As a result of the AICPA Auditing Standards Board’s (ASB) Clarity Project, a new standard has been developed that provides clearer requirements and guidance for audits of group financial statements, in particular those in which part of the work is performed by auditors other than the auditor who expresses the opinion on the financial statements of the group.
The provisions of the new standard, AU-C 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors), are consistent with the risk-based requirements of current U.S. standards. AU-C 600’s provisions also are consistent, with the exception of a group auditor’s ability to reference the work of a component auditor, with the international standard (ISA 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors)). The new standard changes terminology (see the sidebar, “Group Audit Terminology,” below) and more clearly articulates the group auditor’s responsibilities, including the extent of involvement in the work of component auditors.
In this article, the term “group auditor” refers both to the “group audit team” and the “group engagement partner,” even though the standard further differentiates responsibilities by referring to these parties separately. It is important to note that the same personnel may, and often do, function as both members of the group engagement team and a component audit team.
SOURCES OF RISK OF MISSTATEMENTS IN GROUP FINANCIAL STATEMENTS
The risk that an individual component will contain misstatements that are material to the group financial statements is largely a function of the size of the component in relation to the group and the nature and other characteristics of the component. In addition to the considerations in assessing these risks for a specific component discussed in AU-C 315 and 320 of the clarified standards, there are additional risks that result from activities involved in managing a group that can be classified into the following categories:
- Risks related to managing complex, diverse, or decentralized business operations. These might result, for example, from overseas operations in difficult environments, decentralized trading operations, or significant joint venture operations.
- Risks related to processes involved in obtaining and consolidating or combining financial and other required information into group financial statements. These risks include, for example, the failure to identify events occurring after the date of completion of component financial information that may require adjustment or disclosure and risk of misunderstanding of relevant GAAP by component personnel.
The new standard contains explicit requirements for the group auditor that are intended to address these risks, in particular, risks related to the consolidation process and risks related to identifying subsequent events.
OVERALL RESPONSIBILITY OF THE GROUP AUDITOR
The group auditor is responsible for the direction, supervision, and performance of the group audit as well as for the appropriateness of the group audit report. The group auditor’s overall requirements are outlined in paragraphs .13 through .49 of the new standard. Exhibit 1 diagrams these requirements.
DECIDING TO SERVE AS THE GROUP AUDITOR
When requested to perform an audit of group financial statements, an audit firm is required to first determine whether it is qualified to serve as group auditor and, therefore, to take responsibility for the group audit opinion. Relevant factors in this decision include the individual financial significance of the components audited, the extent to which significant risks of the financial statements are associated with the components, and the extent of the auditor’s knowledge of the overall group financial statements.
The new standard also requires that the group engagement partner evaluate whether it is reasonable to believe that sufficient appropriate audit evidence can be obtained regarding the consolidation process and the financial information of the components on which to base the group audit opinion. Making these determinations requires sufficient knowledge of the group, its components, and their environments to make a preliminary assessment of the significance of components and risks related to group-level activities.
In general, whenever an auditor concludes that sufficient evidence cannot be obtained to support a group audit opinion or that it is unable to serve as group auditor, it should either not accept the engagement or withdraw. In cases in which laws or regulations require that the auditor perform an audit and issue an opinion regardless of the circumstances, the auditor should do so but should disclaim an opinion. (The standard specifically mentions that laws and regulations may specify the identity of the auditor of a governmental entity, may require a basis of accounting that does not conform to GAAP—such as GASB or FASAB standards—or may require an auditor to issue an opinion).
DEVELOPING THE GROUP AUDIT STRATEGY
Having decided to serve as group auditor, the group engagement team is required to develop a group audit strategy. Among other things, this requires the group auditor to further enhance its understanding of:
- The business environment in which the group and its components operate;
- Any groupwide controls important to the prevention or detection of errors in component financial information or in the consolidation process that may be material to the group financial statements; and
- The consolidation process, including controls and group reporting instructions.
This understanding is the basis for identifying and evaluating the significance of components and for assessing the risks of material misstatements of the group financial statements, whether due to error or fraud, and thereby for developing planned audit procedures to appropriately assess these risks.
