The removal of the significant versus non-significant component classification is one of the most fundamental changes to ISA 600 since its creation. For reporting periods from 15 December 2023, auditors must apply a risk-based approach to all components – no more default scoping based on significance alone. 

Auditors already performing fully risk-based component-based scoping will be well placed to transition to ISA 600 (Revised). For others, it may require a pivot to a different mindset and practical adjustments to audit planning processes.

ICAEW's Audit and Assurance Faculty has updated its guidance: Auditing Groups: A Practical Guide to ISA (UK) 600 to reflect the changes. It provides practical examples of how the new approach works in different group structures and detailed guidance on risk-assessment methodologies and component-scoping decisions. 

The guide, which ICAEW members and students can access, includes comprehensive coverage of aggregation risk assessment, materiality considerations for different component types, and documentation requirements that will help demonstrate compliance with the new standard's risk-based approach.

Why the change matters

Under the previous edition of the standard, many group auditors defaulted to predetermined scoping decisions based primarily on size thresholds. A component above a certain percentage of group assets or revenue would have a full-scope audit, while smaller components might be subject to limited procedures or analytical review only. 

The revised standard re-emphasises that material misstatements can arise from components of any size. A small overseas subsidiary operating in a high-risk jurisdiction, a newly acquired business unit with integration challenges, or a component with unique accounting complexities may pose greater risks to the group financial statements than a large but stable domestic operation.

Key risk indicators

The revised ISA 600 builds on the principles of ISA 315, which requires auditors to obtain an understanding of the entity and its environment to identify and assess the risks of material misstatement. This assessment determines the nature, timing and extent of work required, rather than fitting components into predetermined categories.

Key risk indicators that may influence component-scoping decisions include:

Component-specific risks:

• newly formed, acquired or disposed components;
• significant changes in operations;
• unusual or complex transactions; and
• components operating in higher-risk industries or jurisdictions.

Control environment:

• the degree of centralisation of processes and systems;
• variations in control design and implementation across the group; and
• the quality of management at component level.

Information quality: 

• the reliability of financial reporting processes at component level; 
• differences in accounting frameworks or policies; and 
• misstatements in previous audits.

Four practical steps for implementation

1. Start with risk assessment, not size. Begin your component evaluation by understanding the business model, operational changes, and specific risk factors affecting each component. While financial significance remains important, it should inform rather than dictate scoping decisions.
2. Develop component risk profiles. Create a structured assessment framework that captures quantitative and qualitative risk factors. This might include scoring systems for operational complexity, management quality, control environment, and past audit findings.
3. Consider aggregation risk. The new standard emphasises that smaller components may require audit procedures when risks could aggregate across multiple similar entities. If you have several small components with similar risk profiles, consider whether collective risks warrant more extensive procedures.
4. Document your rationale. With greater flexibility comes greater responsibility to explain your decisions. The audit file should clearly demonstrate how you assessed risks for each component and how planned procedures address those risks. 

Common implementation challenges

Over-reliance on quantitative factors. Firms may create new percentage-based guidelines, but scoping decisions should genuinely reflect assessed risks rather than simply replacing old thresholds with new ones.

Inconsistent application across components. Develop clear criteria and apply them consistently. Components with similar risk profiles should generally receive similar levels of attention.

Insufficient consideration of component performance materiality. The new standard may require more granular materiality decisions. Components with higher assessed risks or greater aggregation risk potentially warrant lower component performance materiality levels.

Component performance materiality in practice

Rather than, or in addition to applying standard percentages, consider factors such as:

• the number of components requiring audit procedures - more components lead to higher aggregation risk and, therefore, lower individual materiality levels;
• component-specific risk factors that might indicate a higher likelihood of misstatement;
• past experience of misstatements at component level; and
• the degree of disaggregation of significant account balances across components.

Document materiality decisions clearly, linking them to the risk assessment and explaining departures from standard firm methodologies.

Making the transition

For firms transitioning to the new approach, start by reviewing your current scoping methodology. Identify components that were previously classified as "non-significant" but may warrant additional procedures under a risk-based assessment. Conversely, some previously "significant" components may require less extensive procedures if their risk profiles are genuinely lower.

Train your teams on the new risk identification and assessment requirements. The success of risk-based scoping depends on engagement teams developing a thorough understanding of group structures, business models and component-specific risk factors.

Successfully implementing the new approach requires moving beyond mechanical rules to develop genuine risk assessment skills. While this represents a more challenging approach to group audit planning, it should result in more effective audits that direct effort where it's most needed to address real risks to the group financial statements.