Introduction
Auditors sometimes perform a group audit but are unaware of it, or they are conscious that one is underway but are unaware of the requirements. In any case, you have a problem—sometimes a serious one—if your firm violates group audit rules and a fellow reviewer finds out.
Group Audits
A group audit: What is it?
It is an audit of the financial statements of the group.
However, what are financial statements for groups? These are financial statements that comprise several business units or entities, or that compile financial data from business units or entities, like divisions or branches. Financial data from business units with different locations, leadership, or information platforms is combined to create group financial statements.
Examples of group financial statements are as follows:
- Financial statements that are combined (for example, when a parent business owns an additional company)
- Financial accounts that have been consolidated (for example, two businesses held by the same individual)
- An investment made via the equity method is recorded on a company’s balance sheet.
Partnership
- A government having a component element that is discreetly shown.
- An organization arranged geographically (e.g., an organization with three management teams overseeing operations in the United States, Mexico, and Canada; every national reporting unit has a separate general ledger)
You are performing a group audit if you happen to be auditing one of them, and there are certain audit requirements. You will be considered the group auditor if you are leading the audit; other audit companies may also take part.
Group Auditor
What exactly is a group auditor, then?
In addition to component auditors, it is the engagement teammates and the group engagement partner (see definition of component auditor below).
Among the tasks carried out by the group auditor are the following:
- Creates the strategy for the group audit.
- Creates the plan for the group audit.
- Decides which parts to audit
- Knows about the group, its surroundings, the reporting structure, and the internal control system.
- Assumes accountability for evaluating the risks of substantial misrepresentation in group financial statements.
- Assumes accountability for carrying out additional audit procedures, including component auditor work and consolidation process work.
- Identifies the resources required to carry out the audit, particularly any of the auditors (as discussed below).
- Identifies the component significance for performance with the goal of mitigating aggregation risk (see below).
- Oversees, manages, and evaluates the work of component auditors
- Choose whether to use a referred-to auditor’s audit (see below).
- Assesses the findings using audit evidence as the foundation for the group audit conclusion.
- Determines if there is enough relevant evidence to back up the group audit conclusion (including the efforts of the individual auditors or by referencing an auditor’s opinion that has been referred to).
- Uses the audit evidence gathered to form a conclusion on the group accounting records.
- Communicates audit-related issues, such as an outline of the component auditor’s work choices regarding the audits of referred-to auditors and any scope constraints, with those in charge of governance (and management, when applicable).
- Fraud or possible fraud
- Inadequate internal control
- Determines whether or not the audit records are adequate for a seasoned auditor (one who has never worked on the project) to comprehend the following:
- The type, duration, and scope of audit processes
- Audit proof
- Conclusions regarding important issues
The group auditor has certain duties whenever component auditors are used, such as the following:
- Assessing whether component auditor disclosures are sufficient for the group auditor’s objectives
- Choosing the type, timing, and scope of the component auditor’s participation
- Being appropriately and sufficiently engaged with the component auditor’s work
- Verifying that the member auditor is aware of and will abide by the ethical requirements
- To reduce aggregate risk, ascertain the component significance for performance (see below).
- Assessing if the component auditor’s additional audit procedures are appropriate
- Examining component auditor evidence while considering the risks of major misstatement and major hazards in the group financial statements
- Assessing the adequacy and suitability of the audit evidence gathered from every component, including the evidence supplied by component auditors.
The following information should be shared with component auditors by the group auditor:
- The duties of the component auditor
- The pertinent moral obligations
- Asking the component auditor to attest to their willingness to assist the group auditor
- The necessity of prompt communication during the interaction
- Risk assessment issues that have an impact on the component auditor’s risk assessment processes
- Issues related to anticipated additional audit processes in response to major misstatement risks in group financial statements
- The group financial statements’ significant risks that affect the component audit processes
- Relationships and transactions between related parties that impact the component
- Any circumstances or occurrences that could cast serious doubt on the group’s capacity to operate as a going concern (in relation to the component auditor’s job)
Group Engagement Partner
The auditor in charge of the group audit.
