ISA 600 Explained

What are the pros and cons of the latest update to the International Standard on Auditing?

The International Federation of Accountants has updated the International Standard on Auditing 600 (ISA 600), and the revised standard went into effect on December 15, 2023. What are the advantages and disadvantages of the revisions when it comes to group audits?

Firstly, a group audit refers to an audit of consolidated financial statements where the parent company and its subsidiaries are viewed as a single economic entity or “group.” It is often conducted by the parent company’s auditor, known as the group auditor, and encompasses the financial information of the parent company and its subsidiaries. As the group auditor will provide an opinion on the consolidated financial statements, it is essential that they are satisfied with the work completed by component auditors or local audit teams.

The group audit is necessary because businesses often operate through different legal entities and across different geographical locations. For an accurate view of the group’s financial situation, auditors must assess financial statements at both the parent and subsidiary levels and follow the standards established by the relevant auditing bodies.

International Standard on Auditing 600 (ISA 600) (Revised), Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors) deals with special considerations that apply to a group audit, including when component auditors are involved. The standard is effective for audits of group financial statements for periods beginning on or after December 15, 2023, and aligns with recently revised standards which emphasize the assessment of risk, including ISQM1 and ISA 220 (Revised) and ISA 315 (Revised 2019). There is increased emphasis on the responsibilities of auditors relating to professional skepticism, planning and performing a group audit, two-way communications between the group auditor and component auditors, and documentation.

The changes are intended to:

• Encourage proactive management of quality at the group engagement and the component levels
• Keep the standard fit for purpose in a wide range of circumstances and in a developing environment
• Reinforce the need for robust communication and interactions during the group audit
• Foster an appropriately independent, challenging, and skeptical mindset on the part of the auditor

ISA 600 (Revised) sets out the responsibilities of the group auditor for providing the audit opinion on the group financial statements, including components such as subsidiaries, associates, joint ventures, and non-controller entities.

Advantages

Viewed from the component auditor’s side, relying on a variety of useful information regarding management’s rationale from the group auditor can reduce the risk of material misstatement and detection risk when conducting audit components.

One significant change is the introduction of the risk-based approach as a framework for planning and performing a group audit engagement. This means more focus on identifying and assessing the risks of material misstatement and performing further audit procedures in response to the assessed risks. The group auditor develops initial expectations and, based on these, may involve component auditors in risk assessment procedures, as these individuals may have direct knowledge and experience with the entities or business units that could be helpful in understanding the activities and related risks.

According to the standard, the group engagement partner may take responsibility for directing and supervising component auditors in different ways, such as:

• Discussing identified and assessed risks, issues, findings, and conclusions
• Participating in the closing or other key meetings between the component auditors and component management

The discussion between the group auditors and component auditors provides the opportunity to understand how and where the entity’s financial statements may be susceptible to material misstatement due to fraud. This is done by considering external and internal factors affecting the group that may create an incentive or pressure for group management, component management, or others to commit fraud. The discussion between group engagement partners and other key management team members also provides a chance to identify risks of material misstatement relevant to components where there may be impediments to the exercise of professional skepticism. In other words, the involvement of the group auditor enhances the effectiveness of component auditors.

ISA 600 (Revised) strengthens and clarifies the importance of two-way communications between the group auditor and component auditors as well as various aspects of the group auditor’s interaction with component auditors. However, there are many types of restrictions that may exist, such as on access to people and information (e.g., component management, those charged with governance of component, component auditors) as well as audit documentation.

Viewed from the group auditor’s side, the revised standard provides guidance on ways to overcome restrictions. The group auditor may be able to visit the location of the component auditor or meet with the component auditor to review their audit documentation. They may also be able to review the relevant audit documentation remotely when not prohibited by law or regulation and request that the component auditor prepare and provide a memorandum that addresses the relevant information.

Disadvantages

The application of ISA 600 (Revised) may also bring some downsides.

According to the requirements, the role of group auditor increases, as does the workload of component auditors. The group auditor may involve component auditors to provide information or perform audit work to fulfill the requirements of the standard.

Component auditors can be—and often are—involved in all phases of the group audit. The group auditor shall take responsibility for the nature, timing, and extent of further audit procedures to be performed, including determining the components at which to perform further audit procedures. This responsibility is demonstrated through meeting the requirements of the consolidation process and considerations when component auditors are involved.

Communication

ISA 600 (Revised) includes enhanced documentation requirements and application material to emphasize the link to the requirements of ISA 230 and other relevant ISAs. The required documentation includes:

• Basis for the group auditor’s determination of components

• Basis for the group auditor’s determination of the competence and capabilities of component auditors

• Documentation of the direction and supervision of component auditors and the review of the work

• Additional considerations when access to audit documentation is restricted

The strength and clarity of the importance of two-way communications between the group auditor and component auditors in the standard are likely to result in more work for the group engagement team. This is particularly true regarding the enhanced responsibilities in evaluating the component auditor’s communication and the adequacy of their work, the sufficiency and appropriateness of audit evidence obtained, and communicating with group management and those charged with governance of the group. References in the standard to the definition of “engagement team” includes the group auditor and component auditors.

As mentioned, the group auditor will involve component auditors and clarify the instructions for the risk-assessment procedures. However, in practice, there are some instructions from the group auditor that may not be suitable for component auditors, and this can lead to some aspects of the instructions not being effective.

These changes to the standard will take time to implement, comply with, and complete for both the group auditor component auditor sides.

Generally, both sides should make sure that they understand the new requirements and that audit methodologies are updated accordingly and in a timely manner. They should also reassess the models being used for considering component materiality and aggregation risk to determine whether they are still appropriate.