Application and Other Explanatory Material

Scope of this ASA

(Ref: Para. 1–2)

A1

This ASA also deals with the special considerations for the group engagement partner or group auditor, as applicable, in applying the requirements and guidance in ASA 220, including for the direction and supervision of component auditors and the review of their work.

A2

ASQM 1 [34] addresses the engagements for which an engagement quality review is required to be performed. ASQM 2 [35] deals with the appointment and eligibility of the engagement quality reviewer and the engagement quality reviewer’s responsibilities relating to performing and documenting an engagement quality review, including for a group audit.

A3

An entity or business unit of a group may also prepare its own group financial report that incorporates the financial information of those entities or business units it encompasses (that is, a sub-group). This ASA applies to an audit of the group financial report of such sub-groups performed for statutory, regulatory or other reasons.

A4

A single legal entity may be organised with more than one business unit, for example, a company with operations in multiple locations, such as a bank with multiple branches. When those business units have characteristics such as separate locations, separate management, or separate information systems (including a separate general ledger) and the financial information is aggregated in preparing the single legal entity’s financial report, such a financial report meets the definition of a group financial report because they include the financial information of more than one entity or business unit through a consolidation process.

A5

In some cases, a single legal entity may configure its information system to capture financial information for more than one product or service line for legal or regulatory reporting or other management purposes. In these circumstances, the entity’s financial report is not a group financial report because there is no aggregation of the financial information of more than one entity or business unit through a consolidation process. Further, capturing separate information (e.g., in a sub-ledger) for legal or regulatory reporting or other management purposes does not create separate entities or business units (e.g., divisions) for purposes of this ASA.

Groups and Components (Ref: Para. 4–5

A6

The group’s information system, including its financial reporting process, may or may not be aligned with the group’s organisational structure. For example, a group may be organised according to its legal structure, but its information system may be organised by function, process, product or service (or by groups of products or services), or geographic locations for management or reporting purposes.

A7

Based on the understanding of the group’s organisational structure and information system, the group auditor may determine that the financial information of certain entities or business units may be considered together for purposes of planning and performing audit procedures. For example, a group may have three legal entities with similar business characteristics, operating in the same geographical location, under the same management, and using a common system of internal control, including the information system. In these circumstances, the group auditor may decide to treat these three legal entities as one component.

A8

A group may also centralise activities or processes that are applicable to more than one entity or business unit within the group, for example through the use of a shared service centre. When such centralised activities are relevant to the group’s financial reporting process, the group auditor may determine that the shared service centre is a component.

A9

Another consideration that may be relevant to the group auditor’s determination of components is how management has determined operating segments in accordance with the disclosure requirements of the applicable financial reporting framework.[36]

Involvement of Component Auditors (Ref: Para. 7–8

A10

Component auditors may perform an audit of the financial report of a component, whether for statutory, regulatory or other reasons, particularly when a component is a legal entity. When a component auditor is also performing or has completed an audit of the component financial report, the group auditor may be able to use audit work performed on the component financial report, provided the group auditor is satisfied that such work is appropriate for purposes of the group audit. In addition, component auditors may adapt the work performed on the audit of the component financial report to also meet the needs of the group auditor. In any event, the requirements of this ASA apply, including those relating to the direction and supervision of component auditors and the review of their work.

A11

In accordance with ASA 220,[37] the engagement partner is required to determine that the approach to direction, supervision and review is responsive to the nature and circumstances of the audit engagement. Paragraph A76 provides examples of different ways in which the group engagement partner may take responsibility for directing and supervising component auditors and reviewing their work, and may be helpful in circumstances when the group auditor plans to use the audit work from an audit of a component financial report that has already been completed.

A12

As explained in ASA 200,[38] detection risk relates to the nature, timing and extent of the auditor’s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. Detection risk is a function not only of the effectiveness of an audit procedure but also the application of that procedure by the auditor. Therefore, detection risk is influenced by matters such as adequate planning, the assignment of appropriate resources to the engagement, the exercise of professional scepticism, and the supervision and review of the audit work performed.

A13

Detection risk is a broader concept than aggregation risk as described in paragraphs 14(a) and A19. In a group audit, there may be a higher probability that the aggregate of uncorrected and undetected misstatements may exceed materiality for the group financial report as a whole because audit procedures may be performed separately on the financial information of components across the group. Accordingly, component performance materiality is set by the group auditor to reduce aggregation risk to an appropriately low level.

Professional Scepticism (Ref: Para. 9)

A14

ASA 220[39] provides examples of the impediments to the exercise of professional scepticism at the engagement level, including unconscious auditor biases that may impede the exercise of professional scepticism when designing and performing audit procedures and evaluating audit evidence. ASA 220 also provides possible actions that the engagement team may take to mitigate impediments to the exercise of professional scepticism at the engagement level.

A15

Requirements and relevant application material in ASA 315,[40] ASA 540[41] and other ASAs address the exercise of professional scepticism, and include examples of how documentation may help provide evidence of the auditor’s exercise of professional scepticism.

A16

All members of the engagement team are required to exercise professional scepticism throughout the group audit. The group auditor’s direction and supervision of engagement team members, including component auditors, and the review of their work, may inform the group auditor about whether the engagement team has appropriately exercised professional scepticism.

A17

The exercise of professional scepticism in a group audit may be affected by matters such as the following:

  • Component auditors in different locations may be subject to varying cultural influences, which may affect the nature of the biases to which they are subject.
  • The complex structure of some groups may introduce factors that give rise to increased susceptibility to risks of material misstatement. In addition, an overly complex organisational structure may be a fraud risk factor in accordance with ASA 240[42] and therefore may require additional time or expertise to understand the business purpose and activities of certain entities or business units.
  • The nature and extent of intra-group transactions (e.g., transactions that involve multiple entities and business units within the group or multiple related parties), cash flows or transfer pricing agreements may give rise to additional complexities. In some cases, such matters may also give rise to fraud risk factors.
  • When the group audit is subject to tight reporting deadlines imposed by group management, this may put pressure on engagement team members when completing the work assigned. In these circumstances, the engagement team may need to take additional time to appropriately question management’s assertions, make appropriate judgements, or appropriately review the audit work performed.

A18

The exercise of professional scepticism by the group auditor includes remaining alert for inconsistent information from component auditors, component management and group management about matters that may be significant to the group financial report.

Definintions

Aggregation Risk (Ref: Para. 14(a))

A19

Aggregation risk exists in all audits of the financial report, but is particularly important to understand and address in a group audit because there is a greater likelihood that audit procedures will be performed on classes of transactions, account balances or disclosures that are disaggregated across components. Generally, aggregation risk increases as the number of components increases at which audit procedures are performed separately, whether by component auditors or other members of the engagement team.

Component (Ref: Para. 14(b))

A20

The group auditor uses professional judgement in determining components at which audit work will be performed. Paragraph A7 explains that the financial information of certain entities or business units may be considered together for purposes of planning and performing audit procedures. However, the group auditor’s responsibility for the identification and assessment of the risks of material misstatement of the group financial report encompasses all of the entities and business units whose financial information is included in the group financial report.

Component Auditor (Ref: Para. 14(c))

A21

References in this ASA to the engagement team include the group auditor and component auditors. Component auditors may be from a network firm, a firm that is not a network firm, or the group auditor’s firm (e.g., another office within the group auditor’s firm).

A22

In some circumstances, the group auditor may perform centralised testing on classes of transactions, account balances or disclosures, or may perform audit procedures related to a component. In these circumstances, the group auditor is not considered a component auditor.

A23

Paragraph 24 requires the group auditor to request the component auditor to confirm that the component auditor will cooperate with the group auditor, including whether the component auditor will perform the work requested by the group auditor. Paragraph A58 provides guidance for circumstances in which the component auditor is unable to provide such a confirmation.

Component Management (Ref: Para. 14(d))

A24

Component management refers to management responsible for the financial information or other activity (e.g., processing of transactions at a shared service centre) at an entity or business unit that is part of the group. When the group auditor considers the financial information of certain entities or business units together as a component or determines that a shared service centre is a component (see paragraphs A7‒A8), component management refers to the management that is responsible for the financial information or transaction processing that is subject to the audit procedures being performed in relation to that component. In some circumstances, there may not be separate component management and group management may be directly responsible for the financial information or other activities of the component.

Group Engagement Partner (Ref: Para. 14(j))

A25

[Deleted by the AUASB]

Group Financial Report (Ref: Para. 2, 14(k))

A26

The requirements for the preparation and presentation of the group financial report may be specified in the applicable financial reporting framework, which may therefore affect the determination of the financial information of entities or business units to be included in the group financial report. For example, some frameworks require the preparation of a consolidated financial report when an entity (a parent entity) controls one or more other entities (e.g., subsidiaries) through majority ownership interest or other means. In some cases, the applicable financial reporting framework includes separate requirements for, or may otherwise permit, the presentation of a combined financial report. Examples of circumstances in which the presentation of a combined financial report may be permitted include entities that have no parent but are under common control or entities under common management.

A27

The term “consolidation process” as used in this ASA is not intended to have the same meaning as “consolidation” or “consolidated financial report” as defined or described in financial reporting frameworks. Rather, the term “consolidation process” refers more broadly to the process used to prepare a group financial report.

A28

The detailed aspects of the consolidation process vary from one group to another, depending on the group’s structure and information system, including the financial reporting process. However, a consolidation process involves considerations such as the elimination of intra-group transactions and balances and, when applicable, implications of different reporting periods for entities or business units included in the group financial report.

Leadership Responsibilities for Managing and Achieving Quality on a Group Audit

(Ref: Para. 11, 16)

A29

It may not be possible or practical for the group engagement partner to solely deal with all requirements in ASA 220, particularly when the engagement team includes a large number of component auditors located in multiple locations. In managing quality at the engagement level, ASA 220[43] permits the engagement partner to assign the design or performance of procedures, tasks or actions to other members of the engagement team to assist the engagement partner. Accordingly, the group engagement partner may assign procedures, tasks or actions to other members of the engagement team and these members may assign procedures, tasks or actions further. In such circumstances, ASA 220 requires that the engagement partner shall continue to take overall responsibility for managing and achieving quality on the audit engagement.

A30

Policies or procedures established by the firm, or that are common network requirements or network services,[44] may support the group engagement partner by facilitating communication between the group auditor and component auditors and supporting the group auditor’s direction and supervision of those component auditors and the review of their work.

A31

ASA 220[45] explains that a culture that demonstrates a commitment to quality is shaped and reinforced by the engagement team members as they demonstrate expected behaviours when performing the engagement. In addressing the requirement in paragraph 16(a), the group engagement partner may communicate directly to other members of the engagement team (including component auditors) and reinforce this communication through personal conduct and actions (e.g., leading by example).

