The document summarizes an exposure draft of proposed revisions to ISA 600 on group audits. It provides an overview of the journey to revising the standard, including key milestones. It discusses public interest issues addressed in the revisions and linkages to other IAASB standards. The exposure draft focuses on a risk-based approach to group audits and enhances requirements on planning, materiality, documentation and other areas. It provides more guidance on situations with restricted access. The document outlines next steps in the process leading to a final revised standard.
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Exposure Draft ISA 600 – Group Audits
1. Exposure Draft
ISA 600 – Group Audits
Webinar, June 11, 2020
Len Jui, IAASB Member and Task Force Chair
Josephine Jackson, IAASB Member and Task Force Member
Jasper van den Hout, IAASB Principal and Lead Staff
2. Overview
The Journey So Far Public Interest Issues
Linkages with Other
Standards
Scope and Applicability
Planning and
Performing a Group
Audit Engagement
Structure of the
Standard
Acceptance and
Continuance, including
Restrictions on Access
Understanding the
Group and Its
Environment
Materiality Documentation Other Matters Way Forward
Page 2 |
6. Public Interest Issues
Page 6
•Keeping the IAASB’s
standard on group audits
fit for purpose
•Encouraging proactive
management of quality at
the engagement level
Reinforcing the need for
robust communication
and interactions during
the audit
•Fostering an
appropriately independent
and challenging skeptical
mindset of the auditor
Public
Interest
9. Proposed ISA 220 (Revised), ISA 315 (Revised 2019) and ISA 330
• ED-600 is based on proposed ISA 220 (Revised) as presented to the Board in
March 2020
– Engagement team definition
– Leadership responsibilities for managing and achieving quality on a group audit
– Being able to be involved in the work of the component auditor
– Relevant ethical requirements, including those related to independence
– Engagement resources
– Engagement performance
• Greater alignment with ISA 315 (Revised 2019) and ISA 330
– Understanding the entity and its environment, the applicable financial reporting framework
and the entity’s system of internal control
– Identifying, assessing and responding to the risks of material misstatement
– Evaluating the sufficiency and appropriateness of audit evidence obtained
Page 9
11. Page 11
• Group financial statements
– Definition is the ‘entry point’ into ED-600
– Definition retains the notion that group financial
statements include the financial information of more than
one entity or business unit
– Definition includes the term ‘consolidation process’ –
description of consolidation process enhanced
• Component
– Reflects the ‘auditor’s view’ for purposes of planning and
performing the group audit
– Definition uses terms ‘location, function or activity’
• Scalability
Special Considerations Standard
13. Focus of Extant ISA 600
Significant
Component A
Group FS
Equity
Revenue
Costs/ Expenses
Liabilities
Significant
Component B
Non-significant
Component C
Non-significant
Component D
Assets
Page 13
14. Planning and Performing a Group Audit Engagement
• Focuses on identifying, assessing and responding to the risks of material
misstatement of the group financial statements
“The right work done by the right people at the right locations”
• Think about
– What (identifying and assessing risks of material misstatements)
– How and when (developing the strategy to respond to assessed risks)
– By whom and where (determining which resources will perform procedures to
obtain evidence)
• Greater alignment with the requirements in ISA 315 (Revised) and ISA 330
• Greater focus on the group engagement team’s responsibility, with the
assistance of component auditors as needed
Page 14
15. Risk-Based Approach
Component A Group FS
Equity
Revenue
Costs/ Expenses
Liabilities
Component B Component C Component D
Assets
Page 15
16. LocationsFew Many
Nature of business/
operations
Single line of
business in
same industry
Different lines of
business in
different industries
System of internal
control, including
information
system
Common or
centralized
Unique,
de-centralized
Considerations in Applying the Risk-Based Approach
Likelihood of involvement of component auditors
None or
lower
Greater
Page 16
17. Risk-Based Approach: Responsibilities and Involvement Component Auditors
• Group engagement team takes responsibility but may assign procedures to
component auditor
– Component auditor may be involved given that they may have a more in-depth
knowledge of the component and the component’s business activities
• Component auditor may be involved throughout the audit
• Responding to risks of material misstatements: group engagement team may
request component auditor to
– Design and perform further audit procedures on the entire financial information of
the component
– Design and perform further audit procedures on one or more classes of
transactions, account balances or disclosures
– Perform specific further audit procedures as identified and communicated by the