UNDERSTANDING COMPONENT AUDITORS
As part of developing the audit strategy, the group engagement team is required to identify any other component auditors that will be involved in the audit and, for each of them, obtain an understanding of:
- The component auditor’s understanding and willingness to comply with relevant ethical requirements, particularly those related to independence;
- The component auditor’s professional competence;
- The extent, if any, to which the group engagement team will be able to be involved in the component auditor’s work;
- Whether the component auditor can make information affecting the consolidation process available to the group engagement team; and
- Whether the component auditor operates in a regulatory environment (such as the SEC or the PCAOB) that actively oversees auditors.
The group engagement team’s assessment of these factors provides a basis for determining whether to take responsibility for the work of the component auditor and, when taking responsibility, the nature and extent of involvement in component audit work. In some cases, this assessment may indicate, because of lack of independence or competence, that the group auditor should not use the component auditor’s work for any purpose.
Many firms operate within networks, either internationally or in the United States. The form and operational objectives of these networks vary widely but should be understood and evaluated for their effect on the performance of their member firms. For example, networks may have common procedures for monitoring of independence, training, personnel development, technical support, or quality-control procedures. The guidance in Statement on Quality Control Standards (SQCS) No. 8, A Firm’s System of Quality Control (Redrafted), should be useful to the group auditor in assessing of the independence and competence of component auditors. (Although PCAOB standards do not apply to nonissuer audits, the PCAOB staff discussion of audit networks is useful background related to audit networks. See Appendix A beginning on Page 11 of the staff discussion for the April 7-8, 2010, meeting of the Standing Advisory Group at tinyurl.com/yau9yzm.)
MAKING REFERENCE TO THE WORK OF COMPONENT AUDITORS
Perhaps the most significant difference between AU-C 600 and its international counterpart (ISA 600) is that the U.S. standard continues to permit the group auditor not to assume responsibility for component auditors’ work by making reference, in the group audit report, to component auditors’ reports on component financial statements. The ASB thought this practice, which has been long established in the United States, is particularly useful (1) in audits of governmental entities where withdrawing from an engagement is often not permitted and (2) in situations where the group auditor’s access to information related to certain components is limited by extenuating circumstances. It will be more efficient to determine whether reference will be made before designing the remainder of the group audit work. This decision is most often primarily influenced by factors outside the group auditor’s control.
The standard permits reference to the report of a component auditor when the component’s financial statements are prepared using a different financial reporting framework than that of the group financial statements, as long as the group auditor audits the component’s conversion adjustments. The standard does not, however, permit reference unless the component auditor has performed an audit in accordance with GAAS in the United States and has issued an unrestricted auditor’s report on those financial statements.
Even when these conditions are met, it may be impractical to obtain access to the information that would be required for the group auditor to be sufficiently involved in the component auditor’s work to assume responsibility for that work. For example:
- The group financial statements may include an equity interest in an investee that is audited by another auditor and where group management, because of its lack of control over the investee, is unable to arrange access to the work of the other auditor.
- Components may operate in countries or locations where the group auditor does not operate and group management has elected to use a local auditor.
- Laws and regulations may specify that other auditors are to audit components of group financial statements of governmental entities and operations.
The new standard illustrates how the group engagement team could refer to component auditors’ work in the group audit report (.A94, Exhibit A, Illustration 2). If the group auditor, in its discretion, decides to name specific component auditors in the group audit report, the component auditor’s report (with the component auditor’s permission) is required to be presented together with the group auditor’s report on the group financial statements.
ADDITIONAL STEPS BY THE GROUP AUDITOR
The group auditor should determine materiality for the group financial statements as well as for each component that is to be audited or reviewed, taking into account all of the components of the group where the group auditor is assuming responsibility for the work of a component auditor. The group engagement team should also evaluate the appropriateness of performance materiality at the component level, as determined by the component auditor.
The group auditor is required to design and implement audit tests that appropriately address identified risks of material misstatements in the group financial statements. Some of these risks are related to the activities involved in managing the group and in consolidating or combining the financial information of its components. The new standard requires the group auditor to specifically address the design and operation of groupwide controls, including those related to the consolidation process. The group engagement team also has the responsibility to perform procedures designed to identify and evaluate subsequent events that occur between the date of the group financial statements and the date of the group audit report that may require adjustment or disclosure (see AU-C 560.05, 560.09, and 560.10).
