(May 2022) |
Auditing Standard ASA 600
Special Considerations—Audits of a Group Financial Report (Including the Work of Component Auditors)
Issued by the Auditing and Assurance Standards Board
This Auditing Standard is available on the Auditing and Assurance Standards Board (AUASB) website: www.auasb.gov.au
Auditing and Assurance Standards Board Level 20, 500 Collins Street Melbourne Victoria 3000 AUSTRALIA | Phone: (03) 8080 7400 E-mail: enquiries@auasb.gov.au Postal Address: PO Box 204, Collins Street West Melbourne Victoria 8007 AUSTRALIA |
© 2022 Commonwealth of Australia. The text, graphics and layout of this Auditing Standard are protected by Australian copyright law and the comparable law of other countries. Reproduction within Australia in unaltered form (retaining this notice) is permitted for personal and non‑commercial use subject to the inclusion of an acknowledgment of the source as being the Australian Auditing and Assurance Standards Board (AUASB).
Requests and enquiries concerning reproduction and rights for commercial purposes within Australia should be addressed to the Technical Director, Auditing and Assurance Standards Board, PO Box 204, Collins Street West, Melbourne, Victoria 8007 or sent to enquiries@auasb.gov.au. Otherwise, no part of this Auditing Standard may be reproduced, stored or transmitted in any form or by any means without the prior written permission of the AUASB except as permitted by law.
This Auditing Standard reproduces substantial parts of the corresponding International Standard on Auditing issued by the International Auditing and Assurance Standards Board (IAASB) and published by the International Federation of Accountants (IFAC), in the manner described in the statement on Conformity with International Standards on Auditing. The AUASB acknowledges that IFAC is the owner of copyright in the International Standard on Auditing incorporated in this Auditing Standard throughout the world.
All existing rights in this material are reserved outside Australia. Reproduction outside Australia in unaltered form (retaining this notice) is permitted for personal and non-commercial use only.
Further information and requests for authorisation to reproduce this Auditing Standard for commercial purposes outside Australia should be addressed to the Technical Director, Auditing and Assurance Standards Board, PO Box 204, Collins Street West, Melbourne, Victoria 8007 or sent to enquiries@auasb.gov.au. Any decision to approve a request may also require the agreement of IFAC.
ISSN 1833-4393
PREFACE
AUTHORITY STATEMENT
CONFORMITY WITH INTERNATIONAL STANDARDS ON AUDITING
Paragraphs
Application......................................................Aus 0.1-Aus 0.2
Operative Date............................................................Aus 0.3
Introduction
Scope of this Auditing Standard................................................1-11
Effective Date..............................................................12
Objectives.................................................................13
Definitions..............................................................14-15
Requirements
Leadership Responsibilities for Managing and Achieving Quality on a Group Audit............16
Acceptance and Continuance.................................................17-21
Overall Group Audit Strategy and Group Audit Plan................................22-29
Understanding the Group and Its Environment, the Applicable Financial Reporting Framework and the Group’s System of Internal Control 30-32
Identifying and Assessing the Risks of Material Misstatement.........................33-34
Materiality..............................................................35-36
Responding to the Assessed Risks of Material Misstatement...........................37-44
Evaluating the Component Auditor’s Communications and the Adequacy of Their Work......45-48
Subsequent Events.........................................................49-50
Evaluating the Sufficiency and Appropriateness of Audit Evidence Obtained...............51-52
Auditor’s Report.............................................................53
Communication with Group Management and Those Charged with Governance of the Group...54-58
Documentation..............................................................59
Application and Other Explanatory Material
Scope of this ASA.......................................................A1-A18
Definitions............................................................A19-A28
Leadership Responsibilities for Managing and Achieving Quality on a Group Audit.......A29-A31
Acceptance and Continuance...............................................A32-A46
Overall Group Audit Strategy and Group Audit Plan..............................A47-A87
Understanding the Group and Its Environment, the Applicable Financial Reporting Framework and the Group’s System of Internal Control A88-A107
Identifying and Assessing the Risks of Material Misstatement.....................A108-A115
Materiality..........................................................A116-A123
Responding to the Assessed Risks of Material Misstatement......................A124-A143
Evaluating the Component Auditor’s Communication and the Adequacy of Their Work..A144-A149
Subsequent Events.........................................................A150
Evaluating the Sufficiency and Appropriateness of Audit Evidence Obtained..........A151-A156
Auditor’s Report......................................................A157-A158
Communication with Group Management and Those Charged with Governance of the GroupA159-A165
Documentation.......................................................A166-A182
Appendix 1: Illustration of Independent Auditor’s Report When the Group Auditor Is Not Able to Obtain Sufficient Appropriate Audit Evidence on Which to Base the Group Audit Opinion – General Purpose Financial Report, Qualified Opinion under the Corporations Act 2001
Appendix 2: Understanding the Group’s System of Internal Control
Appendix 3: Examples of Events or Conditions that May Give Rise to Risks of Material Misstatement of the Group Financial Report
The AUASB issues Auditing Standard ASA 600 Special Considerations—Audits of a Group Financial Report (Including the Work of Component Auditors) pursuant to the requirements of the legislative provisions and the Strategic Direction explained below.
The AUASB is a non-corporate Commonwealth entity of the Australian Government established under section 227A of the Australian Securities and Investments Commission Act 2001, as amended (ASIC Act). Under section 336 of the Corporations Act 2001, the AUASB may make Auditing Standards for the purposes of the corporations legislation. These Auditing Standards are legislative instruments under the Legislation Act 2003.
Under the Strategic Direction given to the AUASB by the Financial Reporting Council (FRC), the AUASB is required, inter alia, to develop auditing standards that have a clear public interest focus and are of the highest quality.
This Auditing Standard represents the Australian equivalent of ISA 600 (Revised) Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors) (April 2022) and will replace the current ASA 600 issued by the AUASB in October 2009 (as amended).
This Auditing Standard contains differences from the ISA 600 (Revised), which have been made in the Application and Other Explanatory Material and Appendices to reflect Australian regulatory requirements.
The Auditing and Assurance Standards Board (AUASB) makes this Auditing Standard ASA 600 Special Considerations—Audits of a Group Financial Report (Including the Work of Component Auditors) pursuant to section 227B of the Australian Securities and Investments Commission Act 2001 and section 336 of the Corporations Act 2001.
This Auditing Standard is to be read in conjunction with ASA 101 Preamble to AUASB Standards, which sets out how AUASB Standards are to be understood, interpreted and applied. This Auditing Standard is to be read also in conjunction with ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards.
Dated: 13 May 2022 W R Edge
Chair - AUASB
This Auditing Standard conforms with International Standard on Auditing ISA 600 (Revised) Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors) issued by the International Auditing and Assurance Standards Board (IAASB), an independent standard‑setting board of the International Federation of Accountants (IFAC).
Paragraphs that have been added to this Auditing Standard (and do not appear in the text of the equivalent ISA) are identified with the prefix “Aus”.
This Auditing Standard incorporates terminology and definitions used in Australia.
The equivalent requirements and related application and other explanatory material included in ISA 600 (Revised) in respect of “relevant ethical requirements”, have been included in Auditing Standard, ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements. There is no international equivalent to ASA 102.
Compliance with this Auditing Standard enables compliance with ISA 600 (Revised).
Aus 0.1 This Auditing Standard applies to:
(a) an audit of a financial report for a financial year, or an audit of a financial report for a half-year, in accordance with the Corporations Act 2001; and
(b) an audit of a financial report, or a complete set of financial statements, for any other purpose.
Aus 0.2 This Auditing Standard also applies, as appropriate, to an audit of other historical financial information.
Aus 0.3 This Auditing Standard is operative for financial reporting periods commencing on or after 15 December 2023. Early adoption of this Auditing Standard is permitted prior to this date.
4. A group may be organised in various ways. For example, a group may be organised by legal or other entities (e.g., a parent and one or more subsidiaries, joint ventures, or investments accounted for by the equity method). Alternatively, the group may be organised by geography, by other economic units (including branches or divisions), or by functions or business activities. In this ASA, these different forms of organisation are collectively referred to as “entities or business units.” (Ref: Para. A6)
5. The group auditor determines an appropriate approach to planning and performing audit procedures to respond to the assessed risks of material misstatement of the group financial report. For this purpose, the group auditor uses professional judgement in determining the components at which audit work will be performed. This determination is based on the group auditor’s understanding of the group and its environment, and other factors such as the ability to perform audit procedures centrally, the presence of shared service centres, or the existence of common information systems and internal control. (Ref: Para. A7–A9)
6. ASA 220[7] requires the engagement partner to determine that sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner. In a group audit, such resources may include component auditors. Therefore, this ASA requires the group auditor to determine the nature, timing and extent of involvement of component auditors.
7. The group auditor may involve component auditors to provide information, or to perform audit work, to fulfill the requirements of this ASA. Component auditors may have greater experience with, and a more in-depth knowledge of, the components and their environments (including laws and regulations, business practices, language, and culture) than the group auditor. Accordingly, component auditors can be, and often are, involved in all phases of the group audit. (Ref: Para. A10–A11)
8. Audit risk is a function of the risks of material misstatement and detection risk.[8] Detection risk in a group audit includes the risk that a component auditor may not detect a misstatement in the financial information of a component that could cause a material misstatement of the group financial report, and that the group auditor may not detect this misstatement. Accordingly, this ASA requires sufficient and appropriate involvement by the group engagement partner or group auditor, as applicable, in the work of component auditors and emphasises the importance of two-way communication between the group auditor and component auditors. In addition, this ASA explains the matters that the group auditor takes into account when determining the nature, timing and extent of the direction and supervision of component auditors and the review of their work. (Ref: Para. A12–A13)
9. In accordance with ASA 200,[9] the engagement team is required to plan and perform the group audit with professional scepticism and to exercise professional judgement. The appropriate exercise of professional scepticism may be demonstrated through the actions and communications of the engagement team, including emphasising the importance of each engagement team member exercising professional scepticism throughout the group audit. Such actions and communications may include specific steps to mitigate impediments that may impair the appropriate exercise of professional scepticism. (Ref: Para. A14–A18)
10. This ASA is intended for all group audits, regardless of size or complexity. However, the requirements of this ASA are intended to be applied in the context of the nature and circumstances of each group audit. For example, when a group audit is carried out entirely by the group auditor, some requirements in this ASA are not relevant because they are conditional on the involvement of component auditors. This may be the case when the group auditor is able to perform audit procedures centrally or is able to perform procedures at the components without involving component auditors. The guidance in paragraphs A119 and A120 also may be helpful in applying this ASA in these circumstances.
11. The group engagement partner remains ultimately responsible, and therefore accountable, for compliance with the requirements of this ASA. The term “the group engagement partner shall take responsibility for…” or “the group auditor shall take responsibility for…” is used for those requirements when the group engagement partner or group auditor, respectively, is permitted to assign the design or performance of procedures, tasks or actions to other appropriately skilled or suitably experienced members of the engagement team, including component auditors. For other requirements, this ASA expressly intends that the requirement or responsibility be fulfilled by the group engagement partner or group auditor, as applicable, and the group engagement partner or group auditor may obtain information from the firm or other members of the engagement team. (Ref: Para. A29)
12. [Deleted by the AUASB. Refer Aus 0.3]
13. The objectives of the auditor are to:
(a) With respect to the acceptance and continuance of the group audit engagement, determine whether sufficient appropriate audit evidence can reasonably be expected to be obtained to provide a basis for forming an opinion on the group financial report;
(b) Identify and assess the risks of material misstatement of the group financial report, whether due to fraud or error, and plan and perform further audit procedures to appropriately respond to those assessed risks;
(c) Be sufficiently and appropriately involved in the work of component auditors throughout the group audit, including communicating clearly about the scope and timing of their work, and evaluating the results of that work; and
(d) Evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed, including with respect to the work performed by component auditors, as a basis for forming an opinion on the group financial report.