group engagement team
Page 17
18. • Emphasized in a requirement the importance of communicating the group
engagement team’s expectations and the component auditor’s responsibilities
– Communications shall take place at the appropriate points in time throughout the
group audit and reflect the component auditor’s involvement in various phases of
the group audit
• Added application material based on guidance in ISA 260 (Revised)
– Matters that may contribute to effective two-way communication
– Factors that may influence the form of communication
– Appropriate timing for communications
• Added application material on possible need to communicate with component
auditors regarding non-compliance or suspected non-compliance with laws
and regulations
Page 18
Risk-Based Approach: Two-Way Communication
19. Similarities between Extant and Risk-Based Approach
• Obtain sufficient appropriate audit evidence
to provide a basis for the opinion on the
group financial statements
• Understanding the entity and its
environment, including the group structure,
business activities, and internal control
• Involvement of component auditors
• Responsibilities of the group engagement
partner
Page 19
21. • Considerations when component auditors are
involved
– ED-600 includes in each section of the standard
a sub-section on considerations when
component auditors are involved
– Clarifies the interactions between the group
engagement team and component auditors
throughout the different stages of the group audit
• Going concern, related parties and subsequent
events
– Added paragraphs on going concern and related
parties into Risk Assessment and Response to
Assessed Risks of Material Misstatement
sections
Page 21
Structure of the Standard
23. Acceptance and Continuance
• Aligned with proposed ISA 220 (Revised)
• Overarching requirement to determine whether sufficient appropriate audit
evidence can be obtained
– Based on requirement in extant ISA 600
– Including preliminary determination whether component auditors need to be
involved
• New requirement for when sufficient appropriate audit evidence can not be
obtained after acceptance or continuance
• Added requirement that group management needs to acknowledge and
understand its responsibility in accordance with ISA 210 to provide the
engagement team with unrestricted access to information and, to the extent
possible, relevant persons within the group
Page 23
24. Page 24
Access to People
• Unable to access component auditor
• Unable to access (component) Those Charge With Governance, (component) management
Access to Information
• Audit documentation need to be kept in component jurisdiction
• Audit documentation are not allowed to be shared electronically
• Restrictions to travel to a country
• Access component auditor’s audit work papers is restricted because of war, other unrest or
outbreaks of infectious diseases
“ISA 600 (Revised) can’t enforce access to people and information,
but it can help by developing guidance for situations where access to
people or information is restricted”
Types of Access Issues
25. • ED-600 differentiates between
– Restrictions on access outside the control of group management
– Restrictions on access imposed by group management
• ED-600 includes extensive application material on how the group engagement
team may be able to overcome restrictions on access to people and
information, for example when
– Laws or regulations restrict sending relevant audit documentation across borders
– The group has a non-controlling interest in an entity that is accounted for by the
equity method
– War, civil unrest or outbreaks of disease restricts access
– Access to component management or those charged with governance of the
component is restricted
Page 25
Restrictions on Access to People and Information
27. Understanding the Group and Its Environment
• ED-600 expands on how ISA 315 (Revised 2019) is to be applied in relation to
an audit of group financial statements – focuses on the additional complexities
– Wide variety of group structures and businesses that may exist across multiple
geographical locations or jurisdictions
– Multiple lines of business, which may be in different industries (e.g., a captive
insurance company for a manufacturing entity)
– Different accounting policies and practices across the entities or business units
– Consolidation process
• Appendix 3 provides examples of controls that may be helpful in obtaining an
understanding of the group’s system of internal control in a group environment
Page 27
28. Common Controls and Centralized Activities
• ED-600 does not refer to group-wide controls
– Term was thought to be confusing
– Auditors sometimes placed undue reliance on group-wide controls
• ED-600 addresses controls in a group audit more broadly through introducing
the concepts of
– Common controls: controls that are intended to operate in a common manner
across multiple entities or business units
– Centralized activities (e.g. shared service centers)
• Most application material related to group-wide controls is retained and new
