and BCCL’s financial statements for the year ended December 31, 2013; and
Allegation 3 (a) to (o): that Iorio failed to perform professional services in accordance with generally accepted standards of practice of the profession contrary to Rule 206.1 of the Code in connection with numerous significant aspects of the audits of Bondfield’s and BCCL’s financial statements for the year ended December 31, 2014.

25The Panel was satisfied that the breaches of Rules 202.1 and 206.1 by Iorio had been proven and that having breached these Rules, Iorio committed professional misconduct.

26With respect to Kostich, the Panel found that the evidence presented by the PCC established, on a balance of probabilities, the facts set out in the following Allegations:

Allegation 1 (a) to (g) and (i) to (o): that Kostich failed to perform professional services in accordance with generally accepted standards of practice of the profession contrary to Rule 206.1 of the Code in connection with numerous significant aspects of the audits of Bondfield’s and BCCL’s financial statements for the year ended December 31, 2015; and
Allegation 2 (a) to (m): that Kostich failed to perform professional services in accordance with generally accepted standards of practice of the profession contrary to Rule 206.1 of the Code in connection with numerous significant aspects of the audits of Bondfield’s and BCCL’s financial statements for the year ended December 31, 2016.

[27] With respect to Allegation 1 (h) which alleged that Kostich had failed to obtain a management representation letter for the audit of BCCL’s financial statements signed by each of those charged with governance, the Panel did not find that the PCC had proven this Allegation on a balance of probabilities and dismissed the Allegation.

[28] The Panel was satisfied that the breaches of Rule 206.1 by Kostich had been proven and that having breached this Rule, Kostich committed professional misconduct.

VI. REASONS FOR THE DECISION ON MISCONDUCT

Findings Regarding the Conduct of the Members

[29] In arriving at its findings, the Panel considered the testimony of Rhodes as well as all the documentation entered into the hearing as exhibits.

[30] Rhodes, who had been qualified as an expert witness, testified over the course of 13 days with the majority of his testimony given in-chief. He was briefly cross-examined by counsel for the Members during the course of one day, after which the parties commenced resolution discussions and subsequently requested that the remaining hearing dates be adjourned. As a result of an agreement reached between the parties, the Members forfeited their right to continue their cross-examination of Rhodes and to call their own witnesses. The PCC also gave up their right to re-examine Rhodes and cross-examine any witnesses called by the Members.

[31] As part of the agreement reached, the Members made no admissions regarding the Allegations. The Members did not call any evidence in their defence.

[32] The PCC provided the Panel with only written submissions in support of their positions on findings of professional misconduct. The Members neither submitted written submissions nor provided oral submissions on conduct.

[33] The Panel has carefully reviewed the viva voce evidence of Rhodes, as well as all the documentary evidence presented over the course of the hearing. The Panel has found the written submissions of the PCC very helpful in both providing an organizational framework, as well as providing helpful summaries of the evidence. In preparing these reasons, the Panel has followed the format of the submissions as it properly follows the evidence. The Panel has adopted portions of the submissions as they accurately reflect the facts and standards at issue.

Acceptance of the Bondfield Engagement [Iorio Allegation 1(a) and (b)]

[34] The PCC alleged that in accepting the engagement to audit the Bondfield financial statements for the year ended December 31, 2013, in or about the period of June 20, 2014 to September 30, 2014, Iorio failed to perform professional services with due care, contrary to Rule 202.1 of the Code when he failed to take sufficient and appropriate steps to address allegations of suspected fraud and other audit risks made by the predecessor auditor, PwC, and when he failed to maintain professional skepticism and exercise appropriate professional judgment.

[35] Rule 202.1 requires all members of CPA Ontario to perform their professional services with integrity and due care. Fundamental to the exercise of due care, members are required to maintain professional skepticism and to exercise appropriate professional judgment at all relevant times. Due care is not limited to particular stages of an audit but is required throughout the course of an audit – from client acceptance, the performance of the audit to client continuation assessments.

[36] In considering whether to accept the Bondfield Audits, Iorio had to determine whether the preconditions for an audit had been met. In coming to this determination, Iorio had to employ both professional skepticism which required him to have a questioning mind and to remain alert to contradictions, inadequacies in evidence and unverified facts. If during the course of his assessment issues or concerns arose, due care required Iorio to take additional steps with a heightened level of professional skepticism.

[37] Iorio was also required to exercise professional judgement within the context provided by auditing, accounting and ethical standards when determining whether to accept Bondfield as a client. The use of both professional judgement and professional skepticism was especially critical given the unique circumstances Iorio faced when approached to take on Bondfield.

[38] In June 2014, after having been Bondfield Group’s and BCCL’s external auditors for twenty years, PwC abruptly resigned without completing its audits of Bondfield’s and BCCL’s financial statements for the year ended December 31, 2013. Covenants with Bondfield’s lender and Zurich required delivery of these financial statements by April 30, 2014. This created a sense of urgency on the part of Bondfield to complete the audits and should have been a red flag to be considered by Iorio in his consideration of whether to accept Bondfield as a client.

[39] In a letter to PwC dated June 17, 2014, John Aquino accused PwC of negligently performing its professional services, refused to permit PwC from conducting additional fieldwork, including any additional 2014 subsequent event testing, and demanded that PwC deliver its auditors reports for all of the outstanding financial statements by 10:00 a.m. the next day. This demand was practically impossible to address considering the June 16, 2014 meeting between Bondfield and PwC confirmed pending procedures and evidence. The effect of this communication was that PwC would not be able to complete the audit procedures. Management had effectively imposed a scope limitation on PwC – which Deloitte would identify in their Path to Acceptance memo and note that any limitation or lack of cooperation by Bondfield, would result in the end of the audit and the resignation of Deloitte.

[40] On June 17, 2014, John Aquino contacted Iorio inquiring as to whether Deloitte would be prepared to provide audit and tax services to Bondfield. John Aquino advised Iorio that PwC’s resignation arose following disagreements between PwC and Bondfield relating to PwC’s staffing of the audit engagements, and PwC’s stated need to conduct additional fieldwork in late May and early June of 2014.

[41] On June 18, 2014, Iorio and Kostich met with John Aquino and Domenic DiPede, Bondfield’s Chief Financial Officer (“DiPede”) to discuss the proposed engagement. They gathered additional information from John Aquino regarding Bondfield’s relationship with PwC. PwC had been Bondfield’s auditor for 20 years and was now unable to complete the 2013 Audits that were overdue, resulting in Bondfield being in breach of its covenants with the lender and Zurich. While there was an urgency on the part of Bondfield to complete the 2013 Audit, it was willing to end a 20-year relationship with PwC and risk a continued breach with the lender and Zurich.

[42] In response to John Aquino’s June 17, 2014 letter, on June 18, 2014 PwC wrote to John Aquino terminating its engagement, referencing serious concerns, attempts by Bondfield to threaten PwC which compromised its independence as the Bondfield auditor and ultimately attempted to shift blame on the auditor by making “baseless accusations”.

[43] Iorio sent a courtesy letter to PwC on June 19 requesting PwC to advise of any circumstances it was aware of which Deloitte should consider in its decision to accept the Bondfield audits. Such communication is required under the Code when considering accepting an audit engagement that was audited previously by another auditor. Predecessor auditors (PwC in this case) are required to respond to such inquiries promptly and to provide information if suspected fraud or illegal activity by the client were factors in the predecessor’s resignation, or whether such activity resulted in the client’s decision to seek a new auditor.

[44] On June 20, 2014, PwC responded to Iorio’s inquiries providing the following reasons for its inability to complete the 2013 Audits:

difficulty in obtaining sufficient and appropriate audit evidence;
suspected fraud in connection with certain confirmation evidence received by the audit team;
Bondfield declined to permit additional audit work, leading to a scope limitation; and
litigation threats that compromised PwC’s independence as auditors.

[45] PwC’s June 20, 2014 letter disclosed additional significant red flags which called for further inquiry by Iorio into PwC’s resignation. However, efforts to obtain additional information from PwC were hampered by Bondfield’s refusal to provide releases to its former auditor.

[46] Iorio appropriately consulted with Alan Faux (“Faux”), Practice Director of Deloitte’s local Vaughan office and on June 23, 2014, Iorio and Faux met with DiPede who sought to address the concerns raised by PwC. DiPede maintained that the PwC allegations in its June 20, 2014 letter were made to cover up inadequacies in their audit. DiPede expressed surprise over PwC’s mention of suspected fraud, claiming that this was the first time he had heard of such an allegation. DiPede claimed not to know which confirmations were connected to the alleged suspected fraud. DiPede relied on PwC’s June 19, 2014 letter of resignation and a copy of the agenda of Bondfield’s meeting with PwC which had taken place on June 16, 2014, to support his position that PwC had not previously raised concerns regarding suspicions of fraud.

[47] When John Aquino joined the meeting later that day, he confirmed DiPede’s position and that the allegation of suspected fraud had not been raised as an issue during the PwC meeting on June 16, 2014. Iorio reviewed the agenda of the June 16, 2014 meeting and confirmed that the issue of suspected fraud was not on the agenda.

[48] In a letter dated July 3, 2014, from PwC to a lawyer representing Bondfield, PwC contradicted DiPede and John Aquino’s denials of knowledge regarding allegations of suspected fraud made by PwC. According to PwC’s July 3, 2014 letter, the issues of concern that arose during PwC’s audit work had been clearly articulated to John Aquino and DiPede. The letter also provided additional information regarding PwC’s fraud concerns, including:

In particular, there were concerns that arose during the year-end audit for [BCCL] with respect to confirmations, including but not limited to confirmations requested from IA Clarington Investment and IC Savings Bank. More specifically, there was suspected fraud with respect to a confirmation that purported to be from IA Clarington Investment. PwC’s specific concerns were fully disclosed to Mr. John Aquino and Mr. Domenic DiPede. (emphasis added)

[49] Despite this significant and apparent contradiction relating to an allegation of fraud made by PwC, Iorio appeared to accept and prefer the explanations provided by John Aquino and DiPede over those of PwC. Iorio should have exercised greater professional skepticism when considering the allegations made by PwC and not relied so readily on the representations made by John Aquino and DiPede.

[50] Iorio did convene and consult with a group of senior Deloitte personnel during the acceptance process. The group included personnel from audit leadership, audit risk, the general counsel office and Deloitte Forensic. Despite efforts by Iorio and others from Deloitte to obtain more detailed information from PwC regarding its concerns, PwC declined to provide further information after Bondfield refused to provide a release requested by PwC.

[51] Within three weeks of being first approached by Bondfield, and despite being left with unresolved contradictions and many questions yet to be fully answered, on July 5, 2014, Iorio decided to conditionally accept Bondfield as a client. On July 7, 2014, the client signed and dated the engagement letters making Iorio the audit engagement partner.

[52] As part of the conditional acceptance, Iorio did impose what he described as “very strict conditions” to govern his decision to commence the Bondfield 2013 audit in early July 2014. These conditions included:

background checks of Bondfield, its owners and key employees;
inquiries of a Deloitte partner who was familiar with Bondfield, other partners, and an industry player;
assignment of an engagement quality control review partner and a special review partner, together with two senior managers who had relevant experience; and
testing of 100% of Bondfield’s open contracts.

[53] Even though he had conditionally accepted Bondfield as a client, it remained incumbent upon Iorio to ensure that the unanswered questions, especially regarding the integrity of management and its representations, were answered. If those questions remained unanswered, Iorio should have relied upon his professional judgment and revisited his Path to Acceptance of the audit engagement. When considering the information that was available to him, given the number of unanswered questions, Iorio was also required to exercise a heightened level of professional skepticism.

[54] He also assigned the audits the highest risk rating, “Much Greater than Normal” (“MGTN”), thereby requiring an appropriately high level of professional skepticism and engaged Deloitte Forensic to obtain audit evidence to address concerns raised in the PwC June 20, 2014 letter to Iorio. While engaging Deloitte Forensic was an appropriate step to address the concerns raised by PwC’s letter, there was no evidence in the audit file that Deloitte Forensic had completed or reported the results of its work by the time Iorio accepted Bondfield as an audit client on July 7, 2014.

[55] In fact, it was three weeks after Iorio accepted Bondfield as a client, on August 1, 2014, that Deloitte Forensic summarized its preliminary findings in a Preliminary Update Memo (“the DF Memo”). Rather than resolving the issues raised by PwC, the DF Memo only further heightened them. For instance, the DF Memo raised further questions regarding the existence of several large investments totaling $2.9 million which implicated John Aquino. It also raised questions regarding an investment confirmation provided by an investment manager, Mohamad Tahir (“Tahir”), who claimed to have been directed by Bondfield to include specified amounts in a marketable securities confirmation. Tahir named John Aquino and DiPede as the individuals he had dealt with at Bondfield. The DF Memo flagged issues that called into question the integrity of John Aquino and DiPede.

[56] At this point, there were several red flags which Iorio should have considered more seriously before taking on Bondfield as a client. Specifically:

PwC had been the auditor for Bondfield for 20 years and was now unable to complete the 2013 Audits that were overdue. Bondfield was already in breach of its covenants with its lender and Zurich, and despite a sense of urgency on the part of Bondfield to complete the audits, Bondfield was prepared to end a 20-year relationship with PwC.
In its June 17, 2014 letter to PwC, Bondfield refused to allow additional documents to be provided and procedures to be performed as requested by PwC and demanded that the auditors’ reports be provided to Bondfield by 10:00 a.m. the next day; a demand that was practically impossible to fulfill considering that the June 16 meeting between Bondfield and PwC contemplated pending procedures and evidence. Bondfield’s position effectively made it impossible for PwC to complete the audit. Deloitte recognized the scope limitation imposed by Bondfield management on PwC, referring specifically to this issue in Deloitte’s Path to Acceptance memo and addressing it by taking the position that “Bondfield could not limit any work that we undertake. If there was any limitation or lack of cooperation (by Bondfield), (Deloitte) would stop and resign”.
While Bondfield’s June 17 letter to PwC did not expressly threaten litigation, both PwC (in their response dated June20) and Deloitte (in their Path to Acceptance memo) understood the letter to contain a threat. The Path to Acceptance memo not only expressly states that the June 17 letter “threatens litigation”, it also documented a discussion about the letter on June 23 between Iorio, Faux and DiPede. During that discussion, DiPede advised that Bondfield took the position that PwC’s delay in issuing Bondfield’s financials would negatively impact Bondfield’s banking situation and the company. He acknowledged that Bondfield had suggested that PwC should “govern themselves accordingly”. The threat of litigation by Bondfield as against its auditor is of serious concern and should have been given more weight by Iorio.
While PwC had raised concerns in its June 20 letter to Iorio regarding suspected fraud, Iorio’s and Deloitte’s attempts to obtain additional information regarding those concerns only resulted in the need for further questions to be asked. Bondfield’s refusal to provide releases to its former auditor caused Iorio to appropriately involve Deloitte Forensic and document the need to consider their findings during acceptance. However, when it came to accepting Bondfield as a client, Iorio did not wait to receive the DF Memo.
Instead of alleviating concerns raised by PwC, preliminary findings in the DF Memo heightened those concerns significantly and added further inconsistencies between the representations made by John Aquino and the information obtained by Deloitte Forensics. For instance, Deloitte Forensics inquiries of Tahir, as noted in the DF Memo, raised serious concerns regarding directions given by John Aquino and DiPede.

57Despite PwC’s concerns regarding fraudulent confirmations, Iorio relied on information provided by DiPede who seemed to be surprised by the allegation of fraud and claimed it was the first time he had heard such an allegation. DiPede did indicate that he was aware of certain marketable securities as “an area in which some issues had arisen”, however he maintained that the specific allegation of fraudulent confirmations was never mentioned in any meeting or correspondence with PwC. These claims were confirmed by John Aquino. Given the contradictions revealed by PwC’s June 20 letter when compared to the claims of John Aquino and DiPede, Iorio should have exercised greater professional skepticism and not relied so readily on the representations made by John Aquino and DiPede.

58In the Path to Acceptance memo and the engagement letter, Iorio documented an appropriate strategy to address any possible or unresolved matters. However, when it came to resolving the concerns noted in PwC’s June 20 letter prior to acceptance, the measures put in place by Iorio did not go far enough and the concerns raised were resolved without the application of sufficient professional skepticism.

[59] Despite the concerning findings and further issues that were raised in the DF Memo, there was no indication in the audit file that Iorio took any steps to address outstanding questions or concerns, nor did he revisit his decision to accept Bondfield as a client.

[60] While the engagement letter included a provision to allow Deloitte to terminate the engagement, despite all the concerns raised regarding suspected fraud and the integrity of management (who was providing the information for the financial statements it needed), Iorio chose to rely on management and continued with the engagement, leaving questions unanswered.

[61] Rule 202.1 of the Code requires members to perform professional services with integrity and due care. This Panel finds, based on the uncontested evidence presented by the PCC, that Iorio did not exercise the requisite due care when accepting the Bondfield engagement. He did not go far enough to gather the information needed to address the serious concerns raised by PwC in their June 20 letter. When confronted with contradictions and serious allegations made against John Aquino, both of which should have caused Iorio to exercise heightened professional skepticism, Iorio preferred the information provided by John Aquino without explanation and without addressing the contradictions. He failed to exercise the appropriate level of professional skepticism and apply the appropriate professional judgment required when considering the limited information available to him; the contradictions within the information provided, and the lack of information from both PwC and Deloitte Forensic at the time Iorio accepted the engagement.

