ASA 600

This Auditing Standard applies to:

1. an audit of a financial report for a financial year, or an audit of a financial report for a half-year, in accordance with the Corporations Act 2001; and
2. an audit of a financial report, or a complete set of financial statements, for any other purpose.

This Auditing Standard also applies, as appropriate, to an audit of other historical financial information.

This Auditing Standard is operative for financial reporting periods commencing on or after 15 December 2023. Early adoption of this Auditing Standard is permitted prior to this date.

The Australian Auditing Standards (ASAs) apply to the audit of a group financial report (a group audit). This ASA deals with special considerations that apply to a group audit, including in those circumstances when component auditors are involved. The requirements and guidance in this ASA refer to, or expand on, the application of other relevant ASAs to a group audit, in particular ASA 220,^[1] ASA 230,^[2] ASA 300,^[3] ASA 315,^[4] and ASA 330.^[5] (Ref: Para. A1–A2)

 A group financial report includes the financial information of more than one entity or business unit through a consolidation process, as described in paragraph 14(k). The term consolidation process as used in this ASA refers not only to the preparation of a consolidated financial report in accordance with the applicable financial reporting framework, but also to the presentation of a combined financial report, and to the aggregation of the financial information of entities or business units such as branches or divisions. (Ref: Para. A3–A5, A27)

As explained in ASA 220,^[6] this ASA, adapted as necessary in the circumstances, may also be useful in an audit of a financial report other than a group audit when the engagement team includes individuals from another firm. For example, this ASA may be useful when involving such an individual to attend a physical inventory count, inspect property, plant and equipment, or perform audit procedures at a shared service centre at a remote location.

Groups and Components

A group may be organised in various ways. For example, a group may be organised by legal or other entities (e.g., a parent and one or more subsidiaries, joint ventures, or investments accounted for by the equity method). Alternatively, the group may be organised by geography, by other economic units (including branches or divisions), or by functions or business activities. In this ASA, these different forms of organisation are collectively referred to as “entities or business units.” (Ref: Para. A6)

The group auditor determines an appropriate approach to planning and performing audit procedures to respond to the assessed risks of material misstatement of the group financial report. For this purpose, the group auditor uses professional judgement in determining the components at which audit work will be performed. This determination is based on the group auditor’s understanding of the group and its environment, and other factors such as the ability to perform audit procedures centrally, the presence of shared service centres, or the existence of common information systems and internal control. (Ref: Para. A7–A9)

Involvement of Component Auditors

ASA 220 ^[7] requires the engagement partner to determine that sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner. In a group audit, such resources may include component auditors. Therefore, this ASA requires the group auditor to determine the nature, timing and extent of involvement of component auditors.

The group auditor may involve component auditors to provide information, or to perform audit work, to fulfill the requirements of this ASA. Component auditors may have greater experience with, and a more in-depth knowledge of, the components and their environments (including laws and regulations, business practices, language, and culture) than the group auditor. Accordingly, component auditors can be, and often are, involved in all phases of the group audit. (Ref: Para. A10–A11)

Audit risk is a function of the risks of material misstatement and detection risk.^[8] Detection risk in a group audit includes the risk that a component auditor may not detect a misstatement in the financial information of a component that could cause a material misstatement of the group financial report, and that the group auditor may not detect this misstatement. Accordingly, this ASA requires sufficient and appropriate involvement by the group engagement partner or group auditor, as applicable, in the work of component auditors and emphasises the importance of two-way communication between the group auditor and component auditors. In addition, this ASA explains the matters that the group auditor takes into account when determining the nature, timing and extent of the direction and supervision of component auditors and the review of their work. (Ref: Para. A12–A13)

Professional Scepticism

In accordance with ASA 200,^[9] the engagement team is required to plan and perform the group audit with professional scepticism and to exercise professional judgement. The appropriate exercise of professional scepticism may be demonstrated through the actions and communications of the engagement team, including emphasising the importance of each engagement team member exercising professional scepticism throughout the group audit. Such actions and communications may include specific steps to mitigate impediments that may impair the appropriate exercise of professional scepticism. (Ref: Para. A14–A18)

Scalability

This ASA is intended for all group audits, regardless of size or complexity. However, the requirements of this ASA are intended to be applied in the context of the nature and circumstances of each group audit. For example, when a group audit is carried out entirely by the group auditor, some requirements in this ASA are not relevant because they are conditional on the involvement of component auditors. This may be the case when the group auditor is able to perform audit procedures centrally or is able to perform procedures at the components without involving component auditors. The guidance in paragraphs A119 and A120 also may be helpful in applying this ASA in these circumstances.

Responsibilities of the Group Engagement Partner and Group Auditor

The group engagement partner remains ultimately responsible, and therefore accountable, for compliance with the requirements of this ASA. The term “the group engagement partner shall take responsibility for…” or “the group auditor shall take responsibility for…” is used for those requirements when the group engagement partner or group auditor, respectively, is permitted to assign the design or performance of procedures, tasks or actions to other appropriately skilled or suitably experienced members of the engagement team, including component auditors. For other requirements, this ASA expressly intends that the requirement or responsibility be fulfilled by the group engagement partner or group auditor, as applicable, and the group engagement partner or group auditor may obtain information from the firm or other members of the engagement team. (Ref: Para. A29)

[Deleted by the AUASB. Refer Aus 0.3]

The objectives of the auditor are to:

1. With respect to the acceptance and continuance of the group audit engagement, determine whether sufficient appropriate audit evidence can reasonably be expected to be obtained to provide a basis for forming an opinion on the group financial report;
2. Identify and assess the risks of material misstatement of the group financial report, whether due to fraud or error, and plan and perform further audit procedures to appropriately respond to those assessed risks;
3. Be sufficiently and appropriately involved in the work of component auditors throughout the group audit, including communicating clearly about the scope and timing of their work, and evaluating the results of that work; and
4. Evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed, including with respect to the work performed by component auditors, as a basis for forming an opinion on the group financial report.

For the purposes of this Auditing Standard, the following terms have the meanings attributed below:

Aggregation risk – The probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial report as a whole. (Ref: Para. A19)

Component – An entity, business unit, function or business activity, or some combination thereof, determined by the group auditor for purposes of planning and performing audit procedures in a group audit. (Ref: Para. A20)

Component auditor – An auditor who performs audit work related to a component for purposes of the group audit. A component auditor is a part of the engagement team ^[10] for a group audit. (Ref: Para. A21–A23)

Component management – Management responsible for a component. (Ref: Para. A24)

Component performance materiality – An amount set by the group auditor to reduce aggregation risk to an appropriately low level for purposes of planning and performing audit procedures in relation to a component.

Group – A reporting entity for which a group financial report is prepared.

Group audit – The audit of a group financial report.

Group auditor – The group engagement partner and members of the engagement team other than component auditors. The group auditor is responsible for:

1. Establishing the overall group audit strategy and group audit plan;
2. Directing and supervising component auditors and reviewing their work;
3. Evaluating the conclusions drawn from the audit evidence obtained as the basis for forming an opinion on the group financial report.

Group audit opinion – The audit opinion on the group financial report.

Group engagement partner – The engagement partner ^[11] who is responsible for the group audit. (Ref: Para. A25)

Group financial report – A financial report that includes the financial information of more than one entity or business unit through a consolidation process. For purposes of this ASA, a consolidation process includes: (Ref: Para. A26–A28)

1. Consolidation, proportionate consolidation, or an equity method of accounting;
2. The presentation in a combined financial report of the financial information of entities or business units that have no parent but are under common control or common management; or
3. The aggregation of the financial information of entities or business units such as branches or divisions.

Group management – Management responsible for the preparation of the group financial report.

Group performance materiality – Performance materiality ^[12] in relation to the group financial report as a whole, as determined by the group auditor.

Reference in this ASA to “the applicable financial reporting framework” means the financial reporting framework that applies to the group financial report.

In applying ASA 220,^[13] the group engagement partner is required to take overall responsibility for managing and achieving quality on the group audit engagement. In doing so, the group engagement partner shall: (Ref: Para. A29–A30)

1. Take responsibility for creating an environment for the group audit engagement that emphasises the expected behaviour of engagement team members. (Ref: Para. A31)
2. Be sufficiently and appropriately involved throughout the group audit engagement, including in the work of component auditors, such that the group engagement partner has the basis for determining whether the significant judgements made, and the conclusions reached, are appropriate given the nature and circumstances of the group audit engagement.

Before accepting or continuing the group audit engagement, the group engagement partner shall determine whether sufficient appropriate audit evidence can reasonably be expected to be obtained to provide a basis for forming an opinion on the group financial report. (Ref: Para. A32–A35)

If, after the acceptance or continuance of the group audit engagement, the group engagement partner concludes that sufficient appropriate audit evidence cannot be obtained, the group engagement partner shall consider the possible effects on the group audit. (Ref: Para. A36)

Terms of the Engagement

In applying ASA 210,^[14] the group auditor shall obtain the agreement of group management that it acknowledges and understands its responsibility to provide the engagement team with: (Ref: Para. A37)

1. Access to all information of which group management is aware that is relevant to the preparation of the group financial report such as records, documentation and other matters;
2. Additional information that the engagement team may request from group management or component management for the purpose of the group audit; and
3. Unrestricted access to persons within the group from whom the engagement team determines it necessary to obtain audit evidence.

Restrictions on Access to Information or People Outside the Control of Group Management

If the group engagement partner concludes that group management cannot provide the engagement team with access to information or unrestricted access to persons within the group due to restrictions that are outside the control of group management, the group engagement partner shall consider the possible effects on the group audit. (Ref: Para. A38–A46)

Restrictions on Access to Information or People Imposed by Group Management

If the group engagement partner concludes that: (Ref: Para. A43–A46)

1. It will not be possible for the group auditor to obtain sufficient appropriate audit evidence due to restrictions imposed by group management; and
2. The possible effect of this limitation will result in a disclaimer of opinion on the group financial report,
3. the group engagement partner shall either:
   1. In the case of an initial engagement, not accept the engagement, or, in the case of a recurring engagement, withdraw from the engagement, when withdrawal is possible under applicable law or regulation; or
   2. When law or regulation prohibit an auditor from declining an engagement or when withdrawal from an engagement is not otherwise possible, having performed the audit of the group financial report to the extent possible, disclaim an opinion on the group financial report.

In applying ASA 300,^[15] the group auditor shall establish, and update as necessary, an overall group audit strategy and group audit plan. In doing so, the group auditor shall determine: (Ref: Para. A47–A50)

1. The components at which audit work will be performed; and (Ref: Para. A51)
2. The resources needed to perform the group audit engagement, including the nature, timing and extent to which component auditors are to be involved. (Ref: Para. A52–A56)

Considerations When Component Auditors Are Involved

In establishing the overall group audit strategy and group audit plan, the group engagement partner shall evaluate whether the group auditor will be able to be sufficiently and appropriately involved in the work of the component auditor. (Ref: Para. A57)

As part of the evaluation in paragraph 23, the group auditor shall request the component auditor to confirm that the component auditor will cooperate with the group auditor, including whether the component auditor will perform the work requested by the group auditor. (Ref: Para. A58)

Relevant Ethical Requirements, Including Those Related to Independence

In applying ASA 220,^[16] the group engagement partner shall take responsibility for: (Ref: Para. A59–A60, A87)

1. Component auditors having been made aware of relevant ethical requirements that are applicable given the nature and circumstances of the group audit engagement; and
2. Confirming whether the component auditors understand and will comply with the relevant ethical requirements, including those related to independence, that apply to the group audit engagement.

Engagement Resources

In applying ASA 220,^[17] the group engagement partner shall: (Ref: Para. A61–A68)

1. Determine that component auditors have the appropriate competence and capabilities, including sufficient time, to perform the assigned audit procedures at the component; and
2. If information about the results of the monitoring and remediation process or external inspections related to the component auditor has been provided by the group auditor’s firm or has otherwise been made available to the group engagement partner, determine the relevance of such information to the group auditor’s determination in paragraph 26(a).

The group auditor shall obtain sufficient appropriate audit evidence relating to the work to be performed at the component without involving the component auditor if:

1. The component auditor does not comply with the relevant ethical requirements, including those related to independence, that apply to the group audit engagement;^[18] or (Ref: Para. A69–A70)
2. The group engagement partner has serious concerns about the matters in paragraphs 23–26. (Ref: Para. A71)

Engagement Performance

In applying ASA 220,^[19] the group engagement partner shall take responsibility for the nature, timing and extent of direction and supervision of component auditors and the review of their work, taking into account: (Ref: Para. A72–A77)

1. Areas of higher assessed risks of material misstatement of the group financial report, or significant risks identified in accordance with ASA 315; and
2. Areas in the audit of the group financial report that involve significant judgement.