14. For the purposes of this Auditing Standard, the following terms have the meanings attributed below:
(a) Aggregation risk – The probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial report as a whole. (Ref: Para. A19)
(b) Component – An entity, business unit, function or business activity, or some combination thereof, determined by the group auditor for purposes of planning and performing audit procedures in a group audit. (Ref: Para. A20)
(c) Component auditor – An auditor who performs audit work related to a component for purposes of the group audit. A component auditor is a part of the engagement team[10] for a group audit. (Ref: Para. A21–A23)
(d) Component management – Management responsible for a component. (Ref: Para. A24)
(e) Component performance materiality – An amount set by the group auditor to reduce aggregation risk to an appropriately low level for purposes of planning and performing audit procedures in relation to a component.
(f) Group – A reporting entity for which a group financial report is prepared.
(g) Group audit – The audit of a group financial report.
(h) Group auditor – The group engagement partner and members of the engagement team other than component auditors. The group auditor is responsible for:
(i) Establishing the overall group audit strategy and group audit plan;
(ii) Directing and supervising component auditors and reviewing their work;
(iii) Evaluating the conclusions drawn from the audit evidence obtained as the basis for forming an opinion on the group financial report.
(i) Group audit opinion – The audit opinion on the group financial report.
(j) Group engagement partner – The engagement partner [11] who is responsible for the group audit. (Ref: Para. A25)
(k) Group financial report – A financial report that includes the financial information of more than one entity or business unit through a consolidation process. For purposes of this ASA, a consolidation process includes: (Ref: Para. A26–A28)
(i) Consolidation, proportionate consolidation, or an equity method of accounting;
(ii) The presentation in a combined financial report of the financial information of entities or business units that have no parent but are under common control or common management; or
(iii) The aggregation of the financial information of entities or business units such as branches or divisions.
(l) Group management – Management responsible for the preparation of the group financial report.
(m) Group performance materiality – Performance materiality [12] in relation to the group financial report as a whole, as determined by the group auditor.
15. Reference in this ASA to “the applicable financial reporting framework” means the financial reporting framework that applies to the group financial report.
16. In applying ASA 220,[13] the group engagement partner is required to take overall responsibility for managing and achieving quality on the group audit engagement. In doing so, the group engagement partner shall: (Ref: Para. A29–A30)
(a) Take responsibility for creating an environment for the group audit engagement that emphasises the expected behaviour of engagement team members. (Ref: Para. A31)
(b) Be sufficiently and appropriately involved throughout the group audit engagement, including in the work of component auditors, such that the group engagement partner has the basis for determining whether the significant judgements made, and the conclusions reached, are appropriate given the nature and circumstances of the group audit engagement.
18. If, after the acceptance or continuance of the group audit engagement, the group engagement partner concludes that sufficient appropriate audit evidence cannot be obtained, the group engagement partner shall consider the possible effects on the group audit. (Ref: Para. A36)
19. In applying ASA 210,[14] the group auditor shall obtain the agreement of group management that it acknowledges and understands its responsibility to provide the engagement team with: (Ref: Para. A37)
(a) Access to all information of which group management is aware that is relevant to the preparation of the group financial report such as records, documentation and other matters;
(b) Additional information that the engagement team may request from group management or component management for the purpose of the group audit; and
(c) Unrestricted access to persons within the group from whom the engagement team determines it necessary to obtain audit evidence.
20. If the group engagement partner concludes that group management cannot provide the engagement team with access to information or unrestricted access to persons within the group due to restrictions that are outside the control of group management, the group engagement partner shall consider the possible effects on the group audit. (Ref: Para. A38–A46)
21. If the group engagement partner concludes that: (Ref: Para. A43–A46)
(a) It will not be possible for the group auditor to obtain sufficient appropriate audit evidence due to restrictions imposed by group management; and
(b) The possible effect of this limitation will result in a disclaimer of opinion on the group financial report,
the group engagement partner shall either:
(i) In the case of an initial engagement, not accept the engagement, or, in the case of a recurring engagement, withdraw from the engagement, when withdrawal is possible under applicable law or regulation; or
(ii) When law or regulation prohibit an auditor from declining an engagement or when withdrawal from an engagement is not otherwise possible, having performed the audit of the group financial report to the extent possible, disclaim an opinion on the group financial report.
22. In applying ASA 300,[15] the group auditor shall establish, and update as necessary, an overall group audit strategy and group audit plan. In doing so, the group auditor shall determine: (Ref: Para. A47–A50)
(a) The components at which audit work will be performed; and (Ref: Para. A51)
(b) The resources needed to perform the group audit engagement, including the nature, timing and extent to which component auditors are to be involved. (Ref: Para. A52–A56)
23. In establishing the overall group audit strategy and group audit plan, the group engagement partner shall evaluate whether the group auditor will be able to be sufficiently and appropriately involved in the work of the component auditor. (Ref: Para. A57)
24. As part of the evaluation in paragraph 23, the group auditor shall request the component auditor to confirm that the component auditor will cooperate with the group auditor, including whether the component auditor will perform the work requested by the group auditor. (Ref: Para. A58)
25. In applying ASA 220,[16] the group engagement partner shall take responsibility for: (Ref: Para. A59–A60, A87)
(a) Component auditors having been made aware of relevant ethical requirements that are applicable given the nature and circumstances of the group audit engagement; and
26. In applying ASA 220,[17] the group engagement partner shall: (Ref: Para. A61–A68)
(a) Determine that component auditors have the appropriate competence and capabilities, including sufficient time, to perform the assigned audit procedures at the component; and
(b) If information about the results of the monitoring and remediation process or external inspections related to the component auditor has been provided by the group auditor’s firm or has otherwise been made available to the group engagement partner, determine the relevance of such information to the group auditor’s determination in paragraph 26(a).
27. The group auditor shall obtain sufficient appropriate audit evidence relating to the work to be performed at the component without involving the component auditor if:
(a) The component auditor does not comply with the relevant ethical requirements, including those related to independence, that apply to the group audit engagement;[18] or (Ref: Para. A69–A70)
(b) The group engagement partner has serious concerns about the matters in paragraphs 23–26. (Ref: Para. A71)
28. In applying ASA 220,[19] the group engagement partner shall take responsibility for the nature, timing and extent of direction and supervision of component auditors and the review of their work, taking into account: (Ref: Para. A72–A77)
(a) Areas of higher assessed risks of material misstatement of the group financial report, or significant risks identified in accordance with ASA 315; and
(b) Areas in the audit of the group financial report that involve significant judgement.
29. The group auditor shall communicate with component auditors about their respective responsibilities and the group auditor's expectations, including an expectation that communications between the group auditor and component auditors take place at appropriate times throughout the group audit. (Ref: Para. A78–A87)
30. In applying ASA 315,[20] the group auditor shall take responsibility for obtaining an understanding of the following: (Ref: Para. A88–A92)
(a) The group and its environment, including: (Ref: Para. A93–A95)
(i) The group’s organisational structure and its business model, including:
(ii) Regulatory factors impacting the entities and business units in the group; and
(iii) The measures used internally and externally to assess the financial performance of the entities or business units;
(b) The applicable financial reporting framework and the consistency of accounting policies and practices across the group; and
(c) The group’s system of internal control, including:
(i) The nature and extent of commonality of controls; (Ref: Para. A96–A99, A102)
(ii) Whether, and if so, how, the group centralises activities relevant to financial reporting; (Ref: Para. A100–A102)
(iii) The consolidation process used by the group, including sub-consolidations, if any, and consolidation adjustments; and
(iv) How group management communicates significant matters that support the preparation of the group financial report and related financial reporting responsibilities in the information system and other components of the group’s system of internal control to management of entities or business units. (Ref: Para. A103–A105)
31. The group auditor shall communicate to component auditors on a timely basis: (Ref: Para. A106)
(a) Matters that the group auditor determines to be relevant to the component auditor’s design or performance of risk assessment procedures for purposes of the group audit;
(b) In applying ASA 550,[21] related party relationships or transactions identified by group management, and any other related parties of which the group auditor is aware, that are relevant to the work of the component auditor; and (Ref: Para. A107)
(c) In applying ASA 570,[22] events or conditions identified by group management or the group auditor that may cast significant doubt on the group’s ability to continue as a going concern that are relevant to the work of the component auditor.
32. The group auditor shall request component auditors to communicate on a timely basis:
(a) Matters related to the financial information of the component that the component auditor determines to be relevant to the identification and assessment of the risks of material misstatement of the group financial report, whether due to fraud or error;
(b) Related party relationships not previously identified by group management or the group auditor; and (Ref: Para. A107)
(c) Any events or conditions identified by the component auditor that may cast significant doubt on the group’s ability to continue as a going concern.
33. In applying ASA 315,[23] based on the understanding obtained in paragraph 30, the group auditor shall take responsibility for the identification and assessment of the risks of material misstatement of the group financial report, including with respect to the consolidation process. (Ref: Para. A108–A113)
34. In applying ASA 315,[24] the group auditor shall evaluate whether the audit evidence obtained from the risk assessment procedures performed by the group auditor and component auditors provides an appropriate basis for the identification and assessment of the risks of material misstatement of the group financial report. (Ref: Para. A114–A115)
35. In applying ASA 320[25] and ASA 450,[26] when classes of transactions, account balances or disclosures in the group financial report is disaggregated across components, for purposes of planning and performing audit procedures, the group auditor shall determine:
(a) Component performance materiality. To address aggregation risk, such amount shall be lower than group performance materiality. (Ref: Para. A116–A120)
(b) The threshold above which misstatements identified in the component financial information are to be communicated to the group auditor. Such threshold shall not exceed the amount regarded as clearly trivial to the group financial report. (Ref: Para. A121)
36. The group auditor shall communicate to the component auditor the amounts determined in accordance with paragraph 35. (Ref: Para: A122–A123)
37. In applying ASA 330,[27] the group auditor shall take responsibility for the nature, timing and extent of further audit procedures to be performed, including determining the components at which to perform further audit procedures and the nature, timing and extent of the work to be performed at those components. (Ref: Para. A124–A139)
38. The group auditor shall take responsibility for designing and performing further audit procedures to respond to the assessed risks of material misstatement of the group financial report arising from the consolidation process. This shall include: (Ref: Para. A140)
(a) Evaluating whether all entities and business units have been included in the group financial report as required by the applicable financial reporting framework and, if applicable, for designing and performing further audit procedures on sub-consolidations;
(b) Evaluating the appropriateness, completeness and accuracy of consolidation adjustments and reclassifications; (Ref: Para. A141)
(c) Evaluating whether management’s judgements made in the consolidation process give rise to indicators of possible management bias; and
(d) Responding to assessed risks of material misstatement due to fraud arising from the consolidation process.
39. If the financial information of an entity or business unit has not been prepared in accordance with the same accounting policies applied to the group financial report, the group auditor shall evaluate whether the financial information has been appropriately adjusted for purposes of preparing and presenting the group financial report.
40. If the group financial report includes the financial information of an entity or business unit with a financial reporting period-end that differs from that of the group, the group auditor shall take responsibility for evaluating whether appropriate adjustments have been made to that financial information in accordance with the applicable financial reporting framework.
41. When the group auditor involves component auditors in the design or performance of further audit procedures, the group auditor shall communicate with the component auditor about matters that the group auditor or component auditor determine to be relevant to the design of responses to the assessed risks of material misstatement of the group financial report.
42. For areas of higher assessed risks of material misstatement of the group financial report, or significant risks identified in accordance with ASA 315, on which a component auditor is determining the further audit procedures to be performed, the group auditor shall evaluate the appropriateness of the design and performance of those further audit procedures. (Ref: Para. A142)
43. When component auditors perform further audit procedures on the consolidation process, including on sub-consolidations, the group auditor shall determine the nature and extent of direction and supervision of component auditors and the review of their work. (Ref: Para. A143)
44. The group auditor shall determine whether the financial information identified in the component auditor’s communication (see paragraph 45(a)) is the financial information that is incorporated in the group financial report.
