Revisions to International Standard on Auditing (Ireland) 600 will result in higher-quality group audits, but more work will be required to deliver this benefit, writes Noreen O’Halloran
The International Standard on Auditing (ISA) (Ireland) 600 has been revised. Issued by the Irish Auditing and Accounting Supervisory Authority (IAASA), the revised standard applies to the audit of group financial statements.
Effective for periods beginning on or after December 15, 2023, these revisions aim to enhance audit quality and address inconsistencies in practice. They bring some challenges, however.
The purpose of ISA (Ireland) 600 Revised (the revised standard) is to enhance the quality of the audit delivered, by ensuing better co-ordination and understanding between the group auditor and the auditor of a group component.
Audit committees, along with group and component management teams, will also experience changes in how the group auditor conducts the group audit.
Roles and responsibilities
Various definitions are amended within the revised standard. These include the definition of a component, which now includes entities, business units, functions or business activities, or some combination thereof, determined by the group auditor for the purposes of planning and performing audit procedures in a group audit.
This concept of the auditor’s view of a component marks a departure from the previous standard. Under the previous standard, a component was identified by the group auditor based on the level at which the group or component management prepared the financial information.
As a result, audit committees can expect to see some changes in the identification of the components for the purpose of the group audit.
The group engagement partner is responsible for the work performed by the engagement team. The definition of “engagement team” within ISA (Ireland) 600 Revised includes component auditors.
Therefore, it must be clarified that the group engagement partner along with members of the engagement team – other than component auditors (i.e. the group auditor) – will take responsibility for the nature, timing and extent of the direction and supervision of the component auditor’s work and the review of such work.
To fulfil this obligation, in addition to engaging with group management, the group engagement partner will need to be more involved with component auditors and, potentially, component management.
The definition of “significant components” has been removed. This means that there is no longer a set quantitative threshold above which a significant component’s financial information must be audited.
Rather, a more risk-based approach is required. Emphasis has been given to the consideration of the risk of material misstatement at the assertion level of the group financial statements associated with components.
This will mean that more decisions are made by the group auditor in terms of the level of work that is to be performed by each component and by whom this work will be performed. Component auditors may, therefore, expect changes to the scope of their work compared to previous years.
The definition of group financial statements has been clarified. The standard focuses on the concept of a consolidation process. This includes the aggregation of the financial information of business units and is wider than the definition of the consolidated financial statement in financial reporting.
As a result, audit committees may see a change in the approach to auditing an entity with multiple branches or divisions, as this is now considered to be a group audit.
The standard emphasises the need for a comprehensive approach to auditing all components contributing to group financial statements, ensuring that the audit covers all relevant aspects of the group’s financial reporting.
The clarity regarding the definition of a component (including the removal of the significant component), the involvement of the engagement team and the responsibility of the group auditor, may enhance the quality of the audit delivered.
However, additional time will be incurred by the group auditor as a result, who must now ensure that all component auditors are adequately supervised.
The changes to the definition of a component will provide greater flexibility for the group auditor when identifying components. However, this may result in the entity’s management receiving requests for information regarding components that were not previously in scope.
Risk-based approach
One of the most significant changes in ISA (Ireland) 600 Revised is the alignment of the standard with the principles in ISA (Ireland) 315 Identifying and Assessing the Risks of Material Misstatement.
This requires the group auditor to focus more on identifying and assessing the risks of material misstatement at the group level when planning and performing the group audit, rather than simply defaulting to a full scope audit at the component level.
The alignment to ISA (Ireland) 315, and the requirement for the group auditor to take a more active role in identifying and assessing the risks of the material misstatement of group financial statements, will assist in improving audit quality.
It will also require more time, resources and effort on the part of the engagement team, however, and particularly the group engagement partner.
The group auditor will be heavily involved in identifying and assessing the risks of material misstatement at the group level and planning the approach to the entire audit, rather than delegating this to the component auditor.
The additional time and effort required will be most evident in large groups with components in multiple locations.
The entity’s management may also receive additional, or more granular, requests for information from either the group or component auditor to support the group auditor’s risk assessment procedures.
Communication and documentation
ISA (Ireland) 600 Revised reinforces the need for two-way communication between the group auditor and component auditor to ensure that both parties are in sync.
The group and component auditor together comprise one engagement team, so a collaborative environment is essential.
The revised standard also emphasises that all ISAs, including ISA (Ireland) 230 Audit Documentation, must be applied in a group audit.
In applying ISA (Ireland) 230, the group auditor must demonstrate in their documentation how they are directing, supervising and reviewing the component auditor’s work.
The group auditor must consider the scenarios where access to either individuals or information at the component auditor level is restricted and how these restrictions are overcome.
Enhanced documentation and two-way communication from the beginning of the audit will improve audit quality.
However, it will also require more co-ordination and collaboration, which may be challenging, particularly for complex groups with many components.
Early communication will be essential to addressing the changes in scope, higher levels of group auditor involvement and in identifying any challenges to this involvement, including restrictions on sharing audit documentation electronically or at all, or restrictions on travel to a specific area.
To fulfil their supervisory role, the group auditor may need to navigate various obstacles, including different time zones and language barriers.
Other practical challenges may include how to ensure that component auditors are part of the discussions required by the other ISA (Ireland) standards, including the fraud discussion required by ISA (Ireland) 240.
Professional scepticism
The revised standard clarifies how the requirements in ISA 220 (Revised) Quality Control for an audit of financial statements – particularly the importance of professional scepticism – applies to achieving audit quality in a group audit.
The group auditor must exercise professional scepticism by remaining alert to inconsistent information from component auditors, component management and group management, regarding matters that may be significant to the group financial statements.
The group auditor must take appropriate actions when inconsistencies are identified. In addition, the group auditor must emphasise the importance of exercising professional scepticism to each of the engagement team members, including the component auditors.
Exercising professional scepticism at the component level may result in the group engagement partner needing to engage more extensively with component auditors and component management throughout the audit.
Crucial supervisory role
The revisions to ISA (Ireland) 600 introduce more requirements for group auditors and their component auditors. This requires increased resources, enhanced communication, increased documentation and a greater emphasis on professional scepticism.
Audit committees and group and component management will also see an increase in the level or type of information required from the group or component auditor so that the group auditor can fulfil their requirements in accordance with ISA (Ireland) 600 Revised.
The need for greater group auditor involvement in the planning and risk assessment stages, and the two-way communication required, highlights the importance for all auditors to understand the new requirements and ensure that they have the skills and resources needed to meet them.
To align with the revised standard, group and component management may see a change in the type or nature of information requested by auditors.
The supervisory role the group auditor plays is crucial to the execution of high-quality group audits.
Both the group auditor and the component auditor will need to be familiar with the new requirements and align their audit methodologies accordingly, while group and component management should be willing to provide the additional information required by the auditor.
While the revisions to ISA (Ireland) 600 will undoubtedly increase the workload of both auditors and group and component management, it will result in higher quality audits.
This will, in turn, generate greater benefits to the public interest and may avoid high-profile group audit failures in the future.
Noreen O’Halloran is Principle, Audit Quality and Professional Practice Department, KPMG Ireland