Acceptance and Continuance

Determining Whether Sufficient and Appropriate Audit Evidence Can Reasonably Be Expected to Be Obtained (Ref: Para. 17–18)

A32

In determining whether sufficient appropriate audit evidence can reasonably be expected to be obtained, the group engagement partner may obtain an understanding of matters such as:

  • The group structure, including both the legal and organisational structure.
  • Activities that are significant to the group, including the industry and regulatory, economic and political environments in which those activities take place.
  • The use of service organisations.
  • The use of shared service centres.
  • The consolidation process.
  • Whether the group auditor:
    • Will have unrestricted access to those charged with governance of the group, group management, those charged with governance of the component, component management and component information, including of those components that are accounted for by the equity method; and
    • Will be able to perform necessary work on the financial information of the components when applicable.
  • Whether sufficient and appropriate resources are assigned or will be made available.

A33

In the case of an initial group audit engagement, the group auditor’s understanding of the matters in paragraph A32 may be obtained from:

  • Information provided by group management;
  • Communication with group management;
  • Communication with those charged with governance of the group; and
  • When applicable, communication with component management or the predecessor auditor.

A34

For a recurring engagement, the ability to obtain sufficient appropriate audit evidence may be affected by significant changes in, for example:

  • The group structure (e.g., acquisitions, disposals, joint ventures, reorganisations, or changes in how the group financial reporting system is organised).
  • Components’ activities that are significant to the group.
  • The composition of those charged with governance of the group, group management, or key management of components for which audit procedures are expected to be performed.
  • The group auditor’s understanding of the integrity and competence of group or component management.
  • The applicable financial reporting framework.

Aus A34.1

Section 323B of the Corporations Act 2001 (the Act) requires the officer or auditor of a controlled entity to give the principal auditor access to the controlled entity’s books; and give the auditor any information, explanation or assistance required under section 323A of the Act.

A35

There may be additional complexities with obtaining sufficient appropriate audit evidence in a group audit when components are located in jurisdictions other than the group auditor’s jurisdiction because of cultural and language differences, and different laws or regulations. For example, law or regulation may restrict the component auditor from providing documentation outside of its jurisdiction, or war, civil unrest or outbreaks of disease may restrict the group auditor’s access to relevant component auditor audit documentation. Paragraph A180 includes possible ways to address these situations.

A36

Restrictions may be imposed after the group engagement partner’s acceptance of the group audit engagement that may affect the engagement team’s ability to obtain sufficient appropriate audit evidence. Such restrictions may include those affecting:

  • The group auditor’s access to component information, management or those charged with governance of components, or the component auditors (including relevant audit documentation sought by the group auditor) (see paragraphs 20 and 21); or
  • The work to be performed on the financial information of components.

Paragraphs A45–A46 explain the possible effect of such restrictions on the auditor’s report on the group financial report.

Agreeing the Terms of Audit Engagements (Ref: Para. 19)

A37

ASA 210[46] requires the auditor to agree the terms of the audit engagement with management or those charged with governance, as appropriate. The terms of engagement identify the applicable financial reporting framework. Additional matters that may be included in the terms of a group audit engagement include:

  • Communications between the group auditor and component auditors should be unrestricted to the extent possible under laws or regulations;
  • Important communications between component auditors and those charged with governance of the component or component management, including communications on significant deficiencies in internal control, should be communicated to the group auditor;
  • Communications between regulatory authorities and entities or business units related to financial reporting matters that may be relevant to the group audit should be communicated to the group auditor; and
  • The group auditor should be permitted to perform work, or request a component auditor to perform work, at the component.

Restrictions on Access to Information or People (Ref: Para. 20–21)

A38

Restrictions on access to information or people do not eliminate the requirement for the group auditor to obtain sufficient appropriate audit evidence.

A39

Access to information or people can be restricted for many reasons, such as restrictions imposed by component management, laws or regulations or other conditions, for example, war, civil unrest or outbreaks of disease. Paragraph A180 describes how the group auditor may be able to overcome restrictions on access to component auditor audit documentation.

A40

In some circumstances, the group auditor may be able to overcome restrictions on access to information or people, for example:

  • If access to component management or those charged with governance of the component is restricted, the group auditor may request group management or those charged with governance of the group to assist with removing the restriction or otherwise request information directly from group management or those charged with governance of the group.
  • If the group has a non-controlling interest in an entity that is accounted for by the equity method, the group auditor may determine whether provisions exist (e.g., in the terms of joint venture agreements, or the terms of other investment agreements) regarding access by the group to the financial information of the entity and request group management to exercise such rights.
  • If the group has a non-controlling interest in an entity that is accounted for by the equity method and the group has representatives who are on the executive board or are members of those charged with governance of the non-controlled entity, the group auditor may enquire whether they can provide financial and other information available to them in these roles.

A41

If the group has a non-controlling interest in an entity that is accounted for by the equity method and the group auditor’s access to information or people at the entity is restricted, the group auditor may be able to obtain information to be used as audit evidence regarding the entity’s financial information, for example:

  • Financial information that is available from group management, as group management also needs to obtain the non-controlled entity’s financial information in order to prepare the group financial report.
  • Publicly available information, such as an audited financial report, public disclosure documents, or quoted prices of equity instruments in the non-controlled entity.

It is a matter of professional judgement, particularly in view of the assessed risks of material misstatement of the group financial report and considering other sources of information that may corroborate or otherwise contribute to audit evidence obtained, whether the auditor can obtain sufficient appropriate audit evidence.[47]

A42

If the group has a non-controlling interest in an entity that is accounted for by the equity method and access to information or people at the entity is restricted, the group auditor may consider whether such restrictions are inconsistent with group management’s assertions regarding the appropriateness of the use of the equity method of accounting.

A43

When the group auditor is unable to obtain sufficient appropriate audit evidence due to restrictions on access to information or people, the group auditor may:

  • Communicate the restrictions to the group auditor’s firm to assist the group auditor in determining an appropriate course of action. For example, the group auditor’s firm may communicate with group management about the restrictions and encourage group management to communicate with regulators. This may be useful when restrictions affect multiple audits in the jurisdiction or by the same firm, for example, because of war, civil unrest or outbreaks of disease in a major economy.
  • Be required by law or regulation to communicate with regulators, listing authorities, or others, about the restrictions.

A44

Restrictions on access may have other implications for the group audit. For example, if restrictions are imposed by group management, the group auditor may need to reconsider the reliability of group management’s responses to the group auditor’s enquiries and whether the restrictions call into question group management’s integrity.

Effect of Restrictions on Access to Information or People on the Auditor’s Report on a Group Financial Report (Ref: Para. 20–21)

A45

ASA 705[48] contains requirements and guidance about how to address situations when the group auditor is unable to obtain sufficient appropriate audit evidence. Appendix 1 contains an example of an auditor’s report containing a qualified group audit opinion based on the group auditor’s inability to obtain sufficient appropriate audit evidence in relation to a component that is accounted for by the equity method.

Law or Regulation Prohibit the Group Engagement Partner from Declining or Withdrawing from an Engagement (Ref: Para. 20–21)

A46

Law or regulation may prohibit the group engagement partner from declining or withdrawing from an engagement. For example, in some jurisdictions the auditor is appointed for a specified period of time and is prohibited from withdrawing before the end of that period. Also, in the public sector, the option of declining or withdrawing from an engagement may not be available to the auditor due to the nature of the mandate or public interest considerations. In these circumstances, the requirements in this ASA still apply to the group audit, and the effect of the group auditor’s inability to obtain sufficient appropriate audit evidence is addressed in ASA 705.

Overall Group Audit Strategy and Group Audit Plan

The Continual and Iterative Nature of Planning and Performing a Group Audit (Ref: Para. 22)

A47

As explained in ASA 300,[49] planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit engagement. For example, due to unexpected events, changes in conditions, or audit evidence obtained from risk assessment or further audit procedures, the group auditor may need to modify the overall group audit strategy and group audit plan, and the resulting planned nature, timing and extent of further audit procedures, based on the revised consideration of assessed risks. The group auditor may also modify the determination of the components at which to perform audit work as well as the nature, timing and extent of the component auditors’ involvement. ASA 300[50] requires the auditor to update and change the overall audit strategy and audit plan as necessary during the course of the audit.

Establishing the Overall Group Audit Strategy and Group Audit Plan (Ref: Para. 22)

A48

In an initial group audit engagement, the group auditor may have a preliminary understanding of the group and its environment, the applicable financial reporting framework and the entity’s system of internal control based on information obtained from group management, those charged with governance of the group and, when applicable, communication with component management or the predecessor auditor. In a recurring group audit engagement, the group auditor’s preliminary understanding may be obtained through prior period audits. This preliminary understanding may assist the group auditor in developing initial expectations about the classes of transactions, account balances and disclosures that may be significant.

A49

The group auditor may also use information obtained during the engagement acceptance and continuance process in establishing the overall group audit strategy and group audit plan, for example, in relation to the resources needed to perform the group audit.

A50

The process of establishing the overall group audit strategy and group audit plan and initial expectations about the classes of transactions, account balances and disclosures that may be significant at the group financial statement level may assist the group auditor in developing a preliminary determination of matters such as:

  • Whether to perform audit work centrally, at components or a combination thereof; and
  • The nature, timing and extent of audit work to be performed with respect to the financial information of components (e.g., design and perform risk assessment procedures, further audit procedures, or a combination thereof).

Components at Which to Perform Audit Work (Ref: Para. 22(a))

A51

The determination of components at which to perform audit work is a matter of professional judgement. Matters that may influence the group auditor’s determination include, for example:

  • The nature of events or conditions that may give rise to risks of material misstatement at the assertion level of the group financial report that are associated with a component, for example:
    • Newly formed or acquired entities or business units.
    • Entities or business units in which significant changes have taken place.
    • Significant transactions with related parties.
    • Significant transactions outside the normal course of business.
    • Abnormal fluctuations identified by analytical procedures performed at the group level, in accordance with ASA 315.[51]
  • The disaggregation of significant classes of transactions, account balances and disclosures in the group financial report across components, considering the size and nature of assets, liabilities and transactions at the location or business unit relative to the group financial report.
  • Whether sufficient appropriate audit evidence is expected to be obtained for all significant classes of transactions, account balances and disclosures in the group financial report from audit work planned on the financial information of identified components.
  • The nature and extent of misstatements or control deficiencies identified at a component in prior period audits.
  • The nature and extent of the commonality of controls across the group and whether, and if so, how, the group centralises activities relevant to financial reporting.