ASSUMING RESPONSIBILITY FOR THE WORK OF THE COMPONENT AUDITOR
To assume responsibility for the work of a component auditor, the group auditor is required to (1) specify the type of work to be performed by the component auditor and (2) be involved in the component auditor’s work by performing additional procedures that are described in paragraphs .50–.64 of the standard. Exhibit 2 diagrams these procedures.
DETERMINING THE TYPE OF WORK TO BE PERFORMED ON COMPONENTS
The type of work to be performed on the financial information of a component is, generally stated, a result of the assessed risk that the component may generate a material misstatement in the group’s financial statements.
For components identified as significant because they are individually financially significant to the group, the group engagement team, or a component auditor on its behalf, should perform an audit of the component’s financial information, adapted as necessary to meet the group engagement team’s needs. In this context, adapting the component audit to meet the needs of the group engagement team may include, for example, not performing procedures on accounts or disclosures that will be audited by the group engagement team or communicating the results of the audit in a form that differs from the normal auditor’s opinion.
For components identified as significant because they are likely to include specific risks of material misstatement of the group financial statements due to their specific nature or circumstances, the group engagement team, or a component auditor on its behalf, should perform one or more of the following:
- An audit of the financial information, adapted as necessary to meet the needs of the group engagement team;
- An audit of one or more account balances, classes of transactions, or disclosures relating to significant risks of material misstatement of the group financial statements; or
- Specified audit procedures relating to the significant risks of misstatement of the group financial statements.
For components that are not significant, the group engagement team should perform analytical procedures at the group level. If the results of applying these procedures do not result in sufficient appropriate audit evidence to develop a group audit opinion, the group auditor should select additional nonsignificant components and perform one of the procedures outlined in the previous paragraph or a review of the financial information of the component.
INVOLVEMENT OF THE GROUP ENGAGEMENT TEAM IN THE COMPONENT AUDITOR'S WORK
When a component auditor performs procedures related to a significant component, the group engagement team should be involved in assessing the component’s impact on risks of material misstatement of the group financial statements. At a minimum, this involvement should include discussions with the component auditor or management of the business activities of the component that are significant to the group, as well as the susceptibility of the component to misstatement. The group auditor should also review the component auditor’s documentation of identified significant risks. In certain cases, the group auditor may choose to become more involved in the work of the component auditor or may itself perform additional procedures on the component financial information.
The effective and efficient conduct of a group audit is directly and importantly affected by the quality of two-way communication between the group auditor and component auditors. The group engagement team should clearly communicate its requirements to component auditors on a timely basis. These requirements include the scope of work to be performed by the component auditor and the required form and content of communications from the component auditor to the group auditor. Communications from component auditors are particularly important since they constitute all, or a substantial portion of, the evidence used by the group auditor in forming the group audit opinion.
PRACTICAL APPLICATION OF THE NEW STANDARD
Many of the effects of applying the new group audit standard will be a result of the format, terminology, and requirements of the clarified standards as a whole and, therefore, do not directly result from the group audit standard itself. For example, the clarity standards provide additional guidance on criteria to be considered in the application of requirements that are not explicitly specified in current GAAS. The auditor’s consideration of these criteria may require additional documentation.
The actual impact of the group audit standard on an individual engagement depends on the manner in which the practitioner has performed group audits in the past. In deliberating the new standard, ASB members generally agreed that the requirements of the new standard are consistent with current best practices for group audits while still recognizing that there have likely been variations in practice. Some specific requirements of the new standard, however, have the potential to create unnecessary work if the auditor does not understand the new guidance or apply sound judgment. These include:
- The new standard requires that, when performing component audit work, members of the group engagement team, as well as other personnel within the same audit firm or from other firms that are members of the same network, be addressed separately as component auditors. This represents a change from prior practice and will require the group auditor to demonstrate that it has appropriately assessed the roles of all auditors involved. In most cases, audit networks provide robust quality control and communications environments that can be relied on to accomplish this requirement.
- An important factor in determining the effort required to perform an effective group audit is the number of components included in the group. The new standard places much emphasis on the requirement to assess risk and develop appropriate audit responses to those risks for each component of the group. However, the standard also indicates (paragraphs .A1–.A5) that discretion may be exercised in aggregating components and in the manner in which components are identified. Aggregating components that have similar risk profiles may be the most appropriate and efficient way to fulfill this requirement.