Communications with Component Auditors

The group auditor shall communicate with component auditors about their respective responsibilities and the group auditor's expectations, including an expectation that communications between the group auditor and component auditors take place at appropriate times throughout the group audit. (Ref: Para. A78–A87)

In applying ASA 315,^[20] the group auditor shall take responsibility for obtaining an understanding of the following: (Ref: Para. A88–A92)

1. The group and its environment, including: (Ref: Para. A93–A95)
   1. The group’s organisational structure and its business model, including:
      1. The locations in which the group has its operations or activities;
      2. The nature of the group’s operations or activities and the extent to which they are similar across the group; and
      3. The extent to which the group’s business model integrates the use of information technology (IT);
   2. Regulatory factors impacting the entities and business units in the group; and
   3. The measures used internally and externally to assess the financial performance of the entities or business units;
2. The applicable financial reporting framework and the consistency of accounting policies and practices across the group; and
3. The group’s system of internal control, including:
   1. The nature and extent of commonality of controls; (Ref: Para. A96–A99, A102)
   2. Whether, and if so, how, the group centralises activities relevant to financial reporting; (Ref: Para. A100–A102)
   3. The consolidation process used by the group, including sub-consolidations, if any, and consolidation adjustments; and
   4. How group management communicates significant matters that support the preparation of the group financial report and related financial reporting responsibilities in the information system and other components of the group’s system of internal control to management of entities or business units. (Ref: Para. A103–A105)

Considerations When Component Auditors Are Involved

The group auditor shall communicate to component auditors on a timely basis: (Ref: Para. A106)

1. Matters that the group auditor determines to be relevant to the component auditor’s design or performance of risk assessment procedures for purposes of the group audit;
2. In applying ASA 550,^[21] related party relationships or transactions identified by group management, and any other related parties of which the group auditor is aware, that are relevant to the work of the component auditor; and (Ref: Para. A107)
3. In applying ASA 570,^[22] events or conditions identified by group management or the group auditor that may cast significant doubt on the group’s ability to continue as a going concern that are relevant to the work of the component auditor.

The group auditor shall request component auditors to communicate on a timely basis:

1. Matters related to the financial information of the component that the component auditor determines to be relevant to the identification and assessment of the risks of material misstatement of the group financial report, whether due to fraud or error;
2. Related party relationships not previously identified by group management or the group auditor; and (Ref: Para. A107)
3. Any events or conditions identified by the component auditor that may cast significant doubt on the group’s ability to continue as a going concern.

In applying ASA 315,^[23] based on the understanding obtained in paragraph 30, the group auditor shall take responsibility for the identification and assessment of the risks of material misstatement of the group financial report, including with respect to the consolidation process. (Ref: Para. A108–A113)

Considerations When Component Auditors Are Involved

In applying ASA 315,^[24] the group auditor shall evaluate whether the audit evidence obtained from the risk assessment procedures performed by the group auditor and component auditors provides an appropriate basis for the identification and assessment of the risks of material misstatement of the group financial report. (Ref: Para. A114–A115)

In applying ASA 320^[25] and ASA 450,^[26] when classes of transactions, account balances or disclosures in the group financial report is disaggregated across components, for purposes of planning and performing audit procedures, the group auditor shall determine:

1. Component performance materiality. To address aggregation risk, such amount shall be lower than group performance materiality. (Ref: Para. A116–A120)
2. The threshold above which misstatements identified in the component financial information are to be communicated to the group auditor. Such threshold shall not exceed the amount regarded as clearly trivial to the group financial report. (Ref: Para. A121)

Considerations When Component Auditors Are Involved

The group auditor shall communicate to the component auditor the amounts determined in accordance with paragraph 35. (Ref: Para: A122–A123)

In applying ASA 330,^[27] the group auditor shall take responsibility for the nature, timing and extent of further audit procedures to be performed, including determining the components at which to perform further audit procedures and the nature, timing and extent of the work to be performed at those components. (Ref: Para. A124–A139)

Consolidation Process

The group auditor shall take responsibility for designing and performing further audit procedures to respond to the assessed risks of material misstatement of the group financial report arising from the consolidation process. This shall include: (Ref: Para. A140)

1. Evaluating whether all entities and business units have been included in the group financial report as required by the applicable financial reporting framework and, if applicable, for designing and performing further audit procedures on sub-consolidations;
2. Evaluating the appropriateness, completeness and accuracy of consolidation adjustments and reclassifications; (Ref: Para. A141)
3. Evaluating whether management’s judgements made in the consolidation process give rise to indicators of possible management bias; and
4. Responding to assessed risks of material misstatement due to fraud arising from the consolidation process.

If the financial information of an entity or business unit has not been prepared in accordance with the same accounting policies applied to the group financial report, the group auditor shall evaluate whether the financial information has been appropriately adjusted for purposes of preparing and presenting the group financial report.

If the group financial report includes the financial information of an entity or business unit with a financial reporting period-end that differs from that of the group, the group auditor shall take responsibility for evaluating whether appropriate adjustments have been made to that financial information in accordance with the applicable financial reporting framework.

Considerations When Component Auditors Are Involved

When the group auditor involves component auditors in the design or performance of further audit procedures, the group auditor shall communicate with the component auditor about matters that the group auditor or component auditor determine to be relevant to the design of responses to the assessed risks of material misstatement of the group financial report.

For areas of higher assessed risks of material misstatement of the group financial report, or significant risks identified in accordance with ASA 315, on which a component auditor is determining the further audit procedures to be performed, the group auditor shall evaluate the appropriateness of the design and performance of those further audit procedures. (Ref: Para. A142)

When component auditors perform further audit procedures on the consolidation process, including on sub-consolidations, the group auditor shall determine the nature and extent of direction and supervision of component auditors and the review of their work. (Ref: Para. A143)

The group auditor shall determine whether the financial information identified in the component auditor’s communication (see paragraph 45(a)) is the financial information that is incorporated in the group financial report.

The group auditor shall request the component auditor to communicate matters relevant to the group auditor’s conclusion with regard to the group audit. Such communication shall include: (Ref: Para. A144)

1. Identification of the financial information on which the component auditor has been requested to perform audit procedures;
2. Whether the component auditor has performed the work requested by the group auditor;
3. Whether the component auditor has complied with the relevant ethical requirements, including those related to independence, that apply to the group audit engagement;
4. Information about instances of non-compliance with laws or regulations;
5. Corrected and uncorrected misstatements of the component financial information identified by the component auditor and that are above the threshold communicated by the group auditor in accordance with paragraph 36; (Ref: Para. A145)
6. Indicators of possible management bias;
7. Description of any deficiencies in the system of internal control identified in connection with the audit procedures performed;
8. Fraud or suspected fraud involving component management, employees who have significant roles in the group’s system of internal control at the component or others where the fraud resulted in a material misstatement of the component financial information;
9. Other significant matters that the component auditor communicated or expects to communicate to component management or those charged with governance of the component;
10. Any other matters that may be relevant to the group audit, or that the component auditor determines are appropriate to draw to the attention of the group auditor, including exceptions noted in the written representations that the component auditor requested from component management; and
11. The component auditor’s overall findings or conclusions. (Ref: Para. A146)

The group auditor shall:

1. Discuss significant matters arising from communications with the component auditor, including those in accordance with paragraph 45, with the component auditor, component management or group management, as appropriate; and
2. Evaluate whether communications with the component auditor are adequate for the group auditor’s purposes. If such communications are not adequate for the group auditor’s purposes, the group auditor shall consider the implications for the group audit. (Ref: Para. A147)

The group auditor shall determine whether, and the extent to which, it is necessary to review additional component auditor audit documentation. In making this determination, the group auditor shall consider: (Ref: Para. A148–A149)

1. The nature, timing and extent of the work performed by the component auditor;
2. The competence and capabilities of the component auditor as determined in accordance with paragraph 26(a); and
3. The direction and supervision of the component auditor and review of their work.

If the group auditor concludes that the work of the component auditor is not adequate for the group auditor’s purposes, the group auditor shall determine what additional audit procedures are to be performed, and whether they are to be performed by a component auditor or by the group auditor.

In applying ASA 560,^[28] the group auditor shall take responsibility for performing procedures, including, as appropriate, requesting component auditors to perform procedures, designed to identify events that may require adjustment of, or disclosure in, the group financial report. (Ref: Para. A150)

Considerations When Component Auditors Are Involved

The group auditor shall request the component auditors to notify the group auditor if they become aware of subsequent events that may require adjustment of, or disclosure in, the group financial report. (Ref: Para. A150)

In applying ASA 330,^[29] the group auditor shall evaluate whether sufficient appropriate audit evidence has been obtained from the audit procedures performed, including from the work performed by component auditors, on which to base the group audit opinion. (Ref: Para. A151– A155)

The group engagement partner shall evaluate the effect on the group audit opinion of any uncorrected misstatements (whether identified by the group auditor or communicated by component auditors) and any instances when there has been an inability to obtain sufficient appropriate audit evidence. (Ref: Para. A156)

The auditor’s report on the group financial report shall not refer to a component auditor, unless required by law or regulation to include such reference. If such reference is required by law or regulation, the auditor’s report shall indicate that the reference does not diminish the group engagement partner’s or the group engagement partner’s firm’s responsibility for the group audit opinion. (Ref: Para. A157–A158)

Communication with Group Management

The group auditor shall communicate with group management an overview of the planned scope and timing of the audit, including an overview of the work to be performed at components of the group. (Ref: Para. A159)

If fraud has been identified by the group auditor or brought to its attention by a component auditor (see paragraph 45(h)), or information indicates that a fraud may exist, the group auditor shall communicate this on a timely basis to the appropriate level of group management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. (Ref: Para. A160)

A component auditor may be required by statute, regulation or other reasons to express an audit opinion on the financial report of an entity or business unit that forms part of the group. In that case, the group auditor shall request group management to inform management of the entity or business unit of any matter of which the group auditor becomes aware that may be significant to the financial report of the entity or business unit, but of which management of the entity or business unit may be unaware. If group management refuses to communicate the matter to management of the entity or business unit, the group auditor shall discuss the matter with those charged with governance of the group. If the matter remains unresolved, the group auditor, subject to legal and professional confidentiality considerations, shall consider whether to advise the component auditor not to issue the auditor’s report on the financial report of the entity or business unit until the matter is resolved. (Ref: Para. A161–A162)

Communication with Those Charged with Governance of the Group

The group auditor shall communicate the following matters with those charged with governance of the group, in addition to those required by ASA 260^[30] and other ASAs: (Ref: Para. A163)

1. An overview of the work to be performed at the components of the group and the nature of the group auditor’s planned involvement in the work to be performed by component auditors. (Ref: Para. A164)
2. Instances when the group auditor’s review of the work of a component auditor gave rise to a concern about the quality of that component auditor’s work, and how the group auditor addressed the concern.
3. Any limitations on the scope of the group audit, for example, significant matters related to restrictions on access to people or information.
4. Fraud or suspected fraud involving group management, component management, employees who have significant roles in the group’s system of internal control or others when the fraud resulted in a material misstatement of the group financial report.

Communication of Identified Deficiencies in Internal Control

In applying ASA 265,^[31] the group auditor shall determine whether any identified deficiencies in the group’s system of internal control are required to be communicated to those charged with governance of the group or group management. In making this determination, the group auditor shall consider deficiencies in internal control that have been identified by component auditors and communicated to the group auditor in accordance with paragraph 45(g). (Ref: Para. A165)

In accordance with ASA 230,^[32] the audit documentation for a group audit engagement needs to be sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the nature, timing and extent of audit procedures performed, the evidence obtained, and the conclusions reached with respect to significant matters arising during the group audit. In applying ASA 230,^[33] the group auditor shall include in the audit documentation: (Ref: Para. A166–A169, A179–A182)

1. Significant matters related to restrictions on access to people or information within the group that were considered before deciding to accept or continue the engagement, or that arose subsequent to acceptance or continuance, and how such matters were addressed.
2. The basis for the group auditor’s determination of components for purposes of planning and performing the group audit. (Ref: Para. A170)
3. The basis for the determination of component performance materiality, and the threshold for communicating misstatements in the component financial information to the group auditor. 
4. The basis for the group auditor’s determination that component auditors have the appropriate competence and capabilities, including sufficient time, to perform the assigned audit procedures at the components. (Ref: Para. A171)
5. Key elements of the understanding of the group’s system of internal control in accordance with paragraph 30(c);
6. The nature, timing and extent of the group auditor’s direction and supervision of component auditors and the review of their work, including, as applicable, the group auditor’s review of additional component auditor audit documentation in accordance with paragraph 47. (Ref: Para. A172–A178)
7. Matters related to communications with component auditors, including:
   1. Matters, if any, related to fraud, related parties or going concern communicated in accordance with paragraph 32.
   2. Matters relevant to the group auditor’s conclusion with regard to the group audit, in accordance with paragraph 45, including how the group auditor has addressed significant matters discussed with component auditors, component management or group management.
8. The group auditor’s evaluation of, and response to, findings or conclusions of the component auditors about matters that could have a material effect on the group financial report.

(Ref: Para. 1–2)

This ASA also deals with the special considerations for the group engagement partner or group auditor, as applicable, in applying the requirements and guidance in ASA 220, including for the direction and supervision of component auditors and the review of their work.

ASQM 1 ^[34] addresses the engagements for which an engagement quality review is required to be performed. ASQM 2 ^[35] deals with the appointment and eligibility of the engagement quality reviewer and the engagement quality reviewer’s responsibilities relating to performing and documenting an engagement quality review, including for a group audit.

An entity or business unit of a group may also prepare its own group financial report that incorporates the financial information of those entities or business units it encompasses (that is, a sub-group). This ASA applies to an audit of the group financial report of such sub-groups performed for statutory, regulatory or other reasons.