application material is added
– Why obtaining an understanding of common controls may be important
– How the group engagement team may determine the commonality of a control
across the group
Page 28
30. • Added new definition of aggregation risk
– Addresses calls for greater clarity about the concept of aggregation risk
– Aggregation risk is particularly important to understand and address in a group audit
• Changed definition of ‘component materiality’ to ‘component performance
materiality’
– Both terms are used in extant ISA 600, but IAASB believes this may have led to confusion
• Enhanced requirements and application material
– Group engagement team determines component performance materiality and
communicates it to component auditors
– Component performance materiality must be lower than group performance materiality
– Clearly trivial threshold at component level cannot exceed threshold at group level
– Factors to take into account in setting component performance materiality
Page 30
Materiality Considerations in a Group Audit
32. • Key enhancements made include the following
– Added a new requirement to document significant matters related to access to
people and information, and how those matters were addressed
– Deleted the requirement relating to an analysis of components and the type of
work to be performed on components (addressed by ISA 300)
– Added a requirement for documentation of the group engagement team’s
evaluation of, and response to, findings of the component auditor with respect to
matters that could have a material effect on the group financial statements
• Expanded the related application material to address input from the Board and
through outreach, including when the group engagement team is restricted
from, incl. component auditor's documentation in its audit file
• IAASB is also considering FAQs/Staff guidance to address implementation
issues related to the documentation requirements (including on restrictions)
Page 32
Documentation
34. Other Matters
• Professional skepticism
– Introduction highlights the importance of professional skepticism and professional
judgment in performing a group audit engagement
– Requirement to “stand back,” prior to forming a group audit opinion, and evaluate
whether sufficient appropriate audit evidence has been obtained
• Appendices
– New appendix that provides additional guidance about the matters that the group
engagement team may consider in determining whether, and the extent to which,
component auditors are to be involved in the group audit
– Appendices 4 and 5 of extant ISA 600 have been deleted
• Conforming and consequential amendments
Page 34
36. Page 36 |
October 2,
2020
Deadline for
comments on ED-600
September
2021 In ED-600 the
IAASB proposes 18
months after
approval of the final
standardTargeted approval date
of ISA 600 (Revised)
Effective date
– TBD
Second webinar on
ED-600
August 13
2020
Way Forward
37. Page 37
• When?
– August 13, 2020
• Time?
– 8:00am – 9:30am EDT
• Style?
– Question & answer
– Questions to be submitted before July 24, 2020
An invitation to register and submit your questions will follow!
Next Webinar
Thank Task Force, Staff and Board
Work commenced on group audits in January 2015
Based on:
Findings from the IAASB’s post implementation review of the clarified ISAs
Inspection findings of audit oversight bodies
Ongoing stakeholder outreach
Included in Work Plan 2015-2016
Invitation to Comment issued in in December 2015
Included three (interrelated) topics:
Professional Skepticism
Quality Control standards (ISA 220, ISQC 1)
ISA 600
The ITC also included a discussion of issues that were considered relevant to more than one of the quality control, group audits and professional skepticism projects
Respondents to the ITC agreed on issues identified
Varying views on the specific IAASB actions to address these issues
Project proposal approved in December 2016
Developed using all information till date.
Project update issued in September 2017
Task Force discussed various topics between project proposal and issuance of project update
Went to Board on some of the issues (mainly scoping a group audit)
Task Force focused its efforts on further liaison with the task forces responsible for revisions to ISQC 1, ISA 220, and ISA 315 (Revised) before progressing the other aspects of the ISA 600 project any further
Changes were contingent on changes made to these foundational standards
Finite staff resources and Board capacity
Project update provided overview of the Task Force’s activities till date.
In 2019 the Task Force started to work towards an Exposure Draft of ISA 600 (Revised)
Started in 2019 with progressing the revision of ISA 600. Progressed throughout the year.
Initial drafting presented in June 2019
Substantial drafting in September 219
First read in December 2019
Approval in March 2020
Went to three CAG meetings: March 2019, September 2019, March 2020
Many key stakeholders represented in CAG
Extensive outreach with various stakeholders
Regulators, IOSCO, IFIAR, Basel etc.