Resources (Ref: Para. 22(b))

A52

Matters that influence the group auditor’s determination of the resources needed to perform the group audit and the nature, timing and extent to which component auditors are to be involved are a matter of professional judgement and may include, for example:

  • The understanding of the group, the components within the group at which audit work is to be performed and whether to perform work centrally, at components or a combination thereof.
  • The knowledge and experience of the engagement team. For example, component auditors may have greater experience and a more in-depth knowledge than the group auditor of the local industries in which components operate, laws or regulations, business practices, language and culture. In addition, the involvement of auditor’s experts may be needed on complex matters.
  • The initial expectations about the potential risks of material misstatement.
  • The amount or location of resources to allocate to specific audit areas. For example, the extent to which components are dispersed across multiple locations may impact the need to involve component auditors in specific locations.
  • Access arrangements. For example, when the group auditor’s access to a component in a particular jurisdiction is restricted, component auditors may need to be involved.
  • The nature of the components’ activities, including their complexity or specialisation of operations.
  • The group’s system of internal control, including the information system in place, and its degree of centralisation. For example, the involvement of component auditors may be more likely when the system of internal control is decentralised.
  • Previous experience with the component auditor.

A53

Component auditors may be involved in different phases of an audit, for example, component auditors may design or perform:

  • Risk assessment procedures; and
  • Procedures to respond to the assessed risks of material misstatement.

A54

The nature, timing and extent to which component auditors are to be involved depends on the facts and circumstances of the group audit engagement. Often component auditors will be involved in all phases of the audit, but the group auditor may decide to involve component auditors only in a certain phase. When the group auditor does not intend to involve component auditors in risk assessment procedures, the group auditor may still discuss with component auditors whether there are any significant changes in the business or the system of internal control of the component that could have an effect on the risks of material misstatement of the group financial report.

A55

ASA 300[52] requires the engagement partner and other key members of the engagement team to be involved in planning the audit. When component auditors are involved, one or more individuals from a component auditor may be key members of the engagement team and therefore involved in planning the group audit. The involvement of component auditors in planning the audit draws on their experience and insight, thereby enhancing the effectiveness and efficiency of the planning process. The group engagement partner uses professional judgement in determining which component auditors to involve in planning the audit. This may be affected by the nature, timing and extent to which the component auditors are expected to be involved in designing and performing risk assessment or further audit procedures.

A56

As described in ASQM 1,[53] there may be circumstances when the fee quoted for an engagement is not sufficient given the nature and circumstances of the engagement, and it may diminish the firm’s ability to perform the engagement in accordance with professional standards and applicable legal or regulatory requirements. The level of fees, including their allocation to component auditors, and the extent to which they relate to the resources required, may be a special consideration for group audit engagements. For example, in a group audit, the firm’s financial and operational priorities may place constraints on the determination of the components at which audit work will be performed, as well as the resources needed, including the involvement of component auditors. In such circumstances, these constraints do not override the group engagement partner’s responsibility for achieving quality at the engagement level or the requirements for the group auditor to obtain sufficient appropriate audit evidence on which to base the group audit opinion.

Considerations When Component Auditors Are Involved

Sufficient and Appropriate Involvement in the Work of the Component Auditor (Ref: Para. 23–24)

A57

In evaluating whether the group auditor will be able to be sufficiently and appropriately involved in the work of the component auditor, the group auditor may obtain an understanding of whether the component auditor is subject to any restrictions that limit communication with the group auditor, including with regard to sharing audit documentation with the group auditor. The group auditor may also obtain an understanding about whether audit evidence related to components located in a different jurisdiction may be in a different language and may need to be translated for use by the group auditor.

A58

If the component auditor is unable to cooperate with the group auditor, the group auditor may:

  • Request the component auditor to provide its rationale.
  • Be able to take appropriate action to address the matter, including adjusting the nature of the work requested to be performed. Alternatively, in accordance with paragraph 27, the group auditor may need to obtain sufficient appropriate audit evidence relating to the work to be performed at the component without involving the component auditor.

Relevant Ethical Requirements, Including Those Related to Independence (Ref: Para. 25)

A59

When performing work at a component for a group audit engagement, the component auditor is subject to ethical requirements, including those related to independence, that are relevant to the group audit engagement. Such requirements may be different from or in addition to those applying to the component auditor when performing an audit on the financial report of an entity or business unit that is part of the group for statutory, regulatory or other reasons in the component auditor’s jurisdiction.

A60

In making the component auditors aware of relevant ethical requirements, the group auditor may consider whether additional information or training for component auditors is necessary regarding the provisions of the ethical requirements that are relevant to the group audit engagement.

Engagement Resources (Ref: Para. 26)

A61

ASA 220[54] requires the engagement partner to determine that sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner. When sufficient or appropriate resources are not made available in relation to work to be performed by a component auditor, the group engagement partner may discuss the matter with the component auditor, group management or the group auditor’s firm and may subsequently request the component auditor or the group auditor’s firm to make sufficient and appropriate resources available.

Competence and capabilities of the component auditors

A62

ASA 220[55] provides guidance regarding matters the engagement partner may take into consideration when determining the competence and capabilities of the engagement team. This determination is particularly important in a group audit when the engagement team includes component auditors. ASA 220[56] indicates that the firm’s policies or procedures may require the firm or the engagement partner to take different actions from those applicable to personnel when obtaining an understanding of whether a component auditor from another firm has the appropriate competence and capabilities to perform the audit engagement.

A63

Determining whether component auditors have the appropriate competence and capabilities is a matter of professional judgement and is influenced by the nature and circumstances of the group audit engagement. This determination influences the nature, timing and extent of the group engagement partner’s direction and supervision of the component auditor and the review of their work.

A64

In determining whether component auditors have the appropriate competence and capabilities to perform the assigned audit procedures at the component, the group engagement partner may consider matters such as:

  • Previous experience with or knowledge of the component auditor.
  • The component auditor’s specialised skills (e.g., industry-specific knowledge).
  • The degree to which the group auditor and component auditor are subject to a common system of quality management, for example, whether the group auditor and a component auditor:
    • Use common resources to perform the work (e.g., audit methodologies or IT applications);
    • Share common policies or procedures affecting engagement performance (e.g., direction, supervision and review of work or consultation);
    • Are subject to common monitoring activities; or
    • Have other commonalities, including common leadership or a common cultural environment.
  • The consistency or similarity of:
    • Laws or regulations or legal system;
    • Language and culture;
    • Education and training;
    • Professional oversight, discipline, and external quality assurance; or
    • Professional organisations and standards.
  • Information obtained about the component auditor through interactions with component management, those charged with governance, and other key personnel, such as internal auditors.

A65

The procedures to determine the component auditor’s competency and capability may include, for example:

  • An evaluation of the information communicated by the group auditor’s firm to the group auditor, including:
    • The firm’s ongoing communication related to monitoring and remediation, in circumstances when the group auditor and component auditor are from the same firm.
    • Information from the network about the results of the monitoring activities undertaken by the network across the network firms.[58]
    • Information obtained from professional body(ies) to which the component auditor belongs, the authorities by which the component auditor is licensed, or other third parties.
  • Discussing the assessed risks of material misstatement with the component auditor.
  • Requesting the component auditor to confirm their understanding of the matters referred to in paragraph 25 in writing.
  • Discussing the component auditor’s competence and capabilities with colleagues in the group engagement partner’s firm that have worked directly with the component auditor.
  • Obtaining published external inspection reports.

A66

The group engagement partner’s firm and the component auditor may be members of the same network and may be subject to common network requirements or use common network services.[59] When determining whether component auditors have the appropriate competence and capabilities to perform work in support of the group audit engagement, the group engagement partner may be able to depend on such network requirements, for example, those addressing professional training or recruitment, or that require the use of audit methodologies and related implementation tools. In accordance with ASQM 1,[60] the firm is responsible for designing, implementing and operating its system of quality management, and the firm may need to adapt or supplement network requirements or network services to be appropriate for use in its system of quality management.

Using the work of an auditor’s expert

A67

ASA 220[61] requires the engagement partner to determine that members of the engagement team, and any auditor’s external experts who are not part of the engagement team, collectively have the appropriate competence and capabilities, including sufficient time, to perform the audit engagement. If an auditor’s expert is used by a component auditor, the group engagement partner may need to obtain information from the component auditor. For example, the group auditor may discuss with the component auditor the component auditor’s evaluation of the competence and capabilities of the auditor’s expert.

Automated tools and techniques 

A68

When determining whether the engagement team has the appropriate competence and capabilities, the group engagement partner may take into consideration such matters as the expertise of the component auditor in the use of automated tools and techniques. For example, as described in ASA 220,[62] when the group auditor requires component auditors to use specific automated tools and techniques when performing audit procedures, the group auditor may communicate with component auditors that the use of such automated tools and techniques need to comply with the group auditor’s instructions.

Application of the Group Auditor’s Understanding of a Component Auditor (Ref: Para. 27)

A69

ASA 220[63] requires the engagement partner to take responsibility for other members of the engagement team having been made aware of relevant ethical requirements that are applicable given the nature and circumstances of the audit engagement, and the firm’s related policies or procedures. This includes the firm’s policies or procedures that address circumstances that may cause a breach of relevant ethical requirements, including those related to independence, and the responsibilities of members of the engagement team when they become aware of breaches. The firm’s policies or procedures also may address breaches of independence requirements by component auditors, and actions the group auditor may take in those circumstances in accordance with the relevant ethical requirements. In addition, relevant ethical requirements or law or regulation may also specify particular communications to those charged with governance in circumstances when breaches of independence requirements have been identified.[64]

A70

If there has been a breach by a component auditor of the relevant ethical requirements that apply to the group audit engagement, including those related to independence, and the breach has not been satisfactorily addressed in accordance with provisions of the relevant ethical requirements, the group auditor cannot use the work of that component auditor.

A71

Serious concerns are those concerns that in the group auditor’s professional judgement cannot be overcome. The group engagement partner may be able to overcome less than serious concerns about the component auditor’s professional competency (e.g., lack of industry-specific knowledge), or the fact that the component auditor does not operate in an environment that actively oversees auditors, by the group auditor being more involved in the work of the component auditor or by directly performing further audit procedures on the financial information of the component.

Engagement Performance (Ref: Para. 28)

A72

ASA 220[65] requires the engagement partner to determine that the nature, timing and extent of direction, supervision and review is planned and performed in accordance with the firm’s policies or procedures, professional standards and applicable legal and regulatory requirements, and is responsive to the nature and circumstances of the audit engagement and the resources assigned or made available to the engagement team. For a group audit, the approach to direction, supervision and review will generally include a combination of addressing the group auditor’s firm policies or procedures and group audit engagement-specific responses.

A73

For a group audit, particularly when the engagement team includes a large number of component auditors that may be located in multiple locations, the group engagement partner may assign the design or performance of procedures, tasks or actions to other members of the engagement team to assist the group engagement partner in fulfilling the responsibility for the nature, timing and extent of the direction and supervision of component auditors and the review of their work (see also paragraph 11).

