International Auditing and Assurance Standards Board

Audits of Group Financial Statements

ISA Implementation Support Module

Prepared by IAASB Staff

November 2009

• Introduction

• Significant Features of New Standard

– Risk Assessment and Quality Control Principles

– Engagement Acceptance and Continuance

– Understanding the Group and Its Components

– Significant Components and Work Effort on Components

– Component Auditors

– Materiality

– Communication

– Additional Aspects

Overview

2

• The context for revising the standard

– Lack of an international standard dealing specifically with group audits

– Varying group audit practice around the world

– Regulatory concerns about rigor and consistency of practice in this important and complex area

– Need to reflect application of risk assessment and quality control principles in group audit context

• Standard reflects international best practice

Introduction

Introduction

3

• A major thrust of the new standard

• Risk assessment provides basis for determining nature and extent of work on the group audit

• Identification and assessment of risks through obtaining an understanding of the group, its components, and their environments

• Effect on current practice will vary

– If best practices already followed, changes may not be significant

– In other cases, more effort could be required

Applying Risk Assessment and Quality Control Principles

Risk Assessment and Quality Control Principles

4

• Standard reflects ISA 220 principle regarding responsibility for the audit

– Group engagement partner alone should be responsible for direction, supervision, and performance of engagement and for group audit opinion

• Therefore, reference to component auditor in the group auditor’s report no longer permitted

• Practical implications:

– Need to pay greater attention to where risks lie within the group

– Component auditors may expect group engagement team to be more involved in their work

Applying Risk Assessment and Quality Control Principles

Risk Assessment and Quality Control Principles

5

• Emphasis on sole responsibility does not imply that group audit should be performed by only one firm or one network

– No requirement for this in the standard

– Different components may be audited by different component auditors

• However, regardless of who the component auditors are, standard requires group engagement team to obtain an understanding of them

Applying Risk Assessment and Quality Control Principles

Risk Assessment and Quality Control Principles

6

• A new approach

– Main consideration under old standard was whether portion of group audited by the auditor was sufficient for the auditor to act as principal auditor

– New standard introduces an entirely different concept

– Group engagement team now needs to consider whether sufficient appropriate audit evidence can be obtained to express group audit opinion before accepting engagement

– This consideration includes whether group engagement team will be able to be involved in component auditors’ work

Engagement Acceptance and Continuance

Engagement Acceptance and Continuance

7

• Key consideration is whether sufficient appropriate audit evidence can reasonably be expected to be obtained regarding

– The consolidation process

– Components’ financial information

• Access to components controlled by the entity (e.g. subsidiaries, branches) may not be an issue

• In other cases, difficulty in accessing relevant information (e.g. at components such as joint ventures, associates) may give rise to a scope limitation

Engagement Acceptance and Continuance

Engagement Acceptance and Continuance

8

• Decision to accept is also based on whether group engagement team has unrestricted access to

– Component auditors and their work

– Management and those charged with governance (TCWG) of the group

– Management and TCWG of the components

• Consideration of engagement acceptance a key aspect of the standard

– Thus, determining whether to act as auditor of the group is one of the objectives under the standard

Engagement Acceptance and Continuance

Engagement Acceptance and Continuance

9

• As part of understanding the group and its components, group engagement team now required to understand

– Group-wide controls

– Consolidation process

• What are group-wide controls?

– Any controls over group financial reporting

– E.g. Controls for monitoring and reconciling intra-group transactions

Understanding Group-Wide Controls and Consolidation Process

Understanding the Group and its Components

10

• Understanding group-wide controls helps to plan nature, timing, and extent of work on consolidation process and components

• Group engagement team tests, or asks component auditor(s) to test, operating effectiveness of these controls if:

– There will be planned reliance on the controls, or

– Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level

• Communicate significant deficiencies in group-wide controls in accordance with ISA 265

Understanding Group-Wide Controls

Understanding the Group and its Components

11

• Under current practice, group engagement teams may perform at least some work on the consolidation process

– However, no specific requirements under old standard

– Practice therefore inconsistent

• New standard formalizes best practice in this regard

– Recognizes that material misstatements can arise as a result of consolidation process

