The URL can be used to link to this page

Agenda (Appointed) - Finance Advisory Committee - 20251118Town of Aurora Finance Advisory Committee Meeting Agenda Date:Tuesday, November 18, 2025 Time:5:45 p.m. Location:Holland Room, Aurora Town Hall Meetings are available to the public in person and via live stream on the Town’s YouTube channel. To participate, please visit aurora.ca/participation. Pages 1.Call to Order 2.Land Acknowledgement 3.Approval of the Agenda 4.Declarations of Pecuniary Interest and General Nature Thereof 5.Receipt of the Minutes 5.1 Financial Advisory Committee Meeting Minutes of September 16, 2025 1 That the Finance Advisory Committee meeting minutes of September 16, 2025, be received for information. 1. 6.Delegations 7.Matters for Consideration 7.1 Memorandum from Supervisor, Accounting; Re: 2025 Audit Planning Report 4 That the memorandum regarding 2025 Audit Planning Report be received; and 1. That the Finance Advisory Committee comments regarding 2025 Audit Planning Report be received and referred to staff for consideration and further action as appropriate. 2. 8.New Business 9.Adjournment Town of Aurora Finance Advisory Committee Meeting Minutes Date: Time: Location: Tuesday, September 16, 2025 5:45 p.m. Holland Room, Aurora Town Hall Committee Members: Mayor Tom Mrakas (Chair) Councillor Harold Kim Councillor Michael Thompson* (arrived 5:50 p.m.) Other Attendees: Doug Nadorozny, Chief Administrative Officer (arrived 5:52 p.m.) Jason Gaertner, Manager, Financial Management Sandeep Dhillon, Advisor, Financial Management Julia Shipcott, Council/Committee Coordinator *Attended electronically _____________________________________________________________________ 1. Call to Order The Chair called the meeting to order at 5:48 p.m. 2. Land Acknowledgement The Committee acknowledged that the meeting took place on Anishinaabe lands, the traditional and treaty territory of the Chippewas of Georgina Island, recognizing the many other Nations whose presence here continues to this day, the special relationship the Chippewas have with the lands and waters of this territory, and that Aurora has shared responsibility for the stewardship of these lands and waters. It was noted that Aurora is part of the treaty lands of the Mississaugas and Chippewas, recognized through Treaty #13 and the Williams Treaties of 1923. Page 1 of 55 Finance Advisory Committee Meeting Minutes September 16, 2025 2 3. Approval of the Agenda Moved by Councillor Kim Seconded by Mayor Mrakas That the agenda as circulated by Legislative Services be approved. Carried 4. Declarations of Pecuniary Interest and General Nature Thereof There were no declarations of pecuniary interest under the Municipal Conflict of Interest Act, R.S.O. 1990, c. M.50. 5. Receipt of the Minutes 5.1 Finance Advisory Committee Meeting Minutes of June 17, 2025 Moved by Councillor Kim Seconded by Mayor Mrakas 1. That the Finance Advisory Committee meeting minutes of June 17, 2025, be received for information. Carried 6. Delegations None. 7. Matters for Consideration 7.1 Memorandum from Financial Management Senior Advisor; Re: Annual Community Partner Reserve Review Staff presented a brief overview of the regulations and guidelines contained within the Community Partner Reserve Management Policy related to reporting requirements and management of operating requisition reserves by community partners. Staff reported that three eligible community partners provided the required financial statements along with a reserve continuity schedule to staff and were assessed to be Page 2 of 55 Finance Advisory Committee Meeting Minutes September 16, 2025 3 in alignment with the policy. It was further noted that the remaining two eligible community partners were not assessed as the Aurora Business Improvement Area was dissolved in 2024 and Sport Aurora did not request operating funding from the Town in 2025. The Committee inquired if staff had identified any unfavourable findings as part of its assessments, and staff confirmed there was none. Moved by Councillor Kim Seconded by Councillor Thompson 1. That the memorandum regarding the Annual Community Partner Reserve Review be received; and 2. That the Finance Advisory Committee comments regarding the Annual Community Partner Reserve Review be received and referred to staff for consideration and further action as appropriate. Carried 8. New Business None. 9. Adjournment Moved by Councillor Kim Seconded by Councillor Thompson That the meeting be adjourned at 5:54 p.m. Carried Page 3 of 55 100 John West Way Aurora, Ontario L4G 6J1 (905) 727-3123 aurora.ca Town of Aurora Memorandum Finance Re: 2025 Audit Planning Report To: Finance Advisory Committee From: Michelle Hoang, Supervisor, Accounting Date: November 18, 2025 Recommendation 1. That the memorandum regarding 2025 Audit Planning Report be received; and 2. That the Finance Advisory Committee comments regarding 2025 Audit Planning Report be received and referred to staff for consideration and further action as appropriate. Background As part of the Town’s annual external financial audit, the Finance Advisory Committee is required to review the audit planning report prior to the commencement of the external audit work. The 2025 external audit is planned to commence around mid-April 2026. The attached audit planning report has been prepared by the Town’s external auditor, KPMG LLP. Attachments 1. 2025 Aurora Audit Planning Report Page 4 of 55 1© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The Corporation of The Town of AuroraAudit Planning Reportfor the year ending December 31, 2025Licensed Public AccountantsPrepared on October 27, 2025 for presentation on November 18, 2025kpmg.ca/auditPage 5 of 55 2© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. KPMG contactsKey contacts in connection with this engagement2LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLimitimitimitimitmimitmmmimitmitmitmitititititittttmitmitiittitittittttttttimtimiimiiimiiiimiiiiimitittimmttmmmmed, ed, edededdddddddded, eeded,ed,eded, ededeedeededeedeeedededeeeedeedeedeeeedededeedeeddeedeed, ,,a pa paa pra prra pra pa pa pa a pa a prpppivatvatvatvattttivaivatvattivaivaiveeeEEnEnnneEe EnEnnennne e EEnglgliissglglislisglisglihchchcococoooocoh cohhoccohhcoooh ccmpmpmpmpmpmpampampapapapapanpaaaanaannannmpanammmmmpapapaanaanmppanmnnmpnmmpyyyyy lllliliiiiiyylilililliyyy y iyilliiyymmmmmmmmmiitteteeemmmmmmmmmmmmmmmmmmmmimmmmmmmmmmmmmdd by guarantee. All rights rs rs rrrrreeesesesesesesesesssessseseseseeerererssessesesseeseeseseevedvedved.dd Kevin TraversLead Audit Engagement Partner416-228-7004ktravers@kpmg.ca Hitesh SharmaAudit ManagerTel: 416 468 7951hiteshsharma8@kpmg.caPage 6 of 55 3© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Table of contentsDigital use informationThis Audit Planning Report is also available as a “hyper-linked” PDF document. If you are reading in electronic form (e.g. In “Adobe Reader” or “Board Books”), clicking on the home symbol on the top right corner will bring you back to this slide. Click on any item in the table of contents to navigate to that section.The purpose of this report is to assist you, as a member of the Finance Advisory Committee, in your review of the plan for our audit of the financial statements. This report is intended solely for the information and use of Management, the Finance Advisory Committee, and Town Council and should not be used for any other purpose or any other party. KPMG shall have no responsibility or liability for loss or damages or claims, if any, to or byany third party as this report to the Finance Advisory Committee has not been prepared for, and is not intended for, and should not be used by, any third party or for any other purpose.4Highlights10Group audit -Scoping24Appendices20Key milestones and deliverables6Audit strategy11Risk assessment21Audit QualityPage 7 of 55 4© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Audit highlightsMatters to report – see link for detailsNo matters to reportScopeOur audit of the consolidated financial statements (“financial statements”) of the Corporation of the Town of Aurora (“the Town”) as of and for the year ended December 31, 2025 will be performed in accordance with Canadian generally accepted auditing standards (CAS).Audit strategyInvolvement of othersMaterialityGroup: $4.1 millionNon-consolidated Town: $3.9 millionUpdates to our prior year audit plan Other risks of material misstatementRisk assessment Presumption of the risk of fraud involving improper revenue recognitionRisk of management override of controls• Cash, investments and debt• Tangible capital assets• Revenue• Deferred revenues – obligatory reserve funds• Employee future benefits (EFBs)• Expenses – salaries and benefits• Accounts payable, accrued liabilities and expenses• Contingencies• ConsolidationHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 8 of 55 5© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Updates to our prior year audit plan New significant risksRefer to Appendix C for new standards impacting the fiscal 2025 audit.Newly effective auditing standardsNewly effective auditing standardsOther significant changesNo new significant financial reporting risks identified.