A74

If component auditors are from a firm other than the group auditor’s firm, the firm’s policies or procedures may be different, or different actions may need to be taken, respectively, in relation to the nature, timing and extent of direction and supervision of those members of the engagement team, and the review of their work. In particular, firm policies or procedures may require the firm or the group engagement partner to take different actions from those applicable to members of the engagement team within the firm or the network (e.g., in relation to the form, content and timing of communications with component auditors, including the use of group auditor instructions to component auditors). ASA 220 provides examples of actions that may need to be taken in such circumstances.[66]

A75

The nature, timing and extent of direction and supervision of component auditors and review of their work may be tailored based on the nature and circumstances of the engagement and, for example:

  • The assessed risks of material misstatement. For example, if the group auditor has identified a component that includes a significant risk, an increase in the extent of direction and supervision of the component auditor and a more detailed review of the component auditor’s audit documentation may be appropriate.
  • The competence and capabilities of the component auditors performing the audit work. For example, if the group auditor has no previous experience working with a component auditor, the group auditor may communicate more detailed instructions, increase the frequency of discussions or other interactions with the component auditor, or assign more experienced individuals to oversee the component auditor as the work is performed.
  • The location of engagement team members, including the extent to which engagement team members are dispersed across multiple locations, including when service delivery centres are used.
  • Access to component auditor audit documentation. For example, when law or regulation precludes component auditor audit documentation from being transferred out of the component auditor’s jurisdiction, the group auditor may be able to review the audit documentation at the component auditor’s location or remotely through the use of technology, when not prohibited by law or regulation (see also paragraphs A179–A180).

A76

There are different ways in which the group engagement partner may take responsibility for directing and supervising component auditors and reviewing their work, for example:

  • Communications with component auditors throughout the course of the group audit, including communications required by this ASA.
  • Meetings or calls with component auditors to discuss identified and assessed risks, issues, findings and conclusions.
  • Reviews of the component auditor’s audit documentation in person or remotely when permitted by law and regulation.
  • Participating in the closing or other key meetings between the component auditors and component management.

A77

In applying ASA 220,[67] the group engagement partner is required to review audit documentation at appropriate points in time during the audit engagement, including audit documentation relevant to the group audit relating to:

  • Significant matters;
  • Significant judgements, including those relating to difficult or contentious matters identified during the audit engagement, and the conclusions reached; and
  • Other matters that, in the engagement partner’s professional judgement, are relevant to the engagement partner’s responsibilities.

The review of such audit documentation by the group engagement partner often takes place during the course of the group audit, including the review of relevant component auditor audit documentation (also see paragraph A148).

Communications with Component Auditors (Ref: Para. 29)

A78

Clear and timely communication between the group auditor and the component auditors about their respective responsibilities, along with clear direction to the component auditors about the nature, timing and extent of the work to be performed and the matters expected to be communicated to the group auditor, helps establish the basis for effective two-way communication. Effective two-way communication between the group auditor and the component auditors also helps to set expectations for component auditors and facilitates the group auditor’s direction and supervision of them and the review of their work. Such communication also provides an opportunity for the group engagement partner to reinforce the need for component auditors to exercise professional scepticism in the work performed for purposes of the group audit.

A79

Other factors that may also contribute to effective two-way communication include:

  • Clarity of the instructions to the component auditor, particularly when the component auditor is from another firm and may not be familiar with the policies or procedures of the group auditor’s firm.
  • A mutual understanding that the component auditor may discuss the audit work requested to be performed, based on the component auditor’s knowledge and understanding of the component.
  • A mutual understanding of relevant issues and the expected actions arising from the communication process.
  • The form of communications. For example, matters that need timely attention may be more appropriately discussed in a meeting rather than by exchanging emails.
  • A mutual understanding of the person(s) from the group auditor and component auditors who have responsibility for managing communications regarding particular matters.
  • The process for the component auditor to take action and report back on matters communicated by the group auditor.

A80

The communications between the group auditor and component auditors depend on the facts and circumstances of the group audit engagement, including the nature and extent of involvement of the component auditors and the degree to which the group auditor and component auditors are subject to common systems of quality management or common network requirements or network services.

Form of communications

A81

The form of the communications between the group auditor and component auditors may vary based on factors such as the nature of the audit work the component auditors have been requested to perform, and the extent to which communication capabilities are integrated into the audit tools used for the group audit.

A82

The form of communications also may be affected by such factors as:

  • The significance, complexity or urgency of the matter.
  • Whether the matter has been or is expected to be communicated to group management and those charged with governance of the group.

A83

Communication between the group auditor and the component auditor may not necessarily be in writing. However, the group auditor’s verbal communications with the component auditors may be supplemented by written communication, such as a set of instructions regarding the work to be performed, when the group auditor wants to give particular attention to, or promote a mutual understanding about, certain matters. In addition, the group auditor may meet with the component auditor to discuss significant matters or to review relevant parts of the component auditor’s audit documentation.

A84

Paragraph 45 requires the group auditor to request the component auditor to communicate matters relevant to the group auditor’s conclusion with regard to the group audit. As explained in paragraph A146, the form and content of the component auditor’s deliverables are influenced by the nature and extent of the audit work the component auditor has been requested to perform.

A85

Regardless of the form of communication, the documentation requirements of this and other ASAs apply.

Timing of communications

A86

The appropriate timing of communications will vary with the circumstances of the engagement. Relevant circumstances may include the nature, timing and extent of work to be performed by the component auditor and the action expected to be taken by the component auditor. For example, communications regarding planning matters may often be made early in the audit engagement and, for an initial group audit, may be made as part of agreeing the terms of the engagement.

Non-compliance with laws or regulations (Ref: Para. 25, 29)

A87

In applying ASA 250,[68] the group engagement partner may become aware of information about non-compliance or suspected non-compliance with laws or regulations. In such circumstances, the group engagement partner may have an obligation under relevant ethical requirements, laws or regulations, to communicate the matter to the component auditor.[69] The obligation of the group engagement partner to communicate non-compliance or suspected non-compliance may extend to auditors of the financial report of entities or business units for which an audit is required by statute, regulation or for another reason, but for which no audit work is performed for purposes of the group audit.

Understanding the Group and Its Environment, the Applicable Financial Reporting Framework and the Group’s System of Internal Control

(Ref: Para. 30)

A88

ASA 315[70] contains requirements and guidance regarding the auditor’s responsibility to obtain an understanding of the entity and its environment, the applicable financial reporting framework, and the entity’s system of internal control. Appendix 2 of this ASA provides examples of matters related to internal control that may be helpful in obtaining an understanding of the system of internal control in the context of a group environment, and expands on how ASA 315 is to be applied to an audit of a group financial report.

A89

The understanding of the group and its environment, the applicable financial reporting framework, and the group’s system of internal control may be obtained through communications with:

  • Group management, component management or other appropriate individuals within the entity, including individuals within the internal audit function (if the function exists) and individuals who have knowledge of the group’s system of internal control, accounting policies and practices, and the consolidation process;
  • Component auditors; or
  • Auditors that perform an audit for statutory, regulatory or other reasons of the financial report of an entity or business unit that is part of the group.

A90

Obtaining an understanding of the group, identifying risks of material misstatement and assessing inherent risk and control risk may be performed in different ways depending on preferred audit techniques or methodologies and may be expressed in different ways. Accordingly, when component auditors are involved in the design and performance of risk assessment procedures, the group auditor may need to communicate its preferred approach with component auditors or provide instructions.

Engagement Team Discussion (Ref: Para. 30)

A91

In applying ASA 315,[71] the group engagement partner and other key engagement team members are required to discuss the application of the applicable financial reporting framework and the susceptibility of the group’s financial report to material misstatement. The group engagement partner’s determination of which members of the engagement team to include in the discussion, and the topics to be discussed, is affected by matters such as initial expectations about the risks of material misstatement and the preliminary expectation of whether to involve component auditors.

A92

The discussion provides an opportunity to:

  • Share knowledge of the components and their environments, including which components’ activities are centralised.
  • Exchange information about the business risks of the components or the group, and how inherent risk factors may affect susceptibility to misstatement of classes of transactions, account balances and disclosures.
  • Exchange ideas about how and where the group financial report may be susceptible to material misstatement due to fraud or error. ASA 240[72] requires the engagement team discussion to place particular emphasis on how and where the entity’s financial report may be susceptible to material misstatement due to fraud, including how fraud may occur.
  • Identify policies followed by group or component management that may be biased or designed to manage earnings that could lead to fraudulent financial reporting.
  • Consider known external and internal factors affecting the group that may create an incentive or pressure for group management, component management, or others to commit fraud, provide the opportunity for fraud to be perpetrated, or indicate a culture or environment that enables group management, component management, or others to rationalise committing fraud.
  • Consider the risk that group or component management may override controls.
  • Discuss fraud that has been identified, or information that indicates existence of a fraud.
  • Identify risks of material misstatement relevant to components where there may be impediments to the exercise of professional scepticism.
  • Consider whether uniform accounting policies are used to prepare the financial information of the components for the group financial report and, if not, how differences in accounting policies are identified and adjusted (when required by the applicable financial reporting framework).
  • Share information about risks of material misstatement of the financial information of a component that may apply more broadly to some, or all, of the other components.
  • Share information that may indicate non-compliance with national laws or regulations, for example, payments of bribes and improper transfer pricing practices.
  • Discuss events or conditions identified by group management, component management or the engagement team, that may cast significant doubt on the group’s ability to continue as a going concern.
  • Discuss related party relationships or transactions identified by group management or component management, and any other related parties of which the engagement team is aware.

The Group and Its Environment (Ref: Para. 30 (a))

A93

An understanding of the group’s organisational structure and its business model may enable the group auditor to understand such matters as:

  • The complexity of the group’s structure. A group may be more complex than a single entity because a group may have several subsidiaries, divisions or other business units, including in multiple locations. Also, a group’s legal structure may be different from the operating structure, for example, for tax purposes. Complex structures often introduce factors that may give rise to increased susceptibility to material misstatements, such as whether goodwill, joint ventures or special-purpose entities are accounted for appropriately and whether adequate disclosures have been made.
  • The geographic locations of the group’s operations. Having a group that is located in multiple geographical locations may give rise to increased susceptibility to material misstatements. For example, different geographical locations may involve different languages, cultures and business practices.
  • The structure and complexity of the group’s IT environment. A complex IT environment often introduces factors that may give rise to increased susceptibility to material misstatements. For example, a group may have a complex IT environment because of multiple IT systems that are not integrated due to recent acquisitions or mergers. Therefore, it may be particularly important to obtain an understanding of the complexity of the security over the IT environment, including vulnerability of the IT applications, databases, and other aspects of the IT environment. A group may also use one or more external service providers for aspects of its IT environment.
  • Relevant regulatory factors, including the regulatory environment. Different laws or regulations may introduce factors that may give rise to increased susceptibility to material misstatements. A group may have operations that are subject to a high degree of complex laws or regulations in multiple jurisdictions, or entities or business units in the group that operate in multiple industries that are subject to different types of laws or regulations.
  • The ownership, and relationships between owners and other people or entities, including related parties. Understanding the ownership and relationships can be more complex in a group that operates across multiple jurisdictions and when there are changes in ownership through formation, acquisition, disposal or joint venture. These factors may give rise to increased susceptibility to material misstatements.