General Comments Regarding All Other Allegations

[62] As some of the Allegations made by the PCC build upon each other, the Panel will address the Allegations based on the chronological evolution of the Members’ conduct. As much of the evidence relating to these Allegations overlaps between the two Members, the Allegations have been grouped together, spanning all four audit years. While there is some common evidence, specific evidence relating to an individual Member’s Allegation(s), will be described separately. This approach follows the order by which the PCC has addressed the Allegations in its written submissions.

[63] The Allegations regarding the Members’ failures to perform professional services, while engaged to audit the Bondfield Group and BCCL in accordance with generally accepted standards of practice of the profession, contrary to Rule 206.1 of the Code, are summarized as follows:

Member

Year ended December 31,

Period covered by Allegations

Allegation reference

Iorio

2013

June 1, 2014 – September 30, 2014

2(a) – (r)

2014

August 1, 2014 – June 30, 2015

3(a) - (o)

Kostich

2015

November 1, 2015 – April 30, 2016

1(a) - (o)

2016

November 1, 2016 – August 31, 2017

2(a) - (m)

Systemic Auditing Principles and Standards [Iorio Allegations 2(a) and 3(a), 2(b) and 3(b) and 2(e) and 3(e) and Kostich Allegations 1(a) and 2(a), 1(b) and 2(b) and 1(e)]

[64] The PCC made the following Allegations relating to Iorio’s and Kostich’s obligations to perform professional services in accordance with generally accepted standards of practice:

Iorio (Allegations 2(a) and 3(a)) and Kostich (Allegations 1(a) and 2(a)) failed to obtain sufficient and appropriate audit evidence to reduce audit risk to an acceptably low level.
Iorio (Allegations 2(b) and 3(b)) and Kostich (Allegations 1(b) and 2(b)) failed to maintain sufficient and appropriate professional skepticism.

[65] Iorio (Allegations 2(e) and 3(e)) and Kostich (Allegation 1(e)) failed to obtain an understanding of the entity and its environment sufficient to identify and document the areas in the financial statements where material misstatements are likely to occur.

[66] The overall objective of the independent auditor and the conduct of an audit is to provide an opinion as to whether the financial statements have been prepared, in all material respects, in accordance with an applicable financial reporting framework. An audit conducted in accordance with the Canadian Auditing Standards (“CAS”) and relevant ethical requirements enables the auditor to form such an opinion.

[67] CAS required Iorio and Kostich to each obtain reasonable assurance as to whether the Bondfield Group and BCCL financial statements as a whole were free from material misstatement, whether due to fraud or error, in order to draw reasonable conclusions upon which to base their opinions. To obtain such assurances, the auditors were required to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. If ultimately, they could not obtain the requisite assurance, a qualified opinion would be issued, or if that in turn was not sufficient, the CAS required the auditors to disclaim an opinion or withdraw from the engagement, where possible.

[68] The following is a list of important concepts involved in the requirement to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level:

[69] Sufficient audit evidence is the measure of the quantity of the audit evidence obtained.

[70] The quality of that evidence determines its appropriateness in terms of its relevance and its reliability in supporting the conclusions on which the auditor’s opinion is based.

[71] Audit risk is the risk that the auditor expresses an inappropriate opinion. It is a function of a) the risk of material misstatement and b) the risk that the audit procedures performed will not detect a misstatement that exists and could be material.

[72] The identification of and response to risks of material misstatements is a fundamental requirement in an audit. Identification of these risks is achieved by obtaining an understanding of the entity and its environment. This understanding, while typically obtained at the planning stage, is a continuous process involving the ongoing gathering, updating and analyzing of information throughout the course of the audit. It helps auditors to:

Undertake proper planning of the audit
Identify users and determine materiality
Identify risks of material misstatement at the assertion level, including significant risks
Determine the nature, timing and extent of audit procedures
Evaluate the audit evidence, including assessing management representations
Perform analytical procedures.

This in turn allows the auditor to express an opinion on the financial statements at an acceptably low level of audit risk.

[73] Auditors are also required to maintain professional skepticism throughout the planning and performance of the audit. This is done by maintaining a questioning mind throughout the audit, by being alert to possible misstatements due to fraud or error and by applying a questioning attitude when critically assessing the audit evidence. Informed decisions during the audit are to be made in the context of the applicable professional standards appropriate to the circumstances of the Bondfield Audits.

[74] Throughout the course of this hearing, the Panel heard evidence on how various areas of the audit were conducted (as detailed in these reasons) that contributed to the body of evidence related to the Allegation of lack of appropriate professional skepticism and helped the Panel conclude on these Allegations. Some of these areas include (not exhaustive):

Client acceptance procedures in relation to responding to the allegations of fraud by Iorio (as noted above in these reasons).
Deficiencies noted in planning and performing the audits by both Iorio and Kostich such as, planning the audit, determining materiality, their approach to internal controls, designing and performing audit procedures in various areas, and identifying and responding to the risks of management override of controls.
Identifying and communicating with TCWG.

[75] In its deliberations, the Panel considered all the relevant evidence presented in the context of other Allegations and applied its findings to support its conclusion that these Allegations were proven.

Engagement Planning [Iorio Allegations 2(c) and 3(c) and Kostich Allegations 1(c) and 2(c)]

[76] The PCC alleged Iorio failed to properly plan the 2013 Audits and 2014 Audits and that Kostich failed to properly plan the 2015 Audits and 2016 Audits.

[77] While CAS 300 provides general guidance to auditors in planning an audit, CAS 330 outlines the requirement to design audit plans to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement and to design appropriate responses to those risks. Responses to address the assessed audit risks of material misstatement at the financial statement level may include:

Emphasizing to the engagement team the need to maintain professional skepticism;
Assigning more experienced staff, using those with special skills, or using experts;
Providing more supervision; and
Making general changes to the nature, timing or extent of audit procedures.

[78] CAS 240 and CAS 315 include additional responsibilities regarding fraud:

CAS 240 requires the auditor to discuss and consider areas of the audit and financial statements that may be susceptible to fraud and how fraud might arise therein.
Where fraud is suspected, CAS 240 requires an auditor to comply with specific requirements when designing and supervising an audit, including the assignment and supervision of personnel considering their knowledge, skill and ability as well as the auditor's assessment of the risks of material misstatement due to fraud for the engagement.
CAS 315 requires the auditor to discuss susceptibility of the financial statements to material misstatement with key team members. Where all team members are not present, the engagement partner is required to determine what matters to communicate with the remaining engagement team members (i.e. not involved in the planning meeting) and document the discussion in the audit file.
CAS 240 also requires the engagement partner to remind the team of the need to exercise professional skepticism, usually done at the team planning meeting.

[79] The documentation requirements in CAS require that an experienced auditor with no involvement with the audit be able to determine what procedures were performed by the audit team; what risk assessments were made, and what the audit plan consisted of. An auditor reviewing the audit should be able to determine how the audit team justified the audit conclusions were reached and determine whether sufficient and appropriate audit evidence was obtained.

Iorio

[80] The lack of adequate planning by Iorio manifested in the following manners, each of which are described below in greater detail:

Iorio neither used staff with sufficient expertise, special skills or experience; nor did he provide sufficient supervision to them;
In performing procedures over opening balances for the 2013 Audits, Iorio relied on PwC’s audit opinion on the 2012 financial statements and found them credible, but did not rely on PwC’s credibility when assessing its allegations of potential fraud;
Iorio allowed the engagement to be performed on a hasty timeline, potentially resulting in errors; and
During the team planning meeting, Iorio did not emphasize the need for the audit team to maintain heightened professional skepticism in light of suspicions of fraud.

[81] At the client acceptance stage, the audit risk was appropriately set at MGTN (2013 Audit). Additionally, due to serious concerns regarding fraud raised by PwC, the fraud risk in the audit was elevated, requiring a more proportionate response at the audit planning stage. According to the evidence provided by Rhodes, and accepted by the Panel, contrary to the requirements of CAS 240, 300 and 330, Iorio did not use staff with sufficient expertise, special skills or experience, nor did he provide his team with sufficient supervision given the assessed audit risks and the team’s level of knowledge, skill and experience. Rhodes’ evidence included the following:

Iorio’s engagement team included Kostich, who held the position of Senior Manager of the engagement team, and Faux, who was the Engagement Quality Control Review (“EQCR”) Partner. Rhodes confirmed their experience during the investigation interviews and noted that neither Kostich nor Faux had sufficient construction industry experience to support their roles on the audit team. However, the Simplified Audit Planning Memo identified them as “industry experts”.
Being in the construction industry, Bondfield had its own accounting policies, requiring use of significant estimates, especially related to revenue. An audit team with adequate experience in the construction industry would have been able to apply an appropriate level of professional skepticism to accounting estimates, particularly where there were suspicions of fraud. Kostich would not have known where in the audit the risk of fraud might be relevant.
Given Kostich’s lack of experience, it was incumbent upon Iorio to provide him and the team with more supervision as required by CAS 240.30. The impact of lack of adequate knowledge (on Kostich’s part) and lack of adequate supervision by Iorio became evident in the numerous deficiencies noted in contract testing (as detailed below). Iorio did not adjust the audit plans to address the gaps in Kostich’s experience.
Faux, the designated EQCR Partner for the 2013 Audits and 2014 Audits, did not have sufficient construction industry experience to properly review the audits and address the inexperience within the audit team.
These deficiencies continued in the 2014 Audits except for the change in audit risk by the team as Greater Than Normal (“GTN”) (instead of MGTN).

[82] As part of the audit procedures on the opening balances in the 2013 Audits, Iorio reviewed and relied upon PwC’s 2012 audit working papers. Iorio explained that he relied on the working papers because PwC was a ‘credible firm’. Yet, when it came to addressing PwC concerns regarding suspected fraud, he failed to consider their credibility when considering the contradictory information being provided by management.

[83] Of additional concern was the hasty timeline within which Iorio and his team sought to complete the 2013 Audits. Deloitte began the 2013 Audits on July 7, 2014 (the date of the engagement letter being signed), and the team’s goal was to complete the audit by the end of July 2014. The audit report was eventually dated August 8, 2014. This short timeline appears to be quite aggressive for a new client with significant concerns identified in the pre-engagement stage. The Panel notes that in its June 17, 2014 letter, Bondfield had imposed an unreasonable deadline on PwC within which to deliver the 2013 financial statements for the Bondfield Group and BCCL. Unable to meet the deadline and compromised by Bondfield’s threats of litigation, PwC chose to terminate their engagement with Bondfield, whose financial statements were already significantly delayed. During the investigation, Iorio had informed Rhodes that the July deadline was not imposed by Bondfield. The Panel found Iorio’s comments to Rhodes to be inconsistent with Bondfield’s previous instructions to PwC when it came to the imposition of deadlines. The July deadline, whether self-imposed (as confirmed by Iorio) or not, did not provide the audit team sufficient time to properly consider the fraud suspicions or address the complex issues arising in the audit, as is evidenced by the numerous errors in the working papers noted by Rhodes (as detailed below).

[84] Iorio did not meet the CAS 240 and the CAS 315 requirements when planning for the 2013 Audits and 2014 Audits or in documenting the fraud discussions in the file. Specifically:

There was no evidence in the audit files to confirm whether and with whom within the audit team Iorio discussed the suspected fraud and acceptance process.
While there appears to be a generic reference to potential issues regarding account balances identified by PwC in the 2013 planning meeting, there was no direct reference or identification of PwC’s suspicions of fraud.
Rhodes noted there was no evidence that a planned “fraud meeting” for the 2013 Audits ever took place on July 17, 2014, as the team signed off on the meeting on July 28 and 29, 2014, weeks after the field work commenced on July 7, 2014.
Lastly, Rhodes observed that there were no details discussed in the team planning meeting of what audit evidence should be corroborated in light of the suspected fraud; which areas of the financial statements might be susceptible to fraud, or how fraud might occur, nor were there references to any other effects on the audit. Had appropriate discussions about the risk of material misstatement due to fraud occurred during the audit planning meeting, Iorio and his team were required to document them.

[85] With respect to the 2014 Audits, the planning memo also appears to have been written after the completion of the audit. The planning memo provided no details as to what was discussed regarding the fraud, changes to the audit plan or consideration as to how fraud might be perpetrated or by whom.

[86] Both the 2013 and 2014 audit files lacked sufficient information regarding what actually occurred during the audit planning stages to meet the requirements of CAS 240. Rhodes noted that the audit planning memorandum section titled “Engagement team discussion on fraud and error” for both audit years, consisted of a retroactive list of steps taken during the audit as opposed to documenting the required discussion regarding the areas of the financial statements that might be susceptible to misstatement due to fraud. Without proof that such discussions took place, Rhodes concluded, and this Panel accepts, that the risk of material misstatement due to fraud was not properly considered or addressed by Iorio and his audit team.

[87] Given all the deficiencies in the audit plans for 2013 Audits and 2014 Audits, this Panel finds that Iorio, as lead engagement partner, did not properly plan the audits.

Kostich

[88] The failures that occurred in relation to the 2013 and 2014 Audits were repeated during the 2015 and 2016 Audits by Kostich. Rhodes noted that audit evidence is cumulative in nature, and the Panel agrees. Kostich should not only have considered new information related to the 2015 and 2016 years, he should have also considered audit evidence from prior audits in informing his client continuance decision, as well as audit planning. In planning for the 2015 and 2016 Audits, Kostich failed to meet the standards set out in CAS 240, 330, and 500, and failed to properly document the file. Specifically, Kostich:

failed to consider and discuss the concerns raised by PwC in their June 20 letter regarding suspected fraud, as well as the findings set out in the DF Memo. The issues raised by both these documents should have been discussed and factored into the level of professional skepticism to be applied by the audit team in its assessment of susceptibility of financial statements to material misstatement arising due to fraud.
failed to consider and discuss the Globe & Mail article written in September 2015 revealing allegations that John Aquino had been involved in bid rigging. While the 2015 Globe & Mail article was referenced in the 2015 planning memo, any discussion or consideration that arose therefrom was not documented. According to Rhodes, given the information found in the Globe & Mail article, Kostich should have reviewed the level of managerial control exercised by others (other than John Aquino) given the allegations that John Aquino lacked integrity. Rhodes found, and this Panel agrees, Kostich and his team should have, but failed to consider and modify the audit plan to take into consideration the lack of managerial control in their assessment of risk, their understanding of the control environment and ultimately, in the design and performance of the audit procedures.
failed to address any of the deficiencies noted in the 2013 and 2014 Audits (above) in his 2015 Audits. The deficiencies noted in the 2015 Audits were not carried into the 2016 Audits (for example the concerns raised in the 2015 Globe & Mail article were not referenced in the 2016 Audits).

[89] Given the deficiencies identified by Rhodes in the audit plans prepared by Kostich as lead engagement partner for the 2015 and 2016 Audits, this Panel finds that Kostich did not plan the audits properly.

Communications with and Inquiries of Those Charged with Governance (“TCWG”) [Iorio Allegations 2(f), 3(f), 2(g), and 3(g) and Kostich Allegations 1(f), 2(e), 1(g), and 2(f)]

[90] The PCC alleged that in the 2013, 2014, 2015, and 2016 Audits, Iorio and Kostich failed to:

make sufficient and appropriate enquiries of management and TCWG; and
adequately communicate with TCWG.

[91] CAS 260 describes TCWG as the person(s) or organization(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity, including the financial reporting process. CAS 260 requires auditors to make inquiries of and communicate with TCWG, as a group, and includes the following information to be communicated (not exhaustive):

Communicate – Matters regarding various aspects of the audit, including the planned scope and timing of the audit.
Communicate – Any difficulties encountered during the audit, and other issues that relate to the oversight of the financial reporting process.
Inquire – Information relevant to the audit from TCWG and “promote effective two-way communication between the auditor and TCWG”. Such communications with TCWG can be an important source of information for the auditor and can reveal areas of concern that are not readily obvious.

[92] TCWG for Bondfield consisted of Ralph, Steven and John Aquino, who are also shareholders and were involved with management of the operations of the Bondfield Group. Their roles within Bondfield are described in paragraph 10 above.

Iorio

[93] In both the 2013 and 2014 Audits, Iorio failed to adequately communicate with and make inquiries of appropriate members of TCWG. While the 2013 and 2014 audit files correctly identified Ralph, Steven and John Aquino as TCWG, Iorio only communicated with and made inquiries of John Aquino. Iorio and his team did not communicate with or make inquiries of the others charged with governance, contrary to CAS 260.

[94] CAS 210 requires the auditor to present the terms of the audit engagement to management or TCWG, as appropriate. Iorio and his team only addressed the audit engagement letters to John Aquino even though the engagement letters required the signature of the President of Bondfield (on the signature page). Even though Ralph was the President and sole director of the Bondfield Group, John Aquino signed the 2013 and the 2014 audit engagement letters for all the audits as President – a position he did not hold.

[95] Iorio and his team were required to communicate the overview and planned scope of the 2013 and 2014 Audits to TCWG (CAS 260.15). The audit files should have contained documentation confirming those planning communications. There is no evidence in the 2013 audit file that Iorio communicated the 2013 audit plan in writing or orally to anyone other than John Aquino. This deficiency was corrected in 2014 when Iorio communicated the 2014 audit plan to TCWG.