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingThere are no changes to the accounting standards impacting 2025 audit. Refer to Appendix B for future changes in accounting standards.Future accounting standardsFuture accountingstandardsPage 9 of 55 6© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. MaterialityWe initially determine materialityto provide a basis for: • Determining the nature, timing and extent of risk assessment procedures;• Identifying and assessing the risks of material misstatement; and • Determining the nature, timing, and extent of further audit procedures.We design our procedures to detect misstatements at a level less than materiality in individual accounts and disclosures, to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. We also use materiality to evaluate the effect of:• Identified misstatements on our audit; and• Uncorrected misstatements, if any, on the financial statements and in forming our opinion.Weinitially determine materialityat a level at which we consider thatmisstatements could reasonably be expected to influence theeconomic decisions of users. Determining materiality is a matter ofprofessional judgement,considering both quantitative and qualitativefactors, and is affected by our perception of the common financialinformation needs of users of the financial statements as a group. Wedo not consider the possible effect of misstatements on specificindividual users, whose needs may vary widely.Wereassess materialitythroughout the audit and revise materiality ifwe become aware of information that would have caused us todetermine a different materiality level initially.Plan and perform the auditEvaluate the effect of misstatementsHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 10 of 55 7© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Initial Group MaterialityTotal Forecasted Revenues$165 million(2024 actual: $165 million)2.50%2.50%Prior yearCurrent year% of Benchmark (revenues)Group Materiality$4.1 millionGroup Performance Materiality$3.08 millionGroup Audit Misstatement Posting Threshold$205KHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 11 of 55 8© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Initial Component Materiality: Non-consolidated TownNon-consolidated Town Component Performance Materiality$2.92 millionNon-consolidated Town Component Audit Misstatement Posting Threshold$195KNon-consolidated Town ComponentMateriality$3.9 millionHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 12 of 55 9© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Involved party Nature and extent of planned involvementManagement’s specialist • Management uses actuary for valuation of employee future benefit obligations. KPMG has decided to validate the report provided by the actuary and involve internal pension actuarial specialist for the same.KPMG professionals with specialized skill or knowledge who are involved in performance of audit proceduresActuarial Specialist – Employee Future Benefits:• The employee future benefits liability is a significant accounting estimate and management relies on an actuary for the valuation of its employee future benefits. We will use an employed KPMG specialist throughout the audit cycle in assessing the assumptions and estimates used in the funding valuation and year end extrapolated accrued benefit liability.• Refer to audit approach under the employee future benefit area of focus.Involvement of othersThe following parties are involved in the audit of the financial statements:HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 13 of 55 10© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Type of work performedTotal revenue Total assetsTotal in-scope audits97% 99%Total: In-scope audit, audit of account balance(s) and/or disclosure(s), specified audit procedures 97% 99%Not subject to further audit procedures (i.e., untested) (Note 1)3%1%Total consolidated100% 100%Group audit -ScopingNote 1: The following components are not significant for the purpose of issuing the auditor’s opinion on the group audit of the consolidated financial statements of the Corporation of the Town of Aurora. We are engaged to perform standalone audits for these components for statutory reporting purposes:• Aurora Public Library BoardTotal revenueTotal assets97%3%99%1%HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 14 of 55 11© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Risk assessment summaryOur planning begins with an assessment of risks of material misstatement in your financial statements. We draw upon our understanding of the Town and its environment (e.g. the sector, the wider economic environment in which the Town operates, etc.), our understanding of the Town’s components of its system of internal control, including our business process understanding.We use advanced technologies in performing our risk assessment procedures.Risk of fraudRisk of errorRisk levelzManagement override of controls9SignificantzPresumption of the risk of fraud involving improper revenue recognitionRebutted9BasezCash, investments and debt9BasezTangible capital assets9BasezRevenue9BasezDeferred revenues – obligatory reserve funds9BasezEmployee future benefits (EFB)9BasezExpenses – salaries and benefits9BasezAccounts payable, accrued liabilities and expenses9BasezContingencies9BasezConsolidation 9BasezFinancial instruments9BasezAsset retirement obligations (ARO)9BaseAdvanced technologieszPRESUMED RISK OF MATERIAL MISSTATEMENT zOTHER RISK OF MATERIAL MISTATEMENTOur KPMG Clara Dynamic Risk Assessment tool gives us a more sophisticated, forward-looking and multi-dimensional approach to assessing audit risk. ngggggggauauditdit Learn moreOurKPMG Clara Business Process Mining provides immediate visualization of how 100% of your transactions are processed to complement your process narratives & flow charts.rocess Learn moreKPMG Clara Account Analysis allows us to analyze the flow of transactions through your business to drive a more meaningful risk assessment.Learn moreKPMG Clara AI allows us to layer AI into our auditing platform, allowing us to scan 100% of your data and pull all of the risky transactions and anomalies out for further analysis.or fr furturtutherhere Learn moreThe Clara Asset Impairment Tool delivers advanced analysis of long-lived assets and goodwill impairment models (based on discounted cash flows) through the use of predictive analytics, enabling a more robust and independent challenge of management’s assumptions. gLearn moreAdvanced TechnologiesHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 15 of 55 12© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Significant risksManagement Override of Controls (non-rebuttable significant risk of material misstatement)RISK OFFRAUDWhy is it significant?Management is in a unique position to perpetrate fraud because of its ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively. Although the level of risk of management override of controls will vary from entity to entity, the risk nevertheless is present in all entities.Our planned responseAs this presumed risk of material misstatement due to fraud is not rebuttable, our audit methodology incorporates the required procedures in professional standards to address this risk. These procedures include: • testing of journal entries and other adjustments• performing a retrospective review of estimates• evaluating the business rationale of significant unusual transactions.We will also:• evaluate the design and implementation and test operating effectiveness of selected relevant controls• take a risk-based approach tailored to the City when designing substantive procedures and selecting specific transactions for testing• continue to make use of technology to extract our risk-based sample from the entire population of journal entries• continue to identify areas which may be subject to additional risk whether due to fraud or error in this regard. Presumption of the risk of fraud resulting from management override of controlsOur KPMG Clara Journal Entry Analysis Toolassists in the performance of detailed journal entry testing based on engagement-specific risk identification and circumstances. Our tool provides auto-generated journal entry population statistics and focusses our audit effort on journal entries that are riskier in nature.Click to learn moreAdvanced technologiesHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 16 of 55 13© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Significant risksPresumption of the risk of fraud involving improper revenue recognitionRISK OFFRAUDThis is a presumed risk of material misstatement due to fraud. We have considered the type and complexity of revenue transactions, and the perceived opportunities and incentives to fraudulently misstate revenue for the Town and its subsidiaries. The fraud risk resides within overstatement of revenue through posting manual journal entries and other adjustments relating to deferred revenue (including obligatory) and government transfers.Relevant inherent risk factors affecting our risk assessmentGenerally, there are pressures or incentives on management to commit fraudulent financial reporting through inappropriate revenue recognition when performance is measured in terms of year-over-year revenue growth or profit.The Town of Aurora is not publicly traded, is not incentivized to meet analyst expectations, and does not sell goods or services with complex contracts as its main line of business. The Town receives majority of its revenue through property taxes, government funding, contributed tangible capital assets, building permits & stormwater fees which are generally viewed as nonjudgmental and/or routine. Although other revenues such as development charges require greater judgement, management is not incentivized in overstating the revenues as there are no additional financial compensation (e.g. bonuses) that are dependent on meeting financial metrics.Our audit approachThe fraud risk related to revenue recognition has been rebutted for the purposes of this auditHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 17 of 55 14© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Other risks of material misstatementCash, investments and debtRisk of material misstatement due to valuation of investments and disclosures. • To assess any loss in value of the portfolio investments, and if such a decline is other than temporary. Perform audit procedures to assess whether a write-down is necessary.