A94

Obtaining an understanding of the degree to which the group’s operations or activities are similar may help to identify similar risks of material misstatement across components and design an appropriate response.

A95

The financial results of entities or business units are ordinarily measured and reviewed by group management. Enquiries of group management may reveal that group management relies on certain key indicators to evaluate the financial performance of the group’s entities and business units and take action. The understanding of such performance measures may help to identify:

  • Areas where there is increased susceptibility to material misstatements (e.g., due to pressures on component management to meet certain performance measures).
  • Controls over the group’s financial reporting process.

The Group's System of Internal Control

The Nature and Extent of Commonality of Controls (Ref: Para. 30(c)(i))

A96

Group management may design controls that are intended to operate in a common manner across multiple entities or business units (i.e., common controls). For example, group management may design common controls for inventory management, which operate using the same IT system and that are implemented across all entities or business units in the group. Common controls may exist in each component of the group’s system of internal control, and they may be implemented at different levels within the group (e.g., at the level of the consolidated group as a whole, or for other levels of aggregation within the group). Common controls may be direct controls or indirect controls. Direct controls are controls that are precise enough to address risks of material misstatement at the assertion level. Indirect controls are controls that support direct controls.[73]

A97

Understanding the components of the group’s system of internal control includes understanding the commonality of the controls within those components across the group. In understanding the commonality of a control across the group, considerations that may be relevant include whether:

  • The control is designed centrally and is required to be implemented as designed (i.e., without modification) at some or all components;
  • The control is implemented and, if applicable, monitored by individuals with similar responsibilities and capabilities at all the components where the control is implemented;
  • If a control uses information from IT applications, the IT applications and other aspects of the IT environment that generate the information are the same across the components or locations; or
  • If the control is automated, it is configured in the same way in each IT application across the components.

A98

Judgement may often be needed to determine whether a control is a common control. For example, group management may require that all entities and business units perform a monthly evaluation of the aging of customers’ accounts that is generated from a specific IT application. When the aging reports are generated from different IT applications or the implementation of the IT application differs across entities or business units, there may be a need to consider whether the control can be determined to be common. This is because of differences in the design of the control that may exist due to the existence of different IT applications (e.g., whether the IT application is configured in the same manner across components, and whether there are effective general IT controls across different IT applications).

A99

Consideration of the level at which controls are performed within the group (e.g., at the level of the consolidated group as a whole or for other levels of aggregation within the group) and the degree of centralisation and commonality may be important to the understanding of how information is processed and controlled. In some circumstances, controls may be performed centrally (e.g., performed only at a single entity or business unit), but may have a pervasive effect on other entities or business units (e.g., a shared service centre that processes transactions on behalf of other entities or business units within the group). The processing of transactions and related controls at a shared service centre may operate in the same way for those transactions being processed by the shared service centre regardless of the entity or business unit (e.g., the processes, risks and controls may be the same regardless of the source of the transaction). In such cases, it may be appropriate to identify the controls and evaluate the design and determine the implementation of the controls, and, if applicable, test operating effectiveness, as a single population.

Centralised Activities (Ref: Para. 30(c)(i)–(ii))

A100

Group management may centralise some of its activities, for example financial reporting or accounting functions may be performed for a particular group of common transactions or other financial information in a consistent and centralised manner for multiple entities or business units (e.g., when the initiation, authorisation, recording, processing, or reporting of revenue transactions is performed at a shared service centre).

A101

Obtaining an understanding of how centralised activities fit into the overall group structure, and the nature of the activities undertaken, may help to identify and assess risks of material misstatement and appropriately respond to such risks. For example, controls at a shared service centre may operate independently from other controls, or they may be dependent upon controls at an entity or business unit from which financial information is derived (e.g., sales transactions may be initiated and authorised at an entity or business unit, but the processing may occur at the shared service centre).

A102

The group auditor may involve component auditors in testing the operating effectiveness of common controls or controls related to centralised activities. In such circumstances, effective collaboration between the group auditor and component auditors is important as the audit evidence obtained through testing the operating effectiveness of common controls or controls related to centralised activities supports the determination of the nature, timing and extent of substantive procedures to be performed across the group.

Communications About Significant Matters that Support the Preparation of the Group Financial Report (Ref: Para. 30(c)(iv))

A103

Group entities or business units may use a financial reporting framework for statutory, regulatory or other reasons that is different from the financial reporting framework used for the group’s financial report. In such circumstances, an understanding of group management’s financial reporting processes to align accounting policies and, when relevant, financial reporting period-ends that differ from that of the group, enables the group auditor to understand how adjustments, reconciliations and reclassifications are made, and whether they are made centrally by group management or by the entity or business unit.

Instructions by group management to entities or business units

A104

In applying ASA 315,[74] the group auditor is required to understand how group management communicates significant matters that support the preparation of the group financial report. To achieve uniformity and comparability of financial information, group management may issue instructions (e.g., communicate financial reporting policies) to the entities or business units that include details about financial reporting processes or may have policies that are common across the group. Obtaining an understanding of group management’s instructions may affect the identification and assessment of the risks of material misstatement of the group financial report. For example, inadequate instructions may increase the likelihood of misstatements due to the risk that transactions are incorrectly recorded or processed, or that accounting policies are incorrectly applied.

A105

The group auditor’s understanding of the instructions or policies may include the following:

  • The clarity and practicality of the instructions for completing the reporting package.
  • Whether the instructions:
    • Adequately describe the characteristics of the applicable financial reporting framework and the accounting policies to be applied;
    • Address information necessary to prepare disclosures that are sufficient to comply with the requirements of the applicable financial reporting framework, for example, disclosure of related party relationships and transactions, and segment information;
    • Address information necessary for making consolidation adjustments, for example, intra-group transactions and unrealised profits, and intra-group account balances; and
    • Include a reporting timetable.

Considerations When Component Auditors Are Involved (Ref: Para. 31–32)

A106

During the course of the group audit, the group auditor may communicate the matters in paragraph 31 to other component auditors, if these matters are relevant to the work of those component auditors. Paragraph A144 includes examples of other matters that may need to be communicated timely in the course of the component auditor’s work.

A107

The nature of related party relationships and transactions may, in some circumstances, give rise to higher risks of material misstatement of the financial report than transactions with unrelated parties.[75] In a group audit there may be a higher risk of material misstatement of the group financial report, including due to fraud, associated with related party relationships when:

  • The group structure is complex;
  • The group’s information systems are not integrated and therefore less effective in identifying and recording related party relationships and transactions; and
  • There are numerous or frequent related party transactions between entities and business units.

Planning and performing the audit with professional scepticism, as required by ASA 200,[76] is therefore particularly important when these circumstances exist.

Identifying and Assessing the Risks of Material Misstatement

(Ref: Para. 33)

A108

The process to identify and assess the risks of material misstatement of the group financial report is iterative and dynamic, and may be challenging, particularly when the component’s activities are complex or specialised, or when there are many components across multiple locations. In applying ASA 315,[77] the auditor develops initial expectations about the potential risks of material misstatement and an initial identification of the significant classes of transactions, account balances and disclosures of the group financial report based on their understanding of the group and its environment, the applicable financial reporting framework and the group’s system of internal control.

A109

The initial expectations about the potential risks of material misstatement take into account the auditor’s understanding of the group, including its entities or business units, and the environments and industries in which they operate. Based on the initial expectations, the group auditor may, and often will, involve component auditors in risk assessment procedures as they may have direct knowledge and experience with the entities or business units that may be helpful in understanding the activities and related risks, and where risks of material misstatement of the group financial report may arise in relation to those entities or business units.

A110

For identified risks of material misstatement at the assertion level, the group auditor is required to take responsibility for assessing inherent risk. Such assessment involves assessing the likelihood and magnitude of misstatement, which takes into account how, and the degree to which:[78]

  • Inherent risk factors affect the susceptibility of relevant assertions to misstatement.
  • The risks of material misstatement at the group financial statement level affect the assessment of inherent risk for risks of material misstatement at the assertion level.

A111

Based on the risk assessment procedures performed, the group auditor may determine that an assessed risk of material misstatement of the group financial report only arises in relation to financial information of certain components. For example, the risk of material misstatement relating to a legal claim may only exist in entities or business units that operate in a certain jurisdiction or in entities or business units that have similar operations or activities.

A112

Appendix 3 sets out examples of events and conditions that, individually or together, may indicate risks of material misstatement of the group financial report, whether due to fraud or error, including with respect to the consolidation process.

Fraud

A113

In applying ASA 240,[79] the auditor is required to identify and assess the risks of material misstatement of the financial report due to fraud, and to design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level. Information used to identify the risks of material misstatement of the group financial report due to fraud may include the following:

  • Group management’s assessment of the risk that the group financial report may be materially misstated due to fraud.
  • Group management’s process for identifying and responding to the risks of fraud in the group financial report, including any specific fraud risks identified by group management, or classes of transactions, account balances, or disclosures for which a risk of fraud is higher.
  • Whether there are particular components that are more susceptible to risks of material misstatement due to fraud.
  • Whether any fraud risk factors or indicators of management bias exist in the consolidation process.
  • How those charged with governance of the group monitor group management’s processes for identifying and responding to the risks of fraud in the group, and the controls group management has established to mitigate these risks.
  • Responses of those charged with governance of the group, group management, appropriate individuals within the internal audit function (and when appropriate, component management, the component auditors, and others) to the group auditor’s enquiry about whether they have knowledge of any actual, suspected, or alleged fraud affecting a component or the group.

Considerations When Component Auditors Are Involved (Ref: Para. 34)

A114

When the group auditor involves component auditors in the design and performance of risk assessment procedures, the group auditor remains responsible for having an understanding of the group and its environment, the applicable financial reporting framework and the group’s system of internal control to have a sufficient basis for the identification and assessment of the risks of material misstatement of the group financial report in accordance with paragraph 33.

A115

When the audit evidence obtained from the risk assessment procedures does not provide an appropriate basis for the identification and assessment of the risks of material misstatement, ASA 315[80] requires the auditor to perform additional risk assessment procedures until audit evidence has been obtained to provide such a basis.

