Q If we do all of the group audit ourselves rather than use component auditors, is the fact that it is a group audit relevant to us as auditors?
A In short, yes. However, the vast majority of issues that group auditors need to address will be very straightforward for you. As you have audited all group components it is very easy to satisfy yourself that you have sufficient appropriate audit evidence for the purposes of auditing the group financial statements.
What is sometimes forgotten in these situations is the documentation of the auditor’s understanding of the group and a risk assessment at group level. This is needed in addition to work on the holding company and components of the group. In this regard, auditing a group is different from auditing a number of separate companies. Looking at the big picture might reveal risks that could not be seen at component level. This would usually be documented with the audit work on the consolidation.
[This first appeared in John Selwood’s Q&As, June 2014 Audit & Beyond]
Q I am in the situation where I am the group auditor and the auditor of every group component, and the group has centralised accounting, therefore much of the testing is carried out on a group basis. If I have separate audit files for each component, do I have to put a copy of this testing on all component files or can I have a group file covering group-wide work? Would the component files be compliant if they were just cross-referenced to the group file?
A This is a common issue in the documentation of group audits. Testing on a group basis can be a very efficient way to obtain audit evidence in these situations, provided that there is commonality of systems, as there is in the group that you describe. However, care is needed to ensure that sufficient appropriate audit evidence is obtained at entity level, through the use of the auditors’ risk assessment for each separate entity and entity level materiality.
Remember the auditor has to express an opinion on each component separately as well as on the group. Where this work is documented is not really a technical issue, it is more of a practical one. Personally, I would prefer not to duplicate the group testing in component audit files. It is a waste of space – either on paper or in electronic files – and it will slow down file reviewers. Another issue that you do not mention in your question is the documentation of the work on the design and implementation of internal controls. This could be similarly documented on one file and cross-referenced.
The only possible problem that I can envisage might occur when you are required to give access to the audit files to either successor auditors or reporting accountants, on a sale.
Obviously, you should not be giving access to documentation relating to all components of the group, when only one or a number of files are relevant. Therefore, you should give some thought as to how the extraction of only relevant information might be achieved in this scenario.
[This first appeared in John Selwood’s Q&As, June 2014 Audit & Beyond]
Q If a subsidiary has a going concern issue and is reliant upon the parent for support, can a component auditor request the parent auditor to carry out any necessary audit work required?
A This is a very interesting question, because the consideration of parental support by auditors is very topical. Where parental support is needed, a letter of support, on its own, rarely constitutes sufficient appropriate audit evidence on going concern.
This is a difficult area. The limitations of letters of support are often associated with the legal case Simon Carves Limited sub nom Carillion Construction Ltd v (1) Zelf Hussain & Robert Jonathan Hunt ( joint liquidators of Simon Carves Ltd) (2) Simon Carves Ltd (In liquidation) [2013] EWHC 685 (Ch). Auditors almost always need to obtain additional evidence to support the parent’s intentions to support the component, as well as their ability to do so.
The thought of requesting assistance from the parent auditor is both obvious and sometimes difficult. Obvious, because the parent auditor has access to the relevant information and sometimes difficult because this is not part of the parent auditor’s role. The reporting lines do not flow in that direction as while the component auditor is required to report to the parent auditor, the same is not true the other way around. Also, the work routinely performed by the component auditor tends to directly relate to the requirements of the parent auditor, but the parent auditor might not routinely perform procedures that assist the component auditor in evidencing parental support.
The obvious alternative for the component auditor is to review how the component’s management consider the issue of going concern. Management are required to provide the component auditor with all of the information and explanations that they require. Component management could seek to obtain relevant information from the parent’s management, such as accounts and board minutes. The practical problem here is that management might not be much bothered by going concern issues because they are content to rely on parental support at face value. Given these potential problems, the component auditor could ask the parent auditor to assist them. But the parent auditor might be unwilling to do extra work and they might feel that reporting to the component auditor is an unnecessary burden. However, it is to be hoped that the parent auditor will empathise with the auditors of subsidiaries and the difficulties that they face, and might feel inclined to be helpful.