• Inspect year-end bank and investment reconciliations and substantive testing of significant reconciling items.• Substantive tests of details over additions and disposals of investments.• Obtain confirmations from third party financial institutions.• Review of long-term debt agreements• Complete valuation assessment for any financial instruments reported at fair value. • Evaluate financial statement note disclosures in accordance with Public Sector Accounting Standards (PSAS).Tangible capital assetsRisk of material misstatement related to existence and accuracy of tangible capital assets and accuracy of timing of revenue recognition, particularly related to funds intended for tangible capital assets additions and contributed assets.• Substantive tests of details over additions (including contributed tangible capital assets) and disposals.• Inspect amortization policy and perform recalculations.• Examine construction in progress to ensure amounts are properly transferred to correct capital asset classes and amortization expense commences on a timely basis.• Evaluate financial statement note disclosure in accordance with PSAS.• We will agree fair value estimates of contributed tangible capital assets to supporting third party documentation or as estimated by the Town; we will perform procedures to address the relevant auditing standards related to valuation estimates.• We will also perform required procedures to assess the potential risks with respect to impairment of assets. Based on the nature of the Town's operations, it is not expected that this will be a significant risk during the audit.Audit approachAreasRisk due to errorBaseBaseHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 18 of 55 15© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Other risks of material misstatementRevenueRisk of material misstatement related to the existence and completeness of revenue and accuracy of timing of revenue recognition(except revenue recognized from deferred revenue obligatory discussed on page 13 which is at significant risk level). • We will test the design and operating effectiveness of anti-fraud controls over the revenue process• We will review revenue recognition compliance• We will substantively vouch revenue transactions to invoices and supporting documents• We will perform analytical procedures over revenuesDeferred revenues –obligatory reserve fundsRisk of material misstatement due to management assessment and judgment involved.• Evaluate and test the design and operating effectiveness of selected controls over the initiation, authorization, processing, recording and reporting process activities.• Examine the City-prepared calculation of deferred revenue balance and vouch receipts and expenditures on a sample basis. As part of our testing, we ensure recognition of revenue is based on project spending in accordance with the purpose of the obligatory reserve.• Recalculation of interest allocation.• Inquire with management if there were any concessions given to developers and perform audit procedures on the financial reporting impact, if relevant.Audit approachAreasRisk due to errorBaseBaseHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 19 of 55 16© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Other risks of material misstatementEmployee future benefits (EFBs)Risk of material misstatement related to accuracy and valuation of the estimate involved in employee future benefits.Involvement of management’s third party expert, the actuary, as well as KPMG’s specialists.• Reliance on actuaries engaged by the Town; update our understanding of the activities over the quality of information used, the assumptions made, the qualifications, competence and objectivity of the preparer of the estimate, and the historical accuracy of the estimates.• Assess method, data, and assumptions used by the actuary and management in the calculation of the EFB liability for reasonableness.• We will perform audit procedures in accordance with the relevant auditing standards and related disclosure requirements for the estimates involved.• Communicate with actuaries and test HR data provided to the actuaries, as applicable.• Evaluate financial statement disclosures in accordance with PSAS.Expenses – salaries and benefitsRisk of material misstatement related to accuracy and occurrence of expenses.• Test and evaluate the design and operating effectiveness of selected controls over payroll.• Test of employment expenses for a sample of employees by verifying payroll records to HR contracts and collective agreements.• Substantive verification and recalculation of payroll-related accruals.• Obtain new or amended collective bargaining agreements. Assess if management has evaluated these agreements for implications of retroactive application. Such retroactive application can result in additional financial obligations for the Town that are required to be reported in the financial statements.Audit approachAreasRisk due to errorBaseBaseHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 20 of 55 17© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Other risks of material misstatementAccounts payable, accrued liabilities and expensesRisk of material misstatement related to completeness of liabilities, and accuracy and occurrence of expenses.• Test and evaluate the design and operating effectiveness of selected controls over payables and procurement cycle.• Perform a search for unrecorded liabilities.• Examine significant accrued liabilities for existence, accuracy and completeness.• Perform substantive tests of details on selected non-payroll expenditures.ContingenciesRisk of material misstatement related to completeness of contingencies and corresponding disclosures.• Inspect Council meeting minutes for potential contingencies.• Direct communication with internal legal counsel (and external as necessary) to ensure that all significant contingent liabilities are appropriately disclosed and/or recorded.• Significant findings assessment with management during planning and completion stages of the audit.Consolidation (Town and All Components)Risk of material misstatement related to the accuracy and completeness of intercompany eliminations and consolidation adjustments.•Perform consolidation procedures, as required, on the entities getting consolidated, including the Aurora Public Library.•Review the eliminating entries as prepared by management for accuracy and completeness.•Review financial statement note disclosures, including the information related to the components such as Town’s share of net income, dividends, etc.Audit approachAreasRisk due to errorBaseBaseBaseHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 21 of 55 18© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Other risks of material misstatementFinancial InstrumentRisk of material misstatement related to the completeness, existence and accuracy of financial instruments• Obtain management's criteria assessment of measurement and recognition offinancial instruments that is impacting financial statements presentation and disclosures as a result of adoption of the new standard.• Obtain and review management's support for calculation and presentation of Statement of Remeasurement Gains and Losses.• Review the presentation of Financial instruments in the financial statements and ensure that the financial statements include appropriate note disclosure.Asset retirement obligationsRisk of material misstatement related to the completeness, existence and accuracy of asset retirementobligations.• Obtain management's final assessment of ARO, including support for the calculation of any recorded liability related to future costs associated with legal obligations that will be incurred upon retirement of a controlled tangible asset.• Obtain an understanding of the activities performed by management to identify the legal obligations associated with retirement of tangible capital assets. Ensure that all of the recognition criteria have been met to recognize an ARO in the financial statements.• Review the costs that have been included in ARO liability based on information available to management and provided by any external experts.