A single legal entity may be organised with more than one business unit, for example, a company with operations in multiple locations, such as a bank with multiple branches. When those business units have characteristics such as separate locations, separate management, or separate information systems (including a separate general ledger) and the financial information is aggregated in preparing the single legal entity’s financial report, such a financial report meets the definition of a group financial report because they include the financial information of more than one entity or business unit through a consolidation process.

In some cases, a single legal entity may configure its information system to capture financial information for more than one product or service line for legal or regulatory reporting or other management purposes. In these circumstances, the entity’s financial report is not a group financial report because there is no aggregation of the financial information of more than one entity or business unit through a consolidation process. Further, capturing separate information (e.g., in a sub-ledger) for legal or regulatory reporting or other management purposes does not create separate entities or business units (e.g., divisions) for purposes of this ASA.

Groups and Components (Ref: Para. 4–5) 

The group’s information system, including its financial reporting process, may or may not be aligned with the group’s organisational structure. For example, a group may be organised according to its legal structure, but its information system may be organised by function, process, product or service (or by groups of products or services), or geographic locations for management or reporting purposes.

Based on the understanding of the group’s organisational structure and information system, the group auditor may determine that the financial information of certain entities or business units may be considered together for purposes of planning and performing audit procedures. For example, a group may have three legal entities with similar business characteristics, operating in the same geographical location, under the same management, and using a common system of internal control, including the information system. In these circumstances, the group auditor may decide to treat these three legal entities as one component.

A group may also centralise activities or processes that are applicable to more than one entity or business unit within the group, for example through the use of a shared service centre. When such centralised activities are relevant to the group’s financial reporting process, the group auditor may determine that the shared service centre is a component.

Another consideration that may be relevant to the group auditor’s determination of components is how management has determined operating segments in accordance with the disclosure requirements of the applicable financial reporting framework.^[36]

Involvement of Component Auditors (Ref: Para. 7–8) 

Component auditors may perform an audit of the financial report of a component, whether for statutory, regulatory or other reasons, particularly when a component is a legal entity. When a component auditor is also performing or has completed an audit of the component financial report, the group auditor may be able to use audit work performed on the component financial report, provided the group auditor is satisfied that such work is appropriate for purposes of the group audit. In addition, component auditors may adapt the work performed on the audit of the component financial report to also meet the needs of the group auditor. In any event, the requirements of this ASA apply, including those relating to the direction and supervision of component auditors and the review of their work.

In accordance with ASA 220,^[37] the engagement partner is required to determine that the approach to direction, supervision and review is responsive to the nature and circumstances of the audit engagement. Paragraph A76 provides examples of different ways in which the group engagement partner may take responsibility for directing and supervising component auditors and reviewing their work, and may be helpful in circumstances when the group auditor plans to use the audit work from an audit of a component financial report that has already been completed.

As explained in ASA 200,^[38] detection risk relates to the nature, timing and extent of the auditor’s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. Detection risk is a function not only of the effectiveness of an audit procedure but also the application of that procedure by the auditor. Therefore, detection risk is influenced by matters such as adequate planning, the assignment of appropriate resources to the engagement, the exercise of professional scepticism, and the supervision and review of the audit work performed.

Detection risk is a broader concept than aggregation risk as described in paragraphs 14(a) and A19. In a group audit, there may be a higher probability that the aggregate of uncorrected and undetected misstatements may exceed materiality for the group financial report as a whole because audit procedures may be performed separately on the financial information of components across the group. Accordingly, component performance materiality is set by the group auditor to reduce aggregation risk to an appropriately low level.

Professional Scepticism (Ref: Para. 9)

ASA 220^[39] provides examples of the impediments to the exercise of professional scepticism at the engagement level, including unconscious auditor biases that may impede the exercise of professional scepticism when designing and performing audit procedures and evaluating audit evidence. ASA 220 also provides possible actions that the engagement team may take to mitigate impediments to the exercise of professional scepticism at the engagement level.

Requirements and relevant application material in ASA 315,^[40] ASA 540^[41] and other ASAs address the exercise of professional scepticism, and include examples of how documentation may help provide evidence of the auditor’s exercise of professional scepticism.

All members of the engagement team are required to exercise professional scepticism throughout the group audit. The group auditor’s direction and supervision of engagement team members, including component auditors, and the review of their work, may inform the group auditor about whether the engagement team has appropriately exercised professional scepticism.

The exercise of professional scepticism in a group audit may be affected by matters such as the following:

• Component auditors in different locations may be subject to varying cultural influences, which may affect the nature of the biases to which they are subject.
• The complex structure of some groups may introduce factors that give rise to increased susceptibility to risks of material misstatement. In addition, an overly complex organisational structure may be a fraud risk factor in accordance with ASA 240^[42] and therefore may require additional time or expertise to understand the business purpose and activities of certain entities or business units.
• The nature and extent of intra-group transactions (e.g., transactions that involve multiple entities and business units within the group or multiple related parties), cash flows or transfer pricing agreements may give rise to additional complexities. In some cases, such matters may also give rise to fraud risk factors.
• When the group audit is subject to tight reporting deadlines imposed by group management, this may put pressure on engagement team members when completing the work assigned. In these circumstances, the engagement team may need to take additional time to appropriately question management’s assertions, make appropriate judgements, or appropriately review the audit work performed.

The exercise of professional scepticism by the group auditor includes remaining alert for inconsistent information from component auditors, component management and group management about matters that may be significant to the group financial report.

Aggregation Risk (Ref: Para. 14(a))

Aggregation risk exists in all audits of the financial report, but is particularly important to understand and address in a group audit because there is a greater likelihood that audit procedures will be performed on classes of transactions, account balances or disclosures that are disaggregated across components. Generally, aggregation risk increases as the number of components increases at which audit procedures are performed separately, whether by component auditors or other members of the engagement team.

Component (Ref: Para. 14(b))

The group auditor uses professional judgement in determining components at which audit work will be performed. Paragraph A7 explains that the financial information of certain entities or business units may be considered together for purposes of planning and performing audit procedures. However, the group auditor’s responsibility for the identification and assessment of the risks of material misstatement of the group financial report encompasses all of the entities and business units whose financial information is included in the group financial report.

Component Auditor (Ref: Para. 14(c))

References in this ASA to the engagement team include the group auditor and component auditors. Component auditors may be from a network firm, a firm that is not a network firm, or the group auditor’s firm (e.g., another office within the group auditor’s firm).

In some circumstances, the group auditor may perform centralised testing on classes of transactions, account balances or disclosures, or may perform audit procedures related to a component. In these circumstances, the group auditor is not considered a component auditor.

Paragraph 24 requires the group auditor to request the component auditor to confirm that the component auditor will cooperate with the group auditor, including whether the component auditor will perform the work requested by the group auditor. Paragraph A58 provides guidance for circumstances in which the component auditor is unable to provide such a confirmation.

Component Management (Ref: Para. 14(d))

Component management refers to management responsible for the financial information or other activity (e.g., processing of transactions at a shared service centre) at an entity or business unit that is part of the group. When the group auditor considers the financial information of certain entities or business units together as a component or determines that a shared service centre is a component (see paragraphs A7‒A8), component management refers to the management that is responsible for the financial information or transaction processing that is subject to the audit procedures being performed in relation to that component. In some circumstances, there may not be separate component management and group management may be directly responsible for the financial information or other activities of the component.

Group Engagement Partner (Ref: Para. 14(j))

[Deleted by the AUASB]

Group Financial Report (Ref: Para. 2, 14(k))

The requirements for the preparation and presentation of the group financial report may be specified in the applicable financial reporting framework, which may therefore affect the determination of the financial information of entities or business units to be included in the group financial report. For example, some frameworks require the preparation of a consolidated financial report when an entity (a parent entity) controls one or more other entities (e.g., subsidiaries) through majority ownership interest or other means. In some cases, the applicable financial reporting framework includes separate requirements for, or may otherwise permit, the presentation of a combined financial report. Examples of circumstances in which the presentation of a combined financial report may be permitted include entities that have no parent but are under common control or entities under common management.

The term “consolidation process” as used in this ASA is not intended to have the same meaning as “consolidation” or “consolidated financial report” as defined or described in financial reporting frameworks. Rather, the term “consolidation process” refers more broadly to the process used to prepare a group financial report.

The detailed aspects of the consolidation process vary from one group to another, depending on the group’s structure and information system, including the financial reporting process. However, a consolidation process involves considerations such as the elimination of intra-group transactions and balances and, when applicable, implications of different reporting periods for entities or business units included in the group financial report.

(Ref: Para. 11, 16)

It may not be possible or practical for the group engagement partner to solely deal with all requirements in ASA 220, particularly when the engagement team includes a large number of component auditors located in multiple locations. In managing quality at the engagement level, ASA 220^[43] permits the engagement partner to assign the design or performance of procedures, tasks or actions to other members of the engagement team to assist the engagement partner. Accordingly, the group engagement partner may assign procedures, tasks or actions to other members of the engagement team and these members may assign procedures, tasks or actions further. In such circumstances, ASA 220 requires that the engagement partner shall continue to take overall responsibility for managing and achieving quality on the audit engagement.

Policies or procedures established by the firm, or that are common network requirements or network services,^[44] may support the group engagement partner by facilitating communication between the group auditor and component auditors and supporting the group auditor’s direction and supervision of those component auditors and the review of their work.

ASA 220^[45] explains that a culture that demonstrates a commitment to quality is shaped and reinforced by the engagement team members as they demonstrate expected behaviours when performing the engagement. In addressing the requirement in paragraph 16(a), the group engagement partner may communicate directly to other members of the engagement team (including component auditors) and reinforce this communication through personal conduct and actions (e.g., leading by example).

Determining Whether Sufficient and Appropriate Audit Evidence Can Reasonably Be Expected to Be Obtained (Ref: Para. 17–18)

In determining whether sufficient appropriate audit evidence can reasonably be expected to be obtained, the group engagement partner may obtain an understanding of matters such as:

• The group structure, including both the legal and organisational structure.
• Activities that are significant to the group, including the industry and regulatory, economic and political environments in which those activities take place.
• The use of service organisations.
• The use of shared service centres.
• The consolidation process.
• Whether the group auditor:
  • Will have unrestricted access to those charged with governance of the group, group management, those charged with governance of the component, component management and component information, including of those components that are accounted for by the equity method; and
  • Will be able to perform necessary work on the financial information of the components when applicable.
• Whether sufficient and appropriate resources are assigned or will be made available.

In the case of an initial group audit engagement, the group auditor’s understanding of the matters in paragraph A32 may be obtained from:

• Information provided by group management;
• Communication with group management;
• Communication with those charged with governance of the group; and
• When applicable, communication with component management or the predecessor auditor.

For a recurring engagement, the ability to obtain sufficient appropriate audit evidence may be affected by significant changes in, for example:

• The group structure (e.g., acquisitions, disposals, joint ventures, reorganisations, or changes in how the group financial reporting system is organised).
• Components’ activities that are significant to the group.
• The composition of those charged with governance of the group, group management, or key management of components for which audit procedures are expected to be performed.
• The group auditor’s understanding of the integrity and competence of group or component management.
• The applicable financial reporting framework.

Section 323B of the Corporations Act 2001 (the Act) requires the officer or auditor of a controlled entity to give the principal auditor access to the controlled entity’s books; and give the auditor any information, explanation or assistance required under section 323A of the Act.

There may be additional complexities with obtaining sufficient appropriate audit evidence in a group audit when components are located in jurisdictions other than the group auditor’s jurisdiction because of cultural and language differences, and different laws or regulations. For example, law or regulation may restrict the component auditor from providing documentation outside of its jurisdiction, or war, civil unrest or outbreaks of disease may restrict the group auditor’s access to relevant component auditor audit documentation. Paragraph A180 includes possible ways to address these situations.

Restrictions may be imposed after the group engagement partner’s acceptance of the group audit engagement that may affect the engagement team’s ability to obtain sufficient appropriate audit evidence. Such restrictions may include those affecting:

• The group auditor’s access to component information, management or those charged with governance of components, or the component auditors (including relevant audit documentation sought by the group auditor) (see paragraphs 20 and 21); or
• The work to be performed on the financial information of components.

Paragraphs A45–A46 explain the possible effect of such restrictions on the auditor’s report on the group financial report.

Agreeing the Terms of Audit Engagements (Ref: Para. 19)

ASA 210^[46] requires the auditor to agree the terms of the audit engagement with management or those charged with governance, as appropriate. The terms of engagement identify the applicable financial reporting framework. Additional matters that may be included in the terms of a group audit engagement include:

• Communications between the group auditor and component auditors should be unrestricted to the extent possible under laws or regulations;
• Important communications between component auditors and those charged with governance of the component or component management, including communications on significant deficiencies in internal control, should be communicated to the group auditor;
• Communications between regulatory authorities and entities or business units related to financial reporting matters that may be relevant to the group audit should be communicated to the group auditor; and
• The group auditor should be permitted to perform work, or request a component auditor to perform work, at the component.

Restrictions on Access to Information or People (Ref: Para. 20–21)

Restrictions on access to information or people do not eliminate the requirement for the group auditor to obtain sufficient appropriate audit evidence.

