ICAEW.com works better with JavaScript enabled.
Exclusive

Q&A: May 2024

Helpsheets and support

Published: 14 May 2024 Update History

Exclusive content
Access to our exclusive resources is for specific groups of students, subscribers, users and members.
Log in Find out more
Back to top
ICAEW’s Technical Advisory Service answers topical questions on UK audits, with pointers for group and component auditors.

We are engaged as component auditors and have received instructions from the group auditor. The group auditor has requested copies of our latest quality monitoring reviews. Are we able to share these?

ISA (UK) 600 (Revised November 2019 Updated May 2022) requires that the group engagement team obtains an understanding of the component auditor’s professional competence (para 19(b) and application guidance para A38) and whether the component auditor operates in a regulatory environment that actively oversees auditors (para 19(d) and application guidance para A36).

This version of the UK ISA is effective for audits of group financial statements for periods commencing on or after 15 December 2019. 

ISA (UK) 600 (Revised September 2022) is effective for audits of financial statements for periods commencing on or after 15 December 2023.

Para 26(a) of this more recently revised UK ISA requires that the group engagement partner shall determine that component auditors have the appropriate competence and capabilities, including skill and time, to perform the assigned audit procedures at the component. The application guidance (in para A65 of the September 2022 version of the revised UK ISA) goes on to state that this may include obtaining published external inspection reports.

Whether applying either of these versions of the ISA (UK) 600, the group auditor’s request would appear to address the requirements and be in line with the application guidance of the ISA in assessing the component auditors competence and capabilities. However, the component auditor would need to confirm whether they are permitted to share any inspection reports they have received directly from the issuer of such reports.

In the case of audit monitoring reviews by ICAEW’s Quality Assurance Department (QAD), reports on findings are issued for use by the firm only. Therefore, separate consent would need to be sought from QAD, before the component auditor would be permitted to share these with the group auditor.

 

We are group auditors and have determined that none of the subsidiaries are significant components. We have calculated a sample size of 10 for trade debtors, so have determined we need to test 10 subsidiary balances, but how do we then select a sample from within each subsidiary?

If the auditor considers that testing of specific account balances and transactions of a non-significant component is necessary, this could be indicative that the initial scoping of the group and its components may need to be revisited and revised because perhaps one or more of those non-significant components would now be considered significant to the group.

Components can be significant as a result of either their individual financial significance to the group or as a result of their specific nature or circumstances leading to likely significant risks of material misstatement of the group financial statements (ISA (UK) 600 (Revised November 2019 Updated May 2022) para 9(m)).

The work performed on non-significant components is detailed in ISA (UK) 600 (Revised November 2019 Updated May 2022) paras 28 and 29, which confirm the group engagement team shall, as initial audit procedures, perform analytical procedures at group level.

If the auditor does not consider that sufficient appropriate audit evidence has been obtained from the work performed on significant components, the work performed on group-wide controls and the analytical procedures performed at group level, then, the group engagement team shall select components that are not significant and perform one or more of the following.

  • An audit of the component using component materiality.
  • An audit of one or more of the account balances, classes of transactions or disclosures.
  • A review of the financial information of the component using component materiality. 
  • Specified procedures.

ISA (UK) 600 (Revised September 2022) takes a different approach to the consideration of the components at which audit work will need to be performed. This webinar outlines how the ISA is changing.

Where procedures over and above analytical procedures at group level are deemed to be required and these procedures include audit sampling, ISA (UK) 530 (Updated May 2022) para 6 details that when designing an audit sample, the auditor shall consider the purpose of the audit procedure and the characteristics of the population from which the sample will be drawn.

If the purpose of the sampling of a consolidated trade debtor balance is to test valuation and the population consists of outstanding customer trade receivable balances, then it may be appropriate for the sample size calculated to represent the number of outstanding customer balances to be tested, as opposed to the number of components to be subject to audit sampling. Audit sample sizes would be based on the firm’s audit methodology, group materiality level and risk assessment.

However, the audit risk, purpose of testing and characteristics of the population to be sampled will differ in each instance and should all be considered in designing such procedures. 

Useful guidance

FRC Thematic review of audit sampling

ICAEW Audit & Beyond – Sample sizes and caps: how much is enough?

 

We have received instructions from a group auditor outside the UK that include the requirement to provide access to and/or share with them our audit file. As the group auditor is overseas, are we permitted to do so? Do we have any issues in regard to GDPR, for items such as payroll testing performed?

In order to comply with ISA requirements, group auditors will, in most cases, be required to request access to a component auditor’s audit file to allow them to review relevant audit documentation to support their group audit opinion. Under ISA (UK) 600 (Revised November 2019 Updated May 2022) component auditors are required to cooperate with the engagement team, including providing access to relevant audit documentation if this is not prohibited by law or regulation. Compliance with this requirement would also be considered in any audit quality inspections or monitoring visits where the relevant audit file is selected for review.

When carrying out an ISA compliant audit, the component auditor would be expected to comply with such a request but would also need to ensure compliance with UK General Data Protection Regulation (GDPR).

In this instance, the UK component auditor would need to consider whether their audit file does or will contain any personal data that would be subject to the UK GDPR and, where this is the case, consider the requirements that apply to international data transfers.

One practical approach may be for a UK component auditor to agree that an overseas group auditor may access relevant audit files by accessing the component auditor’s IT systems, rather than by agreeing to transfer or send such files overseas to the group auditor.

ISA (UK) 600 (Revised September 2022), which is effective for periods commencing on or after 15 December 2023, takes a different approach to the consideration of the group auditor as to what audit work will need to be performed to support the group opinion. This webinar outlines how the ISA is changing.

Useful guidance

UK GDPR – Client files 

ICO guide to international transfers

Recommended content

ICAEW Faculty
5 white paper aeroplanes in flight, and one blue one peeling off upwards.
Join the Audit and Assurance Faculty

Stay ahead of the rest with our comprehensive package of essential guidance and technical advice.

Find out more
Audit and Assurance conference
Audit and assurance conference and webinars

The annual Audit & Assurance Conference, upcoming webinars, and recordings of past webinars to watch on demand.

Webinars
hijab business woman in office
Audit in depth

In-depth guidance on completing all stages of an audit as well as how to make the decision as to whether or not an audit is required.

Find out more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.
Login

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields
Next step

Add this page to your CPD activity

Step 2 of 3
Mandatory field
Back Next step

Add activity to my record

Step 3 of 3
Mandatory field
Back Add activity to my record

Activity added

Go to my CPD record

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250
Add activity to my record