• Review any changes made to assumptions / estimates in the original determination of assets retirement obligations• Review any additions / disposals during the year of assets identified as having ARO’s• Review the presentation of ARO in the financial statements and ensure that the financial statements include appropriate note disclosure.Audit approachAreasRisk due to errorBaseBaseHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 22 of 55 19© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Required inquiries of the Audit CommitteeInquiries regarding risk assessment, including fraud risks• What are the Audit Committee’s views about fraud risks, including management override of controls, in the Town? And have you taken any actions to respond to any identified fraud risks?• Is the Audit Committee aware of, or has the Audit Committee identified, any instances of actual, suspected, or alleged fraud, including misconduct or unethical behavior related to financial reporting or misappropriation of assets? • If so, have the instances been appropriately addressed and how have they been addressed?• How does the Audit Committee exercise oversight of the Town’s fraud risks and the establishment of controls to address fraud risks?Inquires regarding related parties and significant unusual transactions• Is the Audit Committee aware of any instances where the Town entered into any significant unusual transactions? • What is the Audit Committee’s understanding of the Entities’ relationships and transactions with related parties that are significant to the Town?• Is the Audit Committee concerned about those relationships or transactions with related parties? If so, the substance of those concerns?• Is the Audit Committee aware of tips or complaints regarding the Town’s financial reporting (including those received through the Committee’s internal whistleblower program, if such programs exist)? If so, the Audit Committee’s responses to such tips and complaints?Inquiries regarding company processesHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 23 of 55 20© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Key milestones anddeliverables• Debrief prior year with management• Kick-off with management• Planning and initial risk assessment procedures, including:• Involvement of others• Identification and assessment of risks of misstatements and planned audit response for certain processes• Obtain and update an understanding of the Entity and its environment• Inquire of the Audit Committee, management and others within the Entity about risks of material misstatementOct 2025Planning & RiskAssessment• Evaluate the Entity’s components of internal control, other than the control activities component• Perform process walkthroughs for certain business processes• Identify process risk points for certain business processes• Complete initial risk assessment• Communicate audit plan• Identify IT applications and environmentsOct-Nov 2025Risk assessment & Interimwork• Interim timeline: Nov 10 to Nov 21, 2025• Perform process walkthroughs for business processes• Evaluate D&I of controls for remaining business processes• Complete interim data extraction and processing activities• Perform interim substantive audit procedures• Provide update on audit progressNovember 2025Interimwork• Complete year-end data extraction and processing activities• Perform remaining substantive audit procedures• Evaluate results of audit procedures, including control deficiencies and audit misstatements identified• Assess financial statement disclosures• Present audit results to Council and perform required communications• Issue audit report on financial statements• Closing meeting with Board• Issue audit reports on financial statementsApr-June2025Final Fieldwork &ReportingHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 24 of 55 21© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Our commitment to delivering audit qualityKPMG is committed to fulfilling our public interest role in providing robust assurance that can benefit investors and other stakeholders. Businesses are integrating technology in ways once unimaginable. Geopolitical changes and inflationary pressures continue to drive uncertainty, and businesses need to take action to respond to societal threats like climate change.The pace and scale of change only strengthens our resolve to ensure the quality, consistency and adaptability of our services are fit for this new future. Audit and assurance quality remains the highest priority at KPMG. Through sustained innovation, we aim to consistently deliver superior audit quality. Across the global organization:• KPMG firms have implemented a consistent risk-based approach to our system of quality management to drive audit and assurance quality, enabling us to meet the requirements of the International Standard on Quality Management 1 (ISQM 1).• We are utilising powerful technologies on audit and assurance engagements, including artificial intelligence, and leveraging our alliances with technology leaders such as Microsoft to further enhance quality and provide even more value through deeper analysis of businesses, no matter their size.• We believe the same level of rigour, quality, consistency and trust that is applied to financial statement information by companies should also apply to ESG reporting. Therefore, across the global organization we have deployed an assurance methodology, KPMG Clara workflow and learning tools to upskill and build teams to provide assurance on ESG reporting that helps our clients build a moresustainable future.We encourage you to read our Transparency Report to learn more about our system of quality management and our firm’s statement on the effectiveness of our SoQM: We define ‘audit quality’ as being the outcome when:• audits are executed consistently, in line with the requirements and intent of applicable professional standardswithin a strong system of quality management; and • all of our related activities are undertaken in an environment of the utmost level of objectivity, independence, ethics andintegrity. KPMG Canada Transparency ReportHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 25 of 55 22© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. How do we deliver audit quality?Doing the right thing. Always.Quality essentially means doing the right thing and remains our highest priority. Our Global Quality Framework outlines how we deliver quality and how every partner and staff member contributes to its delivery.The drivers outlined in the framework are the ten components of the KPMG System of Quality Management (SoQM). Aligned with ISQM 1/CSQM 1, our SoQM components also meet the requirements of the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (IESBA) and the relevant rules of professional conduct / code of ethics applicable to the practice of public accounting in Canada, which apply to professional services firms that perform audits of financial statements. Our Transparency Report includes our firm’s Statement on the Effectiveness of our SoQM.We define ‘audit quality’ as being the outcome when:•audits are executed consistently, in line with the requirements and intent of applicable professional standardswithin a strong system of quality management; and •all of our related activities are undertaken in an environment of the utmost level of objectivity, independence, ethics andintegrity. KPMG Canada Transparency ReportHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 26 of 55 23© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG Audit• Methodology aligned with professional standards, laws and regulations• Standardised methodology and guidance• Deep technical expertise and knowledge• Quality and risk management policiesGlobally consistent audit and assurance methodology and toolsAs a scalable, intuitive cloud-based platform, KPMG Clara is driving globally consistent execution across all KPMG member firms. It enables delivery of KPMG audit and assurance methodologies through data-enabled workflows, which align with the applicable audit and assurance standards and provide an improved experience to audit and assurance professionals.• Meeting the applicable standards, including International Standards on Auditing (ISA), standards issued by the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) –supplemented by KPMG firms to comply with additional local auditing standards and regulatory or statutory requirements.• Identifying risks of material misstatements and the necessary audit response.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 27 of 55 24© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. AppendicesDInsightsBNew accounting standardsCNew auditing standardsARegulatory communicationsFClimate riskETechnologyETechnologyGMunicipal Government Service OfferingsHUnleashing tomorrow- today with AIICyber SecurityJAudit TechnologyKContinuous EvolutionHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 28 of 55 25© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix A: Regulatory communicationsThe reports available through the following links were published by the Canadian Public Accountability Board to inform Audit Committees and other stakeholders about the results of quality inspections conducted over the past year:• CPAB Regulatory Oversight Report: 2022 Annual Inspections Results• CPAB Audit Quality Insights Report: 2023 Interim Inspections Results• CPAB Regulatory Oversight Report: 2023 Annual Inspections Results• CPAB Audit Quality Insights Report: 2024 Interim Inspections Results• CPAB Regulatory Oversight Report: 2024 Annual Inspections ResultsCPAB communication protocolHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 29 of 55 26© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. AppendixB: Newaccounting standardsStandard Summary and implicationsConcepts Underlying Financial Performance• The revised conceptual framework is effective for fiscal years beginning on or after April 1, 2026 (the Town’s December 31, 2027 year-end) with earlier adoption permitted.