45. The group auditor shall request the component auditor to communicate matters relevant to the group auditor’s conclusion with regard to the group audit. Such communication shall include: (Ref: Para. A144)
(a) Identification of the financial information on which the component auditor has been requested to perform audit procedures;
(b) Whether the component auditor has performed the work requested by the group auditor;
(c) Whether the component auditor has complied with the relevant ethical requirements, including those related to independence, that apply to the group audit engagement;
(d) Information about instances of non-compliance with laws or regulations;
(e) Corrected and uncorrected misstatements of the component financial information identified by the component auditor and that are above the threshold communicated by the group auditor in accordance with paragraph 36; (Ref: Para. A145)
(f) Indicators of possible management bias;
(g) Description of any deficiencies in the system of internal control identified in connection with the audit procedures performed;
(h) Fraud or suspected fraud involving component management, employees who have significant roles in the group’s system of internal control at the component or others where the fraud resulted in a material misstatement of the component financial information;
(i) Other significant matters that the component auditor communicated or expects to communicate to component management or those charged with governance of the component;
(j) Any other matters that may be relevant to the group audit, or that the component auditor determines are appropriate to draw to the attention of the group auditor, including exceptions noted in the written representations that the component auditor requested from component management; and
(k) The component auditor’s overall findings or conclusions. (Ref: Para. A146)
(a) Discuss significant matters arising from communications with the component auditor, including those in accordance with paragraph 45, with the component auditor, component management or group management, as appropriate; and
(b) Evaluate whether communications with the component auditor are adequate for the group auditor’s purposes. If such communications are not adequate for the group auditor’s purposes, the group auditor shall consider the implications for the group audit. (Ref: Para. A147)
(a) The nature, timing and extent of the work performed by the component auditor;
(b) The competence and capabilities of the component auditor as determined in accordance with paragraph 26(a); and
(c) The direction and supervision of the component auditor and review of their work.
48. If the group auditor concludes that the work of the component auditor is not adequate for the group auditor’s purposes, the group auditor shall determine what additional audit procedures are to be performed, and whether they are to be performed by a component auditor or by the group auditor.
49. In applying ASA 560,[28] the group auditor shall take responsibility for performing procedures, including, as appropriate, requesting component auditors to perform procedures, designed to identify events that may require adjustment of, or disclosure in, the group financial report. (Ref: Para. A150)
50. The group auditor shall request the component auditors to notify the group auditor if they become aware of subsequent events that may require adjustment of, or disclosure in, the group financial report. (Ref: Para. A150)
51. In applying ASA 330,[29] the group auditor shall evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed, including from the work performed by component auditors, on which to base the group audit opinion. (Ref: Para. A151–A155)
52. The group engagement partner shall evaluate the effect on the group audit opinion of any uncorrected misstatements (whether identified by the group auditor or communicated by component auditors) and any instances when there has been an inability to obtain sufficient appropriate audit evidence. (Ref: Para. A156)
53. The auditor’s report on the group financial report shall not refer to a component auditor, unless required by law or regulation to include such reference. If such reference is required by law or regulation, the auditor’s report shall indicate that the reference does not diminish the group engagement partner’s or the group engagement partner’s firm’s responsibility for the group audit opinion. (Ref: Para. A157–A158)
54. The group auditor shall communicate with group management an overview of the planned scope and timing of the audit, including an overview of the work to be performed at components of the group. (Ref: Para. A159)
55. If fraud has been identified by the group auditor or brought to its attention by a component auditor (see paragraph 45(h)), or information indicates that a fraud may exist, the group auditor shall communicate this on a timely basis to the appropriate level of group management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. (Ref: Para. A160)
56. A component auditor may be required by statute, regulation or other reasons to express an audit opinion on the financial report of an entity or business unit that forms part of the group. In that case, the group auditor shall request group management to inform management of the entity or business unit of any matter of which the group auditor becomes aware that may be significant to the financial report of the entity or business unit, but of which management of the entity or business unit may be unaware. If group management refuses to communicate the matter to management of the entity or business unit, the group auditor shall discuss the matter with those charged with governance of the group. If the matter remains unresolved, the group auditor, subject to legal and professional confidentiality considerations, shall consider whether to advise the component auditor not to issue the auditor’s report on the financial report of the entity or business unit until the matter is resolved. (Ref: Para. A161–A162)
57. The group auditor shall communicate the following matters with those charged with governance of the group, in addition to those required by ASA 260[30] and other ASAs: (Ref: Para. A163)
(a) An overview of the work to be performed at the components of the group and the nature of the group auditor’s planned involvement in the work to be performed by component auditors. (Ref: Para. A164)
(b) Instances when the group auditor’s review of the work of a component auditor gave rise to a concern about the quality of that component auditor’s work, and how the group auditor addressed the concern.
(c) Any limitations on the scope of the group audit, for example, significant matters related to restrictions on access to people or information.
(d) Fraud or suspected fraud involving group management, component management, employees who have significant roles in the group’s system of internal control or others when the fraud resulted in a material misstatement of the group financial report.
58. In applying ASA 265,[31] the group auditor shall determine whether any identified deficiencies in the group’s system of internal control are required to be communicated to those charged with governance of the group or group management. In making this determination, the group auditor shall consider deficiencies in internal control that have been identified by component auditors and communicated to the group auditor in accordance with paragraph 45(g). (Ref: Para. A165)
59. In accordance with ASA 230,[32] the audit documentation for a group audit engagement needs to be sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the nature, timing and extent of audit procedures performed, the evidence obtained, and the conclusions reached with respect to significant matters arising during the group audit. In applying ASA 230,[33] the group auditor shall include in the audit documentation: (Ref: Para. A166–A169, A179–A182)
(a) Significant matters related to restrictions on access to people or information within the group that were considered before deciding to accept or continue the engagement, or that arose subsequent to acceptance or continuance, and how such matters were addressed.
(b) The basis for the group auditor’s determination of components for purposes of planning and performing the group audit. (Ref: Para. A170)
(c) The basis for the determination of component performance materiality, and the threshold for communicating misstatements in the component financial information to the group auditor.
(d) The basis for the group auditor’s determination that component auditors have the appropriate competence and capabilities, including sufficient time, to perform the assigned audit procedures at the components. (Ref: Para. A171)
(e) Key elements of the understanding of the group’s system of internal control in accordance with paragraph 30(c);
(f) The nature, timing and extent of the group auditor’s direction and supervision of component auditors and the review of their work, including, as applicable, the group auditor’s review of additional component auditor audit documentation in accordance with paragraph 47. (Ref: Para. A172–A178)
(g) Matters related to communications with component auditors, including:
(i) Matters, if any, related to fraud, related parties or going concern communicated in accordance with paragraph 32.
(ii) Matters relevant to the group auditor’s conclusion with regard to the group audit, in accordance with paragraph 45, including how the group auditor has addressed significant matters discussed with component auditors, component management or group management.
(h) The group auditor’s evaluation of, and response to, findings or conclusions of the component auditors about matters that could have a material effect on the group financial report.
* * *
A1. This ASA also deals with the special considerations for the group engagement partner or group auditor, as applicable, in applying the requirements and guidance in ASA 220, including for the direction and supervision of component auditors and the review of their work.
A2. ASQM 1[34] addresses the engagements for which an engagement quality review is required to be performed. ASQM 2[35] deals with the appointment and eligibility of the engagement quality reviewer and the engagement quality reviewer’s responsibilities relating to performing and documenting an engagement quality review, including for a group audit.
A3. An entity or business unit of a group may also prepare its own group financial report that incorporates the financial information of those entities or business units it encompasses (that is, a sub-group). This ASA applies to an audit of the group financial report of such sub-groups performed for statutory, regulatory or other reasons.
A4. A single legal entity may be organised with more than one business unit, for example, a company with operations in multiple locations, such as a bank with multiple branches. When those business units have characteristics such as separate locations, separate management, or separate information systems (including a separate general ledger) and the financial information is aggregated in preparing the single legal entity’s financial report, such a financial report meets the definition of a group financial report because they include the financial information of more than one entity or business unit through a consolidation process.
A5. In some cases, a single legal entity may configure its information system to capture financial information for more than one product or service line for legal or regulatory reporting or other management purposes. In these circumstances, the entity’s financial report is not a group financial report because there is no aggregation of the financial information of more than one entity or business unit through a consolidation process. Further, capturing separate information (e.g., in a sub-ledger) for legal or regulatory reporting or other management purposes does not create separate entities or business units (e.g., divisions) for purposes of this ASA.
A6. The group’s information system, including its financial reporting process, may or may not be aligned with the group’s organisational structure. For example, a group may be organised according to its legal structure, but its information system may be organised by function, process, product or service (or by groups of products or services), or geographic locations for management or reporting purposes.
A7. Based on the understanding of the group’s organisational structure and information system, the group auditor may determine that the financial information of certain entities or business units may be considered together for purposes of planning and performing audit procedures. For example, a group may have three legal entities with similar business characteristics, operating in the same geographical location, under the same management, and using a common system of internal control, including the information system. In these circumstances, the group auditor may decide to treat these three legal entities as one component.
A8. A group may also centralise activities or processes that are applicable to more than one entity or business unit within the group, for example through the use of a shared service centre. When such centralised activities are relevant to the group’s financial reporting process, the group auditor may determine that the shared service centre is a component.
A9. Another consideration that may be relevant to the group auditor’s determination of components is how management has determined operating segments in accordance with the disclosure requirements of the applicable financial reporting framework.[36]
A10. Component auditors may perform an audit of the financial report of a component, whether for statutory, regulatory or other reasons, particularly when a component is a legal entity. When a component auditor is also performing or has completed an audit of the component financial report, the group auditor may be able to use audit work performed on the component financial report, provided the group auditor is satisfied that such work is appropriate for purposes of the group audit. In addition, component auditors may adapt the work performed on the audit of the component financial report to also meet the needs of the group auditor. In any event, the requirements of this ASA apply, including those relating to the direction and supervision of component auditors and the review of their work.
A11. In accordance with ASA 220,[37] the engagement partner is required to determine that the approach to direction, supervision and review is responsive to the nature and circumstances of the audit engagement. Paragraph A76 provides examples of different ways in which the group engagement partner may take responsibility for directing and supervising component auditors and reviewing their work, and may be helpful in circumstances when the group auditor plans to use the audit work from an audit of a component financial report that has already been completed.
A12. As explained in ASA 200,[38] detection risk relates to the nature, timing and extent of the auditor’s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. Detection risk is a function not only of the effectiveness of an audit procedure but also the application of that procedure by the auditor. Therefore, detection risk is influenced by matters such as adequate planning, the assignment of appropriate resources to the engagement, the exercise of professional scepticism, and the supervision and review of the audit work performed.
A13. Detection risk is a broader concept than aggregation risk as described in paragraphs 14(a) and A19. In a group audit, there may be a higher probability that the aggregate of uncorrected and undetected misstatements may exceed materiality for the group financial report as a whole because audit procedures may be performed separately on the financial information of components across the group. Accordingly, component performance materiality is set by the group auditor to reduce aggregation risk to an appropriately low level.
A14. ASA 220[39] provides examples of the impediments to the exercise of professional scepticism at the engagement level, including unconscious auditor biases that may impede the exercise of professional scepticism when designing and performing audit procedures and evaluating audit evidence. ASA 220 also provides possible actions that the engagement team may take to mitigate impediments to the exercise of professional scepticism at the engagement level.
A15. Requirements and relevant application material in ASA 315,[40] ASA 540[41] and other ASAs address the exercise of professional scepticism, and include examples of how documentation may help provide evidence of the auditor’s exercise of professional scepticism.
A16. All members of the engagement team are required to exercise professional scepticism throughout the group audit. The group auditor’s direction and supervision of engagement team members, including component auditors, and the review of their work, may inform the group auditor about whether the engagement team has appropriately exercised professional scepticism.
