By Edwin Tan Aik Win and Johnny Yong
The International Auditing and Assurance Standards Board (IAASB) had, through the issuance of the Invitation to Comment (ITC) Paper, Enhancing Audit Quality in the Public Interest: A Focus on Professional Skepticism, Quality Control and Group Audits in December 2015, identified a series of enhancements to the current standard ISA 600 in light of the stakeholders’ feedback. A project proposal was then launched a year later which culminated with the release of the Exposure Draft (ED) back in April 2020.
The objectives of the ED were aimed to:
- Keep the revised ISA 600 fit-for-purpose including explaining whether the revised standard applies to shared service centres, entities operating with branches or divisions and non-controlled entities;
- Clarify and reinforce in the revised standard that all ISAs need to be applied in a group audit engagement through establishing stronger linkages to the other ISAs – particularly ISA 220 (Revised), ISA 315 (Revised 2019) and ISA 330;
- Introduce a principles-based approach to group audits that is adaptable to a wide variety of circumstances, and scalable for audits of groups of different complexity. For example, the revised standard will focus on identifying, assessing and responding to the risks of material misstatement in group audits and highlights the requirements and application material when component auditors are involved;
- Clarify how to address restrictions in access to people and information in group audits; and
- Foster an appropriately independent and professionally skeptical mindset of the auditor throughout the engagement.
In total, 83 comment letters were received on ED-600, including from the Auditing and Assurance Standards Board (AASB) of Malaysia. The ED was recently finalised and approved by the Public Interest Oversight Board (PIOB) in April 2022 and will be effective for audits of group financial statements for periods beginning on or after 15 December 2023. Malaysia is adopting the same effective date as that of the international standard with earlier application being permissible.
What are the Key Changes as Compared to the Current Standard?
Scope and Applicability
The revised ISA 600 is applicable when an auditor has been engaged to audit group financial statements. The revised standard provides further clarity in the following areas:
- Consolidation – A consolidation process in the revised standard is not intended to have the same meaning as “consolidation” or “consolidated financial statements” as commonly understood in a typical financial reporting framework. Thus, the process here may include:
- Consolidation, proportionate consolidation, or an equity method of accounting;
- The presentation in combined financial statements of the financial information of entities or business units that have no parent but are under common control or common management; or
- The aggregation of the financial information of entities or business units such as branches or divisions.
- Flexibility – A group auditor shall look beyond the group’s legal structure to plan and perform the group audit in a way that takes into account different and increasingly complex group structures and information systems, including the use of shared service centers. Therefore, the concepts of components are now wider than previously defined in the current standards.
In addition, auditors may find it useful to adapt the principles in the revised standard to audits of financial statements other than a group audit when the engagement team includes individuals from another firm, such as those performing an inventory count at a remote location. Auditors are expected to adapt the requirements in the revised standard as necessary to specific engagement circumstances that may arise.
Encouraging Pro-active Management of Quality
This standard now clarifies how the requirements in ISA 220 (Revised) apply to manage and achieve audit quality in a group audit, including the allocation of sufficient and appropriate resources to perform the engagement, filtering down to the component level. The group engagement partner is required to take ultimate responsibility for the nature, timing and extent of direction and supervision of component auditors and the review of their work to support the group audit.
Further, the risk-based approach of the revised standard is expected to promote greater alignment with the requirements in ISA 315 (Revised 2019) and ISA 330 (e.g., on the identification of significant risks and the corresponding audit procedures). This can drive the group engagement team to focus on planning the most appropriate approach to obtaining sufficient appropriate audit evidence with adequate documentation for areas involving significant auditors’ judgement.
Under this risk-based approach, with appropriate oversight, component auditors continue to be and are often involved in all phases of the group audit.
Risk-Based Approach for Planning and Performing the Group Audit
The revised standard approaches the group audit using the risk-based approach as enshrined in the revised risk assessment standards of ISA 315 (Revised 2019) Identifying & Assessing the Risks of Material Misstatement and ISA 330 The Auditor’s Responses to Assessed Risks to plan and perform the group audit engagement. It drives auditors to identify and assess the risks of material misstatement at the group financial statements level and line-item assertion level covering account balances, classes of transactions or disclosures and subsequently, for designing and performing the appropriate audit procedures to respond to the assessed risks. It also stipulates the responsibilities of the group auditors in determining the nature, timing and extent of the involvement of component auditors, especially at the audit planning stage. This is critical in cases where the legacy knowledge of the component auditors greatly aids the identification and assessment of risks of material misstatement.