• The framework provides the core concepts and objectives underlying Canadian public sector accounting standards.• The ten-chapter conceptual framework defines and elaborates on the characteristics of public sector entities and their financial reporting objectives. Additional information is provided about financial statement objectives, qualitative characteristics and elements. General recognition and measurement criteria, and presentation concepts are introduced.Financial Statement Presentation• The proposed section PS 1202 Financial statement presentation will replace the current section PS 1201 Financial statement presentation. PS 1202 Financial statement presentation will apply to fiscal years beginning on or after April 1, 2026 (the Town’s December 31, 2027 year-end) to coincide with the adoption of the revised conceptual framework.Early adoption will bepermitted.• The section includes thefollowing:• Relocation of the net debt indicator to its own statement called the statement of net financial assets/liabilities, with the calculation of net debt refined to ensure its original meaningis retained.• Separating liabilities into financial liabilities and non-financial liabilities.• Restructuring the statement of financial position to present total assets followed by total liabilities.• Changes to common terminology used in the financial statements, including re-naming accumulated surplus (deficit) to net assets (liabilities).• Removal of the statement of remeasurement gains (losses) with the information instead included on a new statement called the statement of changesinnet assets (liabilities). This new statement would present the changes in each component of net assets (liabilities), including a new component called“accumulatedother”.• A new provision whereby an entity can use an amended budget in certain circumstances.• Inclusion of disclosures related to risks and uncertainties that could affect the entity’s financial position.26HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 30 of 55 27© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix B: New accounting standards continuedStandard Summary and implicationsEmployee benefits• The Public Sector Accounting Board has initiated a review of sections PS 3250 Retirement benefits and PS 3255 Post-employment benefits, compensated absences and termination benefits.• The intention is to use principles from International Public Sector Accounting Standard 39 Employee benefits as a starting point to develop the Canadian standard.• Given the complexity of issues involved and potential implications of any changes that may arise from the review of the existing guidance, the new standards will be implemented in a multi-release strategy. The first standard will provide foundational guidance. Subsequent standards will provide additional guidance on current and emerging issues.• The proposed section PS 3251 Employee benefits will replace the current sections PS 3250 Retirement benefits and PS 3255 Post-employment benefits, compensated absences and termination benefits.• This proposed section would result in public sector entities recognizing the impact of revaluations of the net defined benefit liability (asset) immediately on the statement of financial position. Organizations would also assess the funding status of their post-employment benefit plans to determine the appropriate rate for discounting post-employment benefit obligations.• Final approval of the standard is expected in Spring 2026, with an effective date of April 1, 2029 (the Town’s December 31, 2030 year-end).27Standard Summary and implications2024-2025 Annual Improvements to Public Sector Accounting Standards• The Public Sector Accounting Board has issued an exposure draft proposing terminology updates and amendments to align various sections of the PSA Handbook with PSAB’s Conceptual Framework and Reporting Model.• The comment period is closed. Final amendments are expected to be issued in November 2025, with an effective date of April 1, 2026 (the Town’s December 31, 2027 year-end) HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 31 of 55 28© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix B: Changes in accounting standards continuedStandard Summary andimplicationsTangible Capital Assets• The Public Sector Accounting Board has issued amendments to Section PS 3150 in May 2025 as part of implementing its Government Not-for-Profit Strategy, which incorporates the PS 4200 series into public sector accounting standards with potential customizations.• The amendments add:• a new criterion to the definition of a tangible capital asset;• a new definition of a collection;• new disclosure requirements for works of art, historical treasures and/or collections;• new guidance for situations where an entity purchases a tangible capital asset at substantially below fair value; and• new guidance for situations where an entity receives contributed materials and/or labour when constructing or developing a tangible capital asset• For public sector entities that have not applied the PS 4200 series, the amendments to this Section are effective for fiscal periods beginning on or after April 1, 2030 (the Town’s December 31, 2031 year-end).• The amendments would be applied retroactively with restatement of prior periods except for the amendments related to purchases of tangible capital assets at substantially below fair value and including in the cost of a constructed or developed tangible capital asset, the contributed materials and/or labour, which are applied only to new transactions or events from the date of changeElevation of GAAP Designation of Application Guidance• The Public Sector Accounting Board has issued amendments to elevate the level of generally accepted accounting principles (GAAP) designated for four CPA Canada Public Sector Accounting Handbook Appendices (i.e., what level of GAAP an appendix comprises)• The GAAP designation level (i) per GAAP hierarchy in paragraph 03(d) of Section PS 1150, Generally Accepted Accounting Principles has been specified and paragraphs renumbered as AG.02, AG.02, etc. for four application guidance appendices:• Appendix A to Section PS 3400, Revenue;• Appendix B to Section PS 3410, Government Transfers;• Appendix A to Section PS 3450, Financial Instruments; and• Appendix A to Section PS 4270, Disclosure of Allocated Expenses by Not-for-Profit Organizations.• The elevation of the GAAP designation of these four application guidance appendices is effective for fiscal years beginning on or after April 1, 2026(the Town’s December 31, 2027 year-end).HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 32 of 55 29© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix B: Changes in accounting standards continuedStandard Summary andimplicationsLessee Accounting for Operating Leases of Tangible Capital Assets• The Public Sector Accounting Board has issued the following amendments to PSG-2, Leased Tangible Capital Assets • deleted an outdated cross-reference to Section 3065, Leases in former Part V of the CPA Canada Handbook – Accounting, pre-changeover accounting standards, in Appendix A to PSG-2, Leased Tangible Capital Assets;• renamed Appendix A as the glossary is no longer identified as an appendix, consistent with other glossaries in the PSA Handbook;• added paragraphs PSG-2.4A-4C of to set out minimal requirements for lessee accounting for operating leases of tangible capital assets; and• replaced the deleted cross-reference in the appendix with a reference to new paragraphs PSG-2.4A-4C• These changes do not comprise a change in practice and are effective immediately.Intangible Assets, Proposed Section 3155• The Public Sector Accounting Board has issued an exposure draft proposing a new intangible assets standard that will replace Public Sector Guideline (PSG) 8, Purchased Intangibles. • The proposed standard provides foundational guidance on intangible assets including the definition, recognition, measurement and required disclosures of intangible assets. • The proposed standard covers both acquired and internally generated intangible assets.• PSG-8 content has been incorporated into the new section, ensuring continuity of recognition for purchased intangibles. • The scope of the proposed standard excludes intangible assets addressed in other Sections of the PSA Handbook, as well as other intangible items such as exploration and extraction costs for non-renewable resources or intangible assets related to insurance contracts.• In alignment with PSAB’s international strategy, the proposed guidance leveraged principles from the existing International Public Sector Accounting Standard (IPSAS) 31, Intangible Assets.