Access to information or people can be restricted for many reasons, such as restrictions imposed by component management, laws or regulations or other conditions, for example, war, civil unrest or outbreaks of disease. Paragraph A180 describes how the group auditor may be able to overcome restrictions on access to component auditor audit documentation.

In some circumstances, the group auditor may be able to overcome restrictions on access to information or people, for example:

• If access to component management or those charged with governance of the component is restricted, the group auditor may request group management or those charged with governance of the group to assist with removing the restriction or otherwise request information directly from group management or those charged with governance of the group.
• If the group has a non-controlling interest in an entity that is accounted for by the equity method, the group auditor may determine whether provisions exist (e.g., in the terms of joint venture agreements, or the terms of other investment agreements) regarding access by the group to the financial information of the entity and request group management to exercise such rights.
• If the group has a non-controlling interest in an entity that is accounted for by the equity method and the group has representatives who are on the executive board or are members of those charged with governance of the non-controlled entity, the group auditor may enquire whether they can provide financial and other information available to them in these roles.

If the group has a non-controlling interest in an entity that is accounted for by the equity method and the group auditor’s access to information or people at the entity is restricted, the group auditor may be able to obtain information to be used as audit evidence regarding the entity’s financial information, for example:

• Financial information that is available from group management, as group management also needs to obtain the non-controlled entity’s financial information in order to prepare the group financial report.
• Publicly available information, such as an audited financial report, public disclosure documents, or quoted prices of equity instruments in the non-controlled entity.

It is a matter of professional judgement, particularly in view of the assessed risks of material misstatement of the group financial report and considering other sources of information that may corroborate or otherwise contribute to audit evidence obtained, whether the auditor can obtain sufficient appropriate audit evidence.^[47]

If the group has a non-controlling interest in an entity that is accounted for by the equity method and access to information or people at the entity is restricted, the group auditor may consider whether such restrictions are inconsistent with group management’s assertions regarding the appropriateness of the use of the equity method of accounting.

When the group auditor is unable to obtain sufficient appropriate audit evidence due to restrictions on access to information or people, the group auditor may:

• Communicate the restrictions to the group auditor’s firm to assist the group auditor in determining an appropriate course of action. For example, the group auditor’s firm may communicate with group management about the restrictions and encourage group management to communicate with regulators. This may be useful when restrictions affect multiple audits in the jurisdiction or by the same firm, for example, because of war, civil unrest or outbreaks of disease in a major economy.
• Be required by law or regulation to communicate with regulators, listing authorities, or others, about the restrictions.

Restrictions on access may have other implications for the group audit. For example, if restrictions are imposed by group management, the group auditor may need to reconsider the reliability of group management’s responses to the group auditor’s enquiries and whether the restrictions call into question group management’s integrity.

Effect of Restrictions on Access to Information or People on the Auditor’s Report on a Group Financial Report (Ref: Para. 20–21)

ASA 705^[48] contains requirements and guidance about how to address situations when the group auditor is unable to obtain sufficient appropriate audit evidence. Appendix 1 contains an example of an auditor’s report containing a qualified group audit opinion based on the group auditor’s inability to obtain sufficient appropriate audit evidence in relation to a component that is accounted for by the equity method.

Law or Regulation Prohibit the Group Engagement Partner from Declining or Withdrawing from an Engagement (Ref: Para. 20–21)

Law or regulation may prohibit the group engagement partner from declining or withdrawing from an engagement. For example, in some jurisdictions the auditor is appointed for a specified period of time and is prohibited from withdrawing before the end of that period. Also, in the public sector, the option of declining or withdrawing from an engagement may not be available to the auditor due to the nature of the mandate or public interest considerations. In these circumstances, the requirements in this ASA still apply to the group audit, and the effect of the group auditor’s inability to obtain sufficient appropriate audit evidence is addressed in ASA 705.

The Continual and Iterative Nature of Planning and Performing a Group Audit (Ref: Para. 22)

As explained in ASA 300,^[49] planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit engagement. For example, due to unexpected events, changes in conditions, or audit evidence obtained from risk assessment or further audit procedures, the group auditor may need to modify the overall group audit strategy and group audit plan, and the resulting planned nature, timing and extent of further audit procedures, based on the revised consideration of assessed risks. The group auditor may also modify the determination of the components at which to perform audit work as well as the nature, timing and extent of the component auditors’ involvement. ASA 300^[50] requires the auditor to update and change the overall audit strategy and audit plan as necessary during the course of the audit.

Establishing the Overall Group Audit Strategy and Group Audit Plan (Ref: Para. 22)

In an initial group audit engagement, the group auditor may have a preliminary understanding of the group and its environment, the applicable financial reporting framework and the entity’s system of internal control based on information obtained from group management, those charged with governance of the group and, when applicable, communication with component management or the predecessor auditor. In a recurring group audit engagement, the group auditor’s preliminary understanding may be obtained through prior period audits. This preliminary understanding may assist the group auditor in developing initial expectations about the classes of transactions, account balances and disclosures that may be significant.

The group auditor may also use information obtained during the engagement acceptance and continuance process in establishing the overall group audit strategy and group audit plan, for example, in relation to the resources needed to perform the group audit.

The process of establishing the overall group audit strategy and group audit plan and initial expectations about the classes of transactions, account balances and disclosures that may be significant at the group financial statement level may assist the group auditor in developing a preliminary determination of matters such as:

• Whether to perform audit work centrally, at components or a combination thereof; and
• The nature, timing and extent of audit work to be performed with respect to the financial information of components (e.g., design and perform risk assessment procedures, further audit procedures, or a combination thereof).

Components at Which to Perform Audit Work (Ref: Para. 22(a))

The determination of components at which to perform audit work is a matter of professional judgement. Matters that may influence the group auditor’s determination include, for example:

• The nature of events or conditions that may give rise to risks of material misstatement at the assertion level of the group financial report that are associated with a component, for example:
  • Newly formed or acquired entities or business units.
  • Entities or business units in which significant changes have taken place.
  • Significant transactions with related parties.
  • Significant transactions outside the normal course of business.
  • Abnormal fluctuations identified by analytical procedures performed at the group level, in accordance with ASA 315.^[51]
• The disaggregation of significant classes of transactions, account balances and disclosures in the group financial report across components, considering the size and nature of assets, liabilities and transactions at the location or business unit relative to the group financial report.
• Whether sufficient appropriate audit evidence is expected to be obtained for all significant classes of transactions, account balances and disclosures in the group financial report from audit work planned on the financial information of identified components.
• The nature and extent of misstatements or control deficiencies identified at a component in prior period audits.
• The nature and extent of the commonality of controls across the group and whether, and if so, how, the group centralises activities relevant to financial reporting.

Resources (Ref: Para. 22(b))

Matters that influence the group auditor’s determination of the resources needed to perform the group audit and the nature, timing and extent to which component auditors are to be involved are a matter of professional judgement and may include, for example:

• The understanding of the group, the components within the group at which audit work is to be performed and whether to perform work centrally, at components or a combination thereof.
• The knowledge and experience of the engagement team. For example, component auditors may have greater experience and a more in-depth knowledge than the group auditor of the local industries in which components operate, laws or regulations, business practices, language and culture. In addition, the involvement of auditor’s experts may be needed on complex matters.
• The initial expectations about the potential risks of material misstatement.
• The amount or location of resources to allocate to specific audit areas. For example, the extent to which components are dispersed across multiple locations may impact the need to involve component auditors in specific locations.
• Access arrangements. For example, when the group auditor’s access to a component in a particular jurisdiction is restricted, component auditors may need to be involved.
• The nature of the components’ activities, including their complexity or specialisation of operations.
• The group’s system of internal control, including the information system in place, and its degree of centralisation. For example, the involvement of component auditors may be more likely when the system of internal control is decentralised.
• Previous experience with the component auditor.

Component auditors may be involved in different phases of an audit, for example, component auditors may design or perform:

• Risk assessment procedures; and
• Procedures to respond to the assessed risks of material misstatement.

The nature, timing and extent to which component auditors are to be involved depends on the facts and circumstances of the group audit engagement. Often component auditors will be involved in all phases of the audit, but the group auditor may decide to involve component auditors only in a certain phase. When the group auditor does not intend to involve component auditors in risk assessment procedures, the group auditor may still discuss with component auditors whether there are any significant changes in the business or the system of internal control of the component that could have an effect on the risks of material misstatement of the group financial report.

ASA 300^[52] requires the engagement partner and other key members of the engagement team to be involved in planning the audit. When component auditors are involved, one or more individuals from a component auditor may be key members of the engagement team and therefore involved in planning the group audit. The involvement of component auditors in planning the audit draws on their experience and insight, thereby enhancing the effectiveness and efficiency of the planning process. The group engagement partner uses professional judgement in determining which component auditors to involve in planning the audit. This may be affected by the nature, timing and extent to which the component auditors are expected to be involved in designing and performing risk assessment or further audit procedures.

As described in ASQM 1,^[53] there may be circumstances when the fee quoted for an engagement is not sufficient given the nature and circumstances of the engagement, and it may diminish the firm’s ability to perform the engagement in accordance with professional standards and applicable legal or regulatory requirements. The level of fees, including their allocation to component auditors, and the extent to which they relate to the resources required, may be a special consideration for group audit engagements. For example, in a group audit, the firm’s financial and operational priorities may place constraints on the determination of the components at which audit work will be performed, as well as the resources needed, including the involvement of component auditors. In such circumstances, these constraints do not override the group engagement partner’s responsibility for achieving quality at the engagement level or the requirements for the group auditor to obtain sufficient appropriate audit evidence on which to base the group audit opinion.

Considerations When Component Auditors Are Involved

Sufficient and Appropriate Involvement in the Work of the Component Auditor (Ref: Para. 23–24)

In evaluating whether the group auditor will be able to be sufficiently and appropriately involved in the work of the component auditor, the group auditor may obtain an understanding of whether the component auditor is subject to any restrictions that limit communication with the group auditor, including with regard to sharing audit documentation with the group auditor. The group auditor may also obtain an understanding about whether audit evidence related to components located in a different jurisdiction may be in a different language and may need to be translated for use by the group auditor.

If the component auditor is unable to cooperate with the group auditor, the group auditor may:

• Request the component auditor to provide its rationale.
• Be able to take appropriate action to address the matter, including adjusting the nature of the work requested to be performed. Alternatively, in accordance with paragraph 27, the group auditor may need to obtain sufficient appropriate audit evidence relating to the work to be performed at the component without involving the component auditor.

Relevant Ethical Requirements, Including Those Related to Independence (Ref: Para. 25)

When performing work at a component for a group audit engagement, the component auditor is subject to ethical requirements, including those related to independence, that are relevant to the group audit engagement. Such requirements may be different from or in addition to those applying to the component auditor when performing an audit on the financial report of an entity or business unit that is part of the group for statutory, regulatory or other reasons in the component auditor’s jurisdiction.

In making the component auditors aware of relevant ethical requirements, the group auditor may consider whether additional information or training for component auditors is necessary regarding the provisions of the ethical requirements that are relevant to the group audit engagement.

Engagement Resources (Ref: Para. 26)

ASA 220^[54] requires the engagement partner to determine that sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner. When sufficient or appropriate resources are not made available in relation to work to be performed by a component auditor, the group engagement partner may discuss the matter with the component auditor, group management or the group auditor’s firm and may subsequently request the component auditor or the group auditor’s firm to make sufficient and appropriate resources available.

Competence and capabilities of the component auditors

ASA 220^[55] provides guidance regarding matters the engagement partner may take into consideration when determining the competence and capabilities of the engagement team. This determination is particularly important in a group audit when the engagement team includes component auditors. ASA 220^[56] indicates that the firm’s policies or procedures may require the firm or the engagement partner to take different actions from those applicable to personnel when obtaining an understanding of whether a component auditor from another firm has the appropriate competence and capabilities to perform the audit engagement.

Determining whether component auditors have the appropriate competence and capabilities is a matter of professional judgement and is influenced by the nature and circumstances of the group audit engagement. This determination influences the nature, timing and extent of the group engagement partner’s direction and supervision of the component auditor and the review of their work.

In determining whether component auditors have the appropriate competence and capabilities to perform the assigned audit procedures at the component, the group engagement partner may consider matters such as:

• Previous experience with or knowledge of the component auditor.
• The component auditor’s specialised skills (e.g., industry-specific knowledge).
• The degree to which the group auditor and component auditor are subject to a common system of quality management, for example, whether the group auditor and a component auditor:
  • Use common resources to perform the work (e.g., audit methodologies or IT applications);
  • Share common policies or procedures affecting engagement performance (e.g., direction, supervision and review of work or consultation);
  • Are subject to common monitoring activities; or
  • Have other commonalities, including common leadership or a common cultural environment.
• The consistency or similarity of:
  • Laws or regulations or legal system;
  • Language and culture;
  • Education and training;
  • Professional oversight, discipline, and external quality assurance; or
  • Professional organisations and standards.
• Information obtained about the component auditor through interactions with component management, those charged with governance, and other key personnel, such as internal auditors.

