International Auditing and Assurance Standards Board Audits of Group Financial Statements ISA Implementation Support Module Prepared by IAASB Staff November 2009

Introduction Significant Features of New Standard –Risk Assessment and Quality Control Principles –Engagement Acceptance and Continuance –Understanding the Group and Its Components –Significant Components and Work Effort on Components –Component Auditors –Materiality –Communication –Additional Aspects Overview 2

The context for revising the standard –Lack of an international standard dealing specifically with group audits –Varying group audit practice around the world –Regulatory concerns about rigor and consistency of practice in this important and complex area –Need to reflect application of risk assessment and quality control principles in group audit context Standard reflects international best practice Introduction 3

A major thrust of the new standard Risk assessment provides basis for determining nature and extent of work on the group audit Identification and assessment of risks through obtaining an understanding of the group, its components, and their environments Effect on current practice will vary –If best practices already followed, changes may not be significant –In other cases, more effort could be required Applying Risk Assessment and Quality Control Principles Risk Assessment and Quality Control Principles 4

Standard reflects ISA 220 principle regarding responsibility for the audit –Group engagement partner alone should be responsible for direction, supervision, and performance of engagement and for group audit opinion Therefore, reference to component auditor in the group auditor’s report no longer permitted Practical implications: –Need to pay greater attention to where risks lie within the group –Component auditors may expect group engagement team to be more involved in their work Applying Risk Assessment and Quality Control Principles Risk Assessment and Quality Control Principles 5

Emphasis on sole responsibility does not imply that group audit should be performed by only one firm or one network –No requirement for this in the standard –Different components may be audited by different component auditors However, regardless of who the component auditors are, standard requires group engagement team to obtain an understanding of them Applying Risk Assessment and Quality Control Principles Risk Assessment and Quality Control Principles 6

A new approach –Main consideration under old standard was whether portion of group audited by the auditor was sufficient for the auditor to act as principal auditor –New standard introduces an entirely different concept –Group engagement team now needs to consider whether sufficient appropriate audit evidence can be obtained to express group audit opinion before accepting engagement –This consideration includes whether group engagement team will be able to be involved in component auditors’ work Engagement Acceptance and Continuance 7

Key consideration is whether sufficient appropriate audit evidence can reasonably be expected to be obtained regarding –The consolidation process –Components’ financial information Access to components controlled by the entity (e.g. subsidiaries, branches) may not be an issue In other cases, difficulty in accessing relevant information (e.g. at components such as joint ventures, associates) may give rise to a scope limitation Engagement Acceptance and Continuance 8

Decision to accept is also based on whether group engagement team has unrestricted access to –Component auditors and their work –Management and those charged with governance (TCWG) of the group –Management and TCWG of the components Consideration of engagement acceptance a key aspect of the standard –Thus, determining whether to act as auditor of the group is one of the objectives under the standard Engagement Acceptance and Continuance 9

As part of understanding the group and its components, group engagement team now required to understand –Group-wide controls –Consolidation process What are group-wide controls? –Any controls over group financial reporting –E.g. Controls for monitoring and reconciling intra-group transactions Understanding Group-Wide Controls and Consolidation Process Understanding the Group and its Components 10

Understanding group-wide controls helps to plan nature, timing, and extent of work on consolidation process and components Group engagement team tests, or asks component auditor(s) to test, operating effectiveness of these controls if: –There will be planned reliance on the controls, or –Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level Communicate significant deficiencies in group-wide controls in accordance with ISA 265 Understanding Group-Wide Controls Understanding the Group and its Components 11

Under current practice, group engagement teams may perform at least some work on the consolidation process –However, no specific requirements under old standard –Practice therefore inconsistent New standard formalizes best practice in this regard –Recognizes that material misstatements can arise as a result of consolidation process New set of responsibilities for group engagement team with regard to consolidation process Understanding the Consolidation Process Understanding the Group and its Components 12

Understand detailed reporting instructions issued by group management to components Perform specific procedures on consolidation process –Evaluate consolidation adjustments for appropriateness, completeness, and accuracy   Includes consideration of whether fraud risk factors or indicators of management bias exist –Evaluate whether components that report under different financial reporting frameworks have been consolidated on the basis of consistent accounting policies Understanding the Consolidation Process Understanding the Group and its Components 13

New standard introduces important concept of a “significant component” What is a significant component? –A component financially significant to the group (i.e. size) –A component likely to include significant risks of material misstatement of the group financial statements due to its specific nature or circumstances (i.e. specific risks) Why is concept of significant component important? –Determines direction of group audit –Work effort focused on components with greatest risks Significant Components Significant Components and Work Effort on Components 14

Old standard did not specify any particular level of work on components New standard establishes specific requirements –For a component significant due to size: an audit of the component’s financial information –For a component significant due to specific risks, one or more of  An audit of the component’s financial information  An audit of one or more account balances, classes of transactions or disclosures affected by the significant risks  Specified audit procedures responsive to the significant risks –For components that are not significant, analytical procedures at group level Work Effort on Components Significant Components and Work Effort on Components 15

Not the same as audit of statutory financial statements For example, component auditor may not need to audit –Items that will be audited centrally if so informed by group engagement team –Disclosures required for statutory purposes but not for group audit purposes Audit to component materiality (materiality for statutory audit may be lower) Group engagement team to specify form of reporting expected from component auditor –Standard does not mandate form of reporting Significant Components and Work Effort on Components Audit of Component Financial Information 16