A17. The exercise of professional scepticism in a group audit may be affected by matters such as the following:
A18. The exercise of professional scepticism by the group auditor includes remaining alert for inconsistent information from component auditors, component management and group management about matters that may be significant to the group financial report.
A19. Aggregation risk exists in all audits of the financial report, but is particularly important to understand and address in a group audit because there is a greater likelihood that audit procedures will be performed on classes of transactions, account balances or disclosures that are disaggregated across components. Generally, aggregation risk increases as the number of components increases at which audit procedures are performed separately, whether by component auditors or other members of the engagement team.
A20. The group auditor uses professional judgement in determining components at which audit work will be performed. Paragraph A7 explains that the financial information of certain entities or business units may be considered together for purposes of planning and performing audit procedures. However, the group auditor’s responsibility for the identification and assessment of the risks of material misstatement of the group financial report encompasses all of the entities and business units whose financial information is included in the group financial report.
A21. References in this ASA to the engagement team include the group auditor and component auditors. Component auditors may be from a network firm, a firm that is not a network firm, or the group auditor’s firm (e.g., another office within the group auditor’s firm).
A22. In some circumstances, the group auditor may perform centralised testing on classes of transactions, account balances or disclosures, or may perform audit procedures related to a component. In these circumstances, the group auditor is not considered a component auditor.
A23. Paragraph 24 requires the group auditor to request the component auditor to confirm that the component auditor will cooperate with the group auditor, including whether the component auditor will perform the work requested by the group auditor. Paragraph A58 provides guidance for circumstances in which the component auditor is unable to provide such a confirmation.
A24. Component management refers to management responsible for the financial information or other activity (e.g., processing of transactions at a shared service centre) at an entity or business unit that is part of the group. When the group auditor considers the financial information of certain entities or business units together as a component or determines that a shared service centre is a component (see paragraphs A7‒A8), component management refers to the management that is responsible for the financial information or transaction processing that is subject to the audit procedures being performed in relation to that component. In some circumstances, there may not be separate component management and group management may be directly responsible for the financial information or other activities of the component.
A25. [Deleted by the AUASB]
A26. The requirements for the preparation and presentation of the group financial report may be specified in the applicable financial reporting framework, which may therefore affect the determination of the financial information of entities or business units to be included in the group financial report. For example, some frameworks require the preparation of a consolidated financial report when an entity (a parent entity) controls one or more other entities (e.g., subsidiaries) through majority ownership interest or other means. In some cases, the applicable financial reporting framework includes separate requirements for, or may otherwise permit, the presentation of a combined financial report. Examples of circumstances in which the presentation of a combined financial report may be permitted include entities that have no parent but are under common control or entities under common management.
A27. The term “consolidation process” as used in this ASA is not intended to have the same meaning as “consolidation” or “consolidated financial report” as defined or described in financial reporting frameworks. Rather, the term “consolidation process” refers more broadly to the process used to prepare a group financial report.
A28. The detailed aspects of the consolidation process vary from one group to another, depending on the group’s structure and information system, including the financial reporting process. However, a consolidation process involves considerations such as the elimination of intra-group transactions and balances and, when applicable, implications of different reporting periods for entities or business units included in the group financial report.
A29. It may not be possible or practical for the group engagement partner to solely deal with all requirements in ASA 220, particularly when the engagement team includes a large number of component auditors located in multiple locations. In managing quality at the engagement level, ASA 220[43] permits the engagement partner to assign the design or performance of procedures, tasks or actions to other members of the engagement team to assist the engagement partner. Accordingly, the group engagement partner may assign procedures, tasks or actions to other members of the engagement team and these members may assign procedures, tasks or actions further. In such circumstances, ASA 220 requires that the engagement partner shall continue to take overall responsibility for managing and achieving quality on the audit engagement.
A30. Policies or procedures established by the firm, or that are common network requirements or network services,[44] may support the group engagement partner by facilitating communication between the group auditor and component auditors and supporting the group auditor’s direction and supervision of those component auditors and the review of their work.
A31. ASA 220[45] explains that a culture that demonstrates a commitment to quality is shaped and reinforced by the engagement team members as they demonstrate expected behaviours when performing the engagement. In addressing the requirement in paragraph 16(a), the group engagement partner may communicate directly to other members of the engagement team (including component auditors) and reinforce this communication through personal conduct and actions (e.g., leading by example).
A32. In determining whether sufficient appropriate audit evidence can reasonably be expected to be obtained, the group engagement partner may obtain an understanding of matters such as:
A33. In the case of an initial group audit engagement, the group auditor’s understanding of the matters in paragraph A32 may be obtained from:
Aus A34.1 Section 323B of the Corporations Act 2001 (the Act) requires the officer or auditor of a controlled entity to give the principal auditor access to the controlled entity’s books; and give the auditor any information, explanation or assistance required under section 323A of the Act.
A35. There may be additional complexities with obtaining sufficient appropriate audit evidence in a group audit when components are located in jurisdictions other than the group auditor’s jurisdiction because of cultural and language differences, and different laws or regulations. For example, law or regulation may restrict the component auditor from providing documentation outside of its jurisdiction, or war, civil unrest or outbreaks of disease may restrict the group auditor’s access to relevant component auditor audit documentation. Paragraph A180 includes possible ways to address these situations.
A36. Restrictions may be imposed after the group engagement partner’s acceptance of the group audit engagement that may affect the engagement team’s ability to obtain sufficient appropriate audit evidence. Such restrictions may include those affecting:
Paragraphs A45–A46 explain the possible effect of such restrictions on the auditor’s report on the group financial report.
A37. ASA 210[46] requires the auditor to agree the terms of the audit engagement with management or those charged with governance, as appropriate. The terms of engagement identify the applicable financial reporting framework. Additional matters that may be included in the terms of a group audit engagement include:
A38. Restrictions on access to information or people do not eliminate the requirement for the group auditor to obtain sufficient appropriate audit evidence.
A39. Access to information or people can be restricted for many reasons, such as restrictions imposed by component management, laws or regulations or other conditions, for example, war, civil unrest or outbreaks of disease. Paragraph A180 describes how the group auditor may be able to overcome restrictions on access to component auditor audit documentation.
A40. In some circumstances, the group auditor may be able to overcome restrictions on access to information or people, for example:
A41. If the group has a non-controlling interest in an entity that is accounted for by the equity method and the group auditor’s access to information or people at the entity is restricted, the group auditor may be able to obtain information to be used as audit evidence regarding the entity’s financial information, for example:
It is a matter of professional judgement, particularly in view of the assessed risks of material misstatement of the group financial report and considering other sources of information that may corroborate or otherwise contribute to audit evidence obtained, whether the auditor can obtain sufficient appropriate audit evidence.[47]
A42. If the group has a non-controlling interest in an entity that is accounted for by the equity method and access to information or people at the entity is restricted, the group auditor may consider whether such restrictions are inconsistent with group management’s assertions regarding the appropriateness of the use of the equity method of accounting.
A43. When the group auditor is unable to obtain sufficient appropriate audit evidence due to restrictions on access to information or people, the group auditor may:
A44. Restrictions on access may have other implications for the group audit. For example, if restrictions are imposed by group management, the group auditor may need to reconsider the reliability of group management’s responses to the group auditor’s enquiries and whether the restrictions call into question group management’s integrity.
A45. ASA 705[48] contains requirements and guidance about how to address situations when the group auditor is unable to obtain sufficient appropriate audit evidence. Appendix 1 contains an example of an auditor’s report containing a qualified group audit opinion based on the group auditor’s inability to obtain sufficient appropriate audit evidence in relation to a component that is accounted for by the equity method.
A46. Law or regulation may prohibit the group engagement partner from declining or withdrawing from an engagement. For example, in some jurisdictions the auditor is appointed for a specified period of time and is prohibited from withdrawing before the end of that period. Also, in the public sector, the option of declining or withdrawing from an engagement may not be available to the auditor due to the nature of the mandate or public interest considerations. In these circumstances, the requirements in this ASA still apply to the group audit, and the effect of the group auditor’s inability to obtain sufficient appropriate audit evidence is addressed in ASA 705.
A47. As explained in ASA 300,[49] planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit engagement. For example, due to unexpected events, changes in conditions, or audit evidence obtained from risk assessment or further audit procedures, the group auditor may need to modify the overall group audit strategy and group audit plan, and the resulting planned nature, timing and extent of further audit procedures, based on the revised consideration of assessed risks. The group auditor may also modify the determination of the components at which to perform audit work as well as the nature, timing and extent of the component auditors’ involvement. ASA 300[50] requires the auditor to update and change the overall audit strategy and audit plan as necessary during the course of the audit.
A48. In an initial group audit engagement, the group auditor may have a preliminary understanding of the group and its environment, the applicable financial reporting framework and the entity’s system of internal control based on information obtained from group management, those charged with governance of the group and, when applicable, communication with component management or the predecessor auditor. In a recurring group audit engagement, the group auditor’s preliminary understanding may be obtained through prior period audits. This preliminary understanding may assist the group auditor in developing initial expectations about the classes of transactions, account balances and disclosures that may be significant.
A49. The group auditor may also use information obtained during the engagement acceptance and continuance process in establishing the overall group audit strategy and group audit plan, for example, in relation to the resources needed to perform the group audit.
A50. The process of establishing the overall group audit strategy and group audit plan and initial expectations about the classes of transactions, account balances and disclosures that may be significant at the group financial statement level may assist the group auditor in developing a preliminary determination of matters such as:
A51. The determination of components at which to perform audit work is a matter of professional judgement. Matters that may influence the group auditor’s determination include, for example:
A52. Matters that influence the group auditor’s determination of the resources needed to perform the group audit and the nature, timing and extent to which component auditors are to be involved are a matter of professional judgement and may include, for example:
A53. Component auditors may be involved in different phases of an audit, for example, component auditors may design or perform:
A54. The nature, timing and extent to which component auditors are to be involved depends on the facts and circumstances of the group audit engagement. Often component auditors will be involved in all phases of the audit, but the group auditor may decide to involve component auditors only in a certain phase. When the group auditor does not intend to involve component auditors in risk assessment procedures, the group auditor may still discuss with component auditors whether there are any significant changes in the business or the system of internal control of the component that could have an effect on the risks of material misstatement of the group financial report.
A55. ASA 300[52] requires the engagement partner and other key members of the engagement team to be involved in planning the audit. When component auditors are involved, one or more individuals from a component auditor may be key members of the engagement team and therefore involved in planning the group audit. The involvement of component auditors in planning the audit draws on their experience and insight, thereby enhancing the effectiveness and efficiency of the planning process. The group engagement partner uses professional judgement in determining which component auditors to involve in planning the audit. This may be affected by the nature, timing and extent to which the component auditors are expected to be involved in designing and performing risk assessment or further audit procedures.
A56. As described in ASQM 1,[53] there may be circumstances when the fee quoted for an engagement is not sufficient given the nature and circumstances of the engagement, and it may diminish the firm’s ability to perform the engagement in accordance with professional standards and applicable legal or regulatory requirements. The level of fees, including their allocation to component auditors, and the extent to which they relate to the resources required, may be a special consideration for group audit engagements. For example, in a group audit, the firm’s financial and operational priorities may place constraints on the determination of the components at which audit work will be performed, as well as the resources needed, including the involvement of component auditors. In such circumstances, these constraints do not override the group engagement partner’s responsibility for achieving quality at the engagement level or the requirements for the group auditor to obtain sufficient appropriate audit evidence on which to base the group audit opinion.
A57. In evaluating whether the group auditor will be able to be sufficiently and appropriately involved in the work of the component auditor, the group auditor may obtain an understanding of whether the component auditor is subject to any restrictions that limit communication with the group auditor, including with regard to sharing audit documentation with the group auditor. The group auditor may also obtain an understanding about whether audit evidence related to components located in a different jurisdiction may be in a different language and may need to be translated for use by the group auditor.