The procedures to determine the component auditor’s competency and capability may include, for example:

• An evaluation of the information communicated by the group auditor’s firm to the group auditor, including:
  • The firm’s ongoing communication related to monitoring and remediation, in circumstances when the group auditor and component auditor are from the same firm.
  • Information from the network about the results of the monitoring activities undertaken by the network across the network firms.^[58]
  • Information obtained from professional body(ies) to which the component auditor belongs, the authorities by which the component auditor is licensed, or other third parties.
• Discussing the assessed risks of material misstatement with the component auditor.
• Requesting the component auditor to confirm their understanding of the matters referred to in paragraph 25 in writing.
• Discussing the component auditor’s competence and capabilities with colleagues in the group engagement partner’s firm that have worked directly with the component auditor.
• Obtaining published external inspection reports.

The group engagement partner’s firm and the component auditor may be members of the same network and may be subject to common network requirements or use common network services.^[59] When determining whether component auditors have the appropriate competence and capabilities to perform work in support of the group audit engagement, the group engagement partner may be able to depend on such network requirements, for example, those addressing professional training or recruitment, or that require the use of audit methodologies and related implementation tools. In accordance with ASQM 1,^[60] the firm is responsible for designing, implementing and operating its system of quality management, and the firm may need to adapt or supplement network requirements or network services to be appropriate for use in its system of quality management.

Using the work of an auditor’s expert

ASA 220^[61] requires the engagement partner to determine that members of the engagement team, and any auditor’s external experts who are not part of the engagement team, collectively have the appropriate competence and capabilities, including sufficient time, to perform the audit engagement. If an auditor’s expert is used by a component auditor, the group engagement partner may need to obtain information from the component auditor. For example, the group auditor may discuss with the component auditor the component auditor’s evaluation of the competence and capabilities of the auditor’s expert.

Automated tools and techniques 

When determining whether the engagement team has the appropriate competence and capabilities, the group engagement partner may take into consideration such matters as the expertise of the component auditor in the use of automated tools and techniques. For example, as described in ASA 220,^[62] when the group auditor requires component auditors to use specific automated tools and techniques when performing audit procedures, the group auditor may communicate with component auditors that the use of such automated tools and techniques need to comply with the group auditor’s instructions.

Application of the Group Auditor’s Understanding of a Component Auditor (Ref: Para. 27)

ASA 220^[63] requires the engagement partner to take responsibility for other members of the engagement team having been made aware of relevant ethical requirements that are applicable given the nature and circumstances of the audit engagement, and the firm’s related policies or procedures. This includes the firm’s policies or procedures that address circumstances that may cause a breach of relevant ethical requirements, including those related to independence, and the responsibilities of members of the engagement team when they become aware of breaches. The firm’s policies or procedures also may address breaches of independence requirements by component auditors, and actions the group auditor may take in those circumstances in accordance with the relevant ethical requirements. In addition, relevant ethical requirements or law or regulation may also specify particular communications to those charged with governance in circumstances when breaches of independence requirements have been identified.^[64]

If there has been a breach by a component auditor of the relevant ethical requirements that apply to the group audit engagement, including those related to independence, and the breach has not been satisfactorily addressed in accordance with provisions of the relevant ethical requirements, the group auditor cannot use the work of that component auditor.

Serious concerns are those concerns that in the group auditor’s professional judgement cannot be overcome. The group engagement partner may be able to overcome less than serious concerns about the component auditor’s professional competency (e.g., lack of industry-specific knowledge), or the fact that the component auditor does not operate in an environment that actively oversees auditors, by the group auditor being more involved in the work of the component auditor or by directly performing further audit procedures on the financial information of the component.

Engagement Performance (Ref: Para. 28)

ASA 220^[65] requires the engagement partner to determine that the nature, timing and extent of direction, supervision and review is planned and performed in accordance with the firm’s policies or procedures, professional standards and applicable legal and regulatory requirements, and is responsive to the nature and circumstances of the audit engagement and the resources assigned or made available to the engagement team. For a group audit, the approach to direction, supervision and review will generally include a combination of addressing the group auditor’s firm policies or procedures and group audit engagement-specific responses.

For a group audit, particularly when the engagement team includes a large number of component auditors that may be located in multiple locations, the group engagement partner may assign the design or performance of procedures, tasks or actions to other members of the engagement team to assist the group engagement partner in fulfilling the responsibility for the nature, timing and extent of the direction and supervision of component auditors and the review of their work (see also paragraph 11).

If component auditors are from a firm other than the group auditor’s firm, the firm’s policies or procedures may be different, or different actions may need to be taken, respectively, in relation to the nature, timing and extent of direction and supervision of those members of the engagement team, and the review of their work. In particular, firm policies or procedures may require the firm or the group engagement partner to take different actions from those applicable to members of the engagement team within the firm or the network (e.g., in relation to the form, content and timing of communications with component auditors, including the use of group auditor instructions to component auditors). ASA 220 provides examples of actions that may need to be taken in such circumstances.^[66]

The nature, timing and extent of direction and supervision of component auditors and review of their work may be tailored based on the nature and circumstances of the engagement and, for example:

• The assessed risks of material misstatement. For example, if the group auditor has identified a component that includes a significant risk, an increase in the extent of direction and supervision of the component auditor and a more detailed review of the component auditor’s audit documentation may be appropriate.
• The competence and capabilities of the component auditors performing the audit work. For example, if the group auditor has no previous experience working with a component auditor, the group auditor may communicate more detailed instructions, increase the frequency of discussions or other interactions with the component auditor, or assign more experienced individuals to oversee the component auditor as the work is performed.
• The location of engagement team members, including the extent to which engagement team members are dispersed across multiple locations, including when service delivery centres are used.
• Access to component auditor audit documentation. For example, when law or regulation precludes component auditor audit documentation from being transferred out of the component auditor’s jurisdiction, the group auditor may be able to review the audit documentation at the component auditor’s location or remotely through the use of technology, when not prohibited by law or regulation (see also paragraphs A179–A180).

There are different ways in which the group engagement partner may take responsibility for directing and supervising component auditors and reviewing their work, for example:

• Communications with component auditors throughout the course of the group audit, including communications required by this ASA.
• Meetings or calls with component auditors to discuss identified and assessed risks, issues, findings and conclusions.
• Reviews of the component auditor’s audit documentation in person or remotely when permitted by law and regulation.
• Participating in the closing or other key meetings between the component auditors and component management.

In applying ASA 220,^[67] the group engagement partner is required to review audit documentation at appropriate points in time during the audit engagement, including audit documentation relevant to the group audit relating to:

• Significant matters;
• Significant judgements, including those relating to difficult or contentious matters identified during the audit engagement, and the conclusions reached; and
• Other matters that, in the engagement partner’s professional judgement, are relevant to the engagement partner’s responsibilities.

The review of such audit documentation by the group engagement partner often takes place during the course of the group audit, including the review of relevant component auditor audit documentation (also see paragraph A148).

Communications with Component Auditors (Ref: Para. 29)

Clear and timely communication between the group auditor and the component auditors about their respective responsibilities, along with clear direction to the component auditors about the nature, timing and extent of the work to be performed and the matters expected to be communicated to the group auditor, helps establish the basis for effective two-way communication. Effective two-way communication between the group auditor and the component auditors also helps to set expectations for component auditors and facilitates the group auditor’s direction and supervision of them and the review of their work. Such communication also provides an opportunity for the group engagement partner to reinforce the need for component auditors to exercise professional scepticism in the work performed for purposes of the group audit.

Other factors that may also contribute to effective two-way communication include:

• Clarity of the instructions to the component auditor, particularly when the component auditor is from another firm and may not be familiar with the policies or procedures of the group auditor’s firm.
• A mutual understanding that the component auditor may discuss the audit work requested to be performed, based on the component auditor’s knowledge and understanding of the component.
• A mutual understanding of relevant issues and the expected actions arising from the communication process.
• The form of communications. For example, matters that need timely attention may be more appropriately discussed in a meeting rather than by exchanging emails.
• A mutual understanding of the person(s) from the group auditor and component auditors who have responsibility for managing communications regarding particular matters.
• The process for the component auditor to take action and report back on matters communicated by the group auditor.

The communications between the group auditor and component auditors depend on the facts and circumstances of the group audit engagement, including the nature and extent of involvement of the component auditors and the degree to which the group auditor and component auditors are subject to common systems of quality management or common network requirements or network services.

Form of communications

The form of the communications between the group auditor and component auditors may vary based on factors such as the nature of the audit work the component auditors have been requested to perform, and the extent to which communication capabilities are integrated into the audit tools used for the group audit.

The form of communications also may be affected by such factors as:

• The significance, complexity or urgency of the matter.
• Whether the matter has been or is expected to be communicated to group management and those charged with governance of the group.

Communication between the group auditor and the component auditor may not necessarily be in writing. However, the group auditor’s verbal communications with the component auditors may be supplemented by written communication, such as a set of instructions regarding the work to be performed, when the group auditor wants to give particular attention to, or promote a mutual understanding about, certain matters. In addition, the group auditor may meet with the component auditor to discuss significant matters or to review relevant parts of the component auditor’s audit documentation.

Paragraph 45 requires the group auditor to request the component auditor to communicate matters relevant to the group auditor’s conclusion with regard to the group audit. As explained in paragraph A146, the form and content of the component auditor’s deliverables are influenced by the nature and extent of the audit work the component auditor has been requested to perform.

Regardless of the form of communication, the documentation requirements of this and other ASAs apply.

Timing of communications

The appropriate timing of communications will vary with the circumstances of the engagement. Relevant circumstances may include the nature, timing and extent of work to be performed by the component auditor and the action expected to be taken by the component auditor. For example, communications regarding planning matters may often be made early in the audit engagement and, for an initial group audit, may be made as part of agreeing the terms of the engagement.

Non-compliance with laws or regulations (Ref: Para. 25, 29)

In applying ASA 250,^[68] the group engagement partner may become aware of information about non-compliance or suspected non-compliance with laws or regulations. In such circumstances, the group engagement partner may have an obligation under relevant ethical requirements, laws or regulations, to communicate the matter to the component auditor.^[69] The obligation of the group engagement partner to communicate non-compliance or suspected non-compliance may extend to auditors of the financial report of entities or business units for which an audit is required by statute, regulation or for another reason, but for which no audit work is performed for purposes of the group audit.

(Ref: Para. 30)

ASA 315^[70] contains requirements and guidance regarding the auditor’s responsibility to obtain an understanding of the entity and its environment, the applicable financial reporting framework, and the entity’s system of internal control. Appendix 2 of this ASA provides examples of matters related to internal control that may be helpful in obtaining an understanding of the system of internal control in the context of a group environment, and expands on how ASA 315 is to be applied to an audit of a group financial report.

The understanding of the group and its environment, the applicable financial reporting framework, and the group’s system of internal control may be obtained through communications with:

• Group management, component management or other appropriate individuals within the entity, including individuals within the internal audit function (if the function exists) and individuals who have knowledge of the group’s system of internal control, accounting policies and practices, and the consolidation process;
• Component auditors; or
• Auditors that perform an audit for statutory, regulatory or other reasons of the financial report of an entity or business unit that is part of the group.

Obtaining an understanding of the group, identifying risks of material misstatement and assessing inherent risk and control risk may be performed in different ways depending on preferred audit techniques or methodologies and may be expressed in different ways. Accordingly, when component auditors are involved in the design and performance of risk assessment procedures, the group auditor may need to communicate its preferred approach with component auditors or provide instructions.

Engagement Team Discussion (Ref: Para. 30)

In applying ASA 315,^[71] the group engagement partner and other key engagement team members are required to discuss the application of the applicable financial reporting framework and the susceptibility of the group’s financial report to material misstatement. The group engagement partner’s determination of which members of the engagement team to include in the discussion, and the topics to be discussed, is affected by matters such as initial expectations about the risks of material misstatement and the preliminary expectation of whether to involve component auditors.

The discussion provides an opportunity to:

• Share knowledge of the components and their environments, including which components’ activities are centralised.
• Exchange information about the business risks of the components or the group, and how inherent risk factors may affect susceptibility to misstatement of classes of transactions, account balances and disclosures.
• Exchange ideas about how and where the group financial report may be susceptible to material misstatement due to fraud or error. ASA 240^[72] requires the engagement team discussion to place particular emphasis on how and where the entity’s financial report may be susceptible to material misstatement due to fraud, including how fraud may occur.
• Identify policies followed by group or component management that may be biased or designed to manage earnings that could lead to fraudulent financial reporting.
• Consider known external and internal factors affecting the group that may create an incentive or pressure for group management, component management, or others to commit fraud, provide the opportunity for fraud to be perpetrated, or indicate a culture or environment that enables group management, component management, or others to rationalise committing fraud.
• Consider the risk that group or component management may override controls.
• Discuss fraud that has been identified, or information that indicates existence of a fraud.
• Identify risks of material misstatement relevant to components where there may be impediments to the exercise of professional scepticism.
• Consider whether uniform accounting policies are used to prepare the financial information of the components for the group financial report and, if not, how differences in accounting policies are identified and adjusted (when required by the applicable financial reporting framework).
• Share information about risks of material misstatement of the financial information of a component that may apply more broadly to some, or all, of the other components.
• Share information that may indicate non-compliance with national laws or regulations, for example, payments of bribes and improper transfer pricing practices.
• Discuss events or conditions identified by group management, component management or the engagement team, that may cast significant doubt on the group’s ability to continue as a going concern.
• Discuss related party relationships or transactions identified by group management or component management, and any other related parties of which the engagement team is aware.