[96] Additional lack of adequate communication with TCWG is noted in these reasons under Related Parties [Iorio Allegations 2(k) and 3(j) and Kostich Allegations 1(k) and 2(i)].

Kostich

[97] The failures that arose in the 2013 and 2014 Audits were repeated during the 2015 and 2016 Audits by Kostich. Specifically, Kostich:

while correctly identifying TCWG, failed to make inquiries, including fraud-related inquiries, with the sole director, Ralph or others charged with governance, namely, Steve Aquino;
only required John Aquino to sign the engagement letters for both years, incorrectly identifying him as the President;
did not adequately communicate an overview and planned scope of the 2015 and 2016 Audits to TCWG, by communicating it at the end of the audit and only to John Aquino.
while the audit plans for the 2015 and 2016 Audits were eventually presented in conjunction with the outcome of the audits, the audit plans should have been communicated to TCWG when the planning was complete, not after the audits had been done. This would have allowed TCWG to raise concerns and provide information which the audit team may not have received from John Aquino. Kostich only made fraud inquiries of John Aquino and failed to communicate fraud risks to all TCWG.

Additional lack of adequate communication with TCWG is noted in these reasons under Related Parties [Iorio Allegations 2(k) and 3(j) and Kostich Allegations 1(k) and 2(i)].

Materiality [Iorio Allegations 2(j) and 3(i) and Kostich Allegations 1(j), 2(h)]

[98] The PCC alleged that in the 2013, 2014, 2015, and 2016 Audits, Iorio and Kostich failed to assess overall materiality at a level that would reduce audit risk to an acceptably low level to enable the auditor to draw reasonable conclusions on which to base the auditors’ opinions.

[99] Materiality refers to the significance of an amount, transaction, or misstatement or omission found in financial statements to the users of financial statements. A misstatement or omission is considered to be material if the misstatement or omission can reasonably be expected to influence the economic decisions of users of the financial statements.

100During the planning and performance of an audit (CAS 320), and when evaluating the effect of misstatements (CAS 450), auditors must set materiality at appropriate levels. Materiality assists auditors to focus on areas of financial statements that are most likely to contain material errors; it guides the nature, timing and extent of audit procedures, and it is used to assess the risks of material misstatement and to evaluate the effect of identified misstatements on the audit, and the effect of uncorrected misstatements on the financial statements. And finally, it enables the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. The consideration of materiality involves the use of professional judgement and requires the auditor to determine overall materiality and performance materiality.

101Overall materiality is the materiality level set for the financial statements as a whole and is considered from the perspective of the users of the financial statements (CAS 320.2). Materiality is typically determined with reference to a benchmark important to the user(s) of the financial statements (such as, revenue, net income, working capital, total assets, etc.) with a percentage to be applied based on qualitative and quantitative considerations and sensitivities of the user(s). Audit methodologies prescribe the range of percentages that may be applied to each of the benchmarks should they be selected.

102Performance Materiality (“PM”) is an amount set less than overall materiality in an effort to reduce to an appropriately low level, the probability that the aggregate of uncorrected and undetected misstatements exceeds overall materiality (CAS 320.9). The calculation of PM is used by the auditor to determine the balances within the scope of the audit and the extent of the audit procedures to be performed. One of the key considerations in determining PM, is expected misstatements in the accounting records and is calculated by applying a percentage (within the range of acceptable percentages) to the materiality.

103While materiality is initially assessed as part of the audit plan, it should be reassessed if more information comes to light throughout the course of the audit, and again, before issuing the final opinion in order to ensure the level of materiality set at the planning stage is still appropriate (CAS 320.12). Should materiality be reassessed, the auditor must also consider if the work performed is sufficient to provide basis for the auditors’ opinion.

Iorio

104For the 2013 and 2014 Audits, Iorio chose revenue as the benchmark for determining materiality, setting it at 1% of revenue. In the 2013 engagement file, Iorio documented the following considerations:

identified primary users as 1) creditor financial institutions, 2) construction bonding companies and 3) owners and management;
selected revenue, deeming it to be a more stable base than net income, as the benchmark to calculate materiality and noting that revenue “is a good indicator of profitability and, ultimately, cash flows of the company.”;
applied a percentage of 1% to revenue resulting in a materiality amount of $4.3 million for the Bondfield Group Audits. The percentage was at the lower end of the spectrum, as Iorio considered 2013 as the first audit year for Deloitte and dealing with a new, unfamiliar client. At the client acceptance stage, the audit risk was appropriately set at MGTN and factored into the selection of the lower end of the spectrum; and
set PM at 75% of the overall materiality, towards the higher end of the spectrum, anticipating only a few adjustments during the engagement. This resulted in the determination of PM at an amount of $3.2 million.

105In the 2014 engagement file, the only change from 2013 considerations was that the audit risk rating was assessed as GTN. The users, the benchmark (i.e. revenue), the percentage applied (i.e. 1%), and PM (i.e. 75% of materiality) remained the same. The team also recognized that Bondfield operated in a low margin industry, where the average gross margin on all projects in the fiscal year 2014 was approximately 5%. Based on both professional judgment and the GTN risk, Kostich calculated materiality at $5.3 million.

106Based on the evidence, the Panel noted the following shortcomings in the above considerations. Specifically:

While financial institutions and bonding companies are appropriate users, “owners and management” are not. Owners are charged with governance and responsible for the overall strategic direction of the entity and its financial reporting processes, while management is responsible for the preparation and fair presentation of the financial statements. Maria Bot was the only owner who was not involved in the operations of Bondfield and may/may not have had access to the financial information that other owners did. She should have been clearly identified as a potential user of the financial statements. Owners and management had access to information the other users (external) did not have access to and were therefore differently situated from the other users who were using the audited financial statements to make economic decisions. Iorio should not have included owners and management when identifying users of the financial statements.
A greater emphasis was placed on the stability of revenue as a benchmark as compared to net income, rather than the need of the user(s). While revenues increased between 2013 and 2014, there were no similar increases in net income and cash from operations for those years. Instead, there was a decrease in both net income and operating cash before working capital changes of approximately $1 million and $2.5 million respectively. This contradicted the reasoning (i.e. stability) provided for selection of the benchmark.
Selecting revenue did not meet the needs of Zurich as one of the external users. In its agreement with Zurich, Bondfield had agreed to strengthen working capital and net worth in the future by retaining profit on an after-tax basis. Using a benchmark related to the covenants would have revealed any particular sensitivity towards a covenant and how much room was left before Bondfield would be in breach of its covenant to Zurich. For instance, Bondfield’s bonding facility required a minimum working capital of $40 million. In the 2013 Audits, the Bondfield Group had working capital of approximately $41.4 million resulting in a margin of approximately $1.4 million (actual less the required working capital). Any potential misstatement that decreased the working capital by $1.4 million would have resulted in a breach of the covenant and potentially impacted Zurich’s decision to continue to provide bonding services to Bondfield. Materiality should have been set at a level which would have allowed the engagement team to identify and accumulate misstatements (potentially a maximum of $1.4 million). By setting the overall materiality level at $4.3 million, such a misstatement would have gone undetected.
Another example of a user whose needs were not considered in selecting an appropriate benchmark was Maria Bot. As she was an inactive shareholder, she was unlikely to have been interested in revenue, as it would not necessarily correlate with profit – something a shareholder would be interested in.
Given that this was a first-time audit involving contract accounting, Iorio would not have been in a position to determine that there would be “only a few adjustments”. That assumption, while optimistic, failed to consider: the potential impact of allegations of suspected fraud; the information contained in the DF Memo; the significant management estimates involved in the recognition of gross profits and the significant reliance by the users on the financial statements. PM should have been set by applying a lower percentage of the overall materiality.

107In the 2014 Audits, no changes were made to the users identified previously, the benchmark selected, and the percentages applied in calculation of materiality as well as PM. While the audit risk was reduced from MGTN to GTN, no consequential adjustments were made to either overall or performance materiality in subsequent years. This raised further concerns regarding the appropriateness of the materiality and PM calculated in the 2013 Audits.

108In conclusion, Iorio failed to properly assess overall materiality (including identification of users, benchmark and threshold) and performance materiality to appropriate levels to ensure that sufficient and appropriate audit evidence was obtained.

Kostich

109For the 2015 and 2016 Audits, Kostich did not make any changes to the above noted considerations as compared to the 2014 Audits. Specifically, Kostich chose revenue as the benchmark, applied 1% to revenue to calculate materiality, and applied 75% to overall materiality to calculate PM, consistent with earlier years.

110During the 2016 Audits, Kostich became aware that Bondfield was in the process of refinancing its bonding arrangement. This should have been seen as a possible opportunity during which management might be motivated to misstate the financial statements to secure refinancing. This heightened risk for the 2016 Audits should have been considered by Kostich. Yet there is no evidence in the audit file that he considered the refinancing and associated risk or that the risk was considered in his calculation of PM for the 2016 Audits.

111Kostich also failed to properly assess overall and performance materiality to appropriate levels to ensure that sufficient appropriate audit evidence was obtained.

Related Parties [Iorio Allegations 2(k) and 3(j) and Kostich Allegations 1(k) and 2(i)]

112The PCC alleged that in the 2013, 2014, 2015, and 2016 Audits, Iorio and Kostich failed to obtain sufficient and appropriate audit evidence with respect to related parties.

113CAS 550 provides a definition of “related parties” and describes the responsibilities of an auditor with respect to related parties and transactions with them, identifying related parties as entities that do not deal at arm’s length. According to CAS 550.4, auditors are required to obtain an understanding of related party relationships and transactions to determine whether the financial statements, insofar as they are affected by those relationships and transactions, have achieved fair presentation and are not misleading. The manner in which an audit is conducted is impacted by the auditor’s understanding of related parties and of their relationships and transactions with the subject of the audit. Without such an understanding, an auditor is unlikely to be able to identify misstatements and/or possible fraud. Related party transactions must be disclosed in financial statements because there is an increased risk for misstatement and fraud due to the nature of the non-arm’s length relationships.

114It was incumbent upon Iorio and Kostich to obtain an understanding of related parties and their relationships to and transactions with as well as within the Bondfield Group in order to determine whether those relationships and transactions would impact the financial statements.

Iorio

115In the 2013 simplified audit planning memo, Iorio identified a risk that not all related parties or related party transactions would be identified. The team relied on an organizational chart which was designed for tax planning, not for financial reporting or auditing purposes. The organizational chart was limited in that it only identified related parties that were part of the Bondfield Group (that would be consolidated within the Bondfield Group’s financial statements). The chart did not include related parties that were outside of the consolidated Group but were not at arm’s length from entities in the group. Iorio should have made inquiries of other members of management as well as TCWG to identify related parties, especially those that were not a part of the consolidated Bondfield Group. As Iorio took no steps to identify related parties that were not part of the Bondfield Group, he breached the requirements of CAS 550.4.

116Iorio did not consider the PwC response of June 20, in conjunction with John Aquino’s controlling position in management, in identifying and assessing the risk of material misstatement due to fraud.

117Considering the elevated risk that was assigned to related parties by Iorio, additional communications should have been made to TCWG. These failures to communicate significant matters to TCWG were in breach of CAS 260 and CAS 550.27. Specifically, in the 2013 Audits for BCCL, the following issues that arose with related parties should have been communicated to TCWG:

the improper recording and disclosure of shareholder loans in an aggregate amount of $3.5 million. Of this balance, an amount of $2.7 million represented monies advanced by BCCL to an unrelated individual who further advanced the monies to purchase shares in an entity, PSI, on behalf of John Aquino. The explanation provided for structuring the share purchase transaction in this indirect manner was to avoid a potential/perceived conflict of interest. Additional details regarding this specific investment and the lack of controls around investments are included in these reasons under Marketable Securities [Iorio Allegations 2(m) and 3(l) and Kostich Allegations 1(m) and 2(k)]. The monies advanced were originally included in marketable securities/investments in the financial statements, subsequently classified as shareholder loans, which would have been the correct presentation.
a further classification error resulted in the concealment of a receivable from John Aquino in the amount of $0.8 million. The balance was included in accounts payable and netted against the accounts payable balance, thereby reducing the current liabilities that were owed to outsiders in the financial statements.
the difficulties Iorio and Deloitte Forensics experienced when trying to obtain audit evidence related to the investments.

While the above noted transactions and balances originated in the BCCL Audits, they also impacted Bondfield Group Audits.

118As to the PSI investment, Iorio simply required management to record an adjusting entry (as described above). By doing this, he failed to assess the risk arising from potential unauthorized use of Bondfield Group and BCCL funds by John Aquino for investments in his personal capacity, especially considering the lack of controls around investments and lack of TCWG communication. He also failed to consider the potential bias of management for fraudulent financial reporting by classifying shareholder advances of $3.5 million (typically a long-term asset) as marketable securities (typically a current asset) in the amount of $2.7 million and $0.8 million as an offset of accounts payable, potentially to meet its working capital covenant, as required by Zurich.

119In planning and performing the 2014 Audits, the deficiencies continued to occur resulting in similar issues. Specifically, Iorio:

did not make any changes to the audit plan which could have addressed the risk that all related parties or related party transactions would not be identified or captured in the 2014 Audits as compared to 2013 Audits.
used the same organizational chart and took no steps to identify related parties or transactions with related entities outside the consolidated Bondfield Group, again breaching the requirements of CAS 550.
failed to communicate to TCWG regarding an incorrect classification of a balance of $0.7 million owed to John Aquino as an accounts receivable, when in fact the amount was an amount due from a shareholder. The effect of this incorrect classification resulted in the non-disclosure of the receivable due from John Aquino in the financial statements and to TCWG.

120According to Rhodes, the failure to identify other related parties beyond the group of companies left the possibility of a gap in the audit procedures performed by Iorio. If there were other unknown related parties outside the Group which were not identified, this allowed for possible material misstatements in the financial statements that the audit team had not taken into account and planned for. By failing to identify other related parties, Iorio did not address this risk of material misstatement in the audit procedures for both 2013 Audits and 2014 Audits.

Kostich

121In planning and performing the 2015 and 2016 Audits, the deficiencies found in Iorio’s audits were carried forward resulting in similar issues. Specifically, Kostich:

did not make any changes to the audit plans which could have addressed the risk that all related parties or related party transactions would not be identified or captured in the 2015 and 2016 Audits.

122used the same organizational chart and took no steps to identify related parties or transactions with related entities outside the consolidated Bondfield group, again breaching the requirements of CAS 550.

123did not consider the June 20 PwC response, in conjunction with John Aquino’s controlling position in management, in identifying and assessing the risk of material misstatement due to fraud.

124The failure to identify other related parties in the 2013 and 2014 Audits beyond Bondfield’s Group left the possibility of a similar gap in the audit procedures performed by Kostich. By failing to identify other related parties, Kostich did not address this risk of material misstatement in the audit procedures for both 2015 and 2016 Audits.

Internal Controls [Iorio Allegations 2(i) and 3(h) and Kostich Allegations 1(i) and 2(g)]

125Iorio and Kostich failed to properly consider the completeness, design and implementation of internal controls relevant to the 2013, 2014, 2015 and 2016 Audits.

126CAS 315 defines internal controls as the process designed, implemented and maintained by TCWG, management and other personnel to provide reasonable assurance about the achievement of an entity's objectives regarding reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. There are different levels of internal control set out in CAS 315. An entity’s internal control environment is critical to the quality of its financial reporting and enables the auditor to assess the risk of material misstatement and to develop an appropriate audit response to those risks to reduce audit risk to an appropriate level.

127CAS 315 requires the auditor to:

128consider internal controls at the audit planning stage to understand the entity and its environment.

129assess whether the internal controls are designed appropriately to accomplish the objectives they are intended to achieve and whether they have been implemented.

130where there is a significant risk, assess the control environment to determine if there are deficiencies in control. CAS 315 defines a significant risk as an “identified and assessed risk of material misstatement that in the auditor’s judgment, requires special audit consideration.”

131make inquiries of management, and of appropriate individuals within the internal audit function, and others who may have information likely to assist in identifying risks of material misstatement due to fraud or error.

132consider whether information obtained in the client acceptance or continuance process was relevant to identifying risks of material misstatement.

133The Bondfield audits involved significant risks, given the suspicions of fraud and the implications for management integrity. An elevated audit approach was required to understand the entity’s controls in these circumstances, but neither Iorio nor Kostich applied such an approach. Rhodes opined, and the Panel agrees, that the audit teams should have taken a much closer look at the internal control environment, including any oversights over management by TCWG, due to that risk.

Iorio

134The following main deficiencies were identified in Iorio’s assessment of internal controls in 2013 and 2014 Audits and are detailed below:

Deficiency #1 – Incomplete identification of all controls relevant to the audit, resulting in relevant controls not being scoped into the audit.

135Deficiency #2 – Inadequate consideration of management override of controls as a significant risk, specifically, the risk from a single individual overriding control.

136Deficiency #3 – Missing or inadequate testing of the design of internal controls.

137Deficiency #4 – Missing or ineffective testing of the implementation of internal controls.

138Deficiency #1 – Some examples of incomplete identification of relevant controls are set out below:

139Internal controls provided by TCWG were neither documented nor considered.