Among the duties of the group engagement partner are:
- Before approving the engagement or deciding whether to continue offering audit services, determine that adequate relevant audit proof can be produced (including the utilization of component auditors & referred-to auditors)
- Participating in the group audit in a sufficient and appropriate manner, including component auditors’ work
- Verifying whether the component auditor possesses the necessary skills and abilities
- Choosing how, when, and how much the component auditor will participate in the group audit
- Standards compliance and group audit accountability
- Assessing the suitability of important decisions and findings
- Taking charge of overseeing, managing, and evaluating component auditors’ work
The group engagement partner may supervise and oversee component auditors in the following ways:
- Discuss risk assessment, results, and other matters with the component auditors in person or over the phone.
- Examine the documentation provided by the component auditor.
- Participate in the meetings between component management and the component auditor.
Component Auditor
A component auditor: What is it?
A group audit element, like a business subsidiary, is audited by an auditor.
The audit team includes a component auditor who collaborates with the group auditor.
Among the component auditors are:
- Auditors from a company network,
- A non-network audit company, or
- The company of the group auditor (e.g., a different branch within the group auditor’s company)
The group audit company may employ all of the component auditors. The group auditing company and auditing firms outside the group audit company may likewise be considered component auditors.
The following component matters should be communicated by the group auditor to the component auditor:
- Issues that could have an impact on determining and evaluating the risk of material misrepresentation at the stage of group financial statements
- Connections or transactions between related parties that the group auditor had not previously disclosed
- Identification of the data that the component auditor audited
- Whether the desired job was completed by the component auditor
- Failure to abide by rules and regulations
- Whether or not the component auditor adhered to moral standards
- Misstatements, both corrected & uncorrected
- Potential bias in management
- Inadequacies in the internal control system
- Fraud or possible fraud
- Any circumstances or occurrences that could impair the group’s capacity to operate as an ongoing entity for a reasonable amount of time
- Any more important information shared with the component’s leadership or those in charge of governance
- The component auditor’s overall results and findings
When component auditors take part in the group audit, they should not be mentioned in the group audit report.
Components
A component consists of:
- Business unit
- Entity
- Business activity
- Function, or
- Any combination of these
To be able to organize and carry out audit procedures, the group auditor ascertains how components connect to one another.
For example, the group auditor may determine that entity D will be audited by an additional company (a component auditor), whereas entities A, B, & C would be audited by the group audit firm. The team performing the audit in this case consists of the component auditing firm and the group audit firm.
In a different scenario, the group auditor may determine that entities A, B, & C will be audited by the group audit firm, citing entity D’s audit report from another company (referred to as the referred-to auditor). The audit team does not include the referred-to auditor.
The component relevance must be understood by a component auditor.
Component performance materiality
Component performance materiality: What is it?
It is the amount that the group auditor determines is necessary to lower aggregation risk to a suitable degree. The collective performance materiality has to be greater than the component performance materiality.
Furthermore, any misstatements exceeding a specific amount (component limit) must be reported to the group auditor by the component auditor. This component level is set by the group auditor and shouldn’t go over the negligible sum shown in the overall financial statement.
For instance, the Cole CPA firm may have set the insignificant misstatement threshold for the ABC Combined financial statements at $75,000, but the Gee Whiz Accounting firm may have placed the component level at $25,000 for Company B. If Gee Whiz finds one $15,000 misrepresentation and second for $55,000, it has to notify Cole CPA company, the group audit company, of the subsequent misstatement.
Aggregation risk is one special risk associated with group audits.
Aggregation risk
What does aggregation risk entail?
It is the possibility that the total amount of uncorrected and undiscovered misstatements will surpass the materiality of the financial statements.
Assume that firm C is audited by a component auditor and companies A and B are audited by the group auditor. Assume that $750,000 is the group audit materiality. The total undetected and uncorrected misstatements are significant if Company A has a $300,000 passed adjustment in receivables (an overstatement) and Business C has an undiscovered misstatement in accounts receivable of $600,000 (which is additionally an overstatement).
For the purpose of maintaining an adequate degree of aggregate risk, the group auditor must organize the engagement. Reducing the materiality levels for each component is one approach to do this.
Occasionally, a component is audited by a different auditor who then provides a view on the company. The group auditor may choose to refer to an alternate auditor’s view in this situation.
Referred-to Auditor
An auditor who conducts an audit of a company mentioned in the group audit report.