• New set of responsibilities for group engagement team with regard to consolidation process

Understanding the Consolidation Process

Understanding the Group and its Components

12

• Understand detailed reporting instructions issued by group management to components

• Perform specific procedures on consolidation process

– Evaluate consolidation adjustments for appropriateness, completeness, and accuracy

Includes consideration of whether fraud risk factors or indicators of management bias exist

– Evaluate whether components that report under different financial reporting frameworks have been consolidated on the basis of consistent accounting policies

Understanding the Consolidation Process

Understanding the Group and its Components

13

• New standard introduces important concept of a “significant component”

• What is a significant component?

– A component financially significant to the group (i.e. size)

– A component likely to include significant risks of material misstatement of the group financial statements due to its specific nature or circumstances (i.e. specific risks)

• Why is concept of significant component important?

– Determines direction of group audit

– Work effort focused on components with greatest risks

Significant Components

Significant Components and Work Effort on Components

14

• Old standard did not specify any particular level of work on components

• New standard establishes specific requirements– For a component significant due to size: an audit of the

component’s financial information

– For a component significant due to specific risks, one or more of An audit of the component’s financial informationAn audit of the component’s financial information An audit of one or more account balances, classes of An audit of one or more account balances, classes of

transactions or disclosures affected by the significant riskstransactions or disclosures affected by the significant risks Specified audit procedures responsive to the significant risksSpecified audit procedures responsive to the significant risks

– For components that are not significant, analytical procedures at group level

Work Effort on Components

Significant Components and Work Effort on Components

15

• Not the same as audit of statutory financial statements

• For example, component auditor may not need to audit

– Items that will be audited centrally if so informed by group engagement team

– Disclosures required for statutory purposes but not for group audit purposes

• Audit to component materiality (materiality for statutory audit may be lower)

• Group engagement team to specify form of reporting expected from component auditor

– Standard does not mandate form of reporting

Significant Components and Work Effort on Components

Audit of Component Financial Information

16

• Group engagement team to be involved in

– Component auditor’s risk assessment

Have all the significant risks been identified?Have all the significant risks been identified?

Involvement depends on understanding of component auditor Involvement depends on understanding of component auditor but standard specifies minimum work requiredbut standard specifies minimum work required

– Component auditor’s responses to significant risks

Are the responses appropriate?Are the responses appropriate?

Direct involvement by group engagement team in responding Direct involvement by group engagement team in responding to the significant risks may be necessary based on to the significant risks may be necessary based on understanding of component auditorunderstanding of component auditor

Significant Components Audited by Component Auditors

Significant Components and Work Effort on Components

17

• Only when sufficient appropriate audit evidence will not be obtained through work on significant components, group-wide controls and consolidation process, and analytical procedures at group level

• If so, select one or more components that are not significant and obtain additional audit evidence through one or more specified actions

– E.g. Perform an audit or review of the individual component’s financial information

– Vary selection of such components over a period of time

Significant Components and Work Effort on Components

Is Further Work Required on Components?

18

• An auditor of a component is a component auditor only when it has been asked by the group engagement team to perform work on the component for the group audit

– Can be an auditor in another firm or an auditor in another office of the same firm or network

• Understand 2 further matters besides component auditor’s competence and independence

– Whether group engagement team can be involved in component auditor’s work as necessary

– Whether component auditor is subject to regulatory oversight

Component Auditors

What is a Component Auditor?

19

• Nature, timing and extent of work to understand component auditors depend on a number of factors, e.g.

– Previous experience with or knowledge of component auditors

– Degree to which group engagement team and component auditors are subject to common policies and procedures E.g. in quality control, audit methodologyE.g. in quality control, audit methodology

Component Auditors

Understanding Component Auditors

20

• Standard now requires 4 different types of materiality to be determined

– Group materiality

– If relevant, materiality levels for particular classes of transactions, account balances or disclosures

– Component materiality where an audit or a review of a component is necessary

– Threshold above which misstatements cannot be treated as clearly trivial to the group

Materiality

Materiality

21

• Materiality for a component necessary for group engagement partner to form an opinion on group financial statements

– Not for component auditor to form an opinion on component’s financial information

• Should be lower than group materiality so that misstatements in components in the aggregate will not exceed group materiality

• Should be set for each component for which an audit or review is required

What is Component Materiality?