140A reference was made to an Organizational Chart, which was not included in the audit file and therefore there is no evidence it was considered in the design and implementation of the internal controls.

141No documentation or testing of periodic reporting of the financial results to either management or to TCWG as a group, other than to John Aquino. Controls identified relied on John Aquino inappropriately when they should have involved TCWG as a group. In one of the controls, participation of Ralph, John and Steven in the management of the company was identified, but no further evaluation was performed as to where and how Ralph and Steve were involved in managing operations and oversight.

142Despite knowledge of limited controls around marketable securities, Iorio considered quarterly reviews of financial statements by John Aquino and DiPede as a compensating control. This was inappropriate because John Aquino executed the transactions related to marketable securities and was also monitoring the control activities. The ineffective design of the control was not considered further in the audit. Compensating controls provided by other members of management or by TCWG were not considered.

143Controls related to the preparation of budgets were not documented such as who prepared the budget, the timing thereof, how it was prepared, and who reviewed it.

144Understanding of the revenue process did not incorporate contract pricing considerations, such as target margins or the estimation of job costs to support contract tenders.

145In respect of controls over credit notes and change orders in the 2013 Audits, reliance was placed on architect approval of progress billings to the customers. Control as designed was ineffective in preventing misstatements as senior management was only reviewing after the invoice had already been issued to a customer. This was corrected in the 2014 Audits.

146While a risk of fictitious or unauthorized transactions in cost of sales was identified, the controls were only considered for one of the cost categories – subcontractor costs (i.e. within cost of sales). Testing over these costs was limited to testing a sample of one invoice from each of the projects and confirming that the invoice was appropriately recorded (amount and period). CAS 240.32 and CAS 240.A5 required him to consider how management could manipulate accounting records and perpetuate fraud. The control, as identified, did not address the risk of fictitious or unauthorized invoices being recorded by management. No compensating controls were considered, such as review by Ralph and Steve.

147Payroll-related controls were only described for some entities within the Bondfield group. Additionally, payroll disbursements related controls only included reference to payroll staff checking the accuracy of timesheets, not the verification that time was actually worked. The design and implementation of this component was not considered.

In all the above instances, where the controls either did not exist or were not identified, the design and implementation testing was not performed.

148Deficiency #2 – While Iorio identified management override of controls as a significant risk:

149He did not properly consider the impact of suspected fraud (as identified by PwC) to determine ‘where’ the risk of management override in the financial statements or in the entity existed.

150While he considered the involvement of Deloitte Forensic, it was limited to the audit of marketable securities. That response was narrow and did not adequately evaluate the risk of management of override of controls as a pervasive risk. Nor did it adequately evaluate what other areas of the financial statements might be susceptible to material misstatement as a result of the management override of controls.

151Due to significant involvement of John Aquino and DiPede in the various processes, Iorio ought to have considered whether there was a risk that limited individuals within Bondfield could override the controls, and if so, whether there were compensating controls, such as involving others in the monitoring of controls. Here, there was a significant risk because John Aquino was involved very closely in the financial management of Bondfield and also audit communication and inquiries were made to John Aquino alone. In light of this, Iorio did not appropriately scrutinize the information or monitoring controls of management or TCWG as a group.

152Deficiency #3 and 4 – Iorio’s audit procedures did not adequately test either the design or the implementation of internal controls or both in the following areas:

While properly designed, the review of quarterly financial statements by Steve and John Aquino to monitor deviations from the budget as a means to monitor the controls surrounding significant balances was not tested as designed. During testing, the quarterly statements were reviewed by John Aquino and DiPede, which was not appropriate as DiPede was not included in TCWG.
Other meetings and communications were identified as a ‘monitoring’ control. For instance, contract change orders were referred to senior management for review and approval. Yet this review was done through the monthly job cost report reviewed by DiPede and John Aquino and appeared to be an ‘after the fact’ approval. This deficiency was addressed in 2014 Audits.

153Further, even where internal controls were identified and adequately designed, there were deficiencies in implementation. For example, the control related to the review of quarterly financial statements by management was tested via the Q2 2013 financial statements, as the review by John Aquino on March 7, 2014, more than eight months after the financial reporting period ended. Iorio neither identified this as a failure in implementation due to the significant delay in management review nor performed additional procedures.

154Contract pricing involves the use of significant estimates. No controls were identified or tested resulting in a deficiency in identification of appropriate controls for testing.

155In response to the risk of uncollectable accounts and assessment of doubtful accounts, a review of financial statements was identified as a control, however, this was not appropriately designed as this was at too high a level. Additionally, the design of the control mentioned Steve Aquino’s involvement, however, the test for implementation of controls made reference to DiPede and John Aquino’s review of the quarterly financial statements and the bank compliance certificate.

156Other controls where design was appropriate, but implementation was either not tested or tested inadequately:

o Three categories of purchases were identified: material purchases, subcontractors and other purchases including computer and legal costs. However, implementation of this control only tested for material purchases and failed to consider other costs.

o While cheque signatories of the BCCL bank accounts were tested, those of the other companies in the Bondfield Group were not tested. Those bank accounts should have been considered because material disbursements were made from them. Online payments were also not considered.

o Contract testing required that costs be recorded in the correct job cost, yet implementation of controls over the coding of costs for labor and subcontractors were not tested.

Kostich

157Kostich repeated the errors Iorio made in not properly considering internal controls in the 2013 and 2014 Audits in the 2015 and 2016 Audits. For the applicable years, Kostich neither conducted an effective assessment of the risks of management override of controls nor did he perform sufficient procedures to identify management bias and respond to the presumed risks of management of override of controls present in the Bondfield Audits.

158Kostich did not meet the applicable standards with respect to internal controls for the 2015 or 2016 Audits. Specifically, Kostich’s assessment of internal controls was deficient in the following areas (elaborated above):

159There was no evidence of controls being exercised by any member of TCWG, other than John Aquino and DiPede, although DiPede was not a member of TCWG.

160There was no documentation confirming testing of periodic reporting of results to management or to TCWG as a group.

161Kostich did not implement an elevated audit response to address the limited controls that existed surrounding marketable securities and investments. There was no control over any potential misstatements by John Aquino because none of the other members of TCWG were involved in the process.

162There were no controls in relation to the preparation of the budget and while Kostich compared the budget with actual results as a control, he failed to consider controls on the budget to assess its reasonableness and/or reliability.

163In the 2016 Audits, Kostich evaluated the design and implementation of controls relating to access to the IT systems. While the design was found to be effective, the control was not implemented. He did not consider the impact the failure to implement this control would have on the risk of material misstatements.

164Controls over contract pricing, including target margins or estimates for job costs were not considered in testing within the revenue process.

165There was no review of change orders by a senior manager before committing the orders to the customer. The onus was on the architect to approve progress billings, which was an after the fact control.

166DiPede and John Aquino’s review of quarterly financial statements and bank compliance certificates was inadequate in design as this review did not identify uncollectible accounts.

167There was no compensating control identified to address the risk of fictitious or unauthorized transactions due to the potential for management override. Such a compensating control should have involved other members of TCWG.

168Kostich only tested one class of purchases (materials), and failed to test other categories, all of which are material to the financial statements.

169Kostich failed to test for controls to ensure that subcontractor and labour costs were recorded in the correct job costs.

170There was no implementation testing for reviewing cheques and signatories together with invoices. The implementation testing did not consider accounts of other companies that may have different signatories. Online payments were not considered. Finally, there were no descriptions of which accounts were held by which company.

171The design and implementation of testing controls over payroll were not considered. Kostich did not test the controls.

172The controls for each payroll process of subsidiary companies should have been tested for implementation.

173Both Iorio and Kostich failed to consider the design and implementation of internal controls which were relevant to the audits they conducted for Bondfield Group throughout the 2013 and 2016 Audits.

Material Misstatements and Fraud [Iorio Allegations 2(d), 2(e) and 3(e) and Kostich Allegations 1(d), 1(e), and 2(d)]

174The PCC alleged that Iorio and Kostich failed to properly consider the risk of material misstatement of the financial statements resulting from fraud for the 2013, 2014, 2015 and 2016 Audits. It was further alleged that the Members also failed to obtain an understanding of the entity and its environment sufficient to allow them to identify and document the areas in the financial statements where material misstatements were likely to occur for the 2013, 2014 and the 2015 Audits.

175Rhodes identified four deficiencies with respect to fraud, which were apparent in the 2014, 2015 and 2016 Audits: fraud inquiries; unpredictability in audit testing; management override of controls; and marketable securities; and three deficiencies that were applicable for the 2013 Audits, as unpredictability in procedures was not required for the first year of audit. Marketable securities are the subject of additional Allegations which will be addressed in detail in the next section of these reasons.

176The purpose of an audit is to enhance the degree of confidence of intended users of the financial statements through the expression of an audit opinion on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. As the basis for the auditor’s opinion, the CASs require the auditor to obtain reasonable assurance as to whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Auditors are required to maintain professional skepticism throughout the audit process, recognizing the possibility that a material misstatement due to fraud could exist.

177CAS 240 contains applicable standards which govern an auditor’s responsibility to identify and assess the risks of material misstatement due to fraud. The standards direct how auditors should obtain sufficient appropriate audit evidence relating to the assessed risks and require auditors to respond appropriately to fraud or suspected fraud identified during the audit process.

178While the risk of management override of controls due to fraud or error is a significant risk in any audit, it was significantly higher in these Audits given the concerns flagged by PwC during the acceptance process and the concerns found in the DF Memo regarding the integrity of management. These concerns carried through from 2013 to 2016 and required both Iorio and Kostich to exercise a very high level of professional skepticism when assessing and responding to these risks, which they failed to do. The information contained in the September 2015 Globe & Mail article regarding allegations against John Aquino required Kostich to exercise an even greater level of professional skepticism when assessing and responding to the risks related to the 2015 and 2016 Audits.

179According to CAS 315, it was incumbent upon the auditor to understand the entity and its environment, including the entity’s internal controls, and to identify and assess the risks of material misstatements. This in turn would have allowed the auditor to design and implement audit procedures which would have assisted the auditor in identifying risks of misstatement. Required risk assessment procedures include making inquiries of appropriate individuals within the entity that may have information likely to assist in identifying risks of misstatement, and consideration of whether information obtained from the client acceptance process is relevant to identifying such risks.

180To address this pervasive and significant risk, all auditors are expected to test the appropriateness of journal entries, and to review accounting estimates for biases and evaluate whether the judgments and decisions made by management in making the estimates indicate a possible bias that, even if individually reasonable, may present a risk of material misstatement due to fraud. If so, auditors are required to reevaluate the accounting estimates taken as a whole. The auditor is also required to evaluate significant transactions outside the normal course of business or that are otherwise unusual through a lens which considers whether they may have entered into such transactions to engage in fraudulent financial reporting or to conceal misappropriation of assets.

181Rather than making fraud inquiries of a broad group of management, others within Bondfield, and TCWG as required by CAS 240.18, Iorio and Kostich only discussed the risk of fraud with John Aquino and DiPede, both of whom had been implicated in the allegations of fraud that had been made by PwC and raised in the Globe & Mail article. This showed a significant failure in exercising professional skepticism.

182By relying solely on John Aquino and DiPede, Iorio and Kostich failed to obtain a realistic understanding of Bondfield and its environment which would have allowed them to appropriately assess the risks of material misstatement.

183Both Iorio and Kostich relied on fraud inquiries conducted in 2013 Audits in each subsequent audit years. There is no evidence that inquiries were updated despite new information, nor were the fraud inquiries expanded beyond John Aquino and DiPede. The fraud inquiries made by Iorio were limited and failed to meet the required standards. In turn, Kostich relied on the same working papers created by Iorio during his Audits and failed to consider the need to make inquiries beyond those made by Iorio.

184According to the requirements of CAS 315.25 and CAS 315.26, Iorio should have identified and assessed the risks of material misstatement from a broader perspective. The PwC June 20 and 26 letters should have alerted Iorio to the possibility of fraud perpetrated by John Aquino, including possible collusion. Instead, Iorio dismissed the possibility that John Aquino would defraud his own company and only took a narrow approach when evaluating risks of material misstatement throughout the audits, focusing on confirmations and involvement of Deloitte Forensic to respond to the risk of fraud within marketable securities. The risk that John Aquino posed in terms of his ability to override controls in all areas (and not just limited to marketable securities) was not adequately addressed.

185The DF Memo containing a preliminary review was issued a week before the 2013 Audits were completed and the report issued. The issues revealed in the DF Memo, most specifically relating to possible misstatements, could not have been properly considered nor could responses have been developed by Iorio before the issuance of the financial statements.

186With respect to the 2014 Audits, Iorio had concluded that PwC’s suspected fraud allegations were “not factual” and had been proven false. He therefore did not carry PwC’s concerns forward into the 2014 Audits, failing to properly assess each year with the appropriate level of professional skepticism.

187Despite Iorio’s decision not to consider PwC’s concerns in the 2014 audit, upon learning of the issues raised in the Globe & Mail article, Kostich should have reconsidered the concerns raised by PwC and the DF Memo into both the 2015 and 2016 Audits. Instead, Kostich adopted the same approach taken by Iorio in that he did not accept that John Aquino could pose a significant risk of management override of controls.

188CAS 240.30(c) required Iorio and Kostich to incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures, with additional guidance on ways to achieve the required unpredictability found in CAS 240.A37. Such ways include performing substantive tests on account balances and assertions not otherwise tested due to their materiality or risk; adjusting the timing of audit procedures from that otherwise expected; and performing audit procedures on an unannounced basis.

189Both Iorio and Kostich failed to implement unpredictability, as required by CAS 240.30(c), in audit testing for 2014, 2015 and 2016 years which would have made it more difficult to hide fraudulent activities or financial reporting. Each year, they implemented the same nature and extent of contract testing to audit contract revenue and costs; they used the same method of choosing suppliers for accounts payable confirmations each year, and the test for unrecorded liabilities was also the same. By failing to implement unpredictability into their audit testing, any manipulation of financial information by management would have likely remained undetected. As an example, for the test for unrecorded liabilities, each year Iorio and Kostich reviewed cheque payments that had cleared the bank for the first two months after year-end. A more reliable audit test ought to have started with invoices received subsequent to year-end during a period ending much closer to the audit report date.

190Finally, both Iorio and Kostich failed to perform any additional procedures to address the presumed risk of management override of controls, procedures which were especially required given the concerns regarding potential fraud as raised by PwC, the DF Memo and the Globe & Mail article.

191Despite the risk of fraud and management override of controls, the fraud inquiries undertaken by the Members were deficient and no unpredictability appeared to be incorporated into the testing. In relying heavily on representations made by John Aquino and ignoring many red flags about his integrity, Iorio and Kostich both failed to obtain an understanding of the entity and its environment sufficient to allow them to identify and document the areas in the financial statements where material misstatements are likely to occur. Iorio and Kostich both failed to exercise appropriate level of professional skepticism which also contributed to their failure to appropriately consider the risk of material misstatement due to fraud.

Marketable Securities [Iorio Allegations 2(m) and 3(l) and Kostich Allegations 1(m) and 2(k)]

192The PCC alleged that both Iorio and Kostich failed to obtain sufficient appropriate audit evidence to support the marketable securities balance as reported in the Bondfield Group and BCCL financial statements.

Iorio

193In its June 20, 2014 letter, PwC explained it could not complete the 2013 Audits, specifically noting concerns of an alleged fraudulent confirmation for an investment in marketable securities. To address this concern, Iorio appropriately sought the assistance of Deloitte Forensic, who provided the DF Memo dated August 1, 2014, a week before the 2013 Audits were completed and the audit reports were dated.

194On July 24, 2014, a week before Deloitte Forensic issued its DF Memo, the audit team completed their audit procedures over marketable securities. During the performance of these procedures, some of the issues (as noted in the DF Memo) were already addressed by virtue of the engagement team proposing, and John Aquino/DiPede recording, these adjusting entries. Specifically, two of the investments noted below (CACL and PSI investments) were no longer shown as ‘investments’ in the audited financial statements and were written off or reclassified to other accounts. This had the effect of making Bondfield’s balance sheet appear more robust.

195While Deloitte Forensic was primarily involved to assess the confirmation related to IA Clarington (“IA-C”), identified as an issue by PwC), the DF Memo raised additional concerns that extended to all marketable securities. The DF Memo also raised many facts that should have raised concerns regarding the integrity of the marketable securities accounts and regarding John Aquino and DiPede’s conduct with respect to Bondfield’s investments, including:

196Bondfield confirmed it did not hold any investments with IA-C as alleged by PwC;

197Existence of a $0.3 million private investment in CACL was questionable based on extrinsic evidence of the number of shares issued during the year;

198Existence of a $2.6 million investment in PSI was also questionable, with no legal agreement evidencing ownership of shares allegedly purchased by a third party named Ted Manziaris (“Manziaris”), ostensibly in trust for Bondfield to conceal the purchase from PSI, a customer of Bondfield;

199The investment manager for the above investments was Tahir of Gryphin Advantage Inc. (“Gryphin”). Several red flags were identified in connection with Tahir, including:

o Tahir was not actively registered within the Canadian Securities Administration;

o Gryphin performed administrative functions only, and investments listed on the audit confirmation obtained from Gryphin were input by Tahir into their system as external assets at current values set by him;

[200] Tahir was initially elusive, eventually participating in a phone call during which he appeared to be “quite nervous and agitated”. He said he included the confirmation amounts for PSI and CACL at the request and direction of Bondfield and that he had nothing to do with either investment;

[201] Tahir refused to answer further questions without first speaking with John Aquino and/or DiPede. He did not respond further despite having agreed to do so after connecting with John Aquino.

