As we observed in last month’s Audit & Beyond, the tragic circumstances in Ukraine mean that for many, there are much more important issues at hand than ‘business as usual’ activities such as audit. In many cases, offices of companies and auditors will be closed, and obtaining sufficient appropriate evidence will be impossible. There will be different challenges for entities located in Russia and Belarus, where business will be continuing but under sanctions and other restrictions.
This article offers practical considerations in relation to the work of group auditors to address the requirements of the International Standards on Auditing (ISAs) (UK). It may also be relevant for group auditors in other jurisdictions with similar requirements. Although the circumstances are very different, the implications for group audits are similar to those that existed as a result of COVID-19, and also give rise to a fast-evolving situation.
ISA (UK) 600 requirements
Companies and their auditors may be facing unprecedented practical challenges in a number of areas, including group audits. ISA (UK) 600 includes a requirement for the group auditor to evaluate and review the work of the component auditor.
If this is not possible, then the group auditor is required to undertake other measures, such as additional work, and inform the Financial Reporting Council (FRC) or Recognised Supervisory Body (RSB). The requirement in paragraph 42-1(b) of ISA (UK) 600 to inform the FRC or RSB is a ‘UK-plus’ to the standard, but other jurisdictions may have similar local requirements.
Many auditors have met this requirement in the past through local site visits to the component auditor team to review key audit working papers and attend closing meetings with local management. The UK Foreign Office currently advises against all travel to Ukraine, Belarus, Russia and the Transnistria region of Moldova. Additionally, from 2 March 2022, Poland extended a law limiting access until 30 June 2022 to areas in Poland close to the Belarusian border. With travel restrictions in place, group auditors will need to consider whether alternative procedures still allow them to meet the requirements of ISA (UK) 600.
Considerations for auditors in meeting ISA requirements
In meeting the UK requirements, group auditors may find the following considerations helpful.
Identify impacted audits: travel restrictions vary by jurisdiction and there is a high degree of uncertainty around how long restrictions are likely to continue, although if conditions improve, these may be eased or lifted. Where auditors travel overseas for component auditor work, they will need to be aware of local laws and regulations, as well as potential penalties such as fines and/or imprisonment for any breaches.
Categorise audits: review the impacted components and determine whether they are immaterial, material but not significant, or material and significant for the group opinion. This will allow the group auditor to better understand the risk associated with each engagement.
Understand the impact on the component: the group auditor might need to consider whether the group still controls the component and if not, whether it should continue to be part of the group audit. Where the component is still part of the group audit, consider to what extent the component’s ability to prepare necessary information has been affected. Workforce shortages due to evacuation and travel restrictions could limit management’s ability to provide supporting evidence. The group auditor may wish to discuss with management how the business has been impacted, and how management intends to obtain the information needed to prepare the group financial statements.
Review status of work done: gain an understanding of what work has been performed to date, for example as part of planning or interim audit work.
Consider ability to gather evidence: how has this been affected? For example, bank closures, sanctions on services such as SWIFT, or even mass withdrawals of cash, may result in an inability to confirm cash balances. This may have implications for the ability of the group auditor to form an opinion on the group accounts.
Discuss amending reporting timescales: the situation in Ukraine may mean either a delay in the reporting timetable, or if offices in Ukraine do not reopen for a long period or at all, there simply may be no way to obtain information for the audit in time to meet signing deadlines. With this in mind, a delay in the reporting timetable could allow time for the situation on the ground in Ukraine and other affected countries to change, and for travel restrictions to be eased or lifted. However, there is no guarantee that conditions will improve.
The group auditor will need to understand whether the reporting timetable has been set due to regulatory or other deadlines, such as reporting on covenants. If it reflects company preference only, extending deadlines should be encouraged to allow local management and auditors time to recover from the disruption resulting from the conflict. Office closures make it likely that work will be behind schedule in terms of original reporting deadlines.
Consider whether the component audit team is still in place: many offices in Ukraine will have closed and staff will not be responding to requests for information from group auditors.
Review of component teams: if there is still access to component auditor work, consider alternative activities to demonstrate the review and evaluation of the component auditor work where originally a visit by the group auditor was planned.
- Can data be shared cross-border to allow for group auditor review? Could files be loaded into a cloud-based portal and a login provided to the group auditor? Local laws may restrict this cross-border data sharing. If in doubt, advice should be sought on any local legal restrictions.
- Can video calls and/or screen-sharing software be used to talk through the work with the component auditor?
- Can the component auditor be asked to complete a detailed questionnaire or clearance on the work they have performed?
- Consider the outcome of any prior visits, including during planning or at an interim stage – what work was reviewed previously?
- Consider the past work of the component auditor – have there been significant errors or issues, or has work been to a high standard?
- Can a more detailed memorandum be provided to the component auditor on what work should be done for group reporting?
- What work can be done centrally by the group audit team? If finance systems are integrated, data may be accessible for group auditor review. Management may be able to provide information directly to the group auditor to allow for testing.
- The Audit and Assurance Faculty guide Remote auditing in practice, originally developed for COVID-19 scenarios, provides further considerations that may be helpful when working remotely.
The audit report
Each individual engagement will need to be assessed on a case-by-case basis to determine what may be appropriate. Group auditors will need to assess the results of alternative actions taken and consider implications for the audit report.
Alternative actions: consider whether alternative actions have allowed the requirements of ISA (UK) 600 to be met. In particular, has sufficient, appropriate audit evidence been obtained? Does the language in the audit report need to be amended if reporting under ISA (UK) 701, for example, on the scope of work undertaken and involvement with component audit teams?
Even after undertaking these alternative actions, does the opinion need to be modified under ISA (UK) 705?
Faculty guides provide advice when preparing a modified audit opinion. If still in doubt, ICAEW members can contact the Technical Advisory Service on +44 (0)1908 248 250.
Implications: there are a number of matters to reflect on when considering implications for the audit report.
- Assess whether there has been a limitation to the scope of the audit that would lead the auditor to issue a qualified audit opinion, or to disclaim their opinion.
- Assess whether the going concern basis is appropriate, and whether there are
longer-term risks to viability. - Consider whether the impact requires an emphasis of matter paragraph under ISA (UK) 706.
- Determine whether there are wider accounting effects, for example, consider whether any operational closures may have resulted in impairment of assets or a need to write down inventory values.
- Review how management has disclosed the impact of the conflict, for example, in disclosures on the principal risks to their business. How are they providing updated information to shareholders and monitoring the situation?
- Auditors required to report on Key Audit Matters (KAMs) under ISA (UK) 701 will need to consider whether the situation in Ukraine requires inclusion of a KAM.
Other guidance relating to the Ukraine crisis is available from a central ICAEW resource hub.
It includes War in Ukraine: the auditing implications, giving an overview of key areas for auditors to consider and War in Ukraine: the corporate reporting implications, highlighting the financial reporting implications of the crisis for businesses of all sizes.
Audit & Beyond
This article was first featured in the May 2022 edition of Audit & Beyond.