• The comment period is closed and under review.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 33 of 55 30© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix C: Newly effective and upcoming changes to auditing standardsISA 700/CAS 700Forming an opinion and reporting on the financial statementsSummary of Changes: New requirements for the auditor to publicly disclose when the auditor applied independence requirements specific to audits of financial statements of certain entities WHEN the ethical requirements require public disclosure. Effective for periods beginning on or after December 15, 2024ISA 260/CAS 260Communications with those charged with governanceSummary of Changes: New requirements for the auditor to communicate: • about the relevant ethical requirements, including those related to independence, that the auditor applied to the audit of the financial statements; and • any enhanced independence requirement that the auditor applied specific to the audit of financial statements of certain entities. HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 34 of 55 31© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix D: Audit and assurance insightsKPMG Audit & Assurance InsightsCurated research and insights for audit committees and boards.Board Leadership CentreLeading insights to help board members maximize boardroom opportunitiesCurrent DevelopmentsSeries of quarterly publications for Canadian businesses including Spotlight on IFRS, Canadian Assurance & Related Services, Canadian Securities Matters, and US Outlook reports.Audit Committee Guide – Canadian EditionA practical guide providing insight into current challenges and leading practices shaping audit committee effectiveness in Canada.Sustainability ReportingResource centre on implementing the new Canadian reporting standardsIFRS Breaking News A monthly Canadian newsletter that provides the latest insights on accounting, financial reporting and sustainability reporting.Our latest thinking on the issues that matter most to Audit Committees, board of directors and management.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 35 of 55 32© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix E: Our technology storyA betteraudit experienceStreamlined client experienceAnd deeper insights into your business, translating to a better audit experience.SecureA secure client portal provides centralized, efficient coordination with your audit team.Intelligent workflowAn intelligent workflow guides audit teams through the audit.Increased precisionAdvanced data analytics and automation facilitate a risk-based audit approach, increasing precision and reducing your burden.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 36 of 55 33© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix F: Climate risk in the financial statementsHow might climate-related risks impact the financial statements?AssetsConsider the useful lives and residual values of PP&E and intangible assets, cash flow projections used for impairment testing of non-financial assets, and the potential impacts on inventories.01LiabilitiesConsider the recognition of environmental and decommissioning obligations, accounting for emissions or ‘green’ schemes, impact on employee-benefit arrangements, and restructuring provisions.02BorrowersConsider the accounting for different forms of government assistance, potential for embedded derivatives in green bonds, lease of green technology, impacts of leasing polluting assets.03LendersConsider how climate-related risks impact operating and financing leases, the potential impact on expected credit losses, and whether green loans meet the solely payments of principal and interest (SPPI) criterion.04All entities are facing climate-related risks and opportunities –and are making strategic decisions in response. The impacts ofclimate-related risks in the financial statements are broad, potentially complex and will depend on industry-specific risks.DisclosuresConsider the impact on the going concern assessment and related disclosures and whether the impacts of climate-related matters have been disclosed clearly.05See here for more informationHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 37 of 55 34© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix F: Climate risk in the financial statements (Continued)How might climate-related risks impact the financial statements?All entities are facing climate-related risks and opportunities –and are making strategic decisions in response. The impacts ofclimate-related risks in the financial statements are broad, potentially complex and will depend on industry-specific risks.See here for more information01Long-lived assets02Leases03Impairment of nonfinancial assets04Financial instruments05Contingencies and insurance06Revenue and inventories07Compensation and benefits08Income taxes09Acquisitions and restructuring10Fair value measurement and projections11Presentation and disclosureHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 38 of 55 35© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix F: Greenwashing and Bill C-59: Key Facts & ConsiderationsCompetition ActBill C-59 came into force on June 20, 2024. PenaltiesPenaltiescan range up to three times the value of the benefit derived from the claim, or 3% of the company’s global annual gross revenue, whichever is greater.ScopeBill C-59 includes prohibitions relating to:1. Environmental claims re: products or services E.g. Low carbon fuels2. Social claims re: products or services E.g. Indigenous Reconciliation; diversity, equity and inclusion (DEI); responsible supply chain / modern slavery3. Environmental claims relating to a company E.g. Net-zero or Carbon-Neutral4. Burden of proof on companies:•Environmental / Social product or service claims: “adequate and proper test”• Company / Brand claims: in accordance with an “internationally recognized methodology” Key ConsiderationsAssess your ability to substantiate environmental or social claims about your products, services and business by considering:• What claims do we make that are specific to the company, brand or its products and services?• What methodologiesdo we use to calculate emissions or other environmental and social effects?• Is our net-zero plan realistic, operationally feasible, and can it be validated or proven?• Have we allocated appropriate resources and personnel to our ESG initiatives?Key FactsHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 39 of 55 36© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix F: Bill C-59: Key Facts & Considerations Assess• Identify and review ESG communications (ESG report, website, social media, press releases etc.)• Assess ESG communications (product, service and company claims) against legal requirements• Develop recommendations and action plans to mitigate ESG legal risk Substantiate• Analyze the feasibility of ESG targets and initiatives from technical, financial, commercial and regulatory perspectives• Develop comprehensive plans to ensure effective implementation of ESG initiatives• Establish metrics and manage ESG data to track performance and potential risksImplement• Prepare for new and emerging risks and requirements• Enhance ESG reporting governance, processes and controls • Incorporate ESG legal risk considerations into enterprise risk management program In case you missed our recent webinar on this topic:• Webinar recordingand slidesHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 40 of 55 37© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix F: Frequently Asked QuestionsWhen is Bill C-59 in force?The section specific to greenwashing (s. 236 of Bill C-59 and Subsection 74.01(1) of the Competition Act) came into force upon receiving Royal Assent on June 20, 2024. There is a one-year grace period against private rights of action with respect to s. 74.01(1). Although the Bureau has the authority to take enforcement action sooner, according to witness testimony, it is unlikely to do so prior to issuing guidelines following consultation. Some suggest this may occur in January 2026.Can the Bureau investigate complaints retroactively (claims made before the Amendment comes into force)? Not easily. There is a safeguard in the proposed bill, called the public interest ‘leave test’ (103.1 of the Act). The Tribunal will have to decide whether the case has merit (is in the public’s interest) and requires investigation retroactively.What does “adequate and proper test” and “internationally recognized methodologies” mean? This is yet to be determined, and it is not defined in the Bill or the Act. This is something the Bureau has committed to define following consultation and further research. Importantly, the Senate Committee believes that the analysis should also include federal and other Canadian best practices, such as those set by Environment and Climate Change Canada.What corporate documents and communications does this affect? The Act applies to performance claims about a service, product or business interest including “any form of statement, warranty or guarantee of a product’s performance, efficacy or length of life.” which make take the form of “messages, pictures, or verbal communications, including online and in-store advertisements, social media messages, promotional emails”. The Act does not apply in the case of collective bargaining, amateur sports, securities underwriting, or activities subject to other federal or provincial legislation. The Canadian Securities Administrators may provide guidance and national instruments related to greenwashing in securities disclosures.