Certain investment transactions appear to conceal or obfuscate the true nature of the transaction;
Deloitte Forensic experienced delays in receiving information that was likely readily available; and
There were some inconsistencies in the responses received from John Aquino compared to those received from Ted Manziaris re: the PSI investment.

202As noted in the DF Memo, Bondfield’s overall investment strategy appeared to be high risk for the following reasons listed in the Memo:

203Certain investments were managed through an individual that did not appear to be registered;

204Certain investments were in companies incompatible with Bondfield’s core operations (e.g. life settlements), impairing their ability to assess the quality of the investment;

205Certain investments lacked sufficient evidence to support Bondfield’s ownership (e.g. PSI);

206Certain investment transactions appeared to conceal or obfuscate the true nature of the transaction. For example, according to John Aquino, PSI did not believe that Bondfield should be included in the private placement offering, given that it might create a perceived conflict of interest. However, Bondfield still pursued a share purchase through a third party, which may or may not have been concealed from PSI;

207Bondfield had $6 million invested in a GIC at an Italian credit union earning nominal interest, when more lucrative options were likely available to the company; and

208Bondfield identified investment opportunities through personal acquaintances and relationships.

209Despite these concerns, in the 2013 audit, Iorio should have, but failed to:

210reconsider the acceptance of the audit, even though in both the engagement letter as well as the Path to Acceptance memo, he had indicated that should issues arise, he would be able to terminate the engagement;

211reconsider the sufficiency and appropriateness of the audit plan. Instead, Iorio continued to perform “minimum” procedures that may have been performed. These procedures were not commensurate with the risk of management override of controls as well as elevated risk related to marketable securities;

212consider the impact of the high-risk investment strategy and internal controls (or lack thereof) relating to the purchase of investments;

213consider the need for enhanced professional skepticism, especially questioning management’s integrity. Iorio did not consider whether the circumstances indicated possible collusion – between John Aquino and DiPede, as well as between John Aquino and each of Tahir and Manziaris, both of whom provided audit evidence;

214consider whether he should direct his inquiries to other members of TCWG; and

215reassess the audit evidence that had been provided to date, especially that provided by John Aquino and DiPede. Instead, Iorio continued to rely entirely on their representations.

216With respect to the 2014 Audits, based on the limited information provided by Bondfield during the 2013 Audits, Iorio should have questioned the contents of some of the documentation received during the audit. He failed to question the fact that investment and debt transactions were still being authorized by John Aquino and processed by DiPede, therefore falling completely within the sole control of John Aquino. Iorio did not change the audit approach, and he continued to rely upon John Aquino and DiPede for information. Finally, Iorio did not carry forward the findings of the DF Memo or the concerns raised by PwC regarding fraud in the 2014 Audits.

Kostich

217Like Iorio, Kostich also identified certain risks relating to marketable securities, but he failed to properly consider or reassess the audit processes. Kostich had knowledge of PwC’s concerns and the findings in the DF Memo, and he was also aware of the information contained in the Globe & Mail article regarding allegations against John Aquino that questioned his integrity. Despite this information, Kostich did not reconsider the integrity of John Aquino or the possibility that he could pose a significant risk to the 2015 and 2016 Audits. He did not seek additional information from other sources. Instead, he adopted the overall approach taken by Iorio in the 2014 Audits and made no changes to the audit strategy, approach and plans for the 2015 and 2016 Audits. The lack of professional skepticism and the lack of due diligence demonstrated by Kostich in light of the information available to him, resulted in a failure to appropriately or sufficiently alter the audit plan in each of the relevant years which could have indicated the existence of fraud in the financial statements.

Contract Testing [Iorio Allegations 2(l) and 3(k), and Kostich Allegations 1(l) and 2(j)]

218The PCC alleged that both Iorio and Kostich failed to obtain sufficient appropriate audit evidence to support the combined consolidated statement of earnings and retained earning items: “Contract revenue”, “Contract costs” and “Gross profit” in the following amounts:

2013

2014

2015

2016

Contract revenue

$452.44 million

$529.56 million

$628.85 million

$668.79 million

Contract costs

$435.39 million

$508.00 million

$607.72 million

$643.11 million

Gross profit

$17.05 million

$21.56 million

$21.13 million

$23.68 million

219Bondfield’s focus as a construction company was on the design, build and management of largescale construction projects. Contracts held by Bondfield Group ranged in value from less than $1 million to greater than $100 million and many of its contracts were related to public sector infrastructure projects. The projects had contractually defined scopes, with most of the contracts spanning several years, were arranged as a fixed fee and awarded through a tendering process. Contracts set out the specifics of each project, including the use of subcontractors. Monthly progress bills were provided by Bondfield Group based on agreements reached with customer architects.

220Contract testing in the Bondfield Audits was an integral part of the yearly audits. Contract testing refers to an auditor’s response to the risk of material misstatement, whether caused by fraud or error, within the contract-related financial statement balances and transactions. Contract testing required performing procedures over income statement accounts such as contract revenue, contract costs, and the resultant gross profit and balance sheet accounts such as unbilled/accrued revenue (a receivable) and deferred revenue (a liability).

221As to the income statement accounts, Revenue Recognition, section 3400 of Part II of the CPA Canada Accounting Handbook requires that the key measure to recognize revenue is progress on each contract. Bondfield considered expended costs to be the best available measure of that progress and the Bondfield Group and BCCL financial statements indicated the use of “Percentage-of-Completion” Method (“PCM”) to recognize revenue on its long-term, fixed fee contracts. This method attempts to recognize an estimated gross profit on a rational basis as the construction occurs and focuses on the related costs by recognizing revenue based on total costs incurred to date in proportion to total estimated contract costs. This measures a contract’s progress by how complete the contract work is. Determination of costs to completion on a contract is inherently an estimation exercise.

222The balance sheet accounts flow from PCM calculations. Since Bondfield’s contracts were based on fixed fees charged regularly over the life of a contract, the amounts invoiced for a particular contract do not reflect the progress of a contract at year-end. An adjustment is typically required for each contract to reflect the difference between the amount billed and the revenue calculated by applying the PCM formula. If billings exceed revenue that can be recognized at year-end, a deferred revenue liability is recorded which is then recognized as revenue in a future period when the PCM shows that it has been earned. Conversely, if amount of revenue to be recognized exceeds the billings, accrued revenue is recognized as a receivable that has been earned but not yet invoiced.

223Accounting for contracts is the responsibility of management and requires management to make many estimates. The accuracy of those estimates depends on management’s knowledge and experience of the industry and of the specific contracts themselves. The estimates don’t need to be precise, but they should be sufficiently reliable so that they can be used in financial statements. Contract revenue represents singularly the largest item on the financial statements; misstatements could be material and result in over or understatement of account balances in a single year as well as the shift in profits and revenues between years in the financial statements. Iorio and Kostich recognized that this method of recognizing revenue introduces significant audit risk because the revenue recognition depends on the accuracy and quality of management’s estimates.

224CAS 540 addresses standards for auditing accounting estimates. An auditor is required to undertake certain procedures to test management’s estimation process to determine whether the estimate is reasonable. Understanding the estimation process involves understanding the data on which estimates are based, the method of measurement used, and management’s assumptions. In certain circumstances, it may be proper to develop a point estimate or a range to evaluate management’s estimate. Other procedures typically include:

225Determining whether events occur up to the date of the auditor’s report provides audit evidence regarding an accounting estimate. Subsequent events that contradict the accounting estimate may indicate that management has ineffective processes for making accounting estimates, or that there is management bias involved.

226Performing detailed testing of management’s estimate which includes testing the underlying data, evaluating appropriateness of the measurement method and reasonableness of the assumptions used by management. This may include a consideration of management’s review and approval processes in relation to the data used to determine the estimate.

227A review of the outcome of accounting estimates included in the prior period financial statements (a ‘lookback test’) to identify and understand the reasons for the differences in the estimate from the earlier period compared to the actual result in the period that followed. This audit evidence may assist in identifying the susceptibility of management estimates to possible management bias. The auditor’s professional skepticism assists in identifying such circumstances or conditions in determining the nature, extent and timing of further audit procedures.

228An effective audit test provides appropriate audit evidence to an extent that it, taken with other audit evidence obtained, will be sufficient for the auditor’s purposes. In selecting items for testing, the auditor is required to determine the relevance and reliability of information to be used as audit evidence.

229The audit team’s testing in each of the Audits was included in working papers referred to as Contract Testing Workbooks (“the Workbooks”). The details of the deficiencies noted below are arranged based on the type of test (as performed on various worksheets within the Workbook) and further segregated by the year to which it relates. Specifically, the following worksheets were included in each Workbook:

Open Project tests provided project specific details (start date, estimated substantial completion date, total project revenue, total costs-to-date, total estimated costs to completion), a reference to discussion with a project manager, calculation of percentage-of-completion (costs as a percentage of total costs), revenue recognized since inception and revenue recognized for the fiscal year, and gross margin related information. A comparison with billings-to-date provided an initial calculation of accrued revenue or deferred revenue.
Revenue Lookback tests involved the comparison of gross margin percentage for the prior year for a sample of projects to the gross margin percentage for the six-month period during the current year. The sample size for projects was determined based on judgement. Variances in the gross margin in excess of +/- 3% were investigated.
Subsequent Changes tests involved comparing recorded total contract revenue, total estimated costs, expected gross margins and percentage-of-completion as of year-end with updated estimates of total contract revenue, total estimated costs, expected gross margins and percentage-of-completion (based on revised estimate of total contract costs) subsequent to the year-end to determine whether any adjustments were required to the recorded amounts.
Closed Project tests involved testing a sample of projects identified as completed during the year and determining whether any costs were recorded subsequent to the year-end, that were not previously accrued for. This would identify whether any adjustments to revenue and/or accrued contract costs would be required for the year under audit.

The purpose of these Workbooks was to test validity of revenue, accuracy and valuation of unbilled revenue, and completeness of deferred revenue for each year-end.

230Iorio and Kostich used information for each contract to assess the occurrence and accuracy of revenue recognized by reviewing and confirming the contract date and original value. They obtained job cost reports for each project including approved change orders to confirm revised contract prices, recalculated the percentage-of-completion, and discussed progress status with project managers. They corroborated the percentage-of-completion estimates with John Aquino, and with the latest third-party architect/engineer’s certificate issued at year-end. While these were appropriate procedures as a starting point, several deficiencies were noted in the actual testing conducted by Iorio and Kostich. These deficiencies have been aggregated into the following categories: Lookback Procedures, Contract Cut-Off, and Subsequent Information.

A. Lookback Procedures

231A retrospective review of management judgments and assumptions related to significant accounting estimates are required by CAS 500 and 240 and involve assessing reasonableness of management’s estimates by comparing previous estimates made against the actual outcomes. These are required procedures to review accounting estimates for biases that could represent a risk of material misstatement due to fraud in response to the risk of management override of controls. In the Bondfield Audits, lookback procedures should have started with the profit margin for contracts completed during the current year and should have considered accuracy of prior year estimates against actual profit margins.

2013

232Issue 1: Basis of sample size of five “closed” projects – Closed projects are projects that are substantially completed during the fiscal year. Iorio did not document the basis of selecting five closed projects.

233Issue 2: Significant calculation error:

The percentage-of-completion was inaccurately calculated based on revenue, rather than on costs. This is contrary to the PCM that should have been used (based on revenue recognition policy), resulting in meaningless results, and negating the purpose of the test.
The test used in the Bondfield Audits ignored the inconsistency between the percentage of revenue recognized and the percentage of costs recognized. The purpose of using PCM is to match recognized revenues and costs to reflect gross profits in the correct financial reporting period. This inconsistency should have been quantified and assessed. Subsequent reviews did not identify the potential material oversight.
A revenue adjustment appeared to have been required for each of the five contracts (based on erroneous calculations). These adjustments should have been treated as errors to be accumulated with any other errors identified and considered at the end of the audit to determine whether the error was material either individually or in aggregate to the financial statements. As a result of the errors in this audit procedure, these errors were not accumulated and assessed.
This ultimately resulted in an unsupported conclusion that no revenue adjustments were identified.

234Issue 3: Timing of data considered for Lookback test –. The lookback tests for the 2013 Audits were performed in July 2014. A well-designed test should have required a review of the most current information in order to identify and assess costs incurred after a project had been deemed to be substantially complete. However, the 2013 lookback tests were based on updated information for costs available as of Q1 2014 (corresponding to the period ended March 31, 2014). A later period, such as Q2 2014 (corresponding to the period ended June 30, 2014), would have been more appropriate and may have indicated additional revenue-related adjustments.

235Issue 4: Deficiencies in testing on the Revenue Lookback test worksheet – This testing involved comparison of December 2012 (prior year) results with those at June 30, 2013 (a portion of the current year period under audit). This resulted in a number of deficiencies:

Inadequate explanation was provided for the choice of sample size of six contracts for BCCL and three contracts for Forma-Con.
Variance in excess of +/- 3% was selected. Iorio noted that 3% threshold was chosen based on “Deloitte’s knowledge of the client and the nature of the projects”, while this was a first-year audit and the combined Bondfield Group financial statements indicated an overall gross profit of 3.76% on its contract work. The choice of 3% was too high and rendered the test as ineffective in identifying any misstatements in prior period estimates and the risk of management bias. Specifically, this high threshold resulted in no attention being paid by Iorio to a large variance of over $2.5 million of additional gross profit (a 2.17% variance) on one of the contracts selected for testing, over a short period of six months. This variance should have been considered unreasonable and warranted further investigation.
Choice of management estimates only six months apart was questionable given the long-term nature of the contracts, and 2013 being the first year of audit. The team had access to the complete year of information (procedure was performed in July 2014, testing could have been extended beyond the 6-month period ended June 2013). Additionally, Iorio only compared estimates to estimates (not actuals). This test did not provide sufficient, reliable or appropriate audit evidence.

236Issue 5: Period covered by the Subsequent Changes test worksheet – Q4 2013 results were compared to Q1 2014 for projects which reached substantial completion shortly after the year-end (in Q1 2014).

A three-month period does not provide much useful evidence. Appropriate analysis should have involved looking at how estimates were made over the life of the contract to identify any management bias that might have existed in misstatements over the life of the contract.
The test should also have included a comparison to estimated margins at December 31, 2012, a much longer and therefore more helpful window.
Being a first-year audit, Iorio should have sought more persuasive evidence on management bias – whether margins were misstated earlier in the contract work with a correction to the actual margin in the year of completion to move profits between reporting periods – and on management’s ability to make estimates that are sufficiently reliable for financial reporting purposes. The audit file contained no such evidence.

237Iorio had identified revenue recognition to be a significant risk, suggesting more extensive and persuasive audit evidence would be required to meet the standard (subject to professional judgement of the engagement team). The lookback tests performed by Iorio were not adequately designed to address the significant risk associated with revenue and the risks inherent in management estimates and, accordingly, did not provide sufficient and appropriate audit evidence related to contract revenue, contract costs, and gross profit. No consideration of possible management bias in accounting estimates was documented, contrary to the requirements of CAS 540.

2014

238Most of the deficiencies and errors in testing performed in the 2013 Audits were carried forward to the 2014 Audits, in addition to some other deficiencies noted. Specifically:

Deficiency noted in Issue 1 and error outlined in Issue 2 above regarding closed projects continued in the 2014 Audits, resulting in possible inadequate work being performed, non-identification and accumulation of misstatements and incorrect conclusions.
In addition to Issue 2 above, this test included an additional error in the formula for calculation of ‘additional costs to complete’. For the five projects tested, the worksheet indicated that the ‘additional cost to complete’ for two of the projects was a negative figure (due to the formula error). This led to further nonsensical results from the test rendering it meaningless as it provided no useful audit evidence. Neither Iorio nor any other reviewer noted these errors.
Deficiencies related to Issue 4 continued in the 2014 Audits. Despite the increase in revenue, the number of samples selected for testing was reduced and inadequate explanations were provided for sample size of five contracts for BCCL and two contracts for Forma-Con. Neither was a comparison of estimated margin to actual results performed, nor was threshold for variance reconsidered.

239The ineffective design of these audit procedures was not corrected in 2014, and so yet again the lookback procedures did not provide sufficient appropriate audit evidence in respect of contract revenue, contract costs, and gross profits.

2015

240Similar issues to those encountered in the 2013 and 2014 lookback procedures exist in connection with the 2015 Audits. Specifically:

No explanation is given for the number of closed contracts Kostich chose to test in the audit file (Issue 1).
Errors in the worksheet as noted in Issue 2 continued in the 2015 Audits. The incremental error that occurred in 2014 related to additional costs to completed also carried forward to the 2015 worksheet. Four of the contracts indicated negative additional costs to complete. These should have been identified as a red flag and investigated. Kostich took no steps to address this issue rendering the test meaningless and ineffective.
Errors relating to Issue 4 and 5 also continued to occur in the 2015 Audits. Sample size determined in the 2014 Audits was continued to be used for testing in the 2015 Audits. Additionally, the period over which subsequent changes in cost estimates were tested was reduced to one month after year-end, even though the engagement report was not dated until April 26, 2016, for BCCL and April 18, 2016, for the Bondfield Group.