- In describing the scope of the work that may be specified for a component, the new standard refers to both an audit and a review, “modified as appropriate.” The related guidance (.A75) implies a degree of latitude in modifying either an audit or a review for purposes of the group audit. As a result, the group auditor actually has a wider range of choice in terms of scope of work to be performed on each component than might be implied from a quick reading of this requirement.
- Additional documentation requirements for a group audit should specifically include: (1) analyses of components, indicating those that are significant and the scope of work performed on component information (audit, review, or specified procedures); (2) those components for which reference to the reports of component auditors is made in the audit report on group financial statements; (3) written communications between the group engagement team and component auditors concerning the group engagement team’s requirements; and (4) for those components for which reference to component auditors’ reports is made in the report on group financial statements, the financial statements of the component and the corresponding report of the component auditor. Although these requirements should have been implied from a reading of current GAAS, there may have been variations in application in the past. By making these requirements explicit, the new standard may require some auditors to add documentation. Practitioners should carefully consider the best methods for accomplishing these requirements without creating unnecessary work.
Group Audit Terminology
AU-C 600 adopts the terminology contained in ISA 600, some of which is new to GAAS in the United States and some of which replaces certain terms used in AU 543. These terms include:
Component. An entity or business activity for which group or component management prepares financial information required by an applicable financial reporting framework (such as GAAP).
Component auditor. An auditor performing work on the financial information of a component that will be used as audit evidence for the group audit. A component auditor may be a part of the group audit engagement team’s firm in a different location, a network firm, or another firm.
Group. All the components for which financial information is included in the group financial statements. A group always has more than one component.
Group audit opinion. The audit opinion on the group financial statements.
Group financial statements. Financial statements that include financial information of more than one component. Group financial statements may be either consolidated or combined.
Significant component. A component that is identified by the group auditor as being significant either because (1) it is individually of financial significance to the group or (2) it is likely to include significant risks of material misstatement of the group financial statements because of its specific nature or circumstances.
The terms auditor of the group financial statements and component auditor replace principal auditor and other auditor previously used in AU 543, respectively.
Clearer requirements and guidance for group auditors are contained in a new standard developed as part of the AICPA Auditing Standards Board’s Clarity Project. The standard, AU-C 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors), particularly adds clarity for situations in which part of the work is performed by auditors other than the auditor who expresses the opinion on the financial statements of the group.
AU-C 600 contains provisions that are consistent with the risk-based requirements of current U.S. standards. AU-C 600’s guidance also is consistent with the international standard, ISA 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors), with the exception of a group auditor’s ability to reference the work of a component auditor.
CPAs who participate in group audits will want to become familiar with changes in terminology described in the new standard.
The group auditor’s responsibilities, including the extent of involvement in the work of component auditors, are more clearly articulated in the new standard.
The impact of the new standard will depend on the approach the practitioner has taken in performing past group audits. The requirements generally are consistent with current best practices, but some specific requirements could create unnecessary work if the auditor does not understand the new standard or apply sound judgment.
C. William Thomas (email@example.com) is the J.E. Bush Professor of Accounting in the Department of Accounting and Business Law at Baylor University in Waco, Texas. Phil D. Wedemeyer (firstname.lastname@example.org) is a retired partner at Grant Thornton LLP and a former member of the AICPA Auditing Standards Board.
To comment on this article or to suggest an idea for another article, contact Ken Tysiac, senior editor, at email@example.com or 919-402-2112.
- AICPA Professional Standards (#WPS-XX, online subscription; #APS12P, paperback)
- Snapshot: “AU-C Section 600—Audits of Group Financial Statements"
- Technical Q&As
- Understanding the Clarified Auditing Standards—2012 Audit Risk Alert (#ARACLA12O, online subscription; #ARACLA12P, paperback; #ARACLA12E, ebook)
- Understanding the Responsibilities of Auditors for Audits of Group Financial Statements-—AICPA Audit Risk Alert (#ARAGRPO, online subscription; #ARAGRP12P, paperback; #ARAGRP12E, ebook)
- AICPA’s Annual Accounting and Auditing Update Workshop (#736188)
- Auditing Considerations in an Uncertain Economy (#153410)
- Understanding the Clarity Project (#WBC12318D)
National Advanced Accounting and Auditing Technical Symposium, July 11–12, Nashville, Tenn.
For more information or to make a purchase or register, go to cpa2biz.com or call the Institute at 888-777-7077.
Auditing Standards Board members provide an overview of AU-C 600