Materiality

Component Performance Materiality (Ref: Para. 35(a))

A116

Paragraph 35(a) requires the group auditor to determine component performance materiality for each of the components where audit procedures are performed on financial information that is disaggregated. The component performance materiality amount may be different for each component. Also, the component performance materiality amount for an individual component need not be an arithmetical portion of the group performance materiality and, consequently, the aggregate of component performance materiality amounts may exceed group performance materiality.

A117

This ASA does not require component performance materiality to be determined for each class of transactions, account balance or disclosure for components at which audit procedures are performed. However, if, in the specific circumstances of the group, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the group financial report as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the group financial report, ASA 320[81] requires a determination of the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. In these circumstances, the group auditor may need to consider whether a component performance materiality lower than the amount communicated to the component auditor may be appropriate for those particular classes of transactions, account balances or disclosures.[82]

A118

The determination of component performance materiality is not a simple mechanical calculation and involves the exercise of professional judgement. Factors the group auditor may take into account in setting component performance materiality include the following:

  • The extent of disaggregation of the financial information across components (e.g., as the extent of disaggregation across components increases, a lower component performance materiality ordinarily would be appropriate to address aggregation risk). The relative significance of the component to the group may affect the extent of disaggregation (e.g., if a single component represents a large portion of the group, there likely may be less disaggregation across components).
  • Expectations about the nature, frequency, and magnitude of misstatements in the component financial information, for example:
    • Whether there are risks that are unique to the financial information of the component (e.g., industry-specific accounting matters, unusual or complex transactions).
    • The nature and extent of misstatements identified at the component in prior audits.

A119

To address aggregation risk, paragraph 35(a) requires component performance materiality to be lower than group performance materiality. As explained in paragraph A118, as the extent of disaggregation across components increases, a lower component performance materiality amount ordinarily would be appropriate to address aggregation risk. In some circumstances, however, component performance materiality may be set at an amount closer to group performance materiality because there is less aggregation risk, such as when the financial information for one component represents a substantial portion of the group financial report. When determining component performance materiality for a non-controlling interest in an entity that is accounted for by the equity method, the group auditor may take into account the group’s ownership percentage and the share of the investee’s profits and losses.

A120

In some cases, further audit procedures may be performed by the group auditor or a component auditor on a significant class of transactions or significant account balance as a single population (i.e., not disaggregated across components). In such cases, group performance materiality often will be used for purposes of performing these procedures.

“Clearly Trivial” Threshold (Ref: Para: 35(b))

A121

The threshold for communicating misstatements to the group auditor is set at an amount equal to, or lower than, the amount regarded as clearly trivial for the group financial report. In accordance with ASA 450,[83] this threshold is the amount below which misstatements would not need to be accumulated because the group auditor expects that the accumulation of such amounts clearly would not have a material effect on the group financial report.

Considerations When Component Auditors Are Involved

Communicating Component Performance Materiality (Ref: Para. 36)

A122

In some cases, it may be appropriate for the group auditor to involve the component auditor in determining an appropriate component performance materiality amount, in view of the component auditor’s knowledge of the component and potential sources of misstatement of the component financial information. In this regard, the group auditor also may consider communicating group performance materiality to the component auditor to support collaboration in determining whether component performance materiality, in relation to group performance materiality, is appropriate in the circumstances.

A123

Component performance materiality is based, at least in part, on expectations about the nature, frequency, and magnitude of misstatements in the component financial information. Therefore, ongoing communication between the component auditor and the group auditor is important, particularly if the number and magnitude of misstatements identified by the component auditor are higher than expected.

Responding to the Assessed Risks of Material Misstatement

(Ref: Para. 37)

Performing Further Audit Procedures

Performing Further Audit Procedures Centrally

A124

Further audit procedures may be designed and performed centrally if the audit evidence to be obtained from performing further audit procedures on one or more significant classes of transactions, account balances or disclosures in the aggregate will respond to the assessed risks of material misstatement, for example, if the accounting records for the revenue transactions of the entire group are maintained centrally (e.g., at a shared service centre). Factors that may be relevant to the auditor’s determination of whether to perform further audit procedures centrally include, for example:

  • The level of centralisation of activities relevant to financial reporting.
  • The nature and extent of commonality of controls.
  • The similarity of the group’s activities and business lines.

A125

The group auditor may determine that the financial information of several components can be considered as one population for the purpose of performing further audit procedures, for example, when transactions are considered to be homogeneous because they share the same characteristics, the related risks of material misstatement are the same, and controls are designed and operating in a consistent way.

A126

When further audit procedures are performed centrally, component auditors may still be involved. For example, when the group has multiple shared service centres, the group auditor may involve component auditors in the performance of further audit procedures for these shared service centres.

Performing Further Audit Procedures at the Component Level

A127

In other circumstances, procedures to respond to the risks of material misstatement of the group financial report that are related to the financial information of a component may be more effectively performed at the component level. This may be the case when the group has:

  • Different revenue streams;
  • Multiple lines of business;
  • Operations across multiple locations; or
  • Decentralised systems of internal control.

Large Number of Components Whose Financial Information Is Individually Immaterial but Material in the Aggregate to the Group Financial Report 

A128

A group may be comprised of a large number of components whose financial information is individually immaterial but material in the aggregate to the group financial report. Circumstances such as these in which the significant classes of transactions, account balances or disclosures in the group financial report are disaggregated over a large number of components may present additional challenges for the group auditor in planning and performing further audit procedures.

A129

In some cases, it may be possible to obtain sufficient appropriate audit evidence by performing further audit procedures centrally on these significant classes of transactions, account balances or disclosures (e.g., if they are homogeneous, subject to common controls and access to appropriate information can be obtained). The further audit procedures may also include substantive analytical procedures in accordance with ASA 520.[84] Depending on the circumstances of the engagement, the financial information of the components may be aggregated at appropriate levels for purposes of developing expectations and determining the amount of any difference of recorded amounts from expected values in performing the substantive analytical procedures. The use of automated tools and techniques may be helpful in these circumstances.

A130

In other cases, it may be necessary to perform further audit procedures at selected components to address the risks of material misstatement of the group financial report. The determination of the components at which audit procedures are to be performed, and the nature, timing and extent of further audit procedures to be performed at the selected components, are matters of professional judgement. In these circumstances, introducing an element of unpredictability in the components selected for testing also may be helpful in relation to the risks of material misstatement of the group financial report due to fraud (also see paragraph A136).

The Nature and Extent of Further Audit Procedures 

A131

In response to the assessed risks of material misstatement, the group auditor may determine the following scope of work to be appropriate at a component (with the involvement of component auditors, as applicable):

  • Design and perform further audit procedures on the entire financial information of the component;
  • Design and perform further audit procedures on one or more classes of transactions, account balances or disclosures; or
  • Perform specific further audit procedures.

A132

Although the group auditor takes responsibility for the nature, timing and extent of further audit procedures to be performed, component auditors can be, and often are, involved in all phases of the group audit, including in the design and performance of further audit procedures.

Design and Perform Further Audit Procedures on the Entire Financial Information of the Component

A133

The group auditor may determine that designing and performing further audit procedures on the entire financial information of a component is an appropriate approach, including when:

  • Audit evidence needs to be obtained on all or a significant proportion of a component’s financial information to respond to the assessed risks of material misstatement of the group financial report.
  • There is a pervasive risk of material misstatement of the group financial report due to the existence of events or conditions at the component that may be relevant to the group auditor’s evaluation of group management’s assessment of the group’s ability to continue as a going concern.

Design and Perform Further Audit Procedures on One or More Classes of Transactions, Account Balances or Disclosures 

A134

The group auditor may determine that designing and performing further audit procedures on one or more particular classes of transactions, account balances, or disclosures of the financial information of a component is an appropriate approach to address assessed risks of material misstatement of the group financial report. For example, a component may have limited operations but holds a significant portion of the land and buildings of the group or has significant tax balances.

Perform Specific Further Audit Procedures

A135

The group auditor may determine that designing and performing specific further audit procedures on the financial information of a component is an appropriate approach, such as when audit evidence needs to be obtained for one or more relevant assertions only. For example, the group auditor may centrally test the class of transaction, account balance or disclosure and may require the component auditor to perform specific further audit procedures at the component (e.g., specific further audit procedures related to the valuation of claims or litigation in the component’s jurisdiction or the existence of an asset).

Element of Unpredictability 

A136

Incorporating an element of unpredictability in the type of work to be performed, the entities or business units at which procedures are performed and the extent to which the group auditor is involved in the work, may increase the likelihood of identifying a material misstatement of the components’ financial information that may give rise to a material misstatement of the group financial report due to fraud.[85]

Operating Effectiveness of Controls 

A137

The group auditor may rely on the operating effectiveness of controls that operate throughout the group in determining the nature, timing and extent of substantive procedures to be performed at either the group level or at the components. ASA 330[86] requires the auditor to design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of those controls. Component auditors may be involved in designing and performing such tests of controls.

A138

If deviations from controls upon which the auditor intends to rely are detected, ASA 330[87] requires the auditor to make specific enquiries to understand these matters and their potential consequences. If more deviations than expected are detected as a result of testing the operating effectiveness of the controls, the group auditor may need to revise the group audit plan. Possible revisions to the group audit plan may include:

  • Requesting additional substantive procedures to be performed at certain components.
  • Identifying and testing the operating effectiveness of other relevant controls that are designed and implemented effectively.
  • Increasing the number of components selected for further audit procedures.

A139

When the operating effectiveness of controls is tested centrally (e.g., controls at a shared service centre or testing of common controls), the group auditor may need to communicate information about the audit work performed to the component auditors. For example, when a component auditor is requested to design and perform substantive procedures on the entire financial information of the component, or design and perform substantive procedures on one or more classes of transactions, account balances or disclosures, the component auditor may discuss with the group auditor about the control testing performed centrally to determine the nature, timing and extent of the substantive procedures.

Consolidation Process

Consolidation Procedures (Ref: Para. 38)

A140

The further audit procedures on the consolidation process, including sub-consolidations, may include:

  • Determining that the necessary journal entries are reflected in the consolidation; and
  • Evaluating the operating effectiveness of the controls over the consolidation process and responding appropriately if any controls are determined to be ineffective.

A141

Consolidation Adjustments and Reclassifications (Ref: Para. 38(b))

A141

The consolidation process may require adjustments and reclassifications to amounts reported in the group financial report that do not pass through the usual IT applications, and may not be subject to the same controls to which other financial information is subject. The group auditor’s evaluation of the appropriateness, completeness and accuracy of the adjustments and reclassifications may include:

  • Evaluating whether significant adjustments appropriately reflect the events and transactions underlying them;
  • Determining whether those entities or business units whose financial information has been included in the group financial report were appropriately included;
  • Determining whether significant adjustments have been correctly calculated, processed and authorised by group management and, when applicable, by component management;
  • Determining whether significant adjustments are properly supported and sufficiently documented; and
  • Evaluating the reconciliation and elimination of intra-group transactions, unrealised profits, and intra-group account balances.