The Group and Its Environment (Ref: Para. 30 (a))

An understanding of the group’s organisational structure and its business model may enable the group auditor to understand such matters as:

• The complexity of the group’s structure. A group may be more complex than a single entity because a group may have several subsidiaries, divisions or other business units, including in multiple locations. Also, a group’s legal structure may be different from the operating structure, for example, for tax purposes. Complex structures often introduce factors that may give rise to increased susceptibility to material misstatements, such as whether goodwill, joint ventures or special-purpose entities are accounted for appropriately and whether adequate disclosures have been made.
• The geographic locations of the group’s operations. Having a group that is located in multiple geographical locations may give rise to increased susceptibility to material misstatements. For example, different geographical locations may involve different languages, cultures and business practices.
• The structure and complexity of the group’s IT environment. A complex IT environment often introduces factors that may give rise to increased susceptibility to material misstatements. For example, a group may have a complex IT environment because of multiple IT systems that are not integrated due to recent acquisitions or mergers. Therefore, it may be particularly important to obtain an understanding of the complexity of the security over the IT environment, including vulnerability of the IT applications, databases, and other aspects of the IT environment. A group may also use one or more external service providers for aspects of its IT environment.
• Relevant regulatory factors, including the regulatory environment. Different laws or regulations may introduce factors that may give rise to increased susceptibility to material misstatements. A group may have operations that are subject to a high degree of complex laws or regulations in multiple jurisdictions, or entities or business units in the group that operate in multiple industries that are subject to different types of laws or regulations.
• The ownership, and relationships between owners and other people or entities, including related parties. Understanding the ownership and relationships can be more complex in a group that operates across multiple jurisdictions and when there are changes in ownership through formation, acquisition, disposal or joint venture. These factors may give rise to increased susceptibility to material misstatements.

Obtaining an understanding of the degree to which the group’s operations or activities are similar may help to identify similar risks of material misstatement across components and design an appropriate response.

The financial results of entities or business units are ordinarily measured and reviewed by group management. Enquiries of group management may reveal that group management relies on certain key indicators to evaluate the financial performance of the group’s entities and business units and take action. The understanding of such performance measures may help to identify:

• Areas where there is increased susceptibility to material misstatements (e.g., due to pressures on component management to meet certain performance measures).
• Controls over the group’s financial reporting process.

The Group's System of Internal Control

The Nature and Extent of Commonality of Controls (Ref: Para. 30(c)(i))

Group management may design controls that are intended to operate in a common manner across multiple entities or business units (i.e., common controls). For example, group management may design common controls for inventory management, which operate using the same IT system and that are implemented across all entities or business units in the group. Common controls may exist in each component of the group’s system of internal control, and they may be implemented at different levels within the group (e.g., at the level of the consolidated group as a whole, or for other levels of aggregation within the group). Common controls may be direct controls or indirect controls. Direct controls are controls that are precise enough to address risks of material misstatement at the assertion level. Indirect controls are controls that support direct controls.^[73]

Understanding the components of the group’s system of internal control includes understanding the commonality of the controls within those components across the group. In understanding the commonality of a control across the group, considerations that may be relevant include whether:

• The control is designed centrally and is required to be implemented as designed (i.e., without modification) at some or all components;
• The control is implemented and, if applicable, monitored by individuals with similar responsibilities and capabilities at all the components where the control is implemented;
• If a control uses information from IT applications, the IT applications and other aspects of the IT environment that generate the information are the same across the components or locations; or
• If the control is automated, it is configured in the same way in each IT application across the components.

Judgement may often be needed to determine whether a control is a common control. For example, group management may require that all entities and business units perform a monthly evaluation of the aging of customers’ accounts that is generated from a specific IT application. When the aging reports are generated from different IT applications or the implementation of the IT application differs across entities or business units, there may be a need to consider whether the control can be determined to be common. This is because of differences in the design of the control that may exist due to the existence of different IT applications (e.g., whether the IT application is configured in the same manner across components, and whether there are effective general IT controls across different IT applications).

Consideration of the level at which controls are performed within the group (e.g., at the level of the consolidated group as a whole or for other levels of aggregation within the group) and the degree of centralisation and commonality may be important to the understanding of how information is processed and controlled. In some circumstances, controls may be performed centrally (e.g., performed only at a single entity or business unit), but may have a pervasive effect on other entities or business units (e.g., a shared service centre that processes transactions on behalf of other entities or business units within the group). The processing of transactions and related controls at a shared service centre may operate in the same way for those transactions being processed by the shared service centre regardless of the entity or business unit (e.g., the processes, risks and controls may be the same regardless of the source of the transaction). In such cases, it may be appropriate to identify the controls and evaluate the design and determine the implementation of the controls, and, if applicable, test operating effectiveness, as a single population.

Centralised Activities (Ref: Para. 30(c)(i)–(ii))

Group management may centralise some of its activities, for example financial reporting or accounting functions may be performed for a particular group of common transactions or other financial information in a consistent and centralised manner for multiple entities or business units (e.g., when the initiation, authorisation, recording, processing, or reporting of revenue transactions is performed at a shared service centre).

Obtaining an understanding of how centralised activities fit into the overall group structure, and the nature of the activities undertaken, may help to identify and assess risks of material misstatement and appropriately respond to such risks. For example, controls at a shared service centre may operate independently from other controls, or they may be dependent upon controls at an entity or business unit from which financial information is derived (e.g., sales transactions may be initiated and authorised at an entity or business unit, but the processing may occur at the shared service centre).

The group auditor may involve component auditors in testing the operating effectiveness of common controls or controls related to centralised activities. In such circumstances, effective collaboration between the group auditor and component auditors is important as the audit evidence obtained through testing the operating effectiveness of common controls or controls related to centralised activities supports the determination of the nature, timing and extent of substantive procedures to be performed across the group.

Communications About Significant Matters that Support the Preparation of the Group Financial Report (Ref: Para. 30(c)(iv))

Group entities or business units may use a financial reporting framework for statutory, regulatory or other reasons that is different from the financial reporting framework used for the group’s financial report. In such circumstances, an understanding of group management’s financial reporting processes to align accounting policies and, when relevant, financial reporting period-ends that differ from that of the group, enables the group auditor to understand how adjustments, reconciliations and reclassifications are made, and whether they are made centrally by group management or by the entity or business unit.

Instructions by group management to entities or business units

In applying ASA 315,^[74] the group auditor is required to understand how group management communicates significant matters that support the preparation of the group financial report. To achieve uniformity and comparability of financial information, group management may issue instructions (e.g., communicate financial reporting policies) to the entities or business units that include details about financial reporting processes or may have policies that are common across the group. Obtaining an understanding of group management’s instructions may affect the identification and assessment of the risks of material misstatement of the group financial report. For example, inadequate instructions may increase the likelihood of misstatements due to the risk that transactions are incorrectly recorded or processed, or that accounting policies are incorrectly applied.

The group auditor’s understanding of the instructions or policies may include the following:

• The clarity and practicality of the instructions for completing the reporting package.
• Whether the instructions:
  • Adequately describe the characteristics of the applicable financial reporting framework and the accounting policies to be applied;
  • Address information necessary to prepare disclosures that are sufficient to comply with the requirements of the applicable financial reporting framework, for example, disclosure of related party relationships and transactions, and segment information;
  • Address information necessary for making consolidation adjustments, for example, intra-group transactions and unrealised profits, and intra-group account balances; and
  • Include a reporting timetable.

Considerations When Component Auditors Are Involved (Ref: Para. 31–32)

During the course of the group audit, the group auditor may communicate the matters in paragraph 31 to other component auditors, if these matters are relevant to the work of those component auditors. Paragraph A144 includes examples of other matters that may need to be communicated timely in the course of the component auditor’s work.

The nature of related party relationships and transactions may, in some circumstances, give rise to higher risks of material misstatement of the financial report than transactions with unrelated parties.^[75] In a group audit there may be a higher risk of material misstatement of the group financial report, including due to fraud, associated with related party relationships when:

• The group structure is complex;
• The group’s information systems are not integrated and therefore less effective in identifying and recording related party relationships and transactions; and
• There are numerous or frequent related party transactions between entities and business units.

Planning and performing the audit with professional scepticism, as required by ASA 200,^[76] is therefore particularly important when these circumstances exist.

(Ref: Para. 33)

The process to identify and assess the risks of material misstatement of the group financial report is iterative and dynamic, and may be challenging, particularly when the component’s activities are complex or specialised, or when there are many components across multiple locations. In applying ASA 315,^[77] the auditor develops initial expectations about the potential risks of material misstatement and an initial identification of the significant classes of transactions, account balances and disclosures of the group financial report based on their understanding of the group and its environment, the applicable financial reporting framework and the group’s system of internal control.

The initial expectations about the potential risks of material misstatement take into account the auditor’s understanding of the group, including its entities or business units, and the environments and industries in which they operate. Based on the initial expectations, the group auditor may, and often will, involve component auditors in risk assessment procedures as they may have direct knowledge and experience with the entities or business units that may be helpful in understanding the activities and related risks, and where risks of material misstatement of the group financial report may arise in relation to those entities or business units.

For identified risks of material misstatement at the assertion level, the group auditor is required to take responsibility for assessing inherent risk. Such assessment involves assessing the likelihood and magnitude of misstatement, which takes into account how, and the degree to which:^[78]

• Inherent risk factors affect the susceptibility of relevant assertions to misstatement.
• The risks of material misstatement at the group financial statement level affect the assessment of inherent risk for risks of material misstatement at the assertion level.

Based on the risk assessment procedures performed, the group auditor may determine that an assessed risk of material misstatement of the group financial report only arises in relation to financial information of certain components. For example, the risk of material misstatement relating to a legal claim may only exist in entities or business units that operate in a certain jurisdiction or in entities or business units that have similar operations or activities.

Appendix 3 sets out examples of events and conditions that, individually or together, may indicate risks of material misstatement of the group financial report, whether due to fraud or error, including with respect to the consolidation process.

Fraud

In applying ASA 240,^[79] the auditor is required to identify and assess the risks of material misstatement of the financial report due to fraud, and to design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level. Information used to identify the risks of material misstatement of the group financial report due to fraud may include the following:

• Group management’s assessment of the risk that the group financial report may be materially misstated due to fraud.
• Group management’s process for identifying and responding to the risks of fraud in the group financial report, including any specific fraud risks identified by group management, or classes of transactions, account balances, or disclosures for which a risk of fraud is higher.
• Whether there are particular components that are more susceptible to risks of material misstatement due to fraud.
• Whether any fraud risk factors or indicators of management bias exist in the consolidation process.
• How those charged with governance of the group monitor group management’s processes for identifying and responding to the risks of fraud in the group, and the controls group management has established to mitigate these risks.
• Responses of those charged with governance of the group, group management, appropriate individuals within the internal audit function (and when appropriate, component management, the component auditors, and others) to the group auditor’s enquiry about whether they have knowledge of any actual, suspected, or alleged fraud affecting a component or the group.

Considerations When Component Auditors Are Involved (Ref: Para. 34)

When the group auditor involves component auditors in the design and performance of risk assessment procedures, the group auditor remains responsible for having an understanding of the group and its environment, the applicable financial reporting framework and the group’s system of internal control to have a sufficient basis for the identification and assessment of the risks of material misstatement of the group financial report in accordance with paragraph 33.

When the audit evidence obtained from the risk assessment procedures does not provide an appropriate basis for the identification and assessment of the risks of material misstatement, ASA 315^[80] requires the auditor to perform additional risk assessment procedures until audit evidence has been obtained to provide such a basis.

Component Performance Materiality (Ref: Para. 35(a))

Paragraph 35(a) requires the group auditor to determine component performance materiality for each of the components where audit procedures are performed on financial information that is disaggregated. The component performance materiality amount may be different for each component. Also, the component performance materiality amount for an individual component need not be an arithmetical portion of the group performance materiality and, consequently, the aggregate of component performance materiality amounts may exceed group performance materiality.

This ASA does not require component performance materiality to be determined for each class of transactions, account balance or disclosure for components at which audit procedures are performed. However, if, in the specific circumstances of the group, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the group financial report as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the group financial report, ASA 320^[81] requires a determination of the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. In these circumstances, the group auditor may need to consider whether a component performance materiality lower than the amount communicated to the component auditor may be appropriate for those particular classes of transactions, account balances or disclosures.^[82]

The determination of component performance materiality is not a simple mechanical calculation and involves the exercise of professional judgement. Factors the group auditor may take into account in setting component performance materiality include the following:

• The extent of disaggregation of the financial information across components (e.g., as the extent of disaggregation across components increases, a lower component performance materiality ordinarily would be appropriate to address aggregation risk). The relative significance of the component to the group may affect the extent of disaggregation (e.g., if a single component represents a large portion of the group, there likely may be less disaggregation across components).
• Expectations about the nature, frequency, and magnitude of misstatements in the component financial information, for example:
  • Whether there are risks that are unique to the financial information of the component (e.g., industry-specific accounting matters, unusual or complex transactions).
  • The nature and extent of misstatements identified at the component in prior audits.

To address aggregation risk, paragraph 35(a) requires component performance materiality to be lower than group performance materiality. As explained in paragraph A118, as the extent of disaggregation across components increases, a lower component performance materiality amount ordinarily would be appropriate to address aggregation risk. In some circumstances, however, component performance materiality may be set at an amount closer to group performance materiality because there is less aggregation risk, such as when the financial information for one component represents a substantial portion of the group financial report. When determining component performance materiality for a non-controlling interest in an entity that is accounted for by the equity method, the group auditor may take into account the group’s ownership percentage and the share of the investee’s profits and losses.

In some cases, further audit procedures may be performed by the group auditor or a component auditor on a significant class of transactions or significant account balance as a single population (i.e., not disaggregated across components). In such cases, group performance materiality often will be used for purposes of performing these procedures.

“Clearly Trivial” Threshold (Ref: Para: 35(b))

The threshold for communicating misstatements to the group auditor is set at an amount equal to, or lower than, the amount regarded as clearly trivial for the group financial report. In accordance with ASA 450,^[83] this threshold is the amount below which misstatements would not need to be accumulated because the group auditor expects that the accumulation of such amounts clearly would not have a material effect on the group financial report.

Considerations When Component Auditors Are Involved

Communicating Component Performance Materiality (Ref: Para. 36)

In some cases, it may be appropriate for the group auditor to involve the component auditor in determining an appropriate component performance materiality amount, in view of the component auditor’s knowledge of the component and potential sources of misstatement of the component financial information. In this regard, the group auditor also may consider communicating group performance materiality to the component auditor to support collaboration in determining whether component performance materiality, in relation to group performance materiality, is appropriate in the circumstances.

Component performance materiality is based, at least in part, on expectations about the nature, frequency, and magnitude of misstatements in the component financial information. Therefore, ongoing communication between the component auditor and the group auditor is important, particularly if the number and magnitude of misstatements identified by the component auditor are higher than expected.

(Ref: Para. 37)

Performing Further Audit Procedures

Performing Further Audit Procedures Centrally

Further audit procedures may be designed and performed centrally if the audit evidence to be obtained from performing further audit procedures on one or more significant classes of transactions, account balances or disclosures in the aggregate will respond to the assessed risks of material misstatement, for example, if the accounting records for the revenue transactions of the entire group are maintained centrally (e.g., at a shared service centre). Factors that may be relevant to the auditor’s determination of whether to perform further audit procedures centrally include, for example:

• The level of centralisation of activities relevant to financial reporting.
• The nature and extent of commonality of controls.
• The similarity of the group’s activities and business lines.

The group auditor may determine that the financial information of several components can be considered as one population for the purpose of performing further audit procedures, for example, when transactions are considered to be homogeneous because they share the same characteristics, the related risks of material misstatement are the same, and controls are designed and operating in a consistent way.

When further audit procedures are performed centrally, component auditors may still be involved. For example, when the group has multiple shared service centres, the group auditor may involve component auditors in the performance of further audit procedures for these shared service centres.

Performing Further Audit Procedures at the Component Level

In other circumstances, procedures to respond to the risks of material misstatement of the group financial report that are related to the financial information of a component may be more effectively performed at the component level. This may be the case when the group has:

• Different revenue streams;
• Multiple lines of business;
• Operations across multiple locations; or
• Decentralised systems of internal control.

Large Number of Components Whose Financial Information Is Individually Immaterial but Material in the Aggregate to the Group Financial Report 

A group may be comprised of a large number of components whose financial information is individually immaterial but material in the aggregate to the group financial report. Circumstances such as these in which the significant classes of transactions, account balances or disclosures in the group financial report are disaggregated over a large number of components may present additional challenges for the group auditor in planning and performing further audit procedures.

In some cases, it may be possible to obtain sufficient appropriate audit evidence by performing further audit procedures centrally on these significant classes of transactions, account balances or disclosures (e.g., if they are homogeneous, subject to common controls and access to appropriate information can be obtained). The further audit procedures may also include substantive analytical procedures in accordance with ASA 520.^[84] Depending on the circumstances of the engagement, the financial information of the components may be aggregated at appropriate levels for purposes of developing expectations and determining the amount of any difference of recorded amounts from expected values in performing the substantive analytical procedures. The use of automated tools and techniques may be helpful in these circumstances.

In other cases, it may be necessary to perform further audit procedures at selected components to address the risks of material misstatement of the group financial report. The determination of the components at which audit procedures are to be performed, and the nature, timing and extent of further audit procedures to be performed at the selected components, are matters of professional judgement. In these circumstances, introducing an element of unpredictability in the components selected for testing also may be helpful in relation to the risks of material misstatement of the group financial report due to fraud (also see paragraph A136).

The Nature and Extent of Further Audit Procedures 

In response to the assessed risks of material misstatement, the group auditor may determine the following scope of work to be appropriate at a component (with the involvement of component auditors, as applicable):

• Design and perform further audit procedures on the entire financial information of the component;
• Design and perform further audit procedures on one or more classes of transactions, account balances or disclosures; or
• Perform specific further audit procedures.

Although the group auditor takes responsibility for the nature, timing and extent of further audit procedures to be performed, component auditors can be, and often are, involved in all phases of the group audit, including in the design and performance of further audit procedures.

Design and Perform Further Audit Procedures on the Entire Financial Information of the Component

The group auditor may determine that designing and performing further audit procedures on the entire financial information of a component is an appropriate approach, including when:

• Audit evidence needs to be obtained on all or a significant proportion of a component’s financial information to respond to the assessed risks of material misstatement of the group financial report.
• There is a pervasive risk of material misstatement of the group financial report due to the existence of events or conditions at the component that may be relevant to the group auditor’s evaluation of group management’s assessment of the group’s ability to continue as a going concern.

Design and Perform Further Audit Procedures on One or More Classes of Transactions, Account Balances or Disclosures 

The group auditor may determine that designing and performing further audit procedures on one or more particular classes of transactions, account balances, or disclosures of the financial information of a component is an appropriate approach to address assessed risks of material misstatement of the group financial report. For example, a component may have limited operations but holds a significant portion of the land and buildings of the group or has significant tax balances.

Perform Specific Further Audit Procedures

The group auditor may determine that designing and performing specific further audit procedures on the financial information of a component is an appropriate approach, such as when audit evidence needs to be obtained for one or more relevant assertions only. For example, the group auditor may centrally test the class of transaction, account balance or disclosure and may require the component auditor to perform specific further audit procedures at the component (e.g., specific further audit procedures related to the valuation of claims or litigation in the component’s jurisdiction or the existence of an asset).

Element of Unpredictability 

Incorporating an element of unpredictability in the type of work to be performed, the entities or business units at which procedures are performed and the extent to which the group auditor is involved in the work, may increase the likelihood of identifying a material misstatement of the components’ financial information that may give rise to a material misstatement of the group financial report due to fraud.^[85]

Operating Effectiveness of Controls 

The group auditor may rely on the operating effectiveness of controls that operate throughout the group in determining the nature, timing and extent of substantive procedures to be performed at either the group level or at the components. ASA 330^[86] requires the auditor to design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of those controls. Component auditors may be involved in designing and performing such tests of controls.

If deviations from controls upon which the auditor intends to rely are detected, ASA 330^[87] requires the auditor to make specific enquiries to understand these matters and their potential consequences. If more deviations than expected are detected as a result of testing the operating effectiveness of the controls, the group auditor may need to revise the group audit plan. Possible revisions to the group audit plan may include:

• Requesting additional substantive procedures to be performed at certain components.
• Identifying and testing the operating effectiveness of other relevant controls that are designed and implemented effectively.
• Increasing the number of components selected for further audit procedures.

When the operating effectiveness of controls is tested centrally (e.g., controls at a shared service centre or testing of common controls), the group auditor may need to communicate information about the audit work performed to the component auditors. For example, when a component auditor is requested to design and perform substantive procedures on the entire financial information of the component, or design and perform substantive procedures on one or more classes of transactions, account balances or disclosures, the component auditor may discuss with the group auditor about the control testing performed centrally to determine the nature, timing and extent of the substantive procedures.

Consolidation Process

Consolidation Procedures (Ref: Para. 38)

The further audit procedures on the consolidation process, including sub-consolidations, may include:

• Determining that the necessary journal entries are reflected in the consolidation; and
• Evaluating the operating effectiveness of the controls over the consolidation process and responding appropriately if any controls are determined to be ineffective.

Consolidation Adjustments and Reclassifications (Ref: Para. 38(b))

The consolidation process may require adjustments and reclassifications to amounts reported in the group financial report that do not pass through the usual IT applications, and may not be subject to the same controls to which other financial information is subject. The group auditor’s evaluation of the appropriateness, completeness and accuracy of the adjustments and reclassifications may include:

• Evaluating whether significant adjustments appropriately reflect the events and transactions underlying them;
• Determining whether those entities or business units whose financial information has been included in the group financial report were appropriately included;
• Determining whether significant adjustments have been correctly calculated, processed and authorised by group management and, when applicable, by component management;
• Determining whether significant adjustments are properly supported and sufficiently documented; and
• Evaluating the reconciliation and elimination of intra-group transactions, unrealised profits, and intra-group account balances.

Considerations When Component Auditors Are Involved (Ref: Para. 42–43)

When the group auditor involves component auditors in the design or performance of further audit procedures, the component auditor may determine that the use of the work of an auditor’s expert is appropriate and communicate this to the group auditor. In such circumstances, when determining whether the component auditor’s design and performance of further audit procedures is appropriate, the group auditor may, for example, discuss with the component auditor:

• The nature, scope and objectives of the auditor’s expert’s work.
• The component auditor’s evaluation of the adequacy of the work of the auditor’s expert for the group auditor’s purposes.

The appropriate level of the group auditor’s involvement may depend on the circumstances and the structure of the group and other factors, such as the group auditor’s previous experience with the component auditors that perform procedures on the consolidation process, including sub-consolidations, and the circumstances of the group audit engagement (e.g., if the financial information of an entity or business unit has not been prepared in accordance with the same accounting policies applied to the group financial report).

Communication about Matters Relevant to the Group Auditor’s Conclusion with Regard to the Group Audit (Ref: Para. 45)

Although the matters required to be communicated in accordance with paragraph 45 are relevant to the group auditor’s conclusion with regard to the group audit, certain matters may be communicated during the course of the component auditor’s procedures. In addition to the matters in paragraphs 32 and 50, such matters may include, for example:

• Information about breaches of relevant ethical requirements, including identified breaches of independence provisions;
• Information about instances of non-compliance with laws or regulations;
• Newly arising significant risks of material misstatement, including risks of fraud;
• Identified or suspected fraud or illegal acts involving component management or employees that could have a material effect on the group financial report; or
• Significant and unusual transactions.

Communication of Misstatements of Component Financial Information (Ref: Para. 45(e))

Knowledge about corrected and uncorrected misstatements across components may alert the group auditor to potential pervasive internal control deficiencies, when considered along with the communication of deficiencies in accordance with paragraph 45(g). In addition, a higher than expected number of identified misstatements (uncorrected or corrected) may indicate a higher risk of undetected misstatements, which may lead the group auditor to conclude that additional audit procedures need to be performed at certain components.

Component Auditor’s Overall Findings or Conclusions (Ref: Para. 45(k))

The form and content of the deliverables from the component auditor are influenced by the nature and extent of the audit work the component auditor has been requested to perform. The group auditor’s firm policies or procedures may address the form or specific wording of an overall conclusion from the component auditor on the audit work performed for purposes of the group audit. In some cases, law or regulation may specify the form of conclusion (e.g., an opinion) to be provided by the component auditor.

Evaluating Whether Communications with the Component Auditor Are Adequate for the Group Auditor’s Purposes (Ref: Para. 46(b))

If the group auditor determines that the component auditor’s communications are not adequate for the group auditor’s purposes, the group auditor may consider whether, for example:

• Further information can be obtained from the component auditor (e.g., through further discussions or meetings);
• It is necessary to review additional component auditor audit documentation in accordance with paragraph 47;
• Additional audit procedures may need to be performed in accordance with paragraph 48; or
• There are any concerns about the component auditor’s competence or capabilities.

Reviewing Additional Component Auditor Audit Documentation (Ref: Para. 47)

Paragraph A75 provides guidance for the group auditor in tailoring the nature, timing and extent of the direction and supervision of the component auditor, and the review of their work, based on the facts and circumstances of the group audit and other matters (e.g., the assessed risks of material misstatement of the group financial report). The group auditor’s consideration in accordance with paragraph 47(c) also may be affected by the following matters relevant to the group auditor’s ongoing involvement in the work of the component auditor:

• Communications from the component auditor, including those in accordance with paragraph 45 of this ASA; and
• The review of component auditor audit documentation by the group auditor during the course of the group audit (e.g., to fulfill the requirements of paragraphs 34, 42 and 43) or by the group engagement partner in accordance with paragraph 31 of ASA 220.