A58. If the component auditor is unable to cooperate with the group auditor, the group auditor may:
A59. When performing work at a component for a group audit engagement, the component auditor is subject to ethical requirements, including those related to independence, that are relevant to the group audit engagement. Such requirements may be different from or in addition to those applying to the component auditor when performing an audit on the financial report of an entity or business unit that is part of the group for statutory, regulatory or other reasons in the component auditor’s jurisdiction.
A60. In making the component auditors aware of relevant ethical requirements, the group auditor may consider whether additional information or training for component auditors is necessary regarding the provisions of the ethical requirements that are relevant to the group audit engagement.
A61. ASA 220[54] requires the engagement partner to determine that sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner. When sufficient or appropriate resources are not made available in relation to work to be performed by a component auditor, the group engagement partner may discuss the matter with the component auditor, group management or the group auditor’s firm and may subsequently request the component auditor or the group auditor’s firm to make sufficient and appropriate resources available.
A62. ASA 220[55] provides guidance regarding matters the engagement partner may take into consideration when determining the competence and capabilities of the engagement team. This determination is particularly important in a group audit when the engagement team includes component auditors. ASA 220[56] indicates that the firm’s policies or procedures may require the firm or the engagement partner to take different actions from those applicable to personnel when obtaining an understanding of whether a component auditor from another firm has the appropriate competence and capabilities to perform the audit engagement.
A64. In determining whether component auditors have the appropriate competence and capabilities to perform the assigned audit procedures at the component, the group engagement partner may consider matters such as:
A65. The procedures to determine the component auditor’s competency and capability may include, for example:
A66. The group engagement partner’s firm and the component auditor may be members of the same network and may be subject to common network requirements or use common network services.[59] When determining whether component auditors have the appropriate competence and capabilities to perform work in support of the group audit engagement, the group engagement partner may be able to depend on such network requirements, for example, those addressing professional training or recruitment, or that require the use of audit methodologies and related implementation tools. In accordance with ASQM 1,[60] the firm is responsible for designing, implementing and operating its system of quality management, and the firm may need to adapt or supplement network requirements or network services to be appropriate for use in its system of quality management.
A67. ASA 220[61] requires the engagement partner to determine that members of the engagement team, and any auditor’s external experts who are not part of the engagement team, collectively have the appropriate competence and capabilities, including sufficient time, to perform the audit engagement. If an auditor’s expert is used by a component auditor, the group engagement partner may need to obtain information from the component auditor. For example, the group auditor may discuss with the component auditor the component auditor’s evaluation of the competence and capabilities of the auditor’s expert.
A68. When determining whether the engagement team has the appropriate competence and capabilities, the group engagement partner may take into consideration such matters as the expertise of the component auditor in the use of automated tools and techniques. For example, as described in ASA 220,[62] when the group auditor requires component auditors to use specific automated tools and techniques when performing audit procedures, the group auditor may communicate with component auditors that the use of such automated tools and techniques need to comply with the group auditor’s instructions.
A69. ASA 220[63] requires the engagement partner to take responsibility for other members of the engagement team having been made aware of relevant ethical requirements that are applicable given the nature and circumstances of the audit engagement, and the firm’s related policies or procedures. This includes the firm’s policies or procedures that address circumstances that may cause a breach of relevant ethical requirements, including those related to independence, and the responsibilities of members of the engagement team when they become aware of breaches. The firm’s policies or procedures also may address breaches of independence requirements by component auditors, and actions the group auditor may take in those circumstances in accordance with the relevant ethical requirements. In addition, relevant ethical requirements or law or regulation may also specify particular communications to those charged with governance in circumstances when breaches of independence requirements have been identified.[64]
A70. If there has been a breach by a component auditor of the relevant ethical requirements that apply to the group audit engagement, including those related to independence, and the breach has not been satisfactorily addressed in accordance with provisions of the relevant ethical requirements, the group auditor cannot use the work of that component auditor.
A71. Serious concerns are those concerns that in the group auditor’s professional judgement cannot be overcome. The group engagement partner may be able to overcome less than serious concerns about the component auditor’s professional competency (e.g., lack of industry-specific knowledge), or the fact that the component auditor does not operate in an environment that actively oversees auditors, by the group auditor being more involved in the work of the component auditor or by directly performing further audit procedures on the financial information of the component.
A72. ASA 220[65] requires the engagement partner to determine that the nature, timing and extent of direction, supervision and review is planned and performed in accordance with the firm’s policies or procedures, professional standards and applicable legal and regulatory requirements, and is responsive to the nature and circumstances of the audit engagement and the resources assigned or made available to the engagement team. For a group audit, the approach to direction, supervision and review will generally include a combination of addressing the group auditor’s firm policies or procedures and group audit engagement-specific responses.
A73. For a group audit, particularly when the engagement team includes a large number of component auditors that may be located in multiple locations, the group engagement partner may assign the design or performance of procedures, tasks or actions to other members of the engagement team to assist the group engagement partner in fulfilling the responsibility for the nature, timing and extent of the direction and supervision of component auditors and the review of their work (see also paragraph 11).
A74. If component auditors are from a firm other than the group auditor’s firm, the firm’s policies or procedures may be different, or different actions may need to be taken, respectively, in relation to the nature, timing and extent of direction and supervision of those members of the engagement team, and the review of their work. In particular, firm policies or procedures may require the firm or the group engagement partner to take different actions from those applicable to members of the engagement team within the firm or the network (e.g., in relation to the form, content and timing of communications with component auditors, including the use of group auditor instructions to component auditors). ASA 220 provides examples of actions that may need to be taken in such circumstances.[66]
A75. The nature, timing and extent of direction and supervision of component auditors and review of their work may be tailored based on the nature and circumstances of the engagement and, for example:
A76. There are different ways in which the group engagement partner may take responsibility for directing and supervising component auditors and reviewing their work, for example:
A77. In applying ASA 220,[67] the group engagement partner is required to review audit documentation at appropriate points in time during the audit engagement, including audit documentation relevant to the group audit relating to:
The review of such audit documentation by the group engagement partner often takes place during the course of the group audit, including the review of relevant component auditor audit documentation (also see paragraph A148).
A78. Clear and timely communication between the group auditor and the component auditors about their respective responsibilities, along with clear direction to the component auditors about the nature, timing and extent of the work to be performed and the matters expected to be communicated to the group auditor, helps establish the basis for effective two-way communication. Effective two-way communication between the group auditor and the component auditors also helps to set expectations for component auditors and facilitates the group auditor’s direction and supervision of them and the review of their work. Such communication also provides an opportunity for the group engagement partner to reinforce the need for component auditors to exercise professional scepticism in the work performed for purposes of the group audit.
A79. Other factors that may also contribute to effective two-way communication include:
A80. The communications between the group auditor and component auditors depend on the facts and circumstances of the group audit engagement, including the nature and extent of involvement of the component auditors and the degree to which the group auditor and component auditors are subject to common systems of quality management or common network requirements or network services.
A81. The form of the communications between the group auditor and component auditors may vary based on factors such as the nature of the audit work the component auditors have been requested to perform, and the extent to which communication capabilities are integrated into the audit tools used for the group audit.
A82. The form of communications also may be affected by such factors as:
A83. Communication between the group auditor and the component auditor may not necessarily be in writing. However, the group auditor’s verbal communications with the component auditors may be supplemented by written communication, such as a set of instructions regarding the work to be performed, when the group auditor wants to give particular attention to, or promote a mutual understanding about, certain matters. In addition, the group auditor may meet with the component auditor to discuss significant matters or to review relevant parts of the component auditor’s audit documentation.
A84. Paragraph 45 requires the group auditor to request the component auditor to communicate matters relevant to the group auditor’s conclusion with regard to the group audit. As explained in paragraph A146, the form and content of the component auditor’s deliverables are influenced by the nature and extent of the audit work the component auditor has been requested to perform.
A85. Regardless of the form of communication, the documentation requirements of this and other ASAs apply.
A86. The appropriate timing of communications will vary with the circumstances of the engagement. Relevant circumstances may include the nature, timing and extent of work to be performed by the component auditor and the action expected to be taken by the component auditor. For example, communications regarding planning matters may often be made early in the audit engagement and, for an initial group audit, may be made as part of agreeing the terms of the engagement.
A87. In applying ASA 250,[68] the group engagement partner may become aware of information about non-compliance or suspected non-compliance with laws or regulations. In such circumstances, the group engagement partner may have an obligation under relevant ethical requirements, laws or regulations, to communicate the matter to the component auditor.[69] The obligation of the group engagement partner to communicate non-compliance or suspected non-compliance may extend to auditors of the financial report of entities or business units for which an audit is required by statute, regulation or for another reason, but for which no audit work is performed for purposes of the group audit.
A88. ASA 315[70] contains requirements and guidance regarding the auditor’s responsibility to obtain an understanding of the entity and its environment, the applicable financial reporting framework, and the entity’s system of internal control. Appendix 2 of this ASA provides examples of matters related to internal control that may be helpful in obtaining an understanding of the system of internal control in the context of a group environment, and expands on how ASA 315 is to be applied to an audit of a group financial report.
A89. The understanding of the group and its environment, the applicable financial reporting framework, and the group’s system of internal control may be obtained through communications with:
A90. Obtaining an understanding of the group, identifying risks of material misstatement and assessing inherent risk and control risk may be performed in different ways depending on preferred audit techniques or methodologies and may be expressed in different ways. Accordingly, when component auditors are involved in the design and performance of risk assessment procedures, the group auditor may need to communicate its preferred approach with component auditors or provide instructions.
A91. In applying ASA 315,[71] the group engagement partner and other key engagement team members are required to discuss the application of the applicable financial reporting framework and the susceptibility of the group’s financial report to material misstatement. The group engagement partner’s determination of which members of the engagement team to include in the discussion, and the topics to be discussed, is affected by matters such as initial expectations about the risks of material misstatement and the preliminary expectation of whether to involve component auditors.
A92. The discussion provides an opportunity to:
A93. An understanding of the group’s organisational structure and its business model may enable the group auditor to understand such matters as:
A94. Obtaining an understanding of the degree to which the group’s operations or activities are similar may help to identify similar risks of material misstatement across components and design an appropriate response.
A95. The financial results of entities or business units are ordinarily measured and reviewed by group management. Enquiries of group management may reveal that group management relies on certain key indicators to evaluate the financial performance of the group’s entities and business units and take action. The understanding of such performance measures may help to identify:
A96. Group management may design controls that are intended to operate in a common manner across multiple entities or business units (i.e., common controls). For example, group management may design common controls for inventory management, which operate using the same IT system and that are implemented across all entities or business units in the group. Common controls may exist in each component of the group’s system of internal control, and they may be implemented at different levels within the group (e.g., at the level of the consolidated group as a whole, or for other levels of aggregation within the group). Common controls may be direct controls or indirect controls. Direct controls are controls that are precise enough to address risks of material misstatement at the assertion level. Indirect controls are controls that support direct controls.[73]
A97. Understanding the components of the group’s system of internal control includes understanding the commonality of the controls within those components across the group. In understanding the commonality of a control across the group, considerations that may be relevant include whether:
A98. Judgement may often be needed to determine whether a control is a common control. For example, group management may require that all entities and business units perform a monthly evaluation of the aging of customers’ accounts that is generated from a specific IT application. When the aging reports are generated from different IT applications or the implementation of the IT application differs across entities or business units, there may be a need to consider whether the control can be determined to be common. This is because of differences in the design of the control that may exist due to the existence of different IT applications (e.g., whether the IT application is configured in the same manner across components, and whether there are effective general IT controls across different IT applications).
