Group auditor

Component auditors 

1. Robust two-way communication

• The definition of the ‘engagement team’ now includes both group and component auditors, i.e. anyone performing audit procedures. 

• The group engagement partner determines who other key engagement team members are, including component auditors, and ensures they are appropriately briefed in engagement team meetings. The group engagement partner is responsible for the quality of the work performed by the component auditors. 

• Key engagement team members are included in the engagement team discussion and work performed is appropriately directed.

• Involvement in the group audit by the component auditor may be required at an earlier stage, including the interim audit. ‘One-way’ group audit instructions are no longer likely to be sufficient. 

2. Proactive quality management

• The group engagement partner is responsible for proactive quality management throughout the audit process. An understanding may therefore be needed of: 
  • the component auditor’s conclusions based on its evaluation of its System of Quality Management (SoQM);
  • how component auditor SoQM deficiencies affect the component audit;
  • whether SoQM conclusions are made public; and
  • external inspection reports, where these can be obtained.

• The depth of understanding of non-network firms is driven by what the network and audit regulators expect to see. In practice, networks and regulators, such as the UK’s Financial Reporting Council (FRC) increasingly require firms to obtain rigorous assessments of component auditor SoQM evaluation conclusions, particularly in relation to: 
  • human resources (the right people with sufficient time and expertise);
  • service providers; and
  • the use of technology and methodologies that are different to those of the network and how it has been assessed as suitable.

• The group engagement partner may request specific assurances regarding component auditor resourcing, engagement performance, and compliance with UK ethical requirements, including independence monitoring, and remediation of deficiencies.

• UK audits must comply with the FRC’s Ethical Standard, including the work of component auditors. Where component auditors are not part of the same network or do not comply with the FRC Ethical Standard for other reasons, they may follow the International Ethics Standards Board for Accountants (IESBA) requirements, or others. Additional ethical training for the component auditors may be necessary, or additional work effort and procedures by the group auditor. 

• The group engagement team assesses the competence and capabilities of component auditors, including network firms by, for example, assessing:
  • firm accreditations;
  • the firm’s reputation;
  • quality gradings achieved by component engagement partners;
  • gradings arising from external or internal reviews; and
  • the component auditors’ past performance on the group audit. 

• The FRC noted in a 2024 Thematic Review that firms should identify, as required by ISQM 1, all service providers and network resources relied on by their SoQM so that these can be understood and assessed. Group audit firms should, where appropriate include:
  • non-network component auditors as service providers; and
  • network component auditors as network resources.

• Obtain a clear understanding of:
  • the scope of work required, including planning and risk assessment;
  • deadlines and timelines for the group engagement team’s review of working papers. 

• Identify and communicate accessibility challenges or restrictions.

• Seek to understand the nature and extent of information requested regarding the firm’s SoQM evaluation conclusions and the impact on the component audit for group purposes. 

• Confirm willingness to cooperate with group auditors (or otherwise).

• Confirm understanding of UK ethical requirements (or otherwise) and communicate differences.

3. Professional scepticism

• Professional scepticism is more challenging in the presence of:
  • complex group structures;
  • component auditors in different locations, subject to different cultural pressures and bias;
  • systems that are not integrated; and
  • tight deadlines imposed by management. 

• Other challenges to scepticism may include the presence of:
  • budget constraints;
  • management pressure;
  • difficulties accessing books and records, restrictions on the transfer of documentation;
  • travel restrictions and restrictions arising from war, unrest or disease. 

• Identification and documentation of these challenges is needed, together with documentation of how they are addressed, differentiating between restrictions outside the control of group management and those imposed by group management. 

• Two-way communication between group and component auditors is needed for the examples provided in the left hand column and any other areas giving rise to the need for the exercise of scepticism. 

Group auditor

Component auditors 

• There are revised definitions of what constitutes a group and a consolidation. The engagement team is required to understand the group structure including:
  • the constituent elements of the group financial statements and how they are compiled;
  • different lines of business;
  • different accounting policies and practices across entities, business units or jurisdictions and their aggregation in the consolidation process;
  • systems and controls, including common controls operating across multiple entities, business units or jurisdictions. It is important to understand how the commonality of a control across the group is determined; and
  • centralised activities such as shared service centres. 

• The engagement team assigns procedures to component auditors depending on their knowledge of component auditors, the component’s location and any local access restrictions. These elements should be clearly communicated and discussed. 

• Risk is no longer assessed based on the significant/non-significant component distinction. Qualitative risk factors considered in the risk assessment include:
  • the integrity, understanding and competence of component management;
  • group materiality levels and aggregation risk (where the aggregated risk of components is material to the group); and
  • the source of group risks, ie, at component level or as part of the consolidation process.

• Risks of material misstatement attributed to locations, functions, or activities will help:
  • develop the group audit strategy;
  • determine which components require focused audit procedures; and
  • determine who will perform the audit procedures. 

• Component auditors generally have greater access to and knowledge of the component. Any key information should be shared with the engagement team on a timely basis to ensure a robust and thorough group-wide risk assessment. 

• Any of the following may result in a need for additional investigation:
  • impediments to audit procedures either by the component auditor or component management;
  • overreliance on automated tools by the component auditors;
  • any cultural influences that may conflict with requirements, also any potential bias;
  • complexity and any other indicators of fraud risk factors; and
  • inconsistent information obtained about the group, its components or component auditors. 

• Timely communication of any issues in the left-hand column. 

Group auditor

Component auditors 

• The revised standard has increased focus on the direction, supervision, and review of component auditor work, which may result in greater involvement of the group auditor in component audits and the review of additional working papers. However, more focused direction and supervision may lead to less review time and effort in areas of lower risk.

• Work performed is subject to enhanced direction, supervision and review which is likely to require enhanced communication with the group auditor to ensure that it is efficient. 

• The revised standard requires the group auditor to perform a more risk-focused scoping process than in the past. This has the potential to allow group auditors to be more specific regarding the areas to be covered by the component auditor, linked to the risks of material misstatement at group level. 

• The increased focus on risk creates opportunities for component auditors to take a more significant role in the group risk assessment process and therefore the required risk response.

• The focus on areas of risk to the group financial statements may lead to group auditors requesting work in different areas to those previously considered.

• Additional work required for local statutory audit purposes needs to be considered separately. 

• References to the use of substantive analytical procedures at group level where balances are highly disaggregated across multiple components (in the revised standard) increase the potential for the use of automated audit techniques. The extant standard has more of a focus on the use of analytical procedures on non-significant components. 

Group auditor

Component auditors 

• There are no new requirements for group auditors on concluding and reporting. However, the change in focus to a more risk-based approach may lead to different matters being reported by component auditors to group auditors. Group auditors will need to reconsider the sufficiency of evidence regarding the component in the context of reporting. 

• Component auditors may report different matters to group auditors, reflecting the more risk-based approach to the group audit.