Materiality and Aggregation Risk
ISA 600 (Revised) also clarifies how the concept of materiality and aggregation risk apply in a group audit (in contrast to how materiality is used in performing a standalone audit of the financial information of the component for other reporting purposes). While the current standard contains both concepts of component materiality and component performance materiality, it does not explain the consideration of aggregation risk in the group audit in a meaningful way. As a consequential amendment to the revised ISA 600, a new definition of aggregation risk has been added to ISA 320 Materiality in Planning and Performing an Audit along with a corresponding alignment to the definition of performance materiality for added clarity.
When applied to the revised standard, component performance materiality has been defined as “an amount set by the group auditor to reduce aggregation risk to an appropriately low level for purposes of planning and performing audit procedures in relation to a component” thereby reminding group auditors that their determination of component performance materiality is key to ensuring the group audit opinion is sufficiently robust to meet the objectives of a financial statement audit and to reduce aggregation risk to an appropriately low level for the group audit.
Reinforcing the Need for Robust Communication and Interactions with Component Auditors
ISA 600 (Revised) strengthens and clarifies:
There are also requirements outlining matters to be communicated by component auditors to the group auditor that may be relevant to the group auditor’s conclusion about the group audit.
Restrictions on Access to Information or People
The revised ISA clarifies the various type of restrictions a group auditor may face in applying the revised standard (e.g., access to component management, those charged with governance of the component, component auditors or information at the component level and component auditor’s audit documentation). Guidance is provided on how to overcome such restrictions especially at the engagement acceptance and continuance phase of the audit by requiring the group auditor to obtain agreement from group management at the onset.
Interestingly, the revised ISA highlights that the existence of such restrictions of access in a group where non-controlling interest in an entity accounted by the equity method may require the group auditor to consider the appropriateness of group management’s use of the equity method of accounting.
Consistent with other more recent standards being issued by IAASB, ISA 600 (Revised) similarly emphasizes the importance of exercising professional scepticism, including as part of the group auditor’s:
The standard also includes some examples of the impediments to the exercise of professional scepticism at the engagement level and possible actions that the engagement team may take to mitigate such impediments.
ISA 600 (Revised) includes enhanced documentation requirements and application materials to emphasize the requirements in ISA 230 Audit Documentation and the documentation requirements in other relevant ISAs. The revised standard also clarifies what the group auditor may need to document in different situations including where there are restrictions on access to component auditors or their audit documentation. Some of the examples are:
What has not changed is the fundamentals encapsulated in ISA 230 which is for audit documentation for a group audit engagement to be sufficiently robust to enable an experienced auditor, having no previous connection with the audit, to understand the audit procedures performed, the evidence obtained and the conclusion reached with respect to significant matters arising from the group audit.
The revised ISA 600 offers consistency, clarity and reiterates the important role group auditors have in managing and performing audits of group financial statements. The standard engenders flexibility and scalability as concepts of ‘groups’ and ‘ways of working’ continue to evolve in today’s ever-changing environment. What is constant, however, is the focus on exercising professional judgement in identifying and evaluating risks of material misstatements in group audits, ensuring close involvement of the group auditor with the component auditor(s) and their work with a skeptical mindset and sufficient and robust documentation of the group auditor’s significant judgements.
Members are urged to read AAPG 1 and AAPG 2 that were issued in June 2021 for the latest format of the auditors’ report (as Malaysia is adopting a dual compliance regime), as the illustration under Appendix 1 of the ISA 600 (Revised) is intended for the international audience.
The following additional resources are available for members to download:
The IAASB will also be issuing the first-time implementation guide and some other implementation tools in early 2023. The AASB of Malaysia will be sharing all these future resources with members as and when these resources are made available at a later date. Please do stay tuned with all these developments coming your way. Meanwhile, the standard is accessible at: https://mia.org.my/regulatory-public-interest/standards/international-standards-on-auditing/
Edwin Tan Aik Win is the Audit & Assurance Quality Leader of Deloitte PLT, a member of the MIA Council and the MIA Auditing and Assurance Standards Board (AASB).
Johnny Yong is Head, Capital Market and Assurance of MIA.