Group engagement team to be involved in –Component auditor’s risk assessment  Have all the significant risks been identified?  Involvement depends on understanding of component auditor but standard specifies minimum work required –Component auditor’s responses to significant risks  Are the responses appropriate?  Direct involvement by group engagement team in responding to the significant risks may be necessary based on understanding of component auditor Significant Components Audited by Component Auditors Significant Components and Work Effort on Components 17

Only when sufficient appropriate audit evidence will not be obtained through work on significant components, group-wide controls and consolidation process, and analytical procedures at group level If so, select one or more components that are not significant and obtain additional audit evidence through one or more specified actions –E.g. Perform an audit or review of the individual component’s financial information –Vary selection of such components over a period of time Significant Components and Work Effort on Components Is Further Work Required on Components? 18

An auditor of a component is a component auditor only when it has been asked by the group engagement team to perform work on the component for the group audit –Can be an auditor in another firm or an auditor in another office of the same firm or network Understand 2 further matters besides component auditor’s competence and independence –Whether group engagement team can be involved in component auditor’s work as necessary –Whether component auditor is subject to regulatory oversight Component Auditors What is a Component Auditor? 19

Nature, timing and extent of work to understand component auditors depend on a number of factors, e.g. –Previous experience with or knowledge of component auditors –Degree to which group engagement team and component auditors are subject to common policies and procedures  E.g. in quality control, audit methodology Component Auditors Understanding Component Auditors 20

Standard now requires 4 different types of materiality to be determined –Group materiality –If relevant, materiality levels for particular classes of transactions, account balances or disclosures –Component materiality where an audit or a review of a component is necessary –Threshold above which misstatements cannot be treated as clearly trivial to the group Materiality 21

Materiality for a component necessary for group engagement partner to form an opinion on group financial statements –Not for component auditor to form an opinion on component’s financial information Should be lower than group materiality so that misstatements in components in the aggregate will not exceed group materiality Should be set for each component for which an audit or review is required What is Component Materiality? Materiality 22

Standard places greater emphasis on effective communication between group engagement team and component auditors –Effective involvement in component auditors’ work required by the standard otherwise not possible –Vital to ensure expectations on both sides are clear Standard recognizes need for effective communication with TCWG and management  Opens up dialogue with TCWG on significant matters  Enables TCWG and management to be made aware of matters relevant to discharging their respective responsibilities for financial reporting process, a matter of public interest Importance of Effective Communication Communication 23

Communication now broader and more specific Guiding principles when communicating downstream –Will component auditors be clear as to nature and extent of work requested of them on the components and whether group engagement team will be involved in their work? –Will component auditors be clear as to required form of reporting to group engagement team and reporting deadlines? Standard requires specific matters to be communicated to component auditors –E.g. component materiality, form and content of reporting Communication should be timely Communication with Component Auditors Communication 24

Nature and extent of component auditors’ communication upstream driven by 2 key considerations –Group engagement team’s specific requirements  E.g. significant risks identified by component auditors; previously unidentified related parties –Whether any specific matters have been identified that are relevant to the group audit or that would merit group engagement team’s attention  A broad responsibility for component auditors Communication with Component Auditors Communication 25

Standard requires evaluation of component auditors’ communication –To identify significant matters for follow-up with component auditors, group management or component management as appropriate –To determine whether to review specific aspects of component auditors’ audit documentation Greater scrutiny of component auditors’ work may lead to more discussion of issues with them in person or over the phone Evaluation of Component Auditor’s Communication Communication 26

Communicate matters relevant to group management’s responsibility for preparing group financial statements –E.g. Deficiencies in group-wide controls; fraud –An opportunity to also communicate, through group management, matters group engagement team has identified that are relevant to component management’s responsibility to prepare component financial statements Group engagement team should not rely on component auditor’s communication with component management to discharge responsibility to communicate with group management Communication with Group Management Communication 27

Explain to TCWG nature and extent of –Audit work required on components –Group engagement team’s involvement in component auditors’ work Rationale –Sets clear expectation among TCWG that overall responsibility for group audit rests with group engagement team –Helps them understand where audit effort is being directed so that they may provide assistance with any issues that may arise Communication with TCWG Communication 28

Standard requires –Subsequent events work on components that are audited –Documentation of specific matters, e.g.  Analysis of components, including identification of significant components  Type of work to be performed on the components  Nature, timing and extent of group engagement team’s involvement in component auditor’s work on significant components Subsequent Events and Documentation Additional Aspects 29

Note This set of support slides does not amend or override the ISAs, the texts of which alone are authoritative. Reading the slides is not a substitute for reading the ISAs. The slides are not meant to be exhaustive and reference to the ISAs themselves should always be made. In conducting an audit in accordance with ISAs, the auditor is required to comply with all the ISAs that are relevant to the engagement. 30

Copyright © November 2009 by the International Federation of Accountants (IFAC). All rights reserved. Permission is granted to make copies of this work provided that such copies are for use in academic classrooms or for personal use and are not sold or disseminated and provided that each copy bears the following credit line: “Copyright © November 2009 by the International Federation of Accountants (IFAC). All rights reserved. Used with permission of IFAC. Contact for permission to reproduce, store, or transmit this work.” Otherwise, written permission from IFAC is required to reproduce, store, or transmit, or to make other similar uses of, this work, except as permitted by law. Contact International Federation of Accountants ISBN: