What are Group Audits and how might they affect my audit?
Under ISA 600, Group Auditors are obliged to fulfil audit obligations with regard to its components: which basically means to review the audit files of the auditors of significant components (for instances, per UK FRC Staff Guidance Note 02/2018 on this subject).
The file review generally focuses on specific risks as well considering the planning, performance and completion of the audit (in accordance with review checklist).
We were engaged 5 times this year so far, by foreign Group Auditors not part of any integrated Networks and Associations because they were considering the most cost-effective approach that was for them to delegate the review to a local French auditor like our firm.
The principle is that the group auditor takes full responsibility for the audit of the consolidated annual financial statements. The auditor’s duties are prescribed by the International Standard on Auditing 600, “Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors”, which requires the auditor to obtain sufficient appropriate audit evidence regarding the financial information of the components and the consolidation process to express an opinion.
The standard also deals with acceptance of group engagements, risk assessment, etc. but, simplistically, some of the steps in achieving the above objective are to:
- Define all the components in the group. These components don’t have to be legal entities on their own, they could be branches, divisions, subsidiaries – any component that prepares its own financial information that is included in the group statements.
- Identify “significant” components. These could either be components that are of individual financial significance to the group, or that, due to their specific nature or circumstances, are likely to include significant risks of material misstatement.
- For significant components, ensure that a complete audit is performed on those financial statements. If the annual financial statements are not yet audited, this means determining an amount that would be considered the material to the users of the financial statements (component materiality) and then either auditing the financial statements or having them audited by another auditor (the component auditor).
- The group auditor is also required to obtain an understanding of the component auditor, their work, independence, etc. In fact, there is meaningful communication between the group auditor and component auditors throughout the entire process, including the sharing of risks, results of procedures, weaknesses found, discussions with management, etc.
- For components in the group that are not considered significant components, the group auditor only performs analytical procedures at a group level. If sufficient information can’t be obtained from these procedures or from work done on other components of the group, further procedures may be performed, including a full audit, specific procedures, review, etc.
So it means, that these additional procedures may include:
– Increased communication. The clarified standard requires the group engagement team to communicate specific items to the component auditor and request that the component auditor also communicate with the group engagement team about certain matters (for example in sharing the Memo). Additional topics are also required to be communicated to group management or those charged with governance of the group, or both.
– Subsequent events. The group auditor must perform procedures to identify subsequent events between the date of the component auditor’s report and the date of the group auditor’s report. This often can cover a significant time period, especially when component units have different year ends. Management of the group will likely need to be involved in helping identify and coordinate this activity.
In conclusion, the important principle bears repeating –the group auditor’s opinion covers all the information, even if some of the work is actually done by component auditors. It’s all about Auditors’ responsibilities in relation to groups.