ICAEW.com works better with JavaScript enabled.

Group audits

In the last issue, Andy Holton looked at how much work the group auditor needs to do when a significant component of a group is audited by another firm. This month Richard Gillin unpicks some more frequently-asked questions around ISA 600.

Q. Can I accept an appointment as a group auditor when my company does not audit many (or any) of the group components?

A.  Yes you can, providing you are comfortable with the work of the component auditors. This is a question for all auditors – ISA 600 The Audit of Group Financial Statements does not distinguish between network and non-network firms. The key is the understanding of the component auditors required by paragraph 19, which covers:

  • whether the component auditor understands and will comply with the ethical requirements relevant to the group audit – and, in particular, whether the component auditor is independent;
  • the component auditor’s professional competence; whether the group engagement team will be able to be involved enough in the work of the component auditor to get sufficient appropriate audit evidence to issue an opinion on the group accounts; and
  • whether the component auditor operates in a regulatory environment that actively oversees auditors.

Q. Is there any difference between using a network firm and an unrelated firm as a component auditor?

A. The only difference is that for a network firm the group auditor may already have a partial understanding of the other company (such as common training courses for competence or independence policies). The ISA still requires the group auditor to document their understanding, and the component auditor to acknowledge their compliance with the group auditor’s requests.

Q. What happens when component auditors’ documentation is not published in English?

A. The group auditor has to obtain sufficient appropriate audit evidence to issue an opinion on the group accounts. That does not necessarily mean that the group auditor has to be able to read every single document. If they can read the language well enough to demonstrate that they have reviewed relevant communications from the component auditor – and any documentation they need to review – that should do the job.

If not, it may be possible for the key documents to be produced in English. So consider whether any staff members have language skills and can help prepare an English summary for the group engagement partner, so they can ascertain whether the key documents are supported by the audit file.

Q. Do I need to review the component auditors’ files?

A. Paragraph 44 of ISA 600 states, “The group engagement team shall evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed on the consolidation process and the work performed by the group engagement team and the component auditors on the financial information of the components, on which to base the group audit opinion.”

This might mean obtaining copies of papers from component auditors, summary memoranda of work done, discussions or questionnaires. Paragraph 42 of ISA 600 makes clear that the group auditor evaluates communications from a component auditor (for example, a summary memo or clearance opinion), discusses significant matters as appropriate, and then considers whether it is necessary to review other parts of the component auditor’s documentation. This will, of course, be influenced by the group auditor’s assessment of risk, which may in turn depend on the significance of the component.

Q. I want to review the component auditors’ files. Can I insist they give me access?

A. The Companies Act 2006 requires auditors of UK subsidiaries to provide such information and explanations as the group auditor thinks necessary for the performance of their duties as group auditor (s499). Notable are the following points:

It does not apply to overseas subsidiaries. Section 500 of the Act requires a parent company, if requested by the group auditor, to obtain information from the auditor of a subsidiary. But as they are outside of the UK, the Act cannot force them to do anything.

Neither s499 nor s500 apply to components other than subsidiaries (for example, joint ventures and associates).
“Information and explanations” does not necessarily include a copy audit file. The law goes on to acknowledge that it may not always be legally possible to obtain copies of papers.

In situations where a component auditor is not obliged to co-operate, it may be possible to enter into a hold harmless agreement with them. The group auditor can still rely on the component auditors’ work – just at their own risk. Note that ISA 600 requires that the group auditor take sole responsibility for the group audit opinion anyway. Q. What about risk assessments?A. Paragraph 30 of ISA 600 requires that the group auditor participates in the risk assessment carried out by:

  • discussing with the component auditor or the component’s management any activities that are significant to the group;
  • discussing with the component auditor any susceptibility to material misstatement of financial information due to fraud or error; and
  • reviewing the component auditor’s documentation of identified significant risks of such misstatements.

That might be a memorandum that reflects the component auditor’s conclusion with regard to the identified significant risks.

This can be done by:

  • Arranging a call with the component auditor so that they can participate in the group audit team’s discussion of risk required by paragraph 10 of ISA 315, including consideration of fraud risk (see paragraph 15 of ISA 240) and related parties (see paragraph 12 of ISA 550).
  • Obtaining a copy of the component auditor’s audit plan. Assuming this covers both the identification of significant risks and the planned response, it will also assist with the requirement in paragraph 31 of ISA 600 to evaluate the appropriateness of the response to identified significant risks.

Doing this at the planning stage will avoid late surprises for the group auditor and group management. It may be appropriate to combine the call with a discussion of the auditor’s communication as to what they want the component auditor to do – and combining the return of a copy of the component auditors’ plan with their acknowledgement of cooperation (required by paragraph 40 of ISA 600).

Richard Gillin is director, national accounting and audit, at Deloitte

Find out more:

There is a new video on group audits as part of the professional scepticism series

The faculty plans to issue further group audits guidance this year. Please let us know if you have any specific group audit issues, either as group or component auditor, by contacting Chris Cantwell.

This article first appeared in Audit & Beyond, magazine of the ICAEW Audit and Assurance Faculty, in March 2012.