A99. Consideration of the level at which controls are performed within the group (e.g., at the level of the consolidated group as a whole or for other levels of aggregation within the group) and the degree of centralisation and commonality may be important to the understanding of how information is processed and controlled. In some circumstances, controls may be performed centrally (e.g., performed only at a single entity or business unit), but may have a pervasive effect on other entities or business units (e.g., a shared service centre that processes transactions on behalf of other entities or business units within the group). The processing of transactions and related controls at a shared service centre may operate in the same way for those transactions being processed by the shared service centre regardless of the entity or business unit (e.g., the processes, risks and controls may be the same regardless of the source of the transaction). In such cases, it may be appropriate to identify the controls and evaluate the design and determine the implementation of the controls, and, if applicable, test operating effectiveness, as a single population.
A100. Group management may centralise some of its activities, for example financial reporting or accounting functions may be performed for a particular group of common transactions or other financial information in a consistent and centralised manner for multiple entities or business units (e.g., when the initiation, authorisation, recording, processing, or reporting of revenue transactions is performed at a shared service centre).
A101. Obtaining an understanding of how centralised activities fit into the overall group structure, and the nature of the activities undertaken, may help to identify and assess risks of material misstatement and appropriately respond to such risks. For example, controls at a shared service centre may operate independently from other controls, or they may be dependent upon controls at an entity or business unit from which financial information is derived (e.g., sales transactions may be initiated and authorised at an entity or business unit, but the processing may occur at the shared service centre).
A102. The group auditor may involve component auditors in testing the operating effectiveness of common controls or controls related to centralised activities. In such circumstances, effective collaboration between the group auditor and component auditors is important as the audit evidence obtained through testing the operating effectiveness of common controls or controls related to centralised activities supports the determination of the nature, timing and extent of substantive procedures to be performed across the group.
A103. Group entities or business units may use a financial reporting framework for statutory, regulatory or other reasons that is different from the financial reporting framework used for the group’s financial report. In such circumstances, an understanding of group management’s financial reporting processes to align accounting policies and, when relevant, financial reporting period-ends that differ from that of the group, enables the group auditor to understand how adjustments, reconciliations and reclassifications are made, and whether they are made centrally by group management or by the entity or business unit.
A104. In applying ASA 315,[74] the group auditor is required to understand how group management communicates significant matters that support the preparation of the group financial report. To achieve uniformity and comparability of financial information, group management may issue instructions (e.g., communicate financial reporting policies) to the entities or business units that include details about financial reporting processes or may have policies that are common across the group. Obtaining an understanding of group management’s instructions may affect the identification and assessment of the risks of material misstatement of the group financial report. For example, inadequate instructions may increase the likelihood of misstatements due to the risk that transactions are incorrectly recorded or processed, or that accounting policies are incorrectly applied.
A105. The group auditor’s understanding of the instructions or policies may include the following:
A106. During the course of the group audit, the group auditor may communicate the matters in paragraph 31 to other component auditors, if these matters are relevant to the work of those component auditors. Paragraph A144 includes examples of other matters that may need to be communicated timely in the course of the component auditor’s work.
A107. The nature of related party relationships and transactions may, in some circumstances, give rise to higher risks of material misstatement of the financial report than transactions with unrelated parties.[75] In a group audit there may be a higher risk of material misstatement of the group financial report, including due to fraud, associated with related party relationships when:
Planning and performing the audit with professional scepticism, as required by ASA 200,[76] is therefore particularly important when these circumstances exist.
A108. The process to identify and assess the risks of material misstatement of the group financial report is iterative and dynamic, and may be challenging, particularly when the component’s activities are complex or specialised, or when there are many components across multiple locations. In applying ASA 315,[77] the auditor develops initial expectations about the potential risks of material misstatement and an initial identification of the significant classes of transactions, account balances and disclosures of the group financial report based on their understanding of the group and its environment, the applicable financial reporting framework and the group’s system of internal control.
A109. The initial expectations about the potential risks of material misstatement take into account the auditor’s understanding of the group, including its entities or business units, and the environments and industries in which they operate. Based on the initial expectations, the group auditor may, and often will, involve component auditors in risk assessment procedures as they may have direct knowledge and experience with the entities or business units that may be helpful in understanding the activities and related risks, and where risks of material misstatement of the group financial report may arise in relation to those entities or business units.
A110. For identified risks of material misstatement at the assertion level, the group auditor is required to take responsibility for assessing inherent risk. Such assessment involves assessing the likelihood and magnitude of misstatement, which takes into account how, and the degree to which:[78]
A111. Based on the risk assessment procedures performed, the group auditor may determine that an assessed risk of material misstatement of the group financial report only arises in relation to financial information of certain components. For example, the risk of material misstatement relating to a legal claim may only exist in entities or business units that operate in a certain jurisdiction or in entities or business units that have similar operations or activities.
A112. Appendix 3 sets out examples of events and conditions that, individually or together, may indicate risks of material misstatement of the group financial report, whether due to fraud or error, including with respect to the consolidation process.
A113. In applying ASA 240,[79] the auditor is required to identify and assess the risks of material misstatement of the financial report due to fraud, and to design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level. Information used to identify the risks of material misstatement of the group financial report due to fraud may include the following:
A114. When the group auditor involves component auditors in the design and performance of risk assessment procedures, the group auditor remains responsible for having an understanding of the group and its environment, the applicable financial reporting framework and the group’s system of internal control to have a sufficient basis for the identification and assessment of the risks of material misstatement of the group financial report in accordance with paragraph 33.
A115. When the audit evidence obtained from the risk assessment procedures does not provide an appropriate basis for the identification and assessment of the risks of material misstatement, ASA 315[80] requires the auditor to perform additional risk assessment procedures until audit evidence has been obtained to provide such a basis.
A116. Paragraph 35(a) requires the group auditor to determine component performance materiality for each of the components where audit procedures are performed on financial information that is disaggregated. The component performance materiality amount may be different for each component. Also, the component performance materiality amount for an individual component need not be an arithmetical portion of the group performance materiality and, consequently, the aggregate of component performance materiality amounts may exceed group performance materiality.
A117. This ASA does not require component performance materiality to be determined for each class of transactions, account balance or disclosure for components at which audit procedures are performed. However, if, in the specific circumstances of the group, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the group financial report as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the group financial report, ASA 320[81] requires a determination of the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. In these circumstances, the group auditor may need to consider whether a component performance materiality lower than the amount communicated to the component auditor may be appropriate for those particular classes of transactions, account balances or disclosures.[82]
A118. The determination of component performance materiality is not a simple mechanical calculation and involves the exercise of professional judgement. Factors the group auditor may take into account in setting component performance materiality include the following:
A119. To address aggregation risk, paragraph 35(a) requires component performance materiality to be lower than group performance materiality. As explained in paragraph A118, as the extent of disaggregation across components increases, a lower component performance materiality amount ordinarily would be appropriate to address aggregation risk. In some circumstances, however, component performance materiality may be set at an amount closer to group performance materiality because there is less aggregation risk, such as when the financial information for one component represents a substantial portion of the group financial report. When determining component performance materiality for a non-controlling interest in an entity that is accounted for by the equity method, the group auditor may take into account the group’s ownership percentage and the share of the investee’s profits and losses.
A120. In some cases, further audit procedures may be performed by the group auditor or a component auditor on a significant class of transactions or significant account balance as a single population (i.e., not disaggregated across components). In such cases, group performance materiality often will be used for purposes of performing these procedures.
A121. The threshold for communicating misstatements to the group auditor is set at an amount equal to, or lower than, the amount regarded as clearly trivial for the group financial report. In accordance with ASA 450,[83] this threshold is the amount below which misstatements would not need to be accumulated because the group auditor expects that the accumulation of such amounts clearly would not have a material effect on the group financial report.
A122. In some cases, it may be appropriate for the group auditor to involve the component auditor in determining an appropriate component performance materiality amount, in view of the component auditor’s knowledge of the component and potential sources of misstatement of the component financial information. In this regard, the group auditor also may consider communicating group performance materiality to the component auditor to support collaboration in determining whether component performance materiality, in relation to group performance materiality, is appropriate in the circumstances.
A123. Component performance materiality is based, at least in part, on expectations about the nature, frequency, and magnitude of misstatements in the component financial information. Therefore, ongoing communication between the component auditor and the group auditor is important, particularly if the number and magnitude of misstatements identified by the component auditor are higher than expected.
A124. Further audit procedures may be designed and performed centrally if the audit evidence to be obtained from performing further audit procedures on one or more significant classes of transactions, account balances or disclosures in the aggregate will respond to the assessed risks of material misstatement, for example, if the accounting records for the revenue transactions of the entire group are maintained centrally (e.g., at a shared service centre). Factors that may be relevant to the auditor’s determination of whether to perform further audit procedures centrally include, for example:
A125. The group auditor may determine that the financial information of several components can be considered as one population for the purpose of performing further audit procedures, for example, when transactions are considered to be homogeneous because they share the same characteristics, the related risks of material misstatement are the same, and controls are designed and operating in a consistent way.
A126. When further audit procedures are performed centrally, component auditors may still be involved. For example, when the group has multiple shared service centres, the group auditor may involve component auditors in the performance of further audit procedures for these shared service centres.
A127. In other circumstances, procedures to respond to the risks of material misstatement of the group financial report that are related to the financial information of a component may be more effectively performed at the component level. This may be the case when the group has:
A128. A group may be comprised of a large number of components whose financial information is individually immaterial but material in the aggregate to the group financial report. Circumstances such as these in which the significant classes of transactions, account balances or disclosures in the group financial report are disaggregated over a large number of components may present additional challenges for the group auditor in planning and performing further audit procedures.
A129. In some cases, it may be possible to obtain sufficient appropriate audit evidence by performing further audit procedures centrally on these significant classes of transactions, account balances or disclosures (e.g., if they are homogeneous, subject to common controls and access to appropriate information can be obtained). The further audit procedures may also include substantive analytical procedures in accordance with ASA 520.[84] Depending on the circumstances of the engagement, the financial information of the components may be aggregated at appropriate levels for purposes of developing expectations and determining the amount of any difference of recorded amounts from expected values in performing the substantive analytical procedures. The use of automated tools and techniques may be helpful in these circumstances.
A130. In other cases, it may be necessary to perform further audit procedures at selected components to address the risks of material misstatement of the group financial report. The determination of the components at which audit procedures are to be performed, and the nature, timing and extent of further audit procedures to be performed at the selected components, are matters of professional judgement. In these circumstances, introducing an element of unpredictability in the components selected for testing also may be helpful in relation to the risks of material misstatement of the group financial report due to fraud (also see paragraph A136).
A131. In response to the assessed risks of material misstatement, the group auditor may determine the following scope of work to be appropriate at a component (with the involvement of component auditors, as applicable):
A132. Although the group auditor takes responsibility for the nature, timing and extent of further audit procedures to be performed, component auditors can be, and often are, involved in all phases of the group audit, including in the design and performance of further audit procedures.
A133. The group auditor may determine that designing and performing further audit procedures on the entire financial information of a component is an appropriate approach, including when:
A134. The group auditor may determine that designing and performing further audit procedures on one or more particular classes of transactions, account balances, or disclosures of the financial information of a component is an appropriate approach to address assessed risks of material misstatement of the group financial report. For example, a component may have limited operations but holds a significant portion of the land and buildings of the group or has significant tax balances.
A135. The group auditor may determine that designing and performing specific further audit procedures on the financial information of a component is an appropriate approach, such as when audit evidence needs to be obtained for one or more relevant assertions only. For example, the group auditor may centrally test the class of transaction, account balance or disclosure and may require the component auditor to perform specific further audit procedures at the component (e.g., specific further audit procedures related to the valuation of claims or litigation in the component’s jurisdiction or the existence of an asset).
