Upcoming changes to Group Audits – ISA (UK) 600

The need for the audit profession in general to improve the quality of group audits is regularly highlighted by the results of external regulatory inspections.

The most recent findings of the ICAEW Quality Assurance Department (QAD) published in their 2022/23 Audit Monitoring Report yet again included group accounts and related audit work as a key area of concern over audit quality. We can conclude from these regulatory findings, and from our own experiences in practice, that group audits present real challenges, many of which relate to the need to work effectively with others. 

Background

In 2022, the IAASB published a revised standard on ISA 600 Audits of Group Financial Statements (Including the Work of Component Auditors). This introduced significant changes to the audit of groups for periods commencing on or after 15 December 2023 (with early adoption permitted). Taking on board these changes, the FRC followed suit and published ISA (UK) 600 (Revised September 2022). The changes have also been made to ensure that the standard better aligns to new and recently revised standards, such as the quality management standards and the revised ISA (UK) 315 on identifying and assessing risk. The new and revised requirements also strengthen the auditor’s responsibilities related to professional scepticism, planning and performing a group audit, two-way communications between the group auditor and component auditors, and documentation. 

In this article we consider the key changes and what this will mean for audit firms acting as either a group or component auditor. 

The key changes to Group Audits

One of the main key changes is the introduction of a proactive risk-based approach to the audit of groups. This means more focus on identifying and assessing the risks of material misstatement, planning the approach to the audit and performing engagement procedures that respond to the assessed risks. 

The definition of the ‘engagement team’ now specifically includes those who perform audit procedures on a component as part of a group audit. The group engagement partner is now responsible for the quality of the component auditors’ work and determining the competence and capabilities of the component auditor. In effect, the new standard treats all parties involved in delivering the audit work across all components of the group as a single engagement team, and therefore there needs to be greater communication between all parties throughout the audit. 

There are also enhanced requirements in relation to documenting the exercise of professional scepticism. This includes an evaluation of whether sufficient appropriate audit evidence has been obtained (including by component auditors) to provide a basis for forming an opinion on the group financial statements. 

The definition of ‘significant components’ has been removed. Emphasis has been given to the consideration of risks of material misstatement at the assertion level of the group financial statements that are associated with components (regardless of where the associated balances sit within the group structure). 

The group engagement partner also sets component performance materiality and is responsible for ensuring that the component auditor complies with the FRC Ethical Standard, even where components are located within jurisdictions that do not have to comply with the standard. ISA (UK) 600 also clarifies how the concepts of materiality and aggregation risk apply in a group audit. 

There is a significant interaction with ISA (UK) 315 on identifying and assessing risk and ISA (UK) 330 on responses to assessed risks and obtaining a greater understanding of the IT systems and internal control across the wider group and the risks posed across all components. 

There are enhanced documentation requirements and clarifications regarding the restrictions on access to people or information that might exist, including guidance on how these might be overcome. 

Finally, the revised standard introduces a principles-based approach that is adaptable to a wide variety of circumstances, and scalable for audits of groups of different complexity. This is achieved by focusing on identifying, assessing and responding to the risks of material misstatement of the group financial statements and including separate sections throughout the standard to highlight the requirements and application material for circumstances when component auditors are involved. 

Practical considerations 

Although many of the practical issues arising within group audit assignments are already prevalent, the revised standard does bring some into greater focus and increases the emphasis of responsibility placed on the group engagement partner to obtain sufficient appropriate audit evidence. The following are a few examples that audit teams are likely to encounter:

• UK audit firms sometimes deal with component auditors who cannot communicate in English. In this case, the UK audit firm will have to obtain its own relevant language skills and translation and ultimately may need to insist to the client that it goes out to the subsidiary to do audit work directly, or another, more appropriate audit firm, is appointed to the component to enable the necessary effective direction, communication and review to take place. 

• The engagement team need to plan the review of component auditor work carefully, including determining who will perform the review and when. It is also important to consider whether the review can be performed remotely or will require a visit to the component auditor. Some firms using electronic working papers may have the ability to access the files of component auditors within their network remotely. In other cases, it may be possible to view the files remotely via screen-sharing technology. If a visit is required, the engagement team will need to consider logistics such as whether travel visas are required. 

• Where group auditors request that component auditors carry out specific procedures over and above those required for the local audit, component auditors need to consider the impact on their budget, fees and timetable. In some cases, the costs may be borne by the component, in other cases the cost may be borne by group auditors. This needs to be clarified and agreed at the outset and the engagement letter needs to make it clear that such work does not form part of the local audit. 

Conclusion 

A risk-based approach has been introduced for greater alignment with ISA (UK) 315 and ISA (UK) 330, a greater focus on identifying and assessing the risks of material misstatement and performing further audit procedures in response to the assessed risks and a greater focus on planning an appropriate approach to obtaining sufficient, appropriate audit evidence (what, where and by whom). 

While it is hard to argue with a more proactive risk-based approach, in practice, this is likely to result in more work for the group engagement team and group engagement partner, particularly in light of the enhanced responsibilities for direction, supervision and review of the work of component auditors. 

As registered auditors of a significant number of groups, Kreston Reeves has extensive experience and expertise of conducting ISA (UK) 600 compliant audits both as group auditor and component auditor. If you would like further information or guidance on the changes to ISA (UK) 600 and other auditing standards, contact us today.