[This first appeared in John Selwood’s Q&As, June 2014 Audit & Beyond]
Q Can I accept an appointment as a group auditor when my company does not audit many (or any) of the group components?
A Yes you can, providing you are comfortable with the work of the component auditors. This is a question for all auditors – ISA 600 The Audit of Group Financial Statements does not distinguish between network and non-network firms. The key is the understanding of the component auditors required by paragraph 19, which covers:
- whether the component auditor understands and will comply with the ethical requirements relevant to the group audit – and, in particular, whether the component auditor is independent;
- the component auditor’s professional competence; whether the group engagement team will be able to be involved enough in the work of the component auditor to get sufficient appropriate audit evidence to issue an opinion on the group accounts; and
- whether the component auditor operates in a regulatory environment that actively oversees auditors.
[This first appeared in Q&As by Richard Gillin, director, national accounting and audit, at Deloitte, March 2012, Audit & Beyond]
Q Is there any difference between using a network firm and an unrelated firm as a component auditor?
A The only difference is that for a network firm the group auditor may already have a partial understanding of the other company (such as common training courses for competence or independence policies). The ISA still requires the group auditor to document their understanding, and the component auditor to acknowledge their compliance with the group auditor’s requests.
[This first appeared in Q&As by Richard Gillin, director, national accounting and audit, at Deloitte, March 2012, Audit & Beyond]
Q What happens when component auditors’ documentation is not published in English?
A The group auditor has to obtain sufficient appropriate audit evidence to issue an opinion on the group accounts. That does not necessarily mean that the group auditor has to be able to read every single document. If they can read the language well enough to demonstrate that they have reviewed relevant communications from the component auditor – and any documentation they need to review – that should do the job.
If not, it may be possible for the key documents to be produced in English. So consider whether any staff members have language skills and can help prepare an English summary for the group engagement partner, so they can ascertain whether the key documents are supported by the audit file.
[This first appeared in Q&As by Richard Gillin, director, national accounting and audit, at Deloitte, March 2012, Audit & Beyond]
Q Do I need to review the component auditors’ files?
A Paragraph 44 of ISA 600 states, “The group engagement team shall evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed on the consolidation process and the work performed by the group engagement team and the component auditors on the financial information of the components, on which to base the group audit opinion.”
This might mean obtaining copies of papers from component auditors, summary memoranda of work done, discussions or questionnaires. Paragraph 42 of ISA 600 makes clear that the group auditor evaluates communications from a component auditor (for example, a summary memo or clearance opinion), discusses significant matters as appropriate, and then considers whether it is necessary to review other parts of the component auditor’s documentation. This will, of course, be influenced by the group auditor’s assessment of risk, which may in turn depend on the significance of the component.
[This first appeared in Q&As by Richard Gillin, director, national accounting and audit, at Deloitte, March 2012, Audit & Beyond]
Q I want to review the component auditors’ files. Can I insist they give me access?
A The Companies Act 2006 requires auditors of UK subsidiaries to provide such information and explanations as the group auditor thinks necessary for the performance of their duties as group auditor (s499). Notable are the following points:
It does not apply to overseas subsidiaries. Section 500 of the Act requires a parent company, if requested by the group auditor, to obtain information from the auditor of a subsidiary. But as they are outside of the UK, the Act cannot force them to do anything.
Neither s499 nor s500 apply to components other than subsidiaries (for example, joint ventures and associates). “Information and explanations” does not necessarily include a copy audit file. The law goes on to acknowledge that it may not always be legally possible to obtain copies of papers.
In situations where a component auditor is not obliged to co-operate, it may be possible to enter into a hold harmless agreement with them. The group auditor can still rely on the component auditors’ work – just at their own risk. Note that ISA 600 requires that the group auditor take sole responsibility for the group audit opinion anyway.
[This first appeared in Q&As by Richard Gillin, director, national accounting and audit, at Deloitte, March 2012, Audit & Beyond]
Q What about risk assessments?