A136. Incorporating an element of unpredictability in the type of work to be performed, the entities or business units at which procedures are performed and the extent to which the group auditor is involved in the work, may increase the likelihood of identifying a material misstatement of the components’ financial information that may give rise to a material misstatement of the group financial report due to fraud.[85]
A137. The group auditor may rely on the operating effectiveness of controls that operate throughout the group in determining the nature, timing and extent of substantive procedures to be performed at either the group level or at the components. ASA 330[86] requires the auditor to design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of those controls. Component auditors may be involved in designing and performing such tests of controls.
A138. If deviations from controls upon which the auditor intends to rely are detected, ASA 330[87] requires the auditor to make specific enquiries to understand these matters and their potential consequences. If more deviations than expected are detected as a result of testing the operating effectiveness of the controls, the group auditor may need to revise the group audit plan. Possible revisions to the group audit plan may include:
A139. When the operating effectiveness of controls is tested centrally (e.g., controls at a shared service centre or testing of common controls), the group auditor may need to communicate information about the audit work performed to the component auditors. For example, when a component auditor is requested to design and perform substantive procedures on the entire financial information of the component, or design and perform substantive procedures on one or more classes of transactions, account balances or disclosures, the component auditor may discuss with the group auditor about the control testing performed centrally to determine the nature, timing and extent of the substantive procedures.
A140. The further audit procedures on the consolidation process, including sub-consolidations, may include:
A141. The consolidation process may require adjustments and reclassifications to amounts reported in the group financial report that do not pass through the usual IT applications, and may not be subject to the same controls to which other financial information is subject. The group auditor’s evaluation of the appropriateness, completeness and accuracy of the adjustments and reclassifications may include:
A142. When the group auditor involves component auditors in the design or performance of further audit procedures, the component auditor may determine that the use of the work of an auditor’s expert is appropriate and communicate this to the group auditor. In such circumstances, when determining whether the component auditor’s design and performance of further audit procedures is appropriate, the group auditor may, for example, discuss with the component auditor:
A143. The appropriate level of the group auditor’s involvement may depend on the circumstances and the structure of the group and other factors, such as the group auditor’s previous experience with the component auditors that perform procedures on the consolidation process, including sub-consolidations, and the circumstances of the group audit engagement (e.g., if the financial information of an entity or business unit has not been prepared in accordance with the same accounting policies applied to the group financial report).
A144. Although the matters required to be communicated in accordance with paragraph 45 are relevant to the group auditor’s conclusion with regard to the group audit, certain matters may be communicated during the course of the component auditor’s procedures. In addition to the matters in paragraphs 32 and 50, such matters may include, for example:
A145. Knowledge about corrected and uncorrected misstatements across components may alert the group auditor to potential pervasive internal control deficiencies, when considered along with the communication of deficiencies in accordance with paragraph 45(g). In addition, a higher than expected number of identified misstatements (uncorrected or corrected) may indicate a higher risk of undetected misstatements, which may lead the group auditor to conclude that additional audit procedures need to be performed at certain components.
A146. The form and content of the deliverables from the component auditor are influenced by the nature and extent of the audit work the component auditor has been requested to perform. The group auditor’s firm policies or procedures may address the form or specific wording of an overall conclusion from the component auditor on the audit work performed for purposes of the group audit. In some cases, law or regulation may specify the form of conclusion (e.g., an opinion) to be provided by the component auditor.
A147. If the group auditor determines that the component auditor’s communications are not adequate for the group auditor’s purposes, the group auditor may consider whether, for example:
A149. Other factors that may affect the group auditor’s determination about whether, and the extent to which, it is necessary to review additional component auditor audit documentation in the circumstances include:
A150. The group auditor may:
A151. The audit of a group financial report is a cumulative and iterative process. As the group auditor performs planned audit procedures, the audit evidence obtained may cause the group auditor to modify the nature, timing or extent of other planned audit procedures as information may come to the group auditor’s attention that differs significantly from the information on which the risk assessment was based. For example:
In such circumstances, the group auditor may need to re-evaluate the planned audit procedures, based on the revised consideration of assessed risks for all or some of the significant classes of transactions, account balances, or disclosures and related assertions.
A152. The evaluation required by paragraph 51 assists the group auditor in determining whether the overall group audit strategy and group audit plan developed to respond to the assessed risks of material misstatement of the group financial report continues to be appropriate. The requirement in ASA 330[88] for the auditor, irrespective of the assessed risks of material misstatement, to design and perform substantive procedures for each material class of transactions, account balance, and disclosure also may be helpful for purposes of this evaluation in the context of the group financial report.
A153. The group auditor may consider the engagement team’s exercise of professional scepticism when evaluating the sufficiency and appropriateness of audit evidence obtained. For example, the group auditor may consider whether matters such as those described in paragraph A17 have inappropriately led the engagement team to:
A154. ASA 220[89] requires the engagement partner to determine, on or before the date of the auditor’s report, through review of audit documentation and discussion with the engagement team, that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. Information that may be relevant to the group auditor’s evaluation of the audit evidence obtained from the work performed by component auditors depends on the facts and circumstances of the group audit, and may include:
A155. In some circumstances, an overall summary memorandum describing the work performed and the results thereof may provide a basis on its own for the group auditor to conclude that the work performed and audit evidence obtained by the component auditor is sufficient for purposes of the group audit. This may be the case, for example, when the component auditor has been requested to perform specific further audit procedures as identified and communicated by the group auditor.
A156. The group engagement partner’s evaluation may include a consideration of whether corrected and uncorrected misstatements communicated by component auditors indicate a systemic issue (e.g., regarding transactions subject to common accounting policies or common controls) that may affect other components.
A157. Although component auditors may perform work on the financial information of the components for the group audit and as such are responsible for their overall findings or conclusions, the group engagement partner or the group engagement partner’s firm is responsible for the group audit opinion.
A158. When the group audit opinion is modified because the group auditor was unable to obtain sufficient appropriate audit evidence in relation to the financial information of one or more components, the Basis for Qualified Opinion or Basis for Disclaimer of Opinion section in the auditor’s report on the group financial report describes the reasons for that inability.[90] In some circumstances, a reference to a component auditor may be necessary to adequately describe the reasons for the modified opinion, for example, when the component auditor is unable to perform or complete the work requested on the component financial information due to circumstances beyond the control of component management.
A159. The group audit may be complex due to the number and nature of the entities and business units comprising the group. In addition, as explained in paragraph A7, the group auditor may determine that certain entities or business units may be considered together as a component for purposes of planning and performing the group audit. Therefore, discussing with group management an overview of the planned scope and timing may help in co-ordinating the work performed at components, including when component auditors are involved, and in identifying component management (see paragraph A24).
A160. ASA 240[91] contains requirements and guidance on the communication of fraud to management and, when management may be involved in the fraud, to those charged with governance.
A161. Group management may need to keep certain material sensitive information confidential. Examples of matters that may be significant to the financial report of the component of which component management may be unaware include the following:
A162. Group management may inform the group auditor about non-compliance or suspected non-compliance with laws or regulations in entities or business units within the group. Paragraph A87 provides guidance for the group engagement partner in these circumstances.
A163. The matters the group auditor communicates to those charged with governance of the group may include those brought to the attention of the group auditor by component auditors that the group auditor judges to be significant to the responsibilities of those charged with governance of the group. Communication with those charged with governance of the group may take place at various times during the group audit. For example, the matter referred to in paragraph 57(a) may be communicated after the group auditor has determined the work to be performed on the financial information of the components. On the other hand, the matter referred to in paragraph 57(b) may be communicated at the end of the audit, and the matters referred to in paragraph 57(c)–(d) may be communicated when they occur.
A164. ASA 260[92] requires the auditor to communicate with those charged with governance an overview of the planned scope and timing of the audit. For a group audit, this communication helps those charged with governance understand the group auditor’s determination of the components at which audit work will be performed, including whether certain of the group’s entities or business units will be considered together as a component, and the planned involvement of component auditors. This communication also helps to enable a mutual understanding of and discussion about the group and its environment (see paragraph 30) and areas, if any, in which those charged with governance may request the group auditor to undertake additional procedures.
A165. The group auditor is responsible for determining, on the basis of the audit work performed, whether one or more identified deficiencies, individually or in combination, constitute significant deficiencies.[93] The group auditor may request input from the component auditor about whether an identified deficiency or combination of deficiencies at the component is a significant deficiency in internal control.
A166. Other ASAs contain specific documentation requirements that are intended to clarify the application of ASA 230 in the particular circumstances of those other ASAs. The Appendix to ASA 230 lists other ASAs that contain specific documentation requirements and guidance.
A167. The audit documentation for the group audit supports the group auditor’s evaluation in accordance with paragraph 51 as to whether sufficient appropriate audit evidence has been obtained on which to base the group audit opinion. Also see paragraph A154.
A168. The audit documentation for the group audit comprises:
A169. The final assembly and retention of the audit documentation for a group audit is subject to the policies or procedures of the group auditor’s firm in accordance with ASQM 1.[94] The group auditor may provide specific instructions to component auditors regarding the assembly and retention of the documentation of work performed by them for purposes of the group audit.
A170. The basis for the group auditor’s determination of components may be documented in various ways, including, for example, documentation related to the fulfillment of the requirements in paragraphs 22, 33 and 57(a) of this ASA.
A171. ASQM 1[95] provides guidance on matters that the firm’s policies or procedures may address regarding the competence and capabilities of the engagement team members. Such policies or procedures may describe or provide guidance about how to document the determination of the competence and capabilities of the engagement team, including component auditors. For example, the confirmation obtained from the component auditor in accordance with paragraph 24 may include information about the component auditor’s relevant industry experience. The group auditor also may ask for confirmation that the component auditor has sufficient time to perform the assigned audit procedures.
A172. As described in paragraph A75, the approach to direction, supervision and review in a group audit will be tailored by the group auditor based on the facts and circumstances of the engagement, and will generally include a combination of addressing the group auditor’s firm policies or procedures and responses specific to the group audit. Such policies or procedures may also describe or provide guidance about the documentation of the group auditor’s direction and supervision of the engagement team and the review of their work.
A173. ASA 300[96] requires the auditor to develop an audit plan that includes a description of the nature, timing and extent of the planned direction and supervision of engagement team members and the review of their work. When component auditors are involved, the extent of such descriptions will often vary by component, recognising that the planned nature, timing and extent of direction and supervision of component auditors, and review of their work, may be influenced by the matters described in paragraph A51.
A174. The group auditor’s documentation of the direction and supervision of component auditors and the review of their work may include, for example:
A175. Paragraph 47 requires the group auditor to determine whether, and the extent to which it is necessary to review additional component auditor audit documentation. Paragraphs A148–A149 provide guidance for the group auditor in making this determination.
A176. Component auditor audit documentation ordinarily need not be replicated in the group auditor’s audit file. However, the group auditor may decide to summarise, replicate or retain copies of certain component auditor documentation in the group auditor’s audit file to supplement the description of a particular matter in communications from the component auditor, including the matters required to be communicated by this ASA. Examples of such component auditor documentation may include:
A177. When required by law or regulation, certain component auditor documentation may need to be included in the group auditor’s audit file, for example, to respond to the request of a regulatory authority to review documentation related to work performed by a component auditor.
A178. Policies or procedures established by the firm in accordance with the firm’s system of quality management, or resources provided by the firm or a network, may assist the group auditor in documenting the direction and supervision of component auditors and the review of their work. For example, an electronic audit tool may be used to facilitate communications between the group auditor and component auditors. The electronic audit tool also may be used for audit documentation, including providing information about the reviewer(s) and the date(s) and extent of their review.
A179. Audit documentation for a group audit may present some additional complexities or challenges in certain circumstances. This may be the case, for example, when law or regulation restrict the component auditor from providing documentation outside of its jurisdiction, or when war, civil unrest or outbreaks of disease restrict access to relevant component auditor audit documentation.
A180. The group auditor may be able to overcome such restrictions by, for example:
It is a matter of professional judgement whether one or more of the actions described above may be sufficient to overcome the restrictions depending on the facts and circumstances of the group audit.
