ISA-600

Risk Assessment and Quality Control Principles

Engagement Acceptance and Continuance

Understanding the Group and Its Components

Significant Components and Work Effort on Components

Component Auditors

Materiality

Communication

Additional Aspects

Overview

2

Lack of an international standard dealing specifically with group audits

Varying group audit practice around the world

Regulatory concerns about rigor and consistency of practice in this important and complex area

Need to reflect application of risk assessment and quality control principles in group audit context

Introduction

Introduction

3

Standard reflects ISA 220 principle regarding responsibility for the audit

Group Auditor alone should be responsible for direction, supervision, and performance of engagement and for group audit opinion

Therefore, reference to component auditor in the group auditor’s report no longer permitted

Practical implications:

Need to pay greater attention to where risks lie within the group

Component auditors may expect group engagement team to be more involved in their work

Applying Risk Assessment and Quality Control Principles

Risk Assessment and Quality Control Principles

4

Emphasis on sole responsibility does not imply that group audit should be performed by only one firm or one network No requirement for this in the standard

Different components may be audited by different component auditors

However, regardless of who the component auditors are, standard requires group Audit team to obtain an understanding of them

Applying Risk Assessment and Quality Control Principles

Risk Assessment and Quality Control Principles

5

standard introduces an entirely different concept

Group Audit team now needs to consider whether sufficient appropriate audit evidence can be obtained to express group audit opinion before accepting engagement

This consideration includes whether group Audit team will be able to be involved in component auditors’ work

Engagement Acceptance and Continuance

Engagement Acceptance and Continuance

6

Key consideration is whether sufficient appropriate audit evidence can reasonably be expected to be obtained regarding

The consolidation process

Components’ financial information

Access to components controlled by the entity (e.g. subsidiaries, branches)

In other cases, difficulty in accessing relevant information (e.g. at components such as joint ventures, associates) may give rise to a scope limitation

Engagement Acceptance and Continuance

Engagement Acceptance and Continuance

7

Decision to accept is also based on whether group engagement team has unrestricted access to Component auditors and their work

Management and those charged with governance (TCWG) of the group and of the components

Consideration of engagement acceptance a key aspect of the standard Thus, determining whether to act as auditor of the

group is one of the objectives under the standard

Engagement Acceptance and ContinuanceEngagement Acceptance and Continuance

8

Understanding group-wide controls helps to plan nature, timing, and extent of work on consolidation process and components

Group Audit team tests himself, or may asks component auditor to test, effectiveness of the controls if:

There will be planned reliance on the controls, or

Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level

Understanding Group-Wide ControlsUnderstanding the Group and its Components

9

Under current practice, group Audit teams may perform at least some work on the consolidation process

Standard formalizes best practice in this regard Recognizes that material misstatements can arise as a

result of consolidation process

New set of responsibilities for group Audit team with regard to consolidation process

Understanding the Consolidation Process

Understanding the Group and its Components

10

Understand detailed reporting instructions issued by group management to components

Perform specific procedures on consolidation process Evaluate consolidation adjustments for appropriateness,

completeness, and accuracy

Includes consideration of whether fraud risk factors or indicators of management bias exist

Evaluate whether components that report under different financial reporting frameworks have been consolidated on the basis of consistent accounting policies

Understanding the Consolidation Process

Understanding the Group and its Components

11

What is a significant component? A component financially significant to the group (i.e. size)

A component likely to include significant risks of material misstatement of the group financial statements due to its specific nature or circumstances (i.e. specific risks)

Why is concept of significant component important? Determines direction of group audit

Work effort focused on components with greatest risks

Significant Components

Significant Components and Work Effort on Components

specific requirements

For a component significant due to size: an audit of the component’s financial information

For a component significant due to specific risks, one or more of

An audit of the component’s financial informationAn audit of the component’s financial information

An audit of one or more account balances, classes of An audit of one or more account balances, classes of transactions or disclosures affected by the significant riskstransactions or disclosures affected by the significant risks

Specified audit procedures responsive to the significant risksSpecified audit procedures responsive to the significant risks

For components that are not significant, analytical procedures at group level

Work Effort on Components

Significant Components and Work Effort on Components

Group engagement team to be involved in

Component auditor’s risk assessment

significant risks been identified?significant risks been identified?

Involvement depends on understanding of component auditor Involvement depends on understanding of component auditor but standard specifies minimum work requiredbut standard specifies minimum work required

Component auditor’s responses to significant risks

Are the responses appropriate?Are the responses appropriate?