Considerations When Component Auditors Are Involved (Ref: Para. 42–43)

A142

When the group auditor involves component auditors in the design or performance of further audit procedures, the component auditor may determine that the use of the work of an auditor’s expert is appropriate and communicate this to the group auditor. In such circumstances, when determining whether the component auditor’s design and performance of further audit procedures is appropriate, the group auditor may, for example, discuss with the component auditor:

  • The nature, scope and objectives of the auditor’s expert’s work.
  • The component auditor’s evaluation of the adequacy of the work of the auditor’s expert for the group auditor’s purposes.

A143

The appropriate level of the group auditor’s involvement may depend on the circumstances and the structure of the group and other factors, such as the group auditor’s previous experience with the component auditors that perform procedures on the consolidation process, including sub-consolidations, and the circumstances of the group audit engagement (e.g., if the financial information of an entity or business unit has not been prepared in accordance with the same accounting policies applied to the group financial report).

Evaluating the Component Auditor’s Communication and the Adequacy of Their Work

Communication about Matters Relevant to the Group Auditor’s Conclusion with Regard to the Group Audit (Ref: Para. 45)

A144

Although the matters required to be communicated in accordance with paragraph 45 are relevant to the group auditor’s conclusion with regard to the group audit, certain matters may be communicated during the course of the component auditor’s procedures. In addition to the matters in paragraphs 32 and 50, such matters may include, for example:

  • Information about breaches of relevant ethical requirements, including identified breaches of independence provisions;
  • Information about instances of non-compliance with laws or regulations;
  • Newly arising significant risks of material misstatement, including risks of fraud;
  • Identified or suspected fraud or illegal acts involving component management or employees that could have a material effect on the group financial report; or
  • Significant and unusual transactions.

Communication of Misstatements of Component Financial Information (Ref: Para. 45(e))

A145

Knowledge about corrected and uncorrected misstatements across components may alert the group auditor to potential pervasive internal control deficiencies, when considered along with the communication of deficiencies in accordance with paragraph 45(g). In addition, a higher than expected number of identified misstatements (uncorrected or corrected) may indicate a higher risk of undetected misstatements, which may lead the group auditor to conclude that additional audit procedures need to be performed at certain components.

Component Auditor’s Overall Findings or Conclusions (Ref: Para. 45(k))

A146

The form and content of the deliverables from the component auditor are influenced by the nature and extent of the audit work the component auditor has been requested to perform. The group auditor’s firm policies or procedures may address the form or specific wording of an overall conclusion from the component auditor on the audit work performed for purposes of the group audit. In some cases, law or regulation may specify the form of conclusion (e.g., an opinion) to be provided by the component auditor.

Evaluating Whether Communications with the Component Auditor Are Adequate for the Group Auditor’s Purposes (Ref: Para. 46(b))

A147

If the group auditor determines that the component auditor’s communications are not adequate for the group auditor’s purposes, the group auditor may consider whether, for example:

  • Further information can be obtained from the component auditor (e.g., through further discussions or meetings);
  • It is necessary to review additional component auditor audit documentation in accordance with paragraph 47;
  • Additional audit procedures may need to be performed in accordance with paragraph 48; or
  • There are any concerns about the component auditor’s competence or capabilities.

Reviewing Additional Component Auditor Audit Documentation (Ref: Para. 47)

A148

Paragraph A75 provides guidance for the group auditor in tailoring the nature, timing and extent of the direction and supervision of the component auditor, and the review of their work, based on the facts and circumstances of the group audit and other matters (e.g., the assessed risks of material misstatement of the group financial report). The group auditor’s consideration in accordance with paragraph 47(c) also may be affected by the following matters relevant to the group auditor’s ongoing involvement in the work of the component auditor:

  • Communications from the component auditor, including those in accordance with paragraph 45 of this ASA; and
  • The review of component auditor audit documentation by the group auditor during the course of the group audit (e.g., to fulfill the requirements of paragraphs 34, 42 and 43) or by the group engagement partner in accordance with paragraph 31 of ASA 220.

A149

Other factors that may affect the group auditor’s determination about whether, and the extent to which, it is necessary to review additional component auditor audit documentation in the circumstances include:

  • The degree to which the component auditor was involved in risk assessment procedures and in the identification and assessment of the risks of material misstatement of the group financial report;
  • The significant judgements made by, and the findings or conclusions of, the component auditor about matters that are material to the group financial report;
  • The competence and capabilities of more experienced engagement team members from the component auditor responsible for reviewing the work of less experienced individuals; and
  • Whether the component auditor and group auditor are subject to common policies or procedures for review of audit documentation.

Subsequent Events

(Ref: Para. 49–50)

A150

The group auditor may:

  • Request a component auditor to perform subsequent events procedures to assist the group auditor to identify events that occur between the dates of the financial information of the components and the date of the auditor’s report on the group financial report.
  • Perform procedures to cover the period between the date of communication of subsequent events by the component auditor and the date of the auditor’s report on the group financial report.

Evaluating the Sufficiency and Appropriateness of Audit Evidence Obtained

Sufficiency and Appropriateness of Audit Evidence (Ref: Para. 51)

A151

The audit of a group financial report is a cumulative and iterative process. As the group auditor performs planned audit procedures, the audit evidence obtained may cause the group auditor to modify the nature, timing or extent of other planned audit procedures as information may come to the group auditor’s attention that differs significantly from the information on which the risk assessment was based. For example:

  • The misstatements identified at a component may need to be considered in relation to other components; or
  • The group auditor may become aware of access restrictions to information or people at a component because of changes in the environment (e.g., war, civil unrest or outbreaks of disease).

In such circumstances, the group auditor may need to re-evaluate the planned audit procedures, based on the revised consideration of assessed risks for all or some of the significant classes of transactions, account balances, or disclosures and related assertions.

A152

The evaluation required by paragraph 51 assists the group auditor in determining whether the overall group audit strategy and group audit plan developed to respond to the assessed risks of material misstatement of the group financial report continues to be appropriate. The requirement in ASA 330[88] for the auditor, irrespective of the assessed risks of material misstatement, to design and perform substantive procedures for each material class of transactions, account balance, and disclosure also may be helpful for purposes of this evaluation in the context of the group financial report.

A153

The group auditor may consider the engagement team’s exercise of professional scepticism when evaluating the sufficiency and appropriateness of audit evidence obtained. For example, the group auditor may consider whether matters such as those described in paragraph A17 have inappropriately led the engagement team to:

  • Obtain audit evidence that is easier to access without giving appropriate consideration to its relevance and reliability:
  • Obtain less persuasive evidence than is necessary in the circumstances; or
  • Design and perform audit procedures in a manner that is biased towards obtaining evidence that is corroborative or excluding evidence that is contradictory.

A154

ASA 220[89] requires the engagement partner to determine, on or before the date of the auditor’s report, through review of audit documentation and discussion with the engagement team, that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. Information that may be relevant to the group auditor’s evaluation of the audit evidence obtained from the work performed by component auditors depends on the facts and circumstances of the group audit, and may include:

  • The communications from the component auditors required by paragraph 45, including the overall findings or conclusions of the component auditors on the work performed for purposes of the group audit;
  • Other communications from the component auditors throughout the group audit, including those required by paragraph 32; and
  • The group auditor’s direction and supervision of the component auditors, and review of their work, including, as applicable, the group auditor’s review of additional component auditor audit documentation in accordance with paragraph 47.

A155

In some circumstances, an overall summary memorandum describing the work performed and the results thereof may provide a basis on its own for the group auditor to conclude that the work performed and audit evidence obtained by the component auditor is sufficient for purposes of the group audit. This may be the case, for example, when the component auditor has been requested to perform specific further audit procedures as identified and communicated by the group auditor.

Evaluating the Effect on the Group Audit Opinion (Ref: Para. 52)

A156

The group engagement partner’s evaluation may include a consideration of whether corrected and uncorrected misstatements communicated by component auditors indicate a systemic issue (e.g., regarding transactions subject to common accounting policies or common controls) that may affect other components.

Auditor’s Report

(Ref: Para. 53)

A157

Although component auditors may perform work on the financial information of the components for the group audit and as such are responsible for their overall findings or conclusions, the group engagement partner or the group engagement partner’s firm is responsible for the group audit opinion.

A158

When the group audit opinion is modified because the group auditor was unable to obtain sufficient appropriate audit evidence in relation to the financial information of one or more components, the Basis for Qualified Opinion or Basis for Disclaimer of Opinion section in the auditor’s report on the group financial report describes the reasons for that inability.[90] In some circumstances, a reference to a component auditor may be necessary to adequately describe the reasons for the modified opinion, for example, when the component auditor is unable to perform or complete the work requested on the component financial information due to circumstances beyond the control of component management.

Communication with Group Management and Those Charged with Governance of the Group

Communication with Group Management (Ref: Para. 54–56)

A159

The group audit may be complex due to the number and nature of the entities and business units comprising the group. In addition, as explained in paragraph A7, the group auditor may determine that certain entities or business units may be considered together as a component for purposes of planning and performing the group audit. Therefore, discussing with group management an overview of the planned scope and timing may help in co-ordinating the work performed at components, including when component auditors are involved, and in identifying component management (see paragraph A24).

A160

ASA 240[91] contains requirements and guidance on the communication of fraud to management and, when management may be involved in the fraud, to those charged with governance.

A161

Group management may need to keep certain material sensitive information confidential. Examples of matters that may be significant to the financial report of the component of which component management may be unaware include the following:

  • Potential litigation.
  • Plans for abandonment of material operating assets.
  • Subsequent events.
  • Significant legal agreements.

A162

Group management may inform the group auditor about non-compliance or suspected non-compliance with laws or regulations in entities or business units within the group. Paragraph A87 provides guidance for the group engagement partner in these circumstances.

Communication with Those Charged with Governance of the Group (Ref: Para. 57)

A163

The matters the group auditor communicates to those charged with governance of the group may include those brought to the attention of the group auditor by component auditors that the group auditor judges to be significant to the responsibilities of those charged with governance of the group. Communication with those charged with governance of the group may take place at various times during the group audit. For example, the matter referred to in paragraph 57(a) may be communicated after the group auditor has determined the work to be performed on the financial information of the components. On the other hand, the matter referred to in paragraph 57(b) may be communicated at the end of the audit, and the matters referred to in paragraph 57(c)–(d) may be communicated when they occur.

