AUD: Group Audits and Component Auditors

In today's globalized business environment, large entities often consist of multiple subsidiaries, divisions, or joint ventures operating in different locations. Auditing such entities requires a coordinated effort beyond a single firm's capacity. A group audit is an audit of financial statements that include the financial information of more than one component, requiring the involvement of other audit firms or teams. As a CPA candidate, mastering this area is crucial because you must understand how the primary auditor, known as the group engagement partner, relies on the work of component auditors to form an opinion on the consolidated financial statements. This process involves intricate planning, communication, and evaluation to ensure the audit opinion is properly supported.

The Foundation: Group Audit Structure and Key Definitions

A group audit begins with identifying the group and its components. A component is an entity or business activity for which financial information is prepared and included in the group financial statements. This could be a subsidiary, a division, a geographical unit, or an investment accounted for under the equity method. The auditor performing work on a component’s financial information is the component auditor. This auditor could be from another office within the same global network (an "other" auditor) or from a completely different, unrelated firm.

The group engagement team, led by the group engagement partner, bears ultimate responsibility for the group audit opinion. Their core challenge is to determine how much to rely on the work of component auditors. This reliance is not a delegation of responsibility but a strategic use of another auditor's work. The group team must decide for each component whether to:

• Use the work of a component auditor.
• Perform audit procedures on the component's financial information themselves.
• Perform audit procedures on the consolidation process and the group financial statements without directly testing the component.

This decision hinges on the significance of the component to the group as a whole.

Determining Component Materiality and Significance

Not all components are created equal. The group engagement team must assess the risk of material misstatement at both the group and component levels. A key tool here is component materiality, which is the materiality level set for an individual component. This amount must be lower than the overall materiality for the group financial statements. This conservative approach is designed to reduce the risk that undetected misstatements in various components could aggregate to a material misstatement at the group level.

Components are typically categorized by their financial significance and risk:

• Significant Components: These are components identified as likely to include significant risks of material misstatement to the group financial statements. For these, the group engagement team, or a component auditor on its behalf, must perform an audit of the component's financial information using component materiality.
• Components That Are Not Significant: For these, the group engagement team may perform analytical procedures at the group level rather than a full audit of the component's financials.

The calculation of component materiality requires professional judgment. It considers both quantitative factors (like the component's size or profit contribution) and qualitative factors (like its specific risk profile, whether it is a newly acquired business, or if it operates in a volatile industry).

Communication Requirements: A Two-Way Street

Effective and documented communication is the linchpin of a successful group audit. The group engagement team must establish a clear channel of communication with component auditors, and vice versa. This is not a one-time event but an ongoing process throughout the audit engagement.

Key communications from the group to the component auditor include:

• A clear request for the component auditor to cooperate with the group engagement team.
• The requirements to comply with ethical standards, specifically regarding independence.
• A list of related parties and a request for the component auditor to communicate any previously unknown related party relationships or transactions.
• Identified significant risks of material misstatement at the group level that are relevant to the component auditor's work.

Conversely, the group engagement team must request that the component auditor communicate to them:

• Confirmation of compliance with ethical and independence requirements.
• Identification of the financial information on which they performed work.
• A summary of findings, including any instances of non-compliance with laws, uncorrected misstatements, or indicators of potential management bias.
• Any significant deficiencies in internal control identified at the component level.
• Any other matters that may be relevant to the group audit.

Failure to establish this two-way communication is a major audit deficiency and directly threatens the sufficiency of audit evidence.

Evaluating the Sufficiency of the Component Auditor's Work

Relying on a component auditor's work does not mean blindly accepting it. The group engagement partner must evaluate the sufficiency and appropriateness of that work for the purposes of the group audit. This evaluation involves several critical steps:

1. Obtaining an Understanding of the Component Auditor: The group team must assess whether the component auditor is competent and objective. This includes understanding their professional qualifications, whether they operate in a regulatory environment that actively enforces auditing standards, and their application of ethical requirements, particularly independence. If the component auditor is not independent, their work cannot be used for the group audit’s purposes regarding that component.

1. Reviewing the Component Auditor’s Work and Findings: The group engagement team should review the component auditor’s documentation, such as audit programs, risk assessments, and conclusions on significant matters. They may need to discuss significant findings directly with the component auditor. The objective is to determine if the work performed is adequate to address the risks of material misstatement at the group level related to that component.

1. Considering Additional Procedures: If the group engagement team concludes that the component auditor's work is insufficient, they cannot simply disregard it. They must determine what additional audit procedures to perform. This could involve:

• Requesting the component auditor to perform additional procedures.
• Performing their own audit procedures on the component's financial information.
• Performing audit procedures on the consolidation process itself.

The outcome of this evaluation is a professional judgment that forms the basis for whether the group engagement team has obtained sufficient appropriate audit evidence to support the group audit opinion.

Common Pitfalls

1. Setting Component Materiality Equal to Group Materiality: This is a critical error. Setting component materiality too high (e.g., at the group level) increases the risk that undetected misstatements in individual components will aggregate to a material misstatement for the group. Always set component materiality lower than group materiality to provide an appropriate safety cushion.

1. Inadequate Evaluation of the Component Auditor: Assuming another auditor's competence without due diligence is a major risk. Simply because an auditor is part of a global network does not automatically mean they adhere to the required standards. The group engagement team must actively obtain evidence of the component auditor's competence, independence, and understanding of the applicable financial reporting framework.

1. Poor or One-Way Communication: Treating communication as a box-ticking exercise of sending out a standard request letter is insufficient. The group engagement team must engage in a dialogue, ensure understanding, and proactively follow up on requested communications from component auditors. Failing to obtain confirmation of independence or a summary of findings voids the ability to rely on that auditor's work.

1. Over-Reliance Without Review: The group engagement partner cannot delegate responsibility. Simply attaching a component auditor's report to the file is not enough. The group team must perform a substantive review of the component auditor’s workpapers and findings to evaluate its adequacy for the group audit conclusions. Lack of documented review is a severe audit deficiency.

Summary

• A group audit requires the group engagement partner to take responsibility for the audit opinion on consolidated financial statements, even when using the work of other component auditors.
• Component materiality must be set lower than group materiality to mitigate the risk that aggregated uncorrected misstatements become material to the group financial statements.
• Robust, two-way communication between the group engagement team and component auditors is mandatory and must be documented, covering independence, findings, and significant risks.
• The group engagement team must evaluate the sufficiency of the component auditor’s work by assessing their competence and independence, and by reviewing their audit documentation and findings.
• The group engagement partner’s responsibility for the group audit opinion is absolute and cannot be reduced by the use of component auditors.