241The 2015 lookback tests were not adequately designed to address the risks of management bias arising from management’s estimates in contract testing. The tests did not provide sufficient appropriate audit evidence, and the audit team documented no consideration of possible management bias in accounting estimates as required.

2016

242While the erroneous calculations (Issue 2 above) made in the 2013, 2014 and 2015 Audits were not repeated by Kostich in 2016, other deficiencies continued to exist.

243Issues related to sample selection in Issue 1 and 5 continued. All other concerns related to Issue 4 and 5 also continued to occur. A one-month period for review of subsequent changes in cost estimates was applied in testing of the 2016 contracts, even though the engagement report was not dated until August 11, 2017 (for BCCL and the Bondfield Group).

244Ineffective design of audit procedures for contracts was not corrected in the 2016 Audits; hence the audit did not provide sufficient appropriate audit evidence.

B. Contract Cut-Off

245Testing of contract cut-off relates to procedures performed over deferred revenue and accrued revenue adjustments that result from contract testing performed typically over open contracts. The layout of the open contract listing in the file included the calculation of the gross profit over the life of the contract which was then adjusted to an amount that was equal to the gross profit earned at that date (based on percentage-of-completion). The other side of those accounting entries are either deferred or accrued revenue.

246Deferred or accrued revenue arise from comparison of the cumulative revenue to be recognized, calculated using PCM, with the revenue that has already been billed over the life of the contract to date. The difference arises because the costs on the contract accumulate at a different rate than the progress billings are made to the customer. Where customer billings are behind the revenue based on percentage-of-completion, it results in accrued revenue and where customer billings exceed the revenue that can be recognized, deferred revenue is recorded. The objective of contract cut-off tests is to assess the reasonability of the deferred and accrued revenue adjustments – which in turn are based on management’s estimates involved in the determination of the percentage-of-completion of each contract.

247Neither Iorio nor Kostich performed sufficient procedures:

to assess reasonability of the recorded amount of accrued revenue and deferred revenue; and
over contract costs that impact the quantum of revenue that is recognized.

248Reasonability of deferred and accrued revenue was tested as follows:

Deferred revenue – By vouching to the last invoice prior to the year-end; and
Accrued revenue – By vouching to the first invoice subsequent to the year-end.

Because of the nature of the contracts, billing for each customer was performed monthly, resulting in a December and a January invoice always to trace back to. The procedure failed to consider that the amount of last/first invoice in several cases was significantly different (lower) than the amount of deferred revenue and accrued revenue recognized. Vouching to these last/first invoices merely confirmed existence of the invoices and failed to provide any further insight into appropriateness or sufficiency of deferred and accrued revenue.

249Where differences existed in actual balances versus the tested amounts, the audit conclusion was to accept these variances as reasonable because many customers were on a fixed payment schedule. This was not consistent with progress billings based on architect certificates. Moreover, the payment of an invoice (subsequent to the year) did not provide any audit evidence with respect to reasonableness of accrued receivable as at December 31 (of any year).

250Additional procedures performed included trend analysis of revenue, accrued revenue, and deferred revenue balances by considering the variance in balances from one year to the next. The contracts ran over several years, however, there was no evidence that either Iorio or Kostich considered analysis over a much longer period (four or five years), which would have been more appropriate, given the length of the contracts.

251The audit procedures performed failed to appreciate that the deferred or accrued revenue amount at year end arises due to the timing of recognizing project costs relative to the timing of progress billings. As a result, very limited procedures were performed on contract costs and the resultant gross margins. Some of the procedures that are likely to have provided additional evidence regarding management estimates of costs and gross margins are:

Comparison of gross margins across contracts with a detailed review of outliers;
Comparison of cost incurred to date with committed cost to date, total expected cost to completion, and budgeted cost;
Analysis of budgeted cost categories including any contingent costs;
Comparison of costs to date by cost category with costs at date of fieldwork and analysis of significant variances; and
A more thorough substantive analytical audit procedure for total direct labour costs.

Both Iorio and Kostich used the same tests for deferred and accrued revenue. The deficiencies in the design of the tests, and results of the procedure performed were aligned and provided negligible audit evidence in all audit years.

C. Subsequent Information

252The auditor reviews information that has become available subsequent to the year-end up to a date reasonably close to the audit report date to assess the reasonability and accuracy of management estimates. In the context of contract testing, this would involve comparing the total estimated revenue, total estimated costs and percentage-of-completion on the open contracts selected for testing to those same metrics on a date subsequent to year-end.

253The CAS require the auditor to accumulate misstatements (other than trivial) identified during the audit, which in turn allow the auditor to re-assess the required audit responses and revise the audit plan and strategy if the nature of identified misstatements and the circumstances of their occurrence indicate that other misstatements may exist that, when aggregated with misstatements accumulated during the audit, could be material. Therefore, the consideration of how the detection of a misstatement affects the assessed risks of material misstatement is important in determining whether the assessment remains appropriate. Evidence that other misstatements may exist include when an auditor identifies that a misstatement arose from a breakdown in internal control or from inappropriate assumptions that have been widely applied by the entity.

254When errors are noted, they cannot be assumed to be isolated occurrences. Where the errors all have directionally the same impact (increase revenue, reduce costs, etc.), the auditor should consider the likelihood that the errors are indicative of management bias. The auditor is also required to document the results of their evaluation.

255In each of the Audits, the engagement teams performed subsequent change tests for open contracts. The audit year and the period covered by the subsequent change test are as follows:

In the 2013 Audits – Period up to March 31, 2014
In the 2014 Audits – Period up to February 28, 2015
In the 2015 Audits – Period up to January 31, 2016
In the 2016 Audits – Period up to January 31, 2017

The period covered by the respective tests was not extended up to the date of the audit report. Though the period over which subsequent change review was performed was not adequate for all the years above, the Panel only considered issues for the 2013 Audits, as that was the only year that the PCC provided evidence for. For the 2013 Audits, no explanation was provided as to why the subsequent information was only reviewed to March 31, 2014, when the audit work was performed in July 2014.

256Iorio identified five contracts in which revenue was overstated as at December 31, 2013, by a total of $3.0 million based on the subsequent change test. Iorio documented numerous reasons and ultimately decided not to treat the $3.0 million in revenue as an error in the financial statements. A summary of the reasons and the appropriateness thereof is tabulated below:

Reason/Justification Documented

Comment on Reason/Justification

“…the movement for a majority of projects was within 1%, and therefore management estimates at year-end appear reasonable

Several of the variances in percentage completion were above 1%, the threshold relied upon by Iorio to justify not treating these as errors. He did not address these misstatements.

“Deloitte tested over 90% of total revenues among the Group’s entities scoped in for detailed testing, where no significant differences (i.e. less than 10%) were noted with respect to the percentage of completion based on the job summary reports in comparison to discussions with the project managers and John Aquino…”.

Iorio suggested that other revenue tests performed did not identify significant differences greater than 10%. This was of no consequence.

The relevant inputs for determining gross profit to be recognized at a point in time are the estimated gross profit at completion and the proportion of total cost that has been incurred to date out of total estimated cost. The increased costs have the effect of reducing the total gross profit at completion. The audit implications of that change were ignored.

A lack of errors identified elsewhere in the audit procedures does not allow an auditor to ignore differences calculated as part of an audit procedure. The reliance on other testing performed could not justify the differences calculated as misstatements because there were no procedures performed to test management’s ability to make accounting estimates with respect to the contracts and there was no test performed to identify any bias in accounting estimates. Accordingly, further work should have been done on these differences.

“…new information may arise as the project status progresses. As such, any changes in the above metrics are not considered errors, but rather they are a function of additional work being performed and/or new information.”

“…therefore it is reasonable that increased costs were incurred closer to the date of completion than the amounts originally budgeted.”

Iorio explained subsequent increases in estimated costs as being reasonable on the basis that management estimates at year-end were based on best estimates at that time and were not errors, rather these were “cost overruns” resulting in gross margins that were “less than originally budgeted”.

This approach ignored the requirement under CAS 540 to consider the value of subsequent information in testing appropriateness of management estimates and bias.

Ignoring this available information and dismissing it as irrelevant “cost overruns” may have resulted in a shifting of profit between accounting periods which would constitute a misstatement.

“The year end (and monthly) percentage of completion of projects is determined, reviewed and/or revised by management and project managers based on their best estimate of the project status (given all available information). For example: additional costs may be incurred due to unforeseen conditions that may cause the job costs to increase, resulting in a revised gross margin that is less than originally budgeted.”

“…the percentage of completion may increase in March …. as additional work was performed on the project during the four-week period.”

Deloitte concludes, “As this represents a change in estimate based on new information in March 2014, this is not an error but rather a revision to the initial assessment made by both management and the project manager. Reasonable.”

Iorio further justified the increase in costs as being attributable to additional work being performed in March.

Iorio neither considered that all the noted changes resulted in overstatement of revenue, nor did he consider whether these errors resulted from management bias or fraud (and if so, whether this might suggest the existence of other misstatements). Iorio should have been alert to these issues given that all of the errors went in the same direction.

There was no explanation as to why a four-week period was referenced.

257The variance of $3.0 million revealed in the subsequent period testing for the 2013 Audits reflects conditions (errors in management’s estimation process) that existed at the year-end given Bondfield’s contractual commitment to complete the work. They are therefore considered to be adjusting subsequent events for accounting purposes. As such, and in accordance with CAS 540, the subsequent information should have been incorporated into the accounting estimates in the financial statements. Iorio was required to consider whether the financial statements were materially misstated in light of the identified variances. There was no evidence that he did so.

D. Conclusion

258Contract testing performed in each of the 2013, 2014, 2015 and 2016 Audits was deficient, included errors and was incomplete. Audit findings should have led to additional testing.

259Based on the errors and deficiencies noted, the Panel concludes that neither Iorio nor Kostich provide the necessary level of oversight of their respective staff. Given Iorio’s self-described experience in auditing construction companies, he should have identified these issues, rectified them, and ensured that further audit procedures were performed as indicated to address the deficiencies. By the time Kostich became the engagement partner, he had obtained two years of experience with the Bondfield Group. He did not challenge the decisions made by Iorio in previous audit engagements.

260Iorio (for the 2013 and 2014 Audits) and Kostich (for the 2015 and 2016 Audits) failed to obtain sufficient and appropriate audit evidence to support the amounts for contract revenue, contract costs, and gross profits in the combined consolidated statements of earnings and the accrued revenue and deferred revenue amounts on the balance sheets of the Bondfield financial statements for 2013, 2014, 2015 or 2016.

Covenant Testing [Iorio Allegations 2(n), 2(o), 2(r), 3(m) and 3(n), and Kostich Allegations 1(n), 1(o), 2(l) and 2(m)]

261The PCC alleged that Iorio failed to identify the breach of the financial covenant related to the lending facility for Bondfield and to ensure adequate disclosure was made in the Bondfield financial statements. The PCC also alleged that Iorio and Kostich failed to obtain sufficient appropriate audit evidence to support the classification of certain investments as current assets.

262These Allegations relate to misclassification of investments in Forma-Con Limen Joint Venture (FC-JV) and Bondfield/Walsh Partnership (B/W Partnership). While the conduct alleged directly impacted the presentation of investments on the balance sheet, it also indirectly impacted the appropriateness of the covenants testing in the engagement file for the 2013, 2014, 2015 and 2016 Audits.

263Lenders may include financial, non-financial, and reporting covenants in the lending agreements to allow them certain rights in the event of non-compliance of covenants. The calculation of covenants and frequency of their testing is governed by the agreement. The existence and compliance with these covenants are also required to be disclosed in the financial statement. The existence of covenants may give rise to a risk at the financial statement level because management may have a bias to misstate/misclassify balances to comply with the covenants. Any misstatements that may arise from the over/under statement or misclassification of balances may impact the economic decision of the lender, who is a user of the financial statements.

264Bondfield was required to comply with a minimum working capital of $40 million and minimum net worth of $50 million under its bonding agreement with Zurich. While Bondfield had sufficient room available in the calculation of the net worth covenant, misstatements affecting the working capital covenant that were material may have impacted Zurich’s decisions, with a possibility of not renewing the bonding facility. As a result, certain assets and liabilities were more susceptible to misstatement and/or misclassification (between current and long-term assets). Canadian Accounting Standards for Private Enterprises (ASPE), sections 1510 defines current assets to include those assets ordinarily realizable within one year from the date of the balance sheet or within the normal operating cycle, when that is longer than a year. Investments are classified as current assets only when capable of reasonably prompt liquidation.

265A review of the 2012 financial statements (audited by PwC) revealed that these investments were presented as long-term assets. However, commencing in 2013, the classification was changed to current assets in the financial statements audited by Deloitte.

Iorio

266In a memo detailing analysis of the various investments, Iorio incorrectly concluded that the FC-JV should be classified as a current asset because the project was expected to be completed by December 31, 2024, construction equipment held by JV represents less than 10% of the total assets and all receivables are current.

267Rhodes opined, and the Panel agreed, that this assessment was incorrect because:

Iorio ignored the terms of the JV agreement, which required the unanimous approval of both parties to distribute profit or capital to the participants, to dispose of equipment and the amount of any reserves required for any warranty period or for any unsettled claims. Bondfield had joint control with another party over the investment. The asset was not capable of prompt liquidation and should have been characterized as a long-term asset.
Receivables included an amount of $1.9 million which represented a holdback receivable, which would only be collectible on substantial completion of the project.
If the net profit and long-lived assets had been realized in cash within 12 months of the balance sheet, cash would typically be withheld for warranty and other rectification work.

268Iorio similarly concluded that the B/W Partnership should be classified as a current asset because John Aquino stated that the work was being completed as expected and should be completed by the end of 2014; the partnership agreement stated that “time is of the essence” which, according to Deloitte, meant the parties would be “motivated to complete the work on time”; and the net assets of the partnership were all classified as current. Rhodes opined, and the Panel agreed, that this assessment was incorrect because it was a partnership of two entities, so Bondfield could not liquidate the investment reasonably promptly. Again, this was a long-term asset mischaracterized by Iorio as a current one.

269Deloitte’s conclusion that the investment should be classified as current is deficient for the following reasons:

For an investment to be classified as short term, the investor must be able to liquidate the investment itself reasonably promptly;
Iorio’s analysis only considered the “time is of the essence” clause of the partnership agreement but ignored that the ‘partnership shall continue in existence until it is dissolved and its affairs are wound up’. Also, any distributions of profit or capital to the participants, the disposition of equipment, and the determination of the amount of any reserves required for any warranty period or for any unsettled claims can only be made with the unanimous approval of both parties; and
The distribution of capital and profits can be made upon substantial completion and the agreement of both partners, with up to seventy-five percent (75%) of the then-expected profits of the partnership may be paid out to the partners. Additional restrictions existed under the agreement.

270An investment is classified as current only when the investment itself is capable of reasonably prompt liquidation. The presentation of the net assets of the partnership as current is only indirectly relevant to that classification. The investment in the B/W Partnership should have been classified as long-term as at December 31, 2013.

271The same logic applied to the classification of these investments was applied in the 2014 Audits. The misclassifications of these investments as current assets resulted in incorrect working capital being calculated and used in covenant calculation.

Kostich

272Kostich carried the same file memo regarding investments forward in his 2015 and 2016 Audits and treated these investments in the same manner as there had been no material changes to the investment agreements. This resulted in the same errors in the 2015 and 2016 financial statements as well for the same reasons as noted above.

273The fact that these investments were still recorded in the financial statements of subsequent years (i.e. in 2014, 2015, and 2016) and not liquidated in the short-term, supported the PCC’s Allegation related to incorrect classification.

Impact on Covenant Testing

274The revised working capital resulted in a breach of the working capital covenant as summarized below:

Year

Investment in FC-JV

Investment in B/W partnership

Impact on working capital

Impact on covenant

2013 (Iorio)

$1.01 million

$2.24 million

Overstatement by $3.25 million

Not complied

2014 (Iorio)

$1.01 million

$2.77 million

Overstatement by $3.78 million

No impact

2015 (Kostich)

$1.01 million

$0.31 million

Overstatement by $1.32 million

No impact

2016 (Kostich)

$1.01 million

$0.93 million

Overstatement by $1.94 million

No impact

275While the misclassification in the financial statements resulted in a change to the working capital covenant calculation, Bondfield Group continued to be onside with the covenant requirement for 2014, 2015 and 2016 Audits.

276Iorio and Kostich failed to properly consider proper classification of certain investments and their impact on covenant testing for the 2013, 2014, 2015 and 2016 Audits.

Operating Expenses [Iorio Allegation 2(p)]

277The PCC alleged that Iorio failed to obtain sufficient appropriate audit evidence with respect to operating expenses of BCCL of $5.4 million for the 2013 Audits.

278In testing the operating expenses of BCCL in the 2013 Audits, Iorio traced balances within the total expense of $5.4 million to three invoices. Such a sampling was too small and insufficient. Iorio selected three invoices based on the PM he had set of the 2013 audit which was too high. A more appropriate PM would have resulted in a larger sampling of invoices and may have provided sufficient and appropriate audit evidence related to operating expenses.