A164

ASA 260[92] requires the auditor to communicate with those charged with governance an overview of the planned scope and timing of the audit. For a group audit, this communication helps those charged with governance understand the group auditor’s determination of the components at which audit work will be performed, including whether certain of the group’s entities or business units will be considered together as a component, and the planned involvement of component auditors. This communication also helps to enable a mutual understanding of and discussion about the group and its environment (see paragraph 30) and areas, if any, in which those charged with governance may request the group auditor to undertake additional procedures.

Communication of Identified Deficiencies in Internal Control (Ref: Para. 58)

A165

The group auditor is responsible for determining, on the basis of the audit work performed, whether one or more identified deficiencies, individually or in combination, constitute significant deficiencies.[93] The group auditor may request input from the component auditor about whether an identified deficiency or combination of deficiencies at the component is a significant deficiency in internal control.

Documentation

(Ref: Para. 59)

A166

Other ASAs contain specific documentation requirements that are intended to clarify the application of ASA 230 in the particular circumstances of those other ASAs. The Appendix to ASA 230 lists other ASAs that contain specific documentation requirements and guidance.

A167

The audit documentation for the group audit supports the group auditor’s evaluation in accordance with paragraph 51 as to whether sufficient appropriate audit evidence has been obtained on which to base the group audit opinion. Also see paragraph A154.

A168

The audit documentation for the group audit comprises:

  • The documentation in the group auditor’s file; and
  • The separate documentation in the respective component auditor files relating to the work performed by the component auditors for purposes of the group audit (i.e., component auditor audit documentation).

A169

The final assembly and retention of the audit documentation for a group audit is subject to the policies or procedures of the group auditor’s firm in accordance with ASQM 1.[94] The group auditor may provide specific instructions to component auditors regarding the assembly and retention of the documentation of work performed by them for purposes of the group audit.

Basis for the Group Auditor’s Determination of Components (Ref: Para: 59(b))

A170

The basis for the group auditor’s determination of components may be documented in various ways, including, for example, documentation related to the fulfillment of the requirements in paragraphs 22, 33 and 57(a) of this ASA.

Basis for the Group Auditor’s Determination of the Competence and Capabilities of Component Auditors (Ref: Para: 59(d))

A171

ASQM 1[95] provides guidance on matters that the firm’s policies or procedures may address regarding the competence and capabilities of the engagement team members. Such policies or procedures may describe or provide guidance about how to document the determination of the competence and capabilities of the engagement team, including component auditors. For example, the confirmation obtained from the component auditor in accordance with paragraph 24 may include information about the component auditor’s relevant industry experience. The group auditor also may ask for confirmation that the component auditor has sufficient time to perform the assigned audit procedures.

Documentation of the Direction and Supervision of Component Auditors and the Review of Their Work (Ref: Para. 59(f))

A172

As described in paragraph A75, the approach to direction, supervision and review in a group audit will be tailored by the group auditor based on the facts and circumstances of the engagement, and will generally include a combination of addressing the group auditor’s firm policies or procedures and responses specific to the group audit. Such policies or procedures may also describe or provide guidance about the documentation of the group auditor’s direction and supervision of the engagement team and the review of their work.

A173

ASA 300 requires the auditor to develop an audit plan that includes a description of the nature, timing and extent of the planned direction and supervision of engagement team members and the review of their work. When component auditors are involved, the extent of such descriptions will often vary by component, recognising that the planned nature, timing and extent of direction and supervision of component auditors, and review of their work, may be influenced by the matters described in paragraph A51.

A174

The group auditor’s documentation of the direction and supervision of component auditors and the review of their work may include, for example:

  • Required communications with component auditors, including instructions issued and other confirmations required by this ASA.
  • The rationale for the selection of visits to component auditor sites, attendees at meetings and the nature of the matters discussed.
  • Matters discussed in meetings with component auditors or component management.
  • The rationale for the group auditor’s determination of component auditor audit documentation selected for review.
  • Changes in the planned nature and extent of involvement in the work of component auditors, and the reasons why (e.g., assigning more experienced engagement team members in areas of the audit that are more complex or subjective than initially anticipated).

A175

Paragraph 47 requires the group auditor to determine whether, and the extent to which it is necessary to review additional component auditor audit documentation. Paragraphs A148–A149 provide guidance for the group auditor in making this determination.

A176

Component auditor audit documentation ordinarily need not be replicated in the group auditor’s audit file. However, the group auditor may decide to summarise, replicate or retain copies of certain component auditor documentation in the group auditor’s audit file to supplement the description of a particular matter in communications from the component auditor, including the matters required to be communicated by this ASA. Examples of such component auditor documentation may include:

  • A listing or summary of the significant judgements made by the component auditor, and the conclusions reached thereon, that are relevant to the group audit;
  • Matters that may need to be communicated to those charged with governance of the group; or
  • Matters that may be determined to be key audit matters to be communicated in the auditor’s report on the group financial report.

A177

When required by law or regulation, certain component auditor documentation may need to be included in the group auditor’s audit file, for example, to respond to the request of a regulatory authority to review documentation related to work performed by a component auditor.

A178

Policies or procedures established by the firm in accordance with the firm’s system of quality management, or resources provided by the firm or a network, may assist the group auditor in documenting the direction and supervision of component auditors and the review of their work. For example, an electronic audit tool may be used to facilitate communications between the group auditor and component auditors. The electronic audit tool also may be used for audit documentation, including providing information about the reviewer(s) and the date(s) and extent of their review.

Additional Considerations When Access to Component Auditor Audit Documentation is Restricted (Ref: Para. 59)

A179

Audit documentation for a group audit may present some additional complexities or challenges in certain circumstances. This may be the case, for example, when law or regulation restrict the component auditor from providing documentation outside of its jurisdiction, or when war, civil unrest or outbreaks of disease restrict access to relevant component auditor audit documentation.

A180

The group auditor may be able to overcome such restrictions by, for example:

  • Visiting the location of the component auditor, or meeting with the component auditor in a location different from where the component auditor is located, to review the component auditor’s audit documentation;
  • Reviewing the relevant audit documentation remotely through the use of technology, when not prohibited by law or regulation;
  • Requesting the component auditor to prepare and provide a memorandum that addresses the relevant information and holding discussions with the component auditor, if necessary, to discuss the contents of the memorandum; or
  • Discussing with the component auditor the procedures performed, the evidence obtained and the conclusions reached by the component auditor.

It is a matter of professional judgement whether one or more of the actions described above may be sufficient to overcome the restrictions depending on the facts and circumstances of the group audit.

A181

When access to component auditor audit documentation is restricted, the group auditor’s documentation nonetheless needs to comply with the requirements of the ASAs, including those relating to the documentation of the nature, timing and extent of the group auditor’s direction and supervision of component auditors and the review of their work. The guidance in paragraphs A148–A149 may be helpful in determining the extent of the group auditor’s review of the component auditor audit documentation in these circumstances. Paragraphs A176 and A177 provide examples of circumstances in which certain component auditor audit documentation may be included in the group auditor’s audit file.

A182

If the group auditor is unable to overcome restrictions on access to the component auditor audit documentation, the group auditor may need to consider whether a scope limitation exists that may require a modification to the opinion on the group financial report. See paragraph A45.

34

See ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements.

35

See ASQM 2 Engagement Quality Reviews.

36

See, for example, AASB 8, Operating Segments.

37

See ASA 220, paragraph 30(b).

38

See ASA 200, paragraph A48.

39

See ASA 220, paragraphs A35‒A37.

40

See ASA 315, paragraph A238.

41

See ASA 540 Auditing Accounting Estimates and Related Disclosures, paragraph A11.

42

See ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report, Appendix 1.

43

See ASA 220, paragraph 15.

44

See ASQM 1, paragraphs 48–52.

45

See ASA 220, paragraph A29.

46

See ASA 210, paragraphs 9 and 10(d).

47

See ASA 330, paragraph 7(b).

48

See ASA 705 Modifications to the Opinion in the Independent Auditor’s Report.

49

See ASA 300, paragraph A3.

50

See ASA 300, paragraph 10.

51

See ASA 315, paragraph 14(b).

52

See ASA 300, paragraph 5.

53

See ASQM 1, paragraph A74.

54

See ASA 220, paragraph 25.

55

See ASA 220, paragraph A72.

56

See ASA 220, paragraph A25.

57

See ASQM 1, paragraph 47.

58

See ASQM 1, paragraph 51(b).

59

See ASQM 1, paragraphs A19, A175.

60

See ASQM 1, paragraphs 48–49.

61

See ASA 220, paragraph 26.

62

See ASA 220, paragraph A66.

63

See ASA 220, paragraph 17.

64

See ASA 260, paragraph A31.

65

See ASA 220, paragraph 30.

66

See ASA 220, paragraphs A25–A26.

67

See ASA 220, paragraphs 31, A92–A93.

68

See ASA 250 Consideration of Laws and Regulations in an Audit of a Financial Report.

69

See, for example, Paragraphs R360.17 and R360.18 of APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (the Code).

70

See ASA 315, paragraphs 19–27, A50‒A183.

71

See ASA 315, paragraph 17.

72

See ASA 240, paragraph 16.

73

See ASA 315, paragraph A5.

74

See ASA 315, paragraph 25(b).

75

See ASA 550, paragraph 2.

76

See ASA 200, paragraph 15.

77

See ASA 315, paragraph A126.

78

See ASA 315, paragraph 31.

79

See ASA 240, paragraphs 26, 31.

80

See ASA 315, paragraph 35.

81

See ASA 320, paragraphs 10 and A11–A12.

82

See ASA 320, paragraph A13.

83

See ASA 450, paragraph A3.

84

See ASA 520 Analytical Procedures.

85

See ASA 240, paragraph 30(c).

86

See ASA 330, paragraph 8.

87

See ASA 330, paragraph 17.

88

See ASA 330, paragraph 18.

89

See ASA 220, paragraph 32.

90

See ASA 705, paragraphs 20 and 24.

91

See ASA 240, paragraphs 41–43.

92

See ASA 260, paragraph 15.

93

See ASA 265, paragraph 8.

94

See ASQM 1, paragraphs 31(f) and A83–A85.

95

See ASQM 1, paragraph A96.

96

See ASA 300, paragraph 9.

Illustration 1: [Deleted by the AUASB] Refer [Aus] Illustration 1A

Appendix 1

[Aus] Illustration 1A: Illustration of Independent Auditor’s Report When the Group Auditor Is Not Able to Obtain Sufficient Appropriate Audit Evidence on Which to Base the Group Audit Opinion – General Purpose Financial Report, Qualified Opinion under the Corporations Act 2001

Download example Auditor's Reports. 

Understanding the Group’s System of Internal Control

Appendix 2

Download Appendix 2

Examples of Events or Conditions that May Give Rise to Risks of Material Misstatement of the Group Financial Report

Appendix 3

Download Appendix 3