Direct involvement by group engagement team in responding Direct involvement by group engagement team in responding to the significant risks may be necessary based on to the significant risks may be necessary based on understanding of component auditorunderstanding of component auditor

Significant Components Audited by Component Auditors

Significant Components and Work Effort on Components

Only when sufficient appropriate audit evidence will not be obtained through work on significant components, group-wide controls and consolidation process, and analytical procedures at group level

If so, select one or more components that are not significant and obtain additional audit evidence through one or more specified actions

E.g. Perform an audit or review of the individual component’s financial information

Vary selection of such components over a period of time

Significant Components and Work Effort on ComponentsIs Further Work Required on Components?

An auditor of a component is a component auditor only when it has been asked by the group Audit team to perform work on the component for the group audit

Can be an auditor in another firm or an auditor in another office of the same firm or network

Understand 2 further matters besides component auditor’s competence and independence

Whether group engagement team can be involved in component auditor’s work as necessary

Whether component auditor is subject to regulatory oversight

Component AuditorsWhat is a Component Auditor?

Nature of work to understand component auditors depend on a number of factors, e.g. Previous experience with or knowledge of

component auditors

Degree to which group audit team and component auditors are subject to common policies and procedures E.g. in quality control, audit methodologyE.g. in quality control, audit methodology

Component AuditorsUnderstanding Component Auditors

Standard now requires 4 different types of materiality to be determined

1. Group materiality

2. If relevant, materiality levels for particular classes of transactions, account balances or disclosures

3. Component materiality where an audit or a review of a component is necessary

4. Threshold above which misstatements cannot be treated as clearly trivial to the group

Materiality

Materiality

Materiality for a component necessary for group Auditor to form an opinion on group financial statements Not for component auditor to form an opinion on

component’s financial information

Should be lower than group materiality so that misstatements in components in the aggregate will not exceed group materiality

Should be set for each component for which an audit or review is required

What is Component Materiality?

Materiality

Nature and extent of component auditors’ communication upstream driven by 2 key considerations Group engagement team’s specific requirements

E.g. significant risks identified by component auditors; E.g. significant risks identified by component auditors; previously unidentified related partiespreviously unidentified related parties

Whether any specific matters have been identified that are relevant to the group audit or that would merit group engagement team’s attention

A broad responsibility for component auditorsA broad responsibility for component auditors

Communication with Component Auditors

Communication

Standard requires evaluation of component auditors’ communication To identify significant matters for follow-up with

component auditors, group management or component management as appropriate

To determine whether to review specific aspects of component auditors’ audit documentation

Greater scrutiny of component auditors’ work may lead to more discussion of issues with them in person or over the phone

Evaluation of Component Auditor’s Communication

Communication

Explain to TCWG nature and extent of

Audit work required on components

Group engagement team’s involvement in component auditors’ work

Rationale

Sets clear expectation among TCWG that overall responsibility for group audit rests with group engagement team

Helps them understand where audit effort is being directed so that they may provide assistance with any issues that may arise

Communication with TCWG

Communication

Documentation of specific matters, e.g. Analysis of components, including

identification of significant components

Type of work to be performed on the components

Nature, timing and extent of group engagement team’s involvement in component auditor’s work on significant components

Additional Aspects

23

Acceptance as principal Auditor Auditor must ensure that the

a) The accounting policies followed are consistent and disclosed

b) Financial statements drafted and information presented in accordance with companies ordinance 1984

c) Audit work performed according basic principles and conclusion drawn reasonable

Consider the sufficiency of his own participation to act as principal auditor consider asa) Materiality of his portion of work in Financial

statementsb) Degree of his participation in auditc) Risk of material misstatement in financial

statement audited by other auditor

Principal Auditor’s Procedures When considering the other auditor’s

work obtain information as regards to his professional competence and independence

Advise the other auditor Treat component as independent entity To apply all necessary reporting

requirement and complete documentation Discuss with other auditor

Audit programme Use of his work and report

Primary Auditor Responsibility The group engagement partner or principal

Auditor is responsible for direction and supervision and performance and compliance of regulations and standards of group audit

The Auditor’s report should not refer other auditor unless required to do so by local laws and regulations

If principal auditor finds that he is unable to get sufficient and appropriate audit evidence due to restrictions by management should withdraw if local laws permits so, other wise disclaim an opinion

Reporting considerations Where local regulations allow, and If

principal auditor basis his opinion on the work of other auditor this fact and magnitude of portion of financial statements audited by other auditor should be disclosed in report

If other auditor work not satisfactory and auditor find himself unable to get sufficient and appropriate audit evidence should modify his opinion