A Paragraph 30 of ISA 600 requires that the group auditor participates in the risk assessment carried out by:
- discussing with the component auditor or the component’s management any activities that are significant to the group;
- discussing with the component auditor any susceptibility to material misstatement of financial information due to fraud or error; and
- reviewing the component auditor’s documentation of identified significant risks of such misstatements.
That might be a memorandum that reflects the component auditor’s conclusion with regard to the identified significant risks.
This can be done by:
- Arranging a call with the component auditor so that they can participate in the group audit team’s discussion of risk required by paragraph 10 of ISA 315, including consideration of fraud risk (see paragraph 15 of ISA 240) and related parties (see paragraph 12 of ISA 550).
- Obtaining a copy of the component auditor’s audit plan. Assuming this covers both the identification of significant risks and the planned response, it will also assist with the requirement in paragraph 31 of ISA 600 to evaluate the appropriateness of the response to identified significant risks.
Doing this at the planning stage will avoid late surprises for the group auditor and group management. It may be appropriate to combine the call with a discussion of the auditor’s communication as to what they want the component auditor to do – and combining the return of a copy of the component auditors’ plan with their acknowledgement of cooperation (required by paragraph 40 of ISA 600).
[This first appeared in Q&As by Richard Gillin, director, national accounting and audit, at Deloitte, March 2012, Audit & Beyond]
Q I audit a UK holding company with a foreign subsidiary audited by an independent local firm. Do I need to make a visit?
A As with many things in auditing, it depends. If the subsidiary is financially significant, or smaller but with significant risks, then you are required to be involved with understanding the entity and risk assessment. You will also be required to communicate with the management and/or the local auditor and review planning documentation. Because you will be signing the group audit report containing the component’s figures you may also wish to review completed audit documentation. This may be difficult to do without a visit.
If the subsidiary is not significant, other forms of communication may be adequate. The key issue in practice is: are there other ways I can meet my obligations? Important issues include the nature of the component entity and the audit risks; how much reliance can be placed on the local auditor; past experience of the jurisdiction, client and component auditor; and documents the local auditor can make available electronically.
This is not straightforward and the decision on whether to visit is largely a matter of professional judgement based on the circumstances. But when I am asked such questions at roadshows I often answer, “It’s pack your bags time”. You need to visit. Plan your visit carefully and ensure you have sufficient documentation regarding your time there – audit inspectors sometimes say that they find it difficult to see what group auditors did on their visits to components.
[This first appeared in John Selwood’s Q&As, September 2012, Audit & Beyond]
Q I am the group auditor and I have decided to visit the local auditor of a significant component. Ideally I would meet them at the planning stage and go back to review the completed file at a later date, but this is not feasible. When is the best time to visit if I can only do it once?
A Tricky question. The ISAs concentrate the requirements for the group auditor on the planning stage, such as communication about the understanding of the entity and risk assessment. Paragraph 44 of ISA 600 states, “The group engagement team shall evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed on the consolidation process and the work performed by the group engagement team and the component auditors on the financial information of the components, on which to base the group audit opinion.”
This might be best done by reviewing the component auditor’s audit documentation but it is not specifically required and there are other ways that the auditor could approach this. Based on the ISAs it might be tempting to visit at the planning stage. In practice it is often easier to fulfil the planning stage requirement by phone and email, if the local auditor is willing to supply file extracts electronically. So a visit once the component audit is complete is often most useful.
[This first appeared in John Selwood’s Q&As, September 2012, Audit & Beyond]
Q My firm audits a non-trading UK holding company with subsidiaries in many countries around the world. These are audited by a variety of local auditors, from the Big Four to smaller firms. The UK engagement partner travels to take part in the planning of many of the subsidiary audits, including meeting local management and attending the audit team briefing. The engagement partner also returns to review the audit documentation for all components. Is it a problem that my firm audits none of the group’s components other than the holding company?
A You can accept the appointment, provided that you are satisfied with the work of the component auditors. From what you say, your firm’s approach is very thorough and is exactly the sort of approach needed in these situations. The key is to ensure you will be able to receive sufficient appropriate audit evidence and request additional procedures if necessary.