Completion and Reporting [Iorio Allegations 2(h), 2(q), and 3(o) and Kostich Allegation 1(h)]

279In the following Allegations, the PCC alleged that Iorio:

2(h). failed to obtain a signed management representation letter for the audit of BCCL’s financial statements for 2013;

2(q). caused the issuance of the audit report and financial statements for Bondfield Group for the 2013 Audits prior to the issuance of the audit report and financial statements for one of the entities consolidated within the Bondfield Group; and

3(o). caused the issuance of the audit report and financial statements for the 2014 audit of the Bondfield Group prior to the signing off on the Board of Directors Report.

280With respect to Kostich, the PCC alleged that he failed to obtain a management representation letter for the audit of Bondfield’s financial statements for the 2015 audit signed by each of TCWG.

281CAS 450 details the communications an auditor must make with TCWG in connection with uncorrected misstatements and the effect they have on the auditor’s opinion and the written representations from management or TCWG as appropriate. CAS 450 also requires an auditor to communicate with TCWG whether they believe the effects of uncorrected misstatements are immaterial, individually and in aggregate, to the financial statements as a whole.

282An auditor cannot issue an opinion until the audit has been completed. CAS 700 sets out the requirements that an auditor has to meet in order to form an opinion and issue an audit opinion on financial statements. CAS 700.11 states that to form an opinion on financial statements, the auditor shall conclude as to whether the auditor has obtained reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. To come to such a conclusion, the auditor, in accordance with CAS 330, should determine whether sufficient appropriate audit evidence has been obtained to support the audit opinion.

Iorio

283Rhodes identified a number of deficiencies in the completion and reporting of the 2013 audit which would have prevented Iorio from appropriately issuing an audit opinion.

2013 – A document titled “Communication to TCWG” was included in the working papers and addressed to the Board of Directors Members but was unsigned and there is no evidence that it was delivered to anyone. When interviewed, Iorio stated that the closing documents, including draft financial statements, unadjusted misstatements and representation letters, were delivered to John Aquino and DiPede only. Ralph is the only director of BCCL.
2013 – Iorio obtained a signed copy of the representation letter for Bondfield from John Aquino and DiPede confirming the representations from these two individuals.

With respect to Iorio, the PCC in its submissions argued that Iorio failed to obtain a representation letter signed by TCWG for BCCL, in breach of CAS 580.9. The Panel disagreed. The requirement is for the auditor to communicate/send a copy of the representation letter to TCWG. There is no requirement that TCWG provide written confirmation of receipt of the representation letter. However, the Panel agrees that there is no evidence that TCWG received and reviewed a copy of the representation letter, including corrected and uncorrected misstatements.

2013 – A signed representation letter for BCCL was not obtained, therefore requirement of CAS 580.9 was not met.
2013 – All the audit evidence was not obtained prior to the issuance of the audit opinion pursuant to CAS 700. Specifically, the financial statements of 2338301 Ontario Inc., a subsidiary within the Bondfield Group and consolidated within Bondfield Group, was approved on September 8, 2014, one month after the approval and issuance of the Bondfield Group financial statement, together with an auditors’ report dated August 8, 2014. It was inappropriate for Iorio to sign off on the Bondfield Group financial statement before all the subsidiary financial statements had been approved. An auditor cannot issue the group financial statements if they have not completed their audit of the underlying entities. If there was an error or a misstatement that had not been adjusted in financial statements for 2338301 Ontario Inc., then that would have an effect on the group financial statements as a whole.
2014 – The audit findings report for Bondfield was signed off in the file on April 23, 2015, but the engagement report was dated three days earlier on April 20, 2015. The audit findings report represents communications with TCWG that should be completed before the report can be dated. This was a breach of CAS 700.11.
2014 – In the audit findings report, Iorio had noted that the engagement team had ‘engaged in periodic fraud discussions with certain members of senior management and others, internal counsel and the Board of Directors… We evaluated the Group’s fraud risk assessment and considered entity-level internal controls and internal controls over the closing and reporting process. We tested journal entries that exhibit characteristics of possible management override of controls.”. Iorio and his team did not complete these procedures as represented.

Kostich

284Like Iorio (2013), Kostich only obtained a signed copy of the representation letter from John Aquino and DiPede.

285For the 2015 Audits, while Rhodes and the PCC provided evidence regarding Kostich’s failure to communicate with TCWG as well as noted several issues/discrepancies in the audit findings report, there were no corresponding allegations raised in the PCC’s list of Allegations that related to the evidence being provided. Deficiencies that Rhodes identified were:

Like Iorio (2014), Kostich issued Bondfield Group’s audit report (on April 18, 2016) before he dated the BCCL report (on April 26, 2016) in breach of CAS 700.11.
Like Iorio (2013), there was no evidence that Kostich delivered the audit findings report to TCWG. The file version is in draft form and undated constituting failure by Kostich as required by CAS 450 and CAS 260.16.
The file did not include evidence of inquiries of TCWG regarding their views of fraud risk and whether they were aware of any actual or suspected fraud affecting Bondfield, despite its recognition in the audit as a significant risk. As such, the statement by Kostich in the undated audit findings report for Bondfield that Kostich “asked the Board of Directors for their views about the risk of fraud, whether they know of any actual or suspected fraud affecting the Group and their role in the oversight of management’s antifraud programs” is not accurate.

286Allegation 1(h) against Kostich is worded as follows: “He failed to obtain a management representation letter for the audit of [BCCL’s] financial statements signed by each of those charged with governance”. The above noted findings by Rhodes, while accurate and indicative of deficiencies in the performance of the 2015 Audits, were not germane to the way the Allegation had been worded. Consequently, the Panel could not consider these findings in determining whether this Allegation, in the manner it was worded, was proven or not.

287While Rhodes and the PCC took the position that the representation letter should have been signed by TCWG, the Panel disagreed with this position. The PCC took the position that the representation letter for the 2015 Audits as signed by John Acquino and DiPede did not meet the requirements of CAS 580.9. They argued that the representation letters should have been signed by TCWG. CAS 580.9 requires the auditor to communicate/send a copy of the representation letter to TCWG. While the Panel agrees that there is no evidence that TCWG received and reviewed a copy of the representation letter, including corrected and uncorrected misstatements, the standard does not require the auditor to obtain signatures from TCWG. As the failure to obtain signatures from TCWG was not a requirement, the Panel found that Allegation 1(h) as it relates to Kostich, was not proven.

Findings of Professional Misconduct

288Rule 202.1 of the Code requires members to perform professional services with integrity and due care. As noted in paragraph 59 above, this Panel found that Iorio failed to exercise the requisite due care when considering and accepting the Bondfield engagement. He failed to obtain sufficient information to address the serious concerns surrounding allegations of fraud. Iorio also failed to exercise the requisite level of heightened professional skepticism and the appropriate professional judgment when considering the information collected, the contradictions that appeared within that information and the unanswered requests for additional information that remained when he accepted the engagement.

289Having found the facts alleged were established on a balance of probabilities, the Panel found that Iorio breached Rule 202.1 of the Code and as such, he had committed professional misconduct.

290Rule 206.1 of the Code requires a member to perform professional services in accordance with generally accepted standards of practice of the profession. With the exception of Allegation 1(h) relating to Kostich, the Panel found that the PCC had proven, on a balance of probabilities, 33 and 27 instances respectively, each over the course of two years, where Iorio and Kostich had failed to meet the generally accepted standards of practice of the profession.

291Both Iorio and Kostich failed to exercise the necessary professional skepticism repeatedly throughout the audit when confronted with issues relating to John Aquino’s integrity. They failed to maintain professional skepticism throughout the audit when errors and issues related to the financial statements and information provided by John Aquino and Bondfield arose. When errors in the financial statements arose, they did not reconsider or revise the audit plans. At no time did they speak to others charged with governance in order to verify or obtain additional information.

292Having so found, the Panel also determined that Iorio and Kostich breached Rule 206.1 of the Code, and as such, they both committed professional misconduct.

VII. DECISION AS TO SANCTION

293The PCC and the Members presented the Panel with the following joint submissions on sanction:

Iorio

Iorio shall pay a fine in the amount of $100,000 to be paid within 90 days from the date of the Order;
Notice of the Decision and Order of the Discipline Committee and its Reasons, disclosing Iorio’s name, shall be given in the form and manner determined by the Discipline Committee: to all members of CPA Ontario, to the Public Accounting Standards Committee; to all provincial CPA bodies and shall be made available to the public; and
A failure to comply with any of the terms of the Order will result in the immediate suspension of Iorio’s CPA Ontario membership until such time as he does comply, provided he complies within 30 days of the date of his suspension. In the event he does not comply within the 30-day period, Iorio’s membership in CPA Ontario shall be revoked forthwith without notice to him and notice of the revocation of his membership, disclosing his name, shall be given in the manner specified above, and in a newspaper distributed in the geographic area of his practice or residence. All costs associated with this publication shall be borne by Iorio and shall be in addition to any other costs ordered by the Panel.

Kostich

Kostich shall pay a fine in the amount of $50,000 to be paid within 90 days from the date of the Order;
Notice of the Decision and Order of the Discipline Committee and its Reasons, disclosing Kostich’s name, shall be given in the form and manner determined by the Discipline Committee: to all members of CPA Ontario, to the Public Accounting Standards Committee; to all provincial CPA bodies and shall be made available to the public; and
A failure to comply with any of the terms of the Order will result in the immediate suspension of Kostich’s CPA Ontario membership until such time as he does comply, provided he complies within 30 days of the date of his suspension. In the event he does not comply within the 30-day period, Kostich’s membership in CPA Ontario shall be revoked forthwith without notice to him and notice of the revocation of his membership, disclosing his name, shall be given in the manner specified above, and in a newspaper distributed in the geographic area of his practice or residence. All costs associated with this publication shall be borne by Kostich and shall be in addition to any other costs ordered by the Panel.

294After careful consideration, and with great reluctance, the Panel accepted the parties’ joint submission on sanction for the reasons set out below.

VIII. REASONS FOR THE DECISION AS TO SANCTION

295The imposition of sanctions against those who commit professional misconduct within our profession ensures the protection of the public interest and promotes the public’s confidence in our ability to self-regulate.

296Sanctions are intended to act as a general deterrent for the profession, as well as specific deterrents for those who engage in professional misconduct. They should be proportionate to the misconduct committed, ensure the denunciation of the misconduct, and where appropriate, allow for rehabilitation.

297During the course of the hearing, the parties came to an agreement which resulted in the conclusion of these proceedings. After the Panel had considered the evidence and determined that the Members had committed professional misconduct, the Panel reviewed each party’s joint submissions on sanction and costs, which were detailed in a “Joint Submission on Sanction” (“JSS”) and submitted for each Member. In the JSS documents, both Members confirmed that they had entered into the JSS having had the benefit of advice from legal counsel, that they understood that a panel of the Discipline Committee is not bound by the JSS, and that a panel has the discretion to impose a different sanction, including one more severe than the parties recommended.

298In addition to the JSS documents, the parties provided written submissions dated April 2, 2025. After reviewing the written submissions, on May 23, 2025, the Panel asked the parties to provide additional information as it was concerned about the appropriateness of the sanctions and required further information to assist them in their review of the joint submission proposed. On June 13, 2025, the parties provided their further written submissions.

299Finally, the PCC and the Members also provided the Panel with a Joint Case Brief and Joint Supplemental Case Brief containing a number of cases dealing with similar issues and facts, and which provided the Panel with a range of sanctions against which to consider the JSSs.

Joint Submissions

300It is well established that joint submissions are to be afforded a high level of deference. In order to determine whether a joint submission should be imposed, the Supreme Court of Canada, in Anthony-Cook³ created a “public interest test” requiring a trial judge to adopt the joint submission proposed unless to do so would be contrary to the public interest or would bring the regulatory process into disrepute.

301The benefits of joint submissions were described by J. Moldaver in paragraphs 35 to 44 of Anthony-Cook and adapted to the disciplinary process at paragraph 15 of Archambault⁴ as follows:

Joint submissions are a proper and necessary part of the system, and benefit the administration of justice and all participants including the licensee, complainants, witnesses, and counsel.
A joint submission helps the Law Society as prosecutor and the public interest, since an admission makes a finding of misconduct certain. The prosecution avoids the risk that flaws in its case, such as weaknesses in witness testimony, the unwillingness of a witness to testify, or evidence that is not admissible, will affect whether a finding is made.
Witnesses and complainants may prefer to avoid the stress of testifying and may appreciate the acknowledgement of responsibility that comes from an admission.
The licensee likely obtains a penalty that is more lenient than he or she might expect after a contested finding and/or penalty hearing. The costs and stress associated with contested hearings are minimized and certainty is maximized.
Joint submissions play an essential role in saving the justice system time, resources and expenses.
Law Society and licensee are highly knowledgeable about the circumstances and strengths and weakness of their respective positions. Law Society representatives put forward the public interests and licensee representatives focus on their clients’ interests. They are together well-placed and can be relied upon to arrive at a joint submission that reflects both interests.

302Joint submissions allow counsel, who have a greater understanding of the nuances of a matter, to come to a resolution. The Supreme Court of Canada recognized that by proposing a joint resolution to the litigation, the parties forego procedural safeguards, such as the right to testify, the right to cross-examine and test the evidence of the opposing party, as well as the right of reply. Abandoning such safeguards requires a high degree of certainty that the joint submission will be accepted⁵.

303In considering whether to accept or reject a joint submission, the Supreme Court of Canada provided the following direction:

34… a joint submission should not be rejected lightly, a conclusion with which I agree. Rejection denotes a submission so unhinged from the circumstances of the offence and the offender that its acceptance would lead reasonable and informed persons, aware of all the relevant circumstances, including the importance of promoting certainty in resolution discussions, to believe that proper functioning of the justice system had broken down. This is an undeniably high threshold…

304In instances where a panel is troubled by a joint submission, the panel must consider the joint submission “as is”. As instructed by the Supreme Court in Anthony-Cook “If the parties have not asked for a particular order, the trial judge must assume that it was considered and excluded from the joint submission”.⁶ It is often helpful for a panel to be advised of the circumstances leading to the joint submission, including any benefits obtained by the prosecution or concessions made by the licensee. “The greater the benefits obtained by the Crown, and the more concessions made by the accused, the more likely it is that the trial judge should accept the joint submission, even though it may appear to be unduly lenient.”⁷ It is also incumbent upon counsel to “amply justify their position on the facts of the case as presented in open court” thereby providing the panel with “a proper basis upon which to determine whether [the joint submission] should be accepted.”⁸ Having said that, counsel is not required to provide the panel with the details of their negotiations. Rather counsel must advise the panel why the proposed joint submission will not bring the administration of justice into disrepute or not be in the public’s interest.⁹

305In instances where the panel’s concerns regarding the joint submission remain, counsel must be provided an opportunity to make further submissions addressing the panel’s concerns before the panel proceeds to impose a sanction.¹⁰

306The principles and directions relating to joint submissions set out by the Supreme Court of Canada in Anthony-Cook have been accepted and repeatedly applied by panels of the Discipline Committee of CPA Ontario.¹¹

Factors to Consider When Determining the Appropriateness of Proposed Sanctions

307When determining whether to accept the JSSs, aggravating and mitigating circumstances should be considered, as well as cases in which similar misconduct has been sanctioned.

308The CPA Ontario Sanction Guidelines provide a non-exhaustive list of factors which may be considered when determining the appropriate sanction. These considerations apply even when a joint submission is proposed. Some of those factors include:

a) The duration of the misconduct;

b) Whether the misconduct was an isolated incident or was repetitive or ongoing;

c) Whether the misconduct was premeditated, intentional, willfully blind or reckless;

d) Whether the misconduct was dishonest;

e) Whether the subject received financial benefit from the misconduct;

f) Whether the misconduct facilitated the commission of a crime by others;

g) Whether the subject acted in a supervisory capacity;

h) Whether the subject demonstrated insight and understanding of the misconduct;

i) Whether the misconduct could undermine confidence in the standards of conduct of members of CPA Ontario or undermine effectiveness of the regulatory role of CPA Ontario.

Application of Principles

309The Panel noted the following aggravating factors it took into consideration when considering the proposed sanctions put forward by the parties:

a) The misconduct committed by both Members was serious.

b) The Panel found that in accepting Bondfield as a client, Iorio failed to perform professional services with due care by failing to take sufficient and appropriate steps to address allegations of suspected fraud and other audit risks which had been disclosed by the predecessor auditor. In so doing, Iorio failed to maintain professional skepticism and exercise appropriate judgment when accepting the Bondfield engagement.

c) The Panel also found that over the course of two audit years each, both Iorio and Kostich repeatedly failed to perform professional services in accordance with generally accepted standards of practice of the profession. The Members ignored numerous red flags throughout the course of the audits they led, which required them to exercise a high level of professional skepticism and to be alert to the possibility of management override of control and of fraud. In total, the Panel found that the PCC had proven that over the course of 2 years each, there were 33 instances in which Iorio and 27 instances in which Kostich failed to meet the generally accepted standards of practice of the profession. The number of failings on the audits of one client was significant.

d) All of the audits completed by the Members for Bondfield contained numerous and varied deficiencies and a number of deficiencies from previous years which were carried forward into each subsequent audit.

e) As lead engagement partner in each of their respective audits, both Iorio and Kostich were responsible for the acceptance/reacceptance, direction, supervision and performance of the audits in compliance with professional standards, as well as with legal and regulatory requirements. They were also responsible for ensuring that the auditor’s reports were appropriate in the circumstances.

f) The Panel finds, as the Members have acknowledged, Bondfield was a full-service construction company involved in high profile projects found across all sectors of the Greater Toronto Area and southern Ontario. A number of its projects were intended for the public benefit. Bondfield has attracted a great deal of attention, including in relation to its insolvency through which the audits conducted by the Members were raised.

g) Specifically in the 2013 Audits, due to the misclassification of certain investments as current assets, the working capital covenant appears to have been met. But as detailed in paragraph 208, this covenant was not met. It is impossible to apply hindsight and determine how the lenders and Zurich may have been impacted by this misclassification and what actions they may have taken.

