Earlier in the year, the IAASB published a revised standard on ISA 600 Audits of Group Financial Statements (Including the Work of Component Auditors). This introduces significant changes to the audit of groups for periods commencing on or after 15 December 2023 (with early adoption permitted). Taking on board these changes, the FRC has followed suit with the recently published ISA (UK) 600 (Revised).
These changes have been made to ensure the standard better aligns to new and recently revised standards, such as the quality management standards and the revised ISA 315. This thereby encourages proactive management of quality and ensures that the standard remains fit for purpose.
One of the key changes is the introduction of a proactive risk-based approach to the audit of groups. This means more focus on identifying and assessing the risks of material misstatement, planning the approach to the audit and performing engagement procedures that respond to the assessed risks.
Changes have also been made to clarify how the requirements in ISA 220 (Revised) apply to group audits. These focus on the resources needed to perform the engagement, and the direction and supervision of the engagement team and the review of its work. The definition of ‘engagement team’ includes component auditors.
The definition of a component has been revised. There is further clarification on scope and the application of the standard to branches and divisions, shared service centres and non-controlled entities. The definition of ‘significant components’ has been removed. Emphasis has been given to the consideration of risks of material misstatement at the assertion level of the group financial statements that are associated with components.
The requirements for robust two-way communication between the group and component auditor have been strengthened and there are enhanced requirements in relation to professional scepticism.
The revised ISA also includes enhanced documentation requirements and clarifies the restrictions on access to people or information that might exist, including guidance on how these might be overcome.
As the requirements are principles-based, ISA 600 (Revised) is intended to be scalable for group audits of differing complexity. Separate sections are included in the standard to highlight requirements that relate to the involvement of component auditors.
While it is hard to argue with a more proactive risk-based approach, in practice, this is likely to result in more work for the group engagement team and group engagement partner, particularly in light of the enhanced responsibilities for direction, supervision and review of the work of component auditors.
Although the changes to the definition of a component allows for great flexibility in theory, it will be interesting to see what impact this has in practice, for example on scoping and the use of component auditors. The revised definition of a consolidation process to include the aggregation of financial information of business units may also change the approach to auditing entities with multiple branches or divisions.
Both group and component auditors will need to ensure they understand the new requirements and that their audit methodologies are updated accordingly. Models previously used by firms for considering component materiality and aggregation risk might need to be reassessed.
Over the coming months, ICAEW’s Audit and Assurance Faculty will be considering what additional support members may need to help apply these changes so keep a look out for further resources.
Further resources
- IAASB’s ISA 600 (Revised)