A181. When access to component auditor audit documentation is restricted, the group auditor’s documentation nonetheless needs to comply with the requirements of the ASAs, including those relating to the documentation of the nature, timing and extent of the group auditor’s direction and supervision of component auditors and the review of their work. The guidance in paragraphs A148–A149 may be helpful in determining the extent of the group auditor’s review of the component auditor audit documentation in these circumstances. Paragraphs A176 and A177 provide examples of circumstances in which certain component auditor audit documentation may be included in the group auditor’s audit file.
A182. If the group auditor is unable to overcome restrictions on access to the component auditor audit documentation, the group auditor may need to consider whether a scope limitation exists that may require a modification to the opinion on the group financial report. See paragraph A45.
Appendix 1
(Ref: Para. A42)
For purposes of this illustrative auditor’s report, the following circumstances are assumed:
|
To the Shareholders of ABC Company [or Other Appropriate Addressee]
We have audited the consolidated financial report of ABC Company and its subsidiaries (the Group), which comprise the consolidated statement of financial position as at 31 December, 20X1, and the consolidated statement of comprehensive income, consolidated statement of changes in equity and consolidated statement of cash flows for the year then ended, and notes to the consolidated financial report, including a summary of significant accounting policies, and the directors’ declaration.
In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion section of our report, the accompanying consolidated financial report of the Group is in accordance with the Corporations Act 2001, including:
ABC Company’s investment in XYZ Company, a foreign associate acquired during the year and accounted for by the equity method, is carried at $15 million on the consolidated statement of financial position as at 31 December, 20X1, and ABC’s share of XYZ’s net income of $1 million is included in the consolidated statement of comprehensive income for the year then ended. We were unable to obtain sufficient appropriate audit evidence about the carrying amount of ABC’s investment in XYZ as at 31 December, 20X1 and ABC’s share of XYZ’s net income for the year because we were denied access to the financial information, management, and the auditors of XYZ. Consequently, we were unable to determine whether any adjustments to these amounts were necessary.
We conducted our audit in accordance with Australian Auditing Standards. Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Consolidated Financial Report section of our report. We are independent of the Group in accordance with the auditor independence requirements of the Corporations Act 2001 and the ethical requirements of the Accounting Professional & Ethical Standards Board’s APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (the Code), and we have fulfilled our other ethical responsibilities in accordance with the Code.
We confirm that the independence declaration required by the Corporations Act 2001, which has been given to the directors of the Company would be in the same terms if given to the directors as at the time of this auditor’s report.[§]
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion.
Appendix 2
(Ref: Para. A85)
60. This appendix provides examples of matters related to internal control that may be helpful in obtaining an understanding of the system of internal control in the context of a group environment, and expands on how ASA 315[97] is to be applied in relation to an audit of a group financial report. The examples may not be relevant to every group audit engagement and the list of examples is not necessarily complete.
61. The group auditor’s understanding of the control environment may include matters such as the following:
62. The group auditor’s understanding of the group’s risk assessment process may include matters such as group management’s risk assessment process, that is, the process for identifying, analysing and managing business risks, including the risk of fraud, that may result in material misstatement of the group financial report. It may also include an understanding of how sophisticated the group’s risk assessment process is and the involvement of entities and business units in this process.
63. The group auditor’s understanding of the group’s process to monitor the system of internal control may include matters such as monitoring of controls, including how the controls are monitored across the group and, when relevant, activities of the internal audit function across the group, including its nature, responsibilities and activities in respect of monitoring of controls at entities or business units in the group. ASA 610[98] requires the auditor to evaluate the extent to which the internal audit function’s organisational status and relevant policies and procedures support the objectivity of internal auditors, the level of competence of the internal audit function, and whether the internal audit function applies a systematic and disciplined approach, including quality control.
64. The group auditor’s understanding of the group’s information system and communication may include matters such as the following:
65. The group auditor’s understanding of the consolidation process may include matters such as the following:
Matters Relating to the Applicable Financial Reporting Framework
Matters Relating to the Consolidation Process
Matters Relating to Consolidation Adjustments and Reclassifications:
66. The group auditor’s understanding of the control activities component may include matters such as the following:
Appendix 3
(Ref: Para. A110)
The following are examples of events (including transactions) and conditions that may indicate the existence of risks of material misstatement of the group financial report, whether due to fraud or error, including with respect to the consolidation process. The examples provided by inherent risk factor cover a broad range of events and conditions; however, not all events and conditions are relevant to every group audit engagement and the list of examples is not exhaustive. The events and conditions have been categorised by the inherent risk factor that may have the greatest effect in the circumstances. Importantly, due to the interrelationships among inherent risk factors, the example events and conditions also are likely to be subject to, or affected by, other inherent risk factors to varying degree. Also see ASA 315, Appendix 2.
Inherent Risk Factor | Examples of Events or Conditions that May Give Rise to the Existence of Risks of Material Misstatement of the Group Financial Report at the Assertion Level: |
Complexity |
|
Subjectivity |
|
Change |
|
Uncertainty |
|
Susceptibility to Misstatement Due to Management Bias or Other Fraud Risk Factors Insofar as They Affect Inherent Risk |
|
Indicators that the control environment, the group’s risk assessment process or the group’s process to monitor the group’s system of internal control are not appropriate to the group’s circumstances, considering the nature and complexity of the group, and do not provide an appropriate foundation for the other components of the group’s system of internal control, include:
[1] See ASA 220 Quality Management for an Audit of a Financial Report and Other Historical Financial Information.
[2] See ASA 230 Audit Documentation.
[3] See ASA 300 Planning an Audit of a Financial Report.
[4] See ASA 315 Identifying and Assessing the Risks of Material Misstatement.
[5] See ASA 330 The Auditor’s Responses to Assessed Risks.
[6] See ASA 220, paragraph A1.
[7] See ASA 220, paragraph 25.
[8] See ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards, paragraph A35.
[9] See ASA 200, paragraphs 15‒16.
[10] See ASA 220, paragraph 12(d).
[11] See ASA 220, paragraph 12(a).
[12] See ASA 320 Materiality in Planning and Performing an Audit, paragraphs 9 and 11.
[13] See ASA 220, paragraph 13.
[14] See ASA 210 Agreeing the Terms of Audit Engagements, paragraphs 6(b) and 8(b).
[15] See ASA 300, paragraphs 7–11.
[16] See ASA 220, paragraph 17.
[17] See ASA 220, paragraphs 25–26.
[18] See ASA 200, paragraph 14.
[19] See ASA 220, paragraph 29.
[20] See ASA 315, paragraphs 19–27.
[21] See ASA 550 Related Parties, paragraph 17.
[22] See ASA 570 Going Concern.
[23] See ASA 315, paragraphs 28‒34.
[24] See ASA 315, paragraph 35.
[25] See ASA 320, paragraph 11.
[26] See ASA 450 Evaluation of Misstatements Identified during the Audit, paragraph 5.
[27] See ASA 330, paragraphs 6‒7.
[28] See ASA 560 Subsequent Events, paragraphs 6–7.
[29] See ASA 330, paragraph 26.
[30] See ASA 260 Communication with Those Charged with Governance.
[31] See ASA 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management.
[32] See ASA 230, paragraph 8.
[33] See ASA 230, paragraphs 1–3, 9–11, A6–A7 and Appendix.
[34] See ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements.
[35] See ASQM 2 Engagement Quality Reviews.
[36] See, for example, AASB 8, Operating Segments.
[37] See ASA 220, paragraph 30(b).
[38] See ASA 200, paragraph A48.
[39] See ASA 220, paragraphs A35‒A37.
[40] See ASA 315, paragraph A238.
[41] See ASA 540 Auditing Accounting Estimates and Related Disclosures, paragraph A11.
[42] See ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report, Appendix 1.
[43] See ASA 220, paragraph 15.
[44] See ASQM 1, paragraphs 48–52.
[45] See ASA 220, paragraph A29.
[46] See ASA 210, paragraphs 9 and 10(d).
[47] See ASA 330, paragraph 7(b).
[48] See ASA 705 Modifications to the Opinion in the Independent Auditor’s Report.
[49] See ASA 300, paragraph A3.
[50] See ASA 300, paragraph 10.
[51] See ASA 315, paragraph 14(b).
[52] See ASA 300, paragraph 5.
[53] See ASQM 1, paragraph A74.
[54] See ASA 220, paragraph 25.
[55] See ASA 220, paragraph A72.
[56] See ASA 220, paragraph A25.
[57] See ASQM 1, paragraph 47.
[58] See ASQM 1, paragraph 51(b).
[59] See ASQM 1, paragraphs A19, A175.
[60] See ASQM 1, paragraphs 48–49.
[61] See ASA 220, paragraph 26.
[62] See ASA 220, paragraph A66.
[63] See ASA 220, paragraph 17.
[64] See ASA 260, paragraph A31.
[65] See ASA 220, paragraph 30.
[66] See ASA 220, paragraphs A25–A26.
[67] See ASA 220, paragraphs 31, A92–A93.
[68] See ASA 250 Consideration of Laws and Regulations in an Audit of a Financial Report.
[69] See, for example, Paragraphs R360.17 and R360.18 of APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (the Code).
[70] See ASA 315, paragraphs 19–27, A50‒A183.
[71] See ASA 315, paragraph 17.
[72] See ASA 240, paragraph 16.
[73] See ASA 315, paragraph A5.
[74] See ASA 315, paragraph 25(b).
[75] See ASA 550, paragraph 2.
[76] See ASA 200, paragraph 15.
[77] See ASA 315, paragraph A126.
[78] See ASA 315, paragraph 31.
[79] See ASA 240, paragraphs 26, 31.
[80] See ASA 315, paragraph 35.
[81] See ASA 320, paragraphs 10 and A11–A12.
[82] See ASA 320, paragraph A13.
[83] See ASA 450, paragraph A3.
[84] See ASA 520 Analytical Procedures.
[85] See ASA 240, paragraph 30(c).
[86] See ASA 330, paragraph 8.
[87] See ASA 330, paragraph 17.
[88] See ASA 330, paragraph 18.
[89] See ASA 220, paragraph 32.
[90] See ASA 705, paragraphs 20 and 24.
[91] See ASA 240, paragraphs 41–43.
[92] See ASA 260, paragraph 15.
[93] See ASA 265, paragraph 8.
[94] See ASQM 1, paragraphs 31(f) and A83–A85.
[95] See ASQM 1, paragraph A96.
[96] See ASA 300, paragraph 9.
[*] If, in the group engagement partner’s judgment, the effect on the group financial report of the inability to obtain sufficient appropriate audit evidence is material and pervasive, the group engagement partner would disclaim an opinion in accordance with ASA 705.
[#] See ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report.
[†] The sub-title, “Report on the Audit of the Consolidated Financial Statements” is unnecessary in circumstances when the second sub-title, “Report on Other Legal and Regulatory Requirements” is not applicable.
[§] Or, alternatively, include statements (a) to the effect that circumstances have changed since the declaration was given to the relevant directors; and (b) setting out how the declaration would differ if it had been given to the relevant directors at the time the auditor’s report was made.
[*] See ASA 720 The Auditor’s Responsibilities Relating to Other Information.
[#] See ASA 700 Forming an Opinion and Reporting on a Financial Report.
[†] The Report on the Remuneration Report is an example of “Other Reporting Responsibilities”—see ASA 700, paragraphs 43-45. Any additional “Other Reporting Responsibilities” that the auditor needs to address, will also be included in a separate section of the auditor’s report. Under paragraph 43 of ASA 700, the sub-title “Report on Other Legal and Regulatory Requirements” or other sub-title as appropriate to the section, is used.
[§] The auditor is required, under the Corporations Act 2001, to sign the auditor’s report in both their own name and the name of their firm [section 324AB(3)] or the name of the audit company [section 324AD(1)], as applicable.
[97] See ASA 315, Appendix 3.
[98] See ASA 610 Using the Work of Internal Auditors, paragraph 15.