Only if the referred-to auditor publishes an audit report for a component with unrestricted use could the group engagement partner make reference.
A referred-to auditor is neither a component auditor nor a member of the audit team.
Should the referred-to auditor’s work be overseen by the group auditor? Not at all, the group auditor doesn’t oversee, manage, or evaluate the referred-to auditor’s activity. Nevertheless, the group engagement partner must determine if the referred-to auditor adhered to PCAOB or generally recognized auditing standards. The group auditor ought to examine the referred-to audit transcript and the section’s financial statements to look for any noteworthy issues.
Communications with Referred-to Auditor
How should the group auditor & the referred-to auditor communicate with each other?
The referred-to auditor ought to be informed by the group auditor of any connections between related parties that group management has detected, as well as any transactions involving related parties that have an impact on the referred-to auditor’s activities.
Additionally, the group engagement partner ought to carry out the following actions:
- Inform the referred auditor of the pertinent ethical standards.
- Verify if the referred auditor adhered to the ethical standards.
- Assess the referred auditor’s suitability for the position.
A group auditor may feel that the referred-to auditor does not have the necessary skills and competencies or has not adhered to ethical standards. Referring to the referred-to auditor’s report might not be acceptable then.
The referred-to auditor must be asked to do the following by the group auditor:
- Description of the financial data components that the referred-to auditor reports on
- Verification of the referred-to auditor’s cooperation with the group auditor
- Relationships between related parties that the group auditor or management had not previously discovered
- The referred-to auditor’s report
Count of Audit Companies
So, do many audit firms always participate in group audits?
No, not always. Group audit financial accounts might be audited by a single firm. As an alternative, any number of components may be audited by component auditors from different audit firms.
Here are some group audit examples:
- Every element that makes up the combined financial statement is audited by a single company.
- A combined financial statement encompassing five entities is audited by one firm, while two entities are audited by another firm.
- Regarding a government audit: a) Auditing company A examines seven opinion units. b) One opinion unit, a separately presented component unit, is audited by audit firm B.
- A corporation that holds an equity form investment is audited by one firm, while the equity form investment company is audited by another firm.
- A company’s entire operations in the United States are audited by one firm, while its entire operations in England are audited by another firm (the business’s financial statements contain all operations).
The paragraphs in SAS 149 that are pertinent to different scenarios are listed in Exhibit A, which is labeled Relevancy of Standards in Different Group Audit Scenarios. Among the scenarios are the following:
- Group auditor: The audit is conducted by the group auditor; component auditors do not take part.
- Component auditors participate in the group audit along with the group auditor.
- Referred-to auditors and group auditors: the referred-to auditor’s report is cited by the group auditor as part of its audit finding; no part of the auditor is engaged.
- Group auditors, component auditors, & referred-to auditors: the group auditor references the referred-to auditor’s analysis in its audit assessment, and component auditors are engaged
For the relevant SAS 149 provisions when conducting a group audit, refer to Exhibit A.
Documentation for Group Audits
What paperwork is required for a group audit?
The following are included in group audit paperwork; this is not an exhaustive list:
- The foundation for component judgments and how the group audit was planned and carried out using them
- The foundation of component limits for communication & component performance materiality
- Your comprehension of the group’s internal control system
- The foundation for your conclusion that component auditors are competent and capable enough
- Proof of the group auditor’s guidance, oversight, and evaluation of the component auditor’s job
- Interactions with component auditors about issues, including going concern, fraud, and important problems
- For auditors who have been referred: a) The component’s financial statements. b) Citing the auditor’s report. c) The foundation for your conclusion that the auditors mentioned are competent and capable enough
- The group auditor’s assessment of component auditors’ or referred-to auditors’ conclusions or findings about matters that could materially affect the group financial statements, as well as the steps taken in reaction to them
Summary of the Group Audit
The following are highlights of the aforementioned:
- When auditing an organization having several entities, departments, or opinion groups (governments), the group audit criteria are frequently pertinent.
- A group audit that comprises the work of a component auditor is overseen by the group auditor (which includes the group engagement partner).
- A referred-to auditor isn’t a member of the audit team, and the group auditor is not in charge of their work.
Effective Date of SAS 149
Group financial statement audits for periods concluding on or after December 15, 2026, are subject to SAS 149.