Materiality

22

• Standard places greater emphasis on effective communication between group engagement team and component auditors

– Effective involvement in component auditors’ work required by the standard otherwise not possible

– Vital to ensure expectations on both sides are clear

• Standard recognizes need for effective communication with TCWG and management

Opens up dialogue with TCWG on significant matters

Enables TCWG and management to be made aware of matters relevant to discharging their respective responsibilities for financial reporting process, a matter of public interest

Importance of Effective Communication

Communication

23

• Communication now broader and more specific

• Guiding principles when communicating downstream

– Will component auditors be clear as to nature and extent of work requested of them on the components and whether group engagement team will be involved in their work?

– Will component auditors be clear as to required form of reporting to group engagement team and reporting deadlines?

• Standard requires specific matters to be communicated to component auditors

– E.g. component materiality, form and content of reporting

• Communication should be timely

Communication with Component Auditors

Communication

24

• Nature and extent of component auditors’ communication upstream driven by 2 key considerations

– Group engagement team’s specific requirements

E.g. significant risks identified by component auditors; E.g. significant risks identified by component auditors; previously unidentified related partiespreviously unidentified related parties

– Whether any specific matters have been identified that are relevant to the group audit or that would merit group engagement team’s attention

A broad responsibility for component auditorsA broad responsibility for component auditors

Communication with Component Auditors

Communication

25

• Standard requires evaluation of component auditors’ communication

– To identify significant matters for follow-up with component auditors, group management or component management as appropriate

– To determine whether to review specific aspects of component auditors’ audit documentation

• Greater scrutiny of component auditors’ work may lead to more discussion of issues with them in person or over the phone

Evaluation of Component Auditor’s Communication

Communication

26

• Communicate matters relevant to group management’s responsibility for preparing group financial statements

– E.g. Deficiencies in group-wide controls; fraud

– An opportunity to also communicate, through group management, matters group engagement team has identified that are relevant to component management’s responsibility to prepare component financial statements

• Group engagement team should not rely on component auditor’s communication with component management to discharge responsibility to communicate with group management

Communication with Group Management

Communication

27

• Explain to TCWG nature and extent of

– Audit work required on components

– Group engagement team’s involvement in component auditors’ work

• Rationale

– Sets clear expectation among TCWG that overall responsibility for group audit rests with group engagement team

– Helps them understand where audit effort is being directed so that they may provide assistance with any issues that may arise

Communication with TCWG

Communication

28

• Standard requires

– Subsequent events work on components that are audited

– Documentation of specific matters, e.g. Analysis of components, including identification of Analysis of components, including identification of

significant componentssignificant components

Type of work to be performed on the componentsType of work to be performed on the components

Nature, timing and extent of group engagement team’s Nature, timing and extent of group engagement team’s involvement in component auditor’s work on involvement in component auditor’s work on significant componentssignificant components

Subsequent Events and Documentation

Additional Aspects

29

Note

This set of support slides does not amend or override the ISAs, the texts of which alone are authoritative. Reading the slides is not a substitute for reading the ISAs. The slides are not meant to be exhaustive and reference to the ISAs themselves should always be made. In conducting an audit in accordance with ISAs, the auditor is required to comply with all the ISAs that are relevant to the engagement.

30

Copyright © November 2009 by the International Federation of Accountants (IFAC). All rights reserved. Permission is granted to make copies of this work provided that such copies are for use in academic classrooms or for personal use and are not sold or disseminated and provided that each copy bears the following credit line: “Copyright © November 2009 by the International Federation of Accountants (IFAC). All rights reserved. Used with permission of IFAC. Contact permissions@ifac.org for permission to reproduce, store, or transmit this work.” Otherwise, written permission from IFAC is required to reproduce, store, or transmit, or to make other similar uses of, this work, except as permitted by law. Contact permissions@ifac.org.

International Federationof Accountants

ISBN: 978-1-60815-050-2

www.ifac.org