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 41 of 55 38© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix G: Municipal Government Service OfferingsOverview KPMG’s Governance, Risk and Compliance services team has vast experience working with clients across the municipal government sector, assessing organizations risk management, internal control and governance processes and providing value adding insight across our municipal government clients. KPMG has a successful track record and are the leading service provider of municipal government services across a variety of audit areas including operations, finance, service delivery reviews, cyber security and HR. KPMG also provides full outsourced and co-sourced audit services to a number of municipalities, helping clients to identify more efficient and effective ways of delivering their services and streamlining costs. Below we have provided further details of our service offerings to municipalities. ExperienceKPMG brings a wealth of practical experience delivering services to municipal government clients. We have listed some example audited areas below.•Absence Management•Cyber Security•Insurance•Real Estate•Accounts Payable•Enforcement•IT Governance•Reserves•Accounts Receivable and Cash Handling•Facility Management•Overtime•Recruitment and Retention•Asset Management•Fleet Inventory•Parks and Recreation•Remuneration•By-Law Compliance•Fleet Management•Physical Security•Snow Clearing•Councillor Budgets•Health and Safety•Procurement•Support FunctionsClient listWe are the leading municipal government advisor in Ontario in relation to internal audit, compliance, service delivery and process reviews. We have shown below a summary of the municipalities we have provided services to. HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 42 of 55 39© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix G: Municipal Government Service Offerings (Continued)Review areasBelow we have shown an examples of the types of reviews we have conducted through our work with Ontario MunicipalitiesAdditional ServicesInternal Audit reviews • Review of the design and operation of key business controls• Identifying recommendations to improve and optimize the control environment• Using data analytics and visualization to test large data sets• Examples include AP, cash handling and Fleet InventoryService delivery/process reviews• Review of the operational efficiency and effectiveness of a service area• Using lean methodologies to identify more efficient and effective ways of delivering services.• Creation of process maps and identification of opportunities to streamline processes and create cost savings• Examples include Snow Clearing, Parks & Recreation and SecuritySpecialist reviews• Using specialist KPMG resources to provide assurance and recommendations across specialist service areas• Using best practice methodologies and frameworks to provide value adding insights and recommendations• Examples include, Cyber Security, IT Risk Assessments, Facilities and Real Estate Control Testing AnalysisProcess Flow ChartsOpportunity ScorecardHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 43 of 55 40© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Service Profiles Data Analytics BenchmarkingE.g. We use service profiles as part of our organizational service delivery reviews across areas such as roads, parks, IT and finance. These show the key staffing and budget requirements, service levels, activity, metrics and improvement opportunities. E.g. We used data analytics to plot complaints received relating to snow clearing, showing the types of complaints received and their geographic locations. This enabled the organization to track complaints more proactively and follow up on any hotspot areas.E.g. We used benchmarking to provide comparable analysis on how security services are provided, including costs to deliver services, types of services, staffing levels and service delivery models. Appendix G: Municipal Government Service Offerings (Continued)Additional ServicesAdditional ServicesHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 44 of 55 41© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix H: Unleashing tomorrow -today with AITurn AI into a cornerstone of sustainable, competitivegrowth.A comprehensive business strategy can seamlessly intertwine technology with your business’s goals, transform AIfrom a concept into a key driver of your objectives, strategy andROI.It's not just about tech; it's about people, striving to ensure smooth transitions and unlocking humanpotential alongside AI innovations.This holistic approach can extend to governance, supply chain, data analytics, implementation and more, solidifyingyour operations against future challenges.Assessing opportunities Seek tounderstandhow AI can impact ordisrupt your businessand what the existingopportunities are.ScalingAI initiativesScaling up existing AI projects,aligned to the overall business strategy to help ensure success.Competitive edge Staying competitive in a rapidly evolving market where AI is disrupting business operations is key.ExecutivetrainingEvolving theoperatingmodel(Technology)ImplementingsolutionsBusiness strategy –AIdisruptionOptimizing datastructureMaximizing Microsoft CopilotintegrationGoverning and managingriskBrighter business intelligence, powered byAIYour company's strategy and business intelligence are at the heart of your businessdecisions.It should be intimately linked to your artificial intelligence (AI) strategy, efforts, andgoals.Explore andtestHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 45 of 55 42© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix H: Unleashing tomorrow -today with AI (Continued)4 key phases of a successful AIstrategy0304Understand01Hyper DiagnosticDemonstrate the ”art of the possible” and the currentAIlandscape, explore diverse use cases, and assesspeer adoption.AI readiness assessmentDeploy AI readiness assessment to ensure thecompany is prepared from a tech, data, governance and people perspective.Perspective on AI strategyAssess AI's disruptive potential across core and support functions,demonstrateits impact on operations and costs, and establish an initial AI strategy aligned with companypriorities.Design02Risk AssessmentDiscuss the potential risks and opportunitiesassociatedwith the key scenarios.Opportunity assessmentPinpoint quick wins, evaluating their potentialbenefits,and conduct a high-level feasibilityassessment.Present available subsidy and grant options for relevant AI projects.InitiateStakeholder involvementProvide recommendations for engaging internal stakeholdersand collect insights on AI adoption throughout the company'svalue chain.Financial implications and opportunity validation Quantify the impact of various AI scenarios, calculatingROI. Identify and engage necessary people, processes, and technologies for execution.Strategic roadmapCreate a concise strategic plan, encompassing vision, values, competitive advantage, key initiatives, and a roadmap with resource allocation andKPIs.OperationalizeTransform technology services with generative AI Assessment of current IT capabilities and the foundations necessary for the implementation of the selectedgenerative AI solutionsDefine the IT delivery model forsolutions.Enterprise architecture adapted toAISupport for the integration of Gen AI into theenterprisearchitecture and into the organization'sroadmap.Define a Target OperatingModelOrchestrate business capabilitiesOrchestration of all business practices and underlyingIT capabilities necessary foroperationalization.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 46 of 55 43© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix H: AI Education and Training for executives & boardsEmbrace the future with AI, the driving force of the new economy, set to help transform your business model. This transformative power can drive your organization’s position in the market. Consider the impending changes and strategize for the years ahead, helping to ensure a seamless and secure integration of this groundbreaking technology.A first step in the adoption of AI in yourbusinessImplementing generative AI starts with your business priorities, supported by executive and board engagement to drive a transformation aligned with your corporate ambitions.