310The Panel further considered the following mitigating factors in its assessment of the appropriateness of the JSSs:

a) The PCC did not allege that the Members perpetrated or were aware of the fraud involving the actions of those within Bondfield’s management. In other words, the Allegations against the Members were not rooted in acts of dishonesty or a lack of integrity. This is a significant consideration when determining the appropriateness of the JSSs.

b) Following the completion of Rhodes’ evidence-in-chief, after commencing the cross-examination of the witness for only one day, the parties sought an adjournment of the hearing. As part of the JSSs, Iorio and Kostich agreed to stop contesting the Allegations.

c) Iorio and Kostich cooperated with the PCC by entering into the JSSs which resulted in the reduction of the time which would have been required to complete the hearing.

d) Neither Iorio nor Kostich have a disciplinary history. As of the date of submissions by counsel for the Members (March 28, 2025), neither member had been the subject of a complaint.

e) Both Members continue to hold senior positions at Deloitte. As is evidenced by the one client letter provided by Iorio, and the two client letters from Kostich, both Members have served their clients well by exhibiting professionalism, knowledge and a commitment to maintaining ethical standards.

311The Panel noted that Iorio and Kostich did not admit their misconduct as part of the JSSs. They did not, however, challenge the PCC’s evidence, aside from a brief cross-examination of Rhodes, which was not completed. Nor did they challenge the submissions of the PCC on conduct by responding to them. While the lack of admission by the Members could be seen as a lack of remorse or insight, in light of the procedural rights that were forfeited by the Members and the JSSs, this Panel finds the lack of admission to be neither aggravating nor mitigating.

312The Panel recognized that joint submissions play a significant role in the administration of justice. In this case, the JSSs have also allowed the parties to resolve the matter in a more timely fashion. This matter had originally been scheduled to proceed over the course of 8 days. The hearing began on May 6, 2024 and it was originally anticipated that the PCC would complete its evidence-in-chief by October 2024. As the hearing unfolded, additional dates were added. Rhodes began giving his evidence-in-chief on May 7, 2024 and the PCC completed its examination-in-chief of Rhodes on January 29, 2025. Cross-examination of Rhodes began on January 30, 2025. The parties were to return on February 20, 2025 for the continuation of the cross-examination of Rhodes, instead, on February 18, 2025, the parties wrote to the Tribunals Office advising that they were seeking a case conference and on February 20, 2025, the parties jointly requested an adjournment of the hearing as the parties were engaged in discussions regarding a range of issues. This request was granted and the hearing was adjourned to February 27, 2025. On that date, the parties again jointly requested additional time to continue their discussions. The adjournment was again granted.

313Almost a year after the prosecution had begun, on March 4, 2025, the Tribunals Office received correspondence from the PCC advising that the parties were in the process of reaching an agreement to proceed by way of joint submission on sanction. As a result of this agreement, it was anticipated that the Members would discontinue their cross-examination of Rhodes, call no further evidence on conduct, or on sanction, nor would the Members provide written submissions on conduct. It was further anticipated that the PCC would provide written submissions on conduct, submitted with joint submissions on sanction and written submissions from both parties in support of the joint submissions on sanction.

314By coming to a joint position on sanction and costs, the parties brought the matters to resolution, saving additional hearing time, expenses and significant resources, benefiting the administration of justice.

315In arriving at a negotiated resolution, both Members gave up their right to further cross-examine Rhodes, to call their own evidence and to make submissions as to whether the PCC had proved its case. The only evidence before the Panel was that of Rhodes and the evidence found in the exhibits filed in the hearing. Aside from a brief cross-examination of Rhodes, because of the JSSs, the PCC was able to avoid further challenge to its evidence.

316The Supreme Court of Canada recognized that by proposing a joint resolution to the litigation, parties forego procedural safeguards, such as the right to testify, the right to cross-examine and the right to test the evidence of the opposing party, as well as the right to reply. Abandoning such safeguards requires a high degree of certainty that the joint submission will be accepted.¹²

317The JSSs were negotiated by experienced counsel, with the PCC seeking to protect the public interest, and counsel for the Members acting in the interests of their clients. The Discipline Committee has long recognized that counsel, well-versed in the case and knowledgeable of its strengths and weaknesses, are well positioned and can be relied upon to resolve the matters in a manner which reflects both the interests of the public and those of the Members.

Precedents that Provided Guidance and a Range of Sanctions

318Having considered all the mitigating and aggravating facts, as well as the law with respect to the weight to be given to joint submissions, the Panel also considered precedent cases provided by the parties in the Joint Case Briefs. Some of the cases dealt with the sanctions imposed in matters addressing breaches of Rule 202.1 while others related to matters in which Rule 206.1 had been breached. No two cases are exact in fact or in proposed sanction, however, the cases provided the Panel with a range of sanctions and terms which had been imposed in other matters. It was against these cases that the Panel was able to consider the appropriateness of the sanctions proposed.

319The range of sanctions provided relating to Rule 206.1 breaches included suspensions, the imposition of fines ranging from $7,500 to $125,000, practice restrictions, practice reviews, Public Accounting Licence prohibitions, publication and notice. The cases revealed different combinations of these sanctions. Some of the cases included joint submissions, while others did not.

320The Panel found the cases of Barrington¹³, Woodsford¹⁴, Wall¹⁵ and MacNeil¹⁶ to be of greatest assistance. These cases involved serious misconduct arising out of significant audit failures. They also offered the Panel some guidance regarding the imposition of high fines as opposed to suspensions.

321In Barrington, three members of CPA Ontario were found to have breached Rule 206.1 in the course of their audit of the financial statements of Livent Inc. The conduct of each of the members was described as significant departures from the required auditing standards. After a lengthy contested hearing on conduct, the PCC sought suspensions, while the members argued suspensions were not necessary and that significant fines would better serve the principle of general deterrence. The Panel ultimately chose not to suspend the members but instead imposed fines of $100,000 against each member.

322In arriving at its decision to impose fines, the panel came to the following conclusions:

…[T]here was no suggestion of moral turpitude, dishonesty or lack of integrity; the members were knowledgeable, experienced practitioners; and the charges arose with respect to one audit and there was no suggestion of a pattern of failing to comply with professional standards or carry out responsibilities with due care.
As in Grunberg, the panel concluded that the misconduct itself does not require a suspension. Also, in this case the circumstances of the members persuaded the panel that a significant fine rather than a lesser fine and suspension would have the impact which the panel thinks is necessary in the interest of general deterrence.

323While two of the three members were retired and the panel noted that a suspension would have no impact on them, one of the members was still actively serving as a partner of a national accounting firm:

The suspension of a sole practitioner or a partner of a small firm will necessarily have a significant impact on both the member discipline and the firm. The suspension of Claudio Russo, a partner of a national firm, will not necessarily have such an impact, either on the firm which has other partners who could fill the suspended partner’s role, or on the suspended partner who could be given other duties within the firm.

324In Woodsford, a partner at Deloitte was found to have significantly departed from the required standards of the profession, thereby violating Rule 206.1 in relation to an audit of the financial statements of Phillip Environmental Inc. The auditor was also found to have breached Rule 218 by failing to retain many relevant working papers which evidenced the nature and extent of the work done with respect to the engagement.¹⁷ The company went on to use the financial statements prepared by the auditor to raise US$330,000,000 in the capital markets.

325As in the case at hand, Woodsford denied the allegations. The PCC only called one witness who was not cross-examined, and the member called no evidence. Only the PCC made submissions on the issue of conduct. After finding that the allegations had been proven, the panel moved on to determine the issue of sanction, specifically addressing whether a suspension should be imposed.

326In Woodsford, the panel considered the following:

a) Given that each standards case involves its own set of facts, the panel recognized that “there is no one definitive set of criteria for determining whether or not a suspension will be imposed.”¹⁸

b) The factors in Woodsford were such that a substantial fine and publication in the financial press would serve as a greater general deterrent than sanctions involving a lesser fine, suspension and less publicity.

c) This was not a case where the suspension of the member was necessary to ensure the member had sufficient time to rehabilitate himself.

d) The significant changes in the member’s circumstances over the course of the 9 years between the misconduct and the disciplinary proceeding.

e) While a suspension would impact the member’s reputation, so too would the finding of misconduct and the notice of the Decision and Order which were to be published.

f) A fine in the amount of $75,000 would be seen as a significant fine by the profession and by the public given that the audit fee in the case was $896,000.

262The 2017 decision of Wall involved a partner at PwC who was found to have violated Rule 206.1 relating to two audit engagements for Fairfield Sentry Limited. The hearing was lengthy and the case was considered to be “one of the most serious professional standards cases, given the nature of the misconduct, the investor loss, and the public impact.”¹⁹

263Following the completion of the hearing, the parties in Wall presented the panel with a joint submission for a significant fine of $125,000 and arguing that a suspension was not necessary in this case, as the member had not engaged in dishonesty, nor had he shown a lack of integrity or moral turpitude. The parties also noted that the conduct had occurred in relation to one client.

264In accepting the joint submission, the panel in Wall noted that since the misconduct, 10 years had passed and the member had not committed any other misconduct. The panel also noted the member’s reputation, record and high level of experience in his field. The imposition of a suspension was found to be unnecessary and that a reprimand, fine and publication would have a significant impact on both the member and the profession.

265Finally, in MacNeil (a 2021 decision of this Tribunal), the panel was faced with 14 particulars “in virtually all aspects of the audit, from insufficient planning to the integrity of the opening balances to inadequate substantive audit procedures, documentation, follow-up, and above all, in the failure to bring the requisite level of professional skepticism to the file.”²⁰Weighed against its findings of incompetence, lack of attention to detail, poor judgement and a lack of professional skepticism, the panel noted the misconduct was limited to one audit and seven years had passed without further incident. The panel found no dishonesty, no ethical violations and no premeditation. In MacNeil, the member admitted the allegations of professional misconduct, demonstrated remorse and saved time and resources through his concessions and admissions. There were no other allegations of misconduct since and the member had excelled in his career.

266The panel in MacNeil also dealt with whether a suspension would be appropriate. The PCC had argued that a suspension should be imposed, with a fine of $75,000. In determining the appropriateness of a fine, the panel noted that the fine “in these circumstances will send a clear message to the industry and the public that non-compliance with the standards of the profession will attract significant consequences.”²¹

Conclusion

267Iorio and Kostich each committed very serious professional misconduct. Their respective violations of professional standards spanned the course of two years, and many of those violations were carried forward into the next year. Their violations were varied, revealing a repeated lack of professional judgment and of professional skepticism throughout the course of the audits.

268The PCC did not allege, and this Panel has not found that the Members conduct was rooted in a lack of integrity, deception or moral turpitude. Both Members have continued to engage in audit work without issue. It has been over 11 years since the misconduct first began, and nine years since the conclusion of the 2016 audit. The Members cooperated throughout the investigative process and while initially contesting the Allegations, ultimately withdrew their defence. They have joined the PCC on the JSSs which ultimately saved time, additional costs and resources.

269After reviewing the JSSs and initial submissions of the parties, including the cases found in the Joint Case Brief, the Panel asked the parties to provide additional information regarding the JSSs presented. The Panel struggled with what appeared to be a lack of remorse and acceptance of responsibility by the Members. While they chose not to contest the Allegations as part of the negotiated resolutions, the Members did not admit to the misconduct, nor did they provide any indications of insight or remorse. In their review of the submissions provided, the Panel also noted there was no evidence or submissions regarding any remedial steps taken to address the standards violations. Finally, given the fact that the Members’ conduct had been the subject of comment in both the courts and in the media, the Panel sought input from the parties regarding the proposed form of notice to the public.

270On June 13, 2025, the parties responded to the Panel’s inquiries and provided the Panel with additional written submissions, information and additional case law (Joint Supplemental Case Brief), specifically addressing each concern raised. It was clear from the additional submissions that the parties had, in their negotiations, fully considered and addressed the issues raised by the Panel.

271As in the decision of Hilson²² referenced in the members’ supplementary submissions on penalty, the Panel struggled with the sanctions proposed. In Hilson, the panel found the member’s conduct to be egregious and noted that it would have imposed a more significant sanction had it not been for the joint submission.²³ In applying the public interest test, the panel in Hilson was “unable to find that the proposed penalty was so “unhinged” that it would cause reasonably informed members of the public to think that the proper function of the CPA Ontario regulatory system had broken down.” The panel added: “We understand the importance of promoting certainty in resolution discussions and we accept there are factors relevant to the negotiations of the parties of which the panel is not apprised.”²⁴

272Based on the misconduct found by this Panel, had the parties not resolved the matters with the JSSs, this Panel would have imposed more significant sanctions given the extent, duration and seriousness of the Members’ failures to perform their professional services in accordance with generally accepted standards of practice of the profession, which undermined the high standards of audit quality expected by the profession and by the public. Particularly, in the case of Iorio, his failure to take sufficient and appropriate steps to address allegations of suspected fraud and other audit risks, showed a concerning lack of professional skepticism and professional judgment.

273The JSSs followed an unexpected change of course in the midst of this hearing. At the start of this matter, the Members contested the Allegations against them. After almost two weeks of evidence from one witness who had just begun to be cross-examined by the parties, the parties sought an adjournment and entered into negotiations. These negotiations resulted in the end of the litigation; submissions on conduct only made by the PCC; no admissions by the Members, and ultimately the presentation of the JSSs. The Panel appreciates that it may not have been apprised of all the factors which led to the negotiated resolutions, and that in order for the matters to be resolved, the parties must have a high degree of confidence that the joint submissions will be accepted.

274After considering the submissions, evidence and the cases provided by the parties, and taking into consideration the importance of certainty in resolution discussions, this Panel did not find the JSSs to be “so unhinged” from the circumstances of the misconduct and of the Members “that its acceptance would lead reasonable and informed persons, aware of all the relevant circumstances, including the importance of promoting certainty in resolution discussions,” to believe that the regulatory system of CPA Ontario had broken down.²⁵

IX. COSTS

275The PCC and Iorio jointly proposed that Iorio be ordered to pay 2/3 of the PCC’s reasonable costs of the investigation and prosecution in the amount of $345,000 within 90 days of the date of the Order.

276The PCC and Kostich jointly proposed that Kostich be ordered to pay 2/3 of the PCC’s reasonable costs of the investigation and prosecution in the amount of $313,900 within 90 days of the date of the Order.

277Costs are not considered a sanction imposed upon a Member. Rather they are intended to indemnify the PCC for the costs of the investigation and prosecution. While discretionary, the awarding of costs against a member is based on the principle that the profession, as a whole, should not bear all the regulatory costs arising from a member’s misconduct.

278The Panel reviewed the Bill of Costs which represented 2/3 of the actual costs, provided by counsel for the PCC, and considered the joint submissions made by both parties in relation to Iorio and Kostich.

279The Panel finds that the costs requested were reasonable. It is appropriate that the membership does not bear all the costs of regulation and both Members should be required to contribute to these costs as they were incurred as a result of their professional misconduct.

DATED this 12th day of February, 2026

Bernard S. Schwartz, FCPA, FCA

Discipline Committee – Chair

Members of the Panel

Incheol (Charlie) Baek, CPA, CMA

Marianne Park-Ruffin, Public Representative

Richa Khanna, CPA, CA, LPA

Independent Legal Counsel

Nadia Liva, Barrister & Solicitor

Footnotes

Ernst & Young Inc. v. Aquino, 2021 ONSC 527.
Chartered Professional Accountants of Ontario v. Kostich et al, 2024 ONCPA 21.
R. v. Anthony-Cook, 2016 SCC 43.
Law Society of Upper Canada v. Archambault, 2017 ONLSTH 86.
Supra note 3 at para 41.
Ibid at para 51.
Ibid at para 53.
Ibid at para 54.
Ibid at para 55.
Ibid at para 56.
Chartered Professional Accountants of Ontario v. Jewiss, 2019 ONCPA 21.
Supra note 5.
Institute of Chartered Accountants of Ontario v. Barrington et al, 2007 ONICA 23.
Institute of Chartered Accountants of Ontario v. Woodsford, 2009 ONICA 16.
Chartered Professional Accountants of Ontario v. Wall, 2017 ONCPA 24.
Chartered Professional Accountants of Ontario v. MacNeil, 2021 ONCPA 5.
Supra note 14 at para 30.
Ibid at para 51.
Supra note 16 at para 81.
Ibid at para 64.
Ibid at para 90.
Chartered Professional Accountants of Ontario v. Hilson, 2024 ONCPA 4.
Ibid at para 22.
Ibid at para 23.
Supra note 3 at para 34.