Other factors that may affect the group auditor’s determination about whether, and the extent to which, it is necessary to review additional component auditor audit documentation in the circumstances include:

• The degree to which the component auditor was involved in risk assessment procedures and in the identification and assessment of the risks of material misstatement of the group financial report;
• The significant judgements made by, and the findings or conclusions of, the component auditor about matters that are material to the group financial report;
• The competence and capabilities of more experienced engagement team members from the component auditor responsible for reviewing the work of less experienced individuals; and
• Whether the component auditor and group auditor are subject to common policies or procedures for review of audit documentation.

(Ref: Para. 49–50)

The group auditor may:

• Request a component auditor to perform subsequent events procedures to assist the group auditor to identify events that occur between the dates of the financial information of the components and the date of the auditor’s report on the group financial report.
• Perform procedures to cover the period between the date of communication of subsequent events by the component auditor and the date of the auditor’s report on the group financial report.

Sufficiency and Appropriateness of Audit Evidence (Ref: Para. 51)

The audit of a group financial report is a cumulative and iterative process. As the group auditor performs planned audit procedures, the audit evidence obtained may cause the group auditor to modify the nature, timing or extent of other planned audit procedures as information may come to the group auditor’s attention that differs significantly from the information on which the risk assessment was based. For example:

• The misstatements identified at a component may need to be considered in relation to other components; or
• The group auditor may become aware of access restrictions to information or people at a component because of changes in the environment (e.g., war, civil unrest or outbreaks of disease).

In such circumstances, the group auditor may need to re-evaluate the planned audit procedures, based on the revised consideration of assessed risks for all or some of the significant classes of transactions, account balances, or disclosures and related assertions.

The evaluation required by paragraph 51 assists the group auditor in determining whether the overall group audit strategy and group audit plan developed to respond to the assessed risks of material misstatement of the group financial report continues to be appropriate. The requirement in ASA 330^[88] for the auditor, irrespective of the assessed risks of material misstatement, to design and perform substantive procedures for each material class of transactions, account balance, and disclosure also may be helpful for purposes of this evaluation in the context of the group financial report.

The group auditor may consider the engagement team’s exercise of professional scepticism when evaluating the sufficiency and appropriateness of audit evidence obtained. For example, the group auditor may consider whether matters such as those described in paragraph A17 have inappropriately led the engagement team to:

• Obtain audit evidence that is easier to access without giving appropriate consideration to its relevance and reliability:
• Obtain less persuasive evidence than is necessary in the circumstances; or
• Design and perform audit procedures in a manner that is biased towards obtaining evidence that is corroborative or excluding evidence that is contradictory.

ASA 220^[89] requires the engagement partner to determine, on or before the date of the auditor’s report, through review of audit documentation and discussion with the engagement team, that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. Information that may be relevant to the group auditor’s evaluation of the audit evidence obtained from the work performed by component auditors depends on the facts and circumstances of the group audit, and may include:

• The communications from the component auditors required by paragraph 45, including the overall findings or conclusions of the component auditors on the work performed for purposes of the group audit;
• Other communications from the component auditors throughout the group audit, including those required by paragraph 32; and
• The group auditor’s direction and supervision of the component auditors, and review of their work, including, as applicable, the group auditor’s review of additional component auditor audit documentation in accordance with paragraph 47.

In some circumstances, an overall summary memorandum describing the work performed and the results thereof may provide a basis on its own for the group auditor to conclude that the work performed and audit evidence obtained by the component auditor is sufficient for purposes of the group audit. This may be the case, for example, when the component auditor has been requested to perform specific further audit procedures as identified and communicated by the group auditor.

Evaluating the Effect on the Group Audit Opinion (Ref: Para. 52)

The group engagement partner’s evaluation may include a consideration of whether corrected and uncorrected misstatements communicated by component auditors indicate a systemic issue (e.g., regarding transactions subject to common accounting policies or common controls) that may affect other components.

(Ref: Para. 53)

Although component auditors may perform work on the financial information of the components for the group audit and as such are responsible for their overall findings or conclusions, the group engagement partner or the group engagement partner’s firm is responsible for the group audit opinion.

When the group audit opinion is modified because the group auditor was unable to obtain sufficient appropriate audit evidence in relation to the financial information of one or more components, the Basis for Qualified Opinion or Basis for Disclaimer of Opinion section in the auditor’s report on the group financial report describes the reasons for that inability.^[90] In some circumstances, a reference to a component auditor may be necessary to adequately describe the reasons for the modified opinion, for example, when the component auditor is unable to perform or complete the work requested on the component financial information due to circumstances beyond the control of component management.

Communication with Group Management (Ref: Para. 54–56)

The group audit may be complex due to the number and nature of the entities and business units comprising the group. In addition, as explained in paragraph A7, the group auditor may determine that certain entities or business units may be considered together as a component for purposes of planning and performing the group audit. Therefore, discussing with group management an overview of the planned scope and timing may help in co-ordinating the work performed at components, including when component auditors are involved, and in identifying component management (see paragraph A24).

ASA 240^[91] contains requirements and guidance on the communication of fraud to management and, when management may be involved in the fraud, to those charged with governance.

Group management may need to keep certain material sensitive information confidential. Examples of matters that may be significant to the financial report of the component of which component management may be unaware include the following:

• Potential litigation.
• Plans for abandonment of material operating assets.
• Subsequent events.
• Significant legal agreements.

Group management may inform the group auditor about non-compliance or suspected non-compliance with laws or regulations in entities or business units within the group. Paragraph A87 provides guidance for the group engagement partner in these circumstances.

Communication with Those Charged with Governance of the Group (Ref: Para. 57)

The matters the group auditor communicates to those charged with governance of the group may include those brought to the attention of the group auditor by component auditors that the group auditor judges to be significant to the responsibilities of those charged with governance of the group. Communication with those charged with governance of the group may take place at various times during the group audit. For example, the matter referred to in paragraph 57(a) may be communicated after the group auditor has determined the work to be performed on the financial information of the components. On the other hand, the matter referred to in paragraph 57(b) may be communicated at the end of the audit, and the matters referred to in paragraph 57(c)–(d) may be communicated when they occur.

ASA 260^[92] requires the auditor to communicate with those charged with governance an overview of the planned scope and timing of the audit. For a group audit, this communication helps those charged with governance understand the group auditor’s determination of the components at which audit work will be performed, including whether certain of the group’s entities or business units will be considered together as a component, and the planned involvement of component auditors. This communication also helps to enable a mutual understanding of and discussion about the group and its environment (see paragraph 30) and areas, if any, in which those charged with governance may request the group auditor to undertake additional procedures.

Communication of Identified Deficiencies in Internal Control (Ref: Para. 58)

The group auditor is responsible for determining, on the basis of the audit work performed, whether one or more identified deficiencies, individually or in combination, constitute significant deficiencies.^[93] The group auditor may request input from the component auditor about whether an identified deficiency or combination of deficiencies at the component is a significant deficiency in internal control.

(Ref: Para. 59)

Other ASAs contain specific documentation requirements that are intended to clarify the application of ASA 230 in the particular circumstances of those other ASAs. The Appendix to ASA 230 lists other ASAs that contain specific documentation requirements and guidance.

The audit documentation for the group audit supports the group auditor’s evaluation in accordance with paragraph 51 as to whether sufficient appropriate audit evidence has been obtained on which to base the group audit opinion. Also see paragraph A154.

The audit documentation for the group audit comprises:

• The documentation in the group auditor’s file; and
• The separate documentation in the respective component auditor files relating to the work performed by the component auditors for purposes of the group audit (i.e., component auditor audit documentation).

The final assembly and retention of the audit documentation for a group audit is subject to the policies or procedures of the group auditor’s firm in accordance with ASQM 1.^[94] The group auditor may provide specific instructions to component auditors regarding the assembly and retention of the documentation of work performed by them for purposes of the group audit.

Basis for the Group Auditor’s Determination of Components (Ref: Para: 59(b))

The basis for the group auditor’s determination of components may be documented in various ways, including, for example, documentation related to the fulfillment of the requirements in paragraphs 22, 33 and 57(a) of this ASA.

Basis for the Group Auditor’s Determination of the Competence and Capabilities of Component Auditors (Ref: Para: 59(d))

ASQM 1^[95] provides guidance on matters that the firm’s policies or procedures may address regarding the competence and capabilities of the engagement team members. Such policies or procedures may describe or provide guidance about how to document the determination of the competence and capabilities of the engagement team, including component auditors. For example, the confirmation obtained from the component auditor in accordance with paragraph 24 may include information about the component auditor’s relevant industry experience. The group auditor also may ask for confirmation that the component auditor has sufficient time to perform the assigned audit procedures.

Documentation of the Direction and Supervision of Component Auditors and the Review of Their Work (Ref: Para. 59(f))

As described in paragraph A75, the approach to direction, supervision and review in a group audit will be tailored by the group auditor based on the facts and circumstances of the engagement, and will generally include a combination of addressing the group auditor’s firm policies or procedures and responses specific to the group audit. Such policies or procedures may also describe or provide guidance about the documentation of the group auditor’s direction and supervision of the engagement team and the review of their work.

ASA 300 requires the auditor to develop an audit plan that includes a description of the nature, timing and extent of the planned direction and supervision of engagement team members and the review of their work. When component auditors are involved, the extent of such descriptions will often vary by component, recognising that the planned nature, timing and extent of direction and supervision of component auditors, and review of their work, may be influenced by the matters described in paragraph A51.

The group auditor’s documentation of the direction and supervision of component auditors and the review of their work may include, for example:

• Required communications with component auditors, including instructions issued and other confirmations required by this ASA.
• The rationale for the selection of visits to component auditor sites, attendees at meetings and the nature of the matters discussed.
• Matters discussed in meetings with component auditors or component management.
• The rationale for the group auditor’s determination of component auditor audit documentation selected for review.
• Changes in the planned nature and extent of involvement in the work of component auditors, and the reasons why (e.g., assigning more experienced engagement team members in areas of the audit that are more complex or subjective than initially anticipated).

Paragraph 47 requires the group auditor to determine whether, and the extent to which it is necessary to review additional component auditor audit documentation. Paragraphs A148–A149 provide guidance for the group auditor in making this determination.

Component auditor audit documentation ordinarily need not be replicated in the group auditor’s audit file. However, the group auditor may decide to summarise, replicate or retain copies of certain component auditor documentation in the group auditor’s audit file to supplement the description of a particular matter in communications from the component auditor, including the matters required to be communicated by this ASA. Examples of such component auditor documentation may include:

• A listing or summary of the significant judgements made by the component auditor, and the conclusions reached thereon, that are relevant to the group audit;
• Matters that may need to be communicated to those charged with governance of the group; or
• Matters that may be determined to be key audit matters to be communicated in the auditor’s report on the group financial report.

When required by law or regulation, certain component auditor documentation may need to be included in the group auditor’s audit file, for example, to respond to the request of a regulatory authority to review documentation related to work performed by a component auditor.

Policies or procedures established by the firm in accordance with the firm’s system of quality management, or resources provided by the firm or a network, may assist the group auditor in documenting the direction and supervision of component auditors and the review of their work. For example, an electronic audit tool may be used to facilitate communications between the group auditor and component auditors. The electronic audit tool also may be used for audit documentation, including providing information about the reviewer(s) and the date(s) and extent of their review.

Additional Considerations When Access to Component Auditor Audit Documentation is Restricted (Ref: Para. 59)

Audit documentation for a group audit may present some additional complexities or challenges in certain circumstances. This may be the case, for example, when law or regulation restrict the component auditor from providing documentation outside of its jurisdiction, or when war, civil unrest or outbreaks of disease restrict access to relevant component auditor audit documentation.

The group auditor may be able to overcome such restrictions by, for example:

• Visiting the location of the component auditor, or meeting with the component auditor in a location different from where the component auditor is located, to review the component auditor’s audit documentation;
• Reviewing the relevant audit documentation remotely through the use of technology, when not prohibited by law or regulation;
• Requesting the component auditor to prepare and provide a memorandum that addresses the relevant information and holding discussions with the component auditor, if necessary, to discuss the contents of the memorandum; or
• Discussing with the component auditor the procedures performed, the evidence obtained and the conclusions reached by the component auditor.

It is a matter of professional judgement whether one or more of the actions described above may be sufficient to overcome the restrictions depending on the facts and circumstances of the group audit.

When access to component auditor audit documentation is restricted, the group auditor’s documentation nonetheless needs to comply with the requirements of the ASAs, including those relating to the documentation of the nature, timing and extent of the group auditor’s direction and supervision of component auditors and the review of their work. The guidance in paragraphs A148–A149 may be helpful in determining the extent of the group auditor’s review of the component auditor audit documentation in these circumstances. Paragraphs A176 and A177 provide examples of circumstances in which certain component auditor audit documentation may be included in the group auditor’s audit file.

If the group auditor is unable to overcome restrictions on access to the component auditor audit documentation, the group auditor may need to consider whether a scope limitation exists that may require a modification to the opinion on the group financial report. See paragraph A45.

[Aus] Illustration 1A: Illustration of Independent Auditor’s Report When the Group Auditor Is Not Able to Obtain Sufficient Appropriate Audit Evidence on Which to Base the Group Audit Opinion – General Purpose Financial Report, Qualified Opinion under the Corporations Act 2001

Download example Auditor's Reports. 

Download Appendix 2. 

Download Appendix 3.