• Presentation to various executive committees• Presentation to the Board of Directors• Role and responsibilities around AI as a board member and executive• Workshop on concrete business potential• AI strategic planAI strategy and valueUse case developmentImplementAIsolutionsChange starts withyouoforganizations plan to adoptgenerative AI within 6 to 12 months*.Executive and board trainingDiscover the commercial and competitive potential of working with AI03Learn how to manage AI risk and governance as a business leader04Identify your productivity and automation challenges and take corrective action05Redefine your business model holistically06Foster a continuous learning culture and manage change for successful AI implementation02Understand the impact and trends of generative AI adoption in your organization and industry0160%*KPMG survey of 300 executives on generative AI, March 2023Governing and managing risk (Trusted AI)Workforce transformation and adoptionAI Data & Cloud infrastructureHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 47 of 55 44© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix H: AI Education and Training for executives and boards (Continued)A three-part trainingprogram Discover real-life uses of generative AI, tailored to your business sectorTechnology demonstrations• See the impact of generative AI on the future of your organization through concrete, contextualized demonstrations• Assess the potential benefits for yourorganizationUpdated overview of this fast-paced technology• Learn what is new in the world of AI • Explore industry-specific use cases that could benefit your organization• Manage AI risk and governance adequately200+Professionals dedicated to generative AI recognized for their technical skills and innovative strategic vision.800+Tailor-made use cases for all business sectors.KPMG, a leader in generativeAIBrainstorming workshops• Identify organizational priorities for AI adoption and how to prepare your teams for changeupstream• Educate and empower key stakeholders to drive AI strategy and the governance framework at the executive level50+Board and executive education and training sessions delivered in the last year. Our team understands the challenges you face as an executive or board member and can help you build confidence and accelerate the value AI can bring to your business.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 48 of 55 45© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix I: Cyber Security Municipalities in thenews© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independentKPMGConfidentialHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 49 of 55 46© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix I: How can a cyber attack impactyou?AssociatedCostsOrganizational DisruptionTechnology is a main enablement tool used in our cities, many core services rely on technology to deliver services.When access to technology is disrupted it can have severe impacts to public services, emergency services, infrastructure and sensitive information.Cyber incidents have a variety of costs associated with recovery, which include:• Ransom Payments• System Restoration• Security Upgrades• Legal & ProfessionalServices• Follow-on Monitoring• Loss of Revenue• Financial Fraud/TheftThese costs start to balloon quickly and can have long lasting effects.Reputational Damage& Residents ImpactA cyber incident can cause significant reputational damage to a town, leading to a loss of trust among residents and potential investors, which can indirectly impact the town's financial health. For residents, the breach of their personal information can lead to a loss of confidence in the town's ability to protect their data, potentially resulting in decreased use of town services that require personal information.46HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 50 of 55 47© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix I: What is a cyber resilientorganization?What is a cyber resilient municipality?PreparationThis involves understanding your organization’s risk profile, identifying business critical assets, and developing a comprehensive cybersecurity strategy. It includes training employees on cybersecurity best practices and implementing robust security measures where possible.ProtectionThis entails implementing measures to prevent cyber attacks. It includes maintaining up-to-date security software, regularly patchingvulnerabilities, and controlling access to sensitive information. Protecting your organization requires cybersecurity to be a part of all business conversations.DetectionThis includes continuously monitoring systems and networks for signs of a cyber attack. It calls for the use of security tools, conducting regular security audits and making consistent updates to improve detectioncapabilities.Response &RecoveryThis consists of having a plan in place to respond to a cyber attack and recover from it. It is made up of incident respond planes, disaster recovery plans, and business continuity plans. These plans should be regularly tested and improved upon.01020347Risk PrioritizationTo be a cyber resilient municipality, you must be able to prioritize your resources to address the risks that threaten you. To prioritize risks, you must understand all the risks currently facing your organization.Implement the BasicsImplementing basic cyber security practices like training, maintaining security software, regularly patching and multifactor authentication can be cost effective ways to dramatically improve cybersecurity resilience.Defence in DepthThis is a crucial strategy for municipalities as it reduces the risk of a single point of failure, enhances efficiency in threat detection and response, increase resilience to attacks, and provide protection against advanced cyber threats.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 51 of 55 48© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix I: Steps to building cyberresilience4 – Increase ResilienceIncreasing resilience and developing business continuity is an important part of building cyber resilience. It ensures uninterrupted business operations even in the face of cyber threats and allows organizations to quickly recover from cyber incidents, minimizing downtime and associated costs. Furthermore, a robust business continuity plan demonstrates an organization's commitment to security, which can enhance its reputation among stakeholders.2 – Test your TechnologyTesting technology is crucial for building cyber resilience as it helps identify potential vulnerabilities and weaknesses in the system that could be exploited by cyber threats. It also allows organizations to evaluate the effectiveness of their current security measures and protocols. By testing your technology, you can deepen the understanding of risks your organization faces and perform ongoing risk management. Theses tests allow for an unbiased look at your infrastructure and contribute to a proactive prevention of unauthorized users.3 – Validate ResponseValidating response efforts is a crucial part of building cyber resilience as it ensures that the organization's incident response plan is effective and efficient. It allows for the identification of any gaps or weaknesses in the response strategy, enabling improvements to be made. Furthermore, it provides an opportunity for staff to practice and refine their skills in a controlled environment, enhancing their readiness for real cyber incidents.Cyber Resilience48The following principles serve as the bedrock for establishing a continuous lifecycle that fosters cyber resilience. These principles provide a consistent framework of actions to progressively build and enhance cyber resilience.1 – Understand Current StateTo build a robust cyber resilience framework, it is imperative to start with a comprehensive understanding of your current cybersecurity status. This includes an evaluation of the protective measures already implemented, identification of critical assets, understanding the policies and procedures that regulate your operations, and an assessment of system vulnerabilities. By gaining these insights, you can make risk informed decisions that protect your organization and efficiently allocate the resources available.HighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 52 of 55 49© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. Appendix J: Expanding the use of audit technologyAnalytics• AI Transaction Scoring• Audit Routine Catalogue• Data Visualization• Group Scoping Tool• Matching Routines• Process Mining Analytics• KPMG Forecast Analytics SuiteAutomation• Automated Industry Routines• Confirmation• Data Extraction Scripts• DataShare• DataSnipper• Inventory Counter App• iRadar and iNav• Offset RemoverCollaboration•DocuSignn• KPMG Clara for ClientsWorkflow• KPMG Clara Workflow• Account Analysis•Journal Entry Analysis• Planning AnalyticsHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 53 of 55 50© 2025 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. StandardizationEnhanced audit qualityData and techenablementCenter forAudit SolutionsNext-genauditorMethodology and ApproachQuality Management SystemExceptional experiencesIncreased efficiencyOur investment: $5BWe are in the midst of a five-year investment to develop our people, digital capabilities, and advanced technology.Responsive delivery modelTailored to you to drive impactful outcomes around the quality and effectiveness of our audits.Result: A better experienceEnhanced quality, reduced disruption, increased focus on areas of higher risk, and deeper insights into your business.CentralizationAutomationAppendix K: Continuous evolutionHighlightsRisk AssessmentAppendicesAudit StrategyAudit QualityKey milestones and deliverablesGroup Audit - ScopingPage 54 of 55 © 2024 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global RUJDQL]DWLRQkpmg.caPage 55 of 55