Firms, including SMP and GPPC
Liaison IESBA
Engagement team definition
IESBA’s fees project
Keeping the IAASB’s standard on group audits fit for purpose
Scope of the standard
Linkages with other standards
Adaptability and scalability
Documentation
Encouraging proactive management of quality at the engagement level
Managing and achieving quality in a group audit
Planning and performing a group audit engagement
Restrictions on access to people and information
Component materiality
Fostering an appropriately independent and challenging skeptical mindset of the auditor
Fostering the appropriate exercise of professional skepticism
Reinforcing the need for robust communication and interactions during the audit
Robust communications and interactions between the group engagement team / group engagement partner and component auditors
Leadership responsibilities for managing and achieving quality on a group audit
- GEP should be sufficiently and appropriately involved throughout the group audit engagement
…
Engagement resources
- GEP shall determine that component auditors have the appropriate competence and capabilities, including sufficient time, to perform the assigned audit procedures at the component
Engagement performance
GEP shall take responsibility for the nature, timing and extent of direction and supervision of component auditors and the review of their work
Group financial statements
Definition retains the notion that group financial statements include the financial information of more than one entity or business unit
Entity and business unite are used in extant ISA 600 and are commonly used in practice today
Definition includes the term ‘consolidation process’ – description of consolidation process enhanced
A consolidation process ‘in accordance with the requirements of the applicable financial reporting framework’
The aggregation of the financial information of branches or divisions
Component
Reflects the ‘auditor’s view’ for purposes of planning and performing the group audit
Not necessarily aligned with how management views the entities or business units comprising the group
Definition uses terms ‘location, function or activity’
Intended to be flexible enough to cover the many ways in which the group engagement team might view the group structure in designing the most effective and efficient approach to planning and performing the group audit
Scalability
Construct of the work effort
New approach for planning and performing a group audit which is based on risks instead of identifying significant component
This approach makes the standard scalable as the group engagement team now focusses on identifying and assessing risks at the group level and determines that the planned scope of work adequately responds to those risks, rather than the approach in extant ISA 600 whereby the scope of the work is driven primarily by the identification of components and determination of their significance
Separate sections when component auditors are involved
Clarifies how to navigate the standard when component auditors are involved
This provides scalability for circumstances where the group engagement team does not involve component auditors by making it easier to identify which requirements apply and which do not.
Component auditor may be involved throughout the audit
Risk assessment procedures
Identifying and assessing risks of material misstatements
Responding to assessed risks of material misstatements
Considerations when component auditors are involved
ED-600 includes in each section of the standard a sub-section on considerations when component auditors are involved
Clarifies the interactions between the group engagement team (GET) and component auditors throughout the different stages of the group audit
Other advantages
When component auditors are involved, clearer that they are an integral part of the engagement team
Enhances scalability as it is easier to see which requirements apply when component auditors are not involved
- Considered having all considerations when CA are involved in one section.
Going concern, related parties and subsequent events
Based on comments from IAASB, IAASB CAG and outreach, added paragraphs on going concern and related parties into Risk Assessment and Response to Assessed RoMM sections
Subsequent events requirements in ED-600 are similar to requirements in extant 600
Added requirement that group management needs to acknowledge and understand its responsibility in accordance with ISA 210 to provide the engagement team with unrestricted access to information and, to the extent possible, relevant persons within the group
Clarified that access restrictions can be management-imposed or can arise due to law, regulation or other conditions. When restrictions are imposed by management, it may result in other implications for the audit (e.g., concerns about management integrity)
Clarified that laws and regulations may prohibit access to persons within the group
ED-600 expands on how ISA 315 (Revised 2019) is to be applied in relation to an audit of group financial statements – focuses on the additional complexities
…
Consolidation process
There may be a significant amount of intercompany transactions or elimination entries
There may be consolidation software that interfaces with multiple general ledger systems from different entities or business units
ED-600 does not refer to group-wide controls
Term was thought to be confusing
- Controls over group financial reporting (including consolidation)
- Controls over processes that are the same across the group or a part of the group (e.g. controls at a shared service center)
Auditors sometimes placed undue reliance on group-wide controls
- Relying on group-wide controls without testing them
- Relying on group-wide controls when the extent of the testing has not resulted in sufficient appropriate audit evidence (e.g., to reduce the extent of substantive procedures)
- Relying on group-wide controls that are not sufficiently precise
Added new definition of aggregation risk
…
Aggregation risk is particularly important to understand and address in a group audit
Greater likelihood that audit procedures will be performed on accounts, classes of transactions or disclosures that are disaggregated across components
ITC Comments
The IAASB noted the issues identified in the ITC with respect to documentation for group audit engagements, along with the comments and suggestions provided by respondents to the ITC. In its deliberations, the IAASB discussed the need in particular for additional guidance on:
Documentation of significant matters related to restrictions on access to people or information, and how such matters were addressed;
Documentation needed to evidence the nature, timing and extent of the group engagement team’s direction and supervision of the component auditors, and the review of their work; and
Component auditor documentation that may need to be included the group engagement team’s file.
Deletion paragraph 4 and 5
Appendix 4 of extant ISA 600, which provides examples of matters that may be included in the component auditor’s conformation to the group engagement team, has not been included in ED-600. The IAASB noted that practice has evolved from the time that extant ISA 600 was issued and many firms have created their own templates for communications with component auditors.
The IAASB was of the view that the requirements and application material in ED-600 are organized more clearly and therefore there is no longer a need for Appendix 5, which summarizes the matters that are required by extant ISA 600 to be included in the group engagement team’s letter of instruction, and additional matters that may be included.