Navigating the New AU-C 600 Group Audit Rules Managing Responsibilities and Risk in Engagements Involving Multiple Auditors and Components Today’s faculty features: 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Please refer to the instructions emailed to the registrant for the dial-in information. Attendees can still view the presentation slides online. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10. TUESDAY, MAY 14, 2013 Presenting a live 110-minute teleconference with interactive Q&A Trevor Stewart, Senior Research Fellow, Rutgers University, New Brunswick, N.J. Ahava Goldman, Senior Technical Manager, AICPA, New York Philip Santarelli, Chief Risk Officer, Parente Beard, Philadelphia For this program, attendees must listen to the audio over the telephone.
Transcript
Navigating the New AU-C 600 Group Audit Rules Managing Responsibilities and Risk in Engagements Involving Multiple Auditors and Components
Today’s Program Introduction And Review Of AU-C 600
[Trevor Stewart]
Risk Assessment And Quality Control
[Philip Santarelli]
Engagement Acceptance And Continuance
[Ahava Goldman]
Understanding The Group And Its Components
[Philip Santarelli]
Significant Components, And Work On Them
[Trevor Stewart]
Component Auditors
[Ahava Goldman]
Materiality
[Trevor Stewart]
Communications
[Ahava Goldman]
Slide 8 – Slide 13
Slide 49 – Slide 54
Slide 55 – Slide 62
Slide 63 – Slide 68
Slide 14 – Slide 25
Slide 26 – Slide 32
Slide 33 – Slide 41
Slide 42 – Slide 48
Additional Aspects Of Group Audits
[Ahava Goldman]
Slide 69 – Slide 74
Notice
ANY TAX ADVICE IN THIS COMMUNICATION IS NOT INTENDED OR WRITTEN BY
THE SPEAKERS’ FIRMS TO BE USED, AND CANNOT BE USED, BY A CLIENT OR ANY
OTHER PERSON OR ENTITY FOR THE PURPOSE OF (i) AVOIDING PENALTIES THAT
MAY BE IMPOSED ON ANY TAXPAYER OR (ii) PROMOTING, MARKETING OR
RECOMMENDING TO ANOTHER PARTY ANY MATTERS ADDRESSED HEREIN.
You (and your employees, representatives, or agents) may disclose to any and all persons,
without limitation, the tax treatment or tax structure, or both, of any transaction
described in the associated materials we provide to you, including, but not limited to,
any tax opinions, memoranda, or other tax analyses contained in those materials.
The information contained herein is of a general nature and based on authorities that are
subject to change. Applicability of the information to specific situations should be
determined through consultation with your tax adviser.
7
INTRODUCTION AND REVIEW OF AU-C 600
Trevor Stewart, Rutgers University
American Institute of CPAs
Group Audits
DISCLAIMER: This publication has not been approved, disapproved or otherwise acted upon by any senior technical committees of, and does not represent an official position of, the American Institute of Certified Public
Accountants. It is distributed with the understanding that the contributing authors and editors, and the publisher, are not rendering legal, accounting, or other professional services in this publication. If legal advice or other expert
assistance is required, the services of a competent professional should be sought.
please email [email protected] with your request. Otherwise, requests should be written and mailed to the Permissions Department, AICPA, 220 Leigh Farm Road, Durham, NC 27707-8110.
9
Context Of AU-C 600 • International Auditing and Assurance Standards Board (IAASB) developed ISA 600 in
response to:
– Complexity of group audits
– Varying group audit practice round the world
– Concerns about rigor and consistency by regulators and others
• Including the European Commission, the International Organization of
Securities Commissions, and the U.S. Public Oversight Board’s Panel on
Audit Effectiveness, and others
– Need to reflect application of risk assessment and quality control principles in
group audit context
• AICPA’s Auditing Standards Board (ASB) developed AU-C 600 as part of ASB’s
“clarity project”
– Mostly consistent with ISA 600
– Major substantive difference is that AU-C 600 allows the group auditor to
reference the work of a component auditor under certain circumstances –
something that is not allowed under ISA 600.
• Circumstances broadened by SAS 127 (2013)
• Standard clarifies group auditor’s responsibilities when part of the work is performed by
other auditors (component auditors).
• Standard intended to reflect best practice
10
Scope Of Standard Is Quite Broad • Group financial statements: Financial statements that include the
financial information of more than one component. The term “group
financial statements” also refers to combined financial statements
aggregating the financial information prepared by components that
are under common control (even if there is no common parent).
• Component: An entity or business activity for which a group or
component management prepares financial information that is
required by the applicable financial reporting framework to be
included in the group financial statements.
• Group: All the components whose financial information is included
in the group financial statements. A group always has more than one
component.
11
The Group
Audit Process References are to paragraph numbers
in AU-C 600
Acceptance/Continuance (14-16, A14-A18, A21)
Can the auditor can serve as group auditor and
can sufficient appropriate evidence be obtained?
• Determine engagement terms (17)
• Develop audit strategy (18-19)
• Understand the group (20-21)
• Understand component auditors (22-23)
• Determine type of work for component
• Determine involvement in component
audit (56-57)
• Issue standard audit report (30, A59)
• Provide % audited by component auditor
(27, A55-A57)
• Get permission from component auditor
if its name is to be used (28)
• Reference component auditor’s report
Will reference be made to component auditor in
group audit report? (24-30, A52-A54)
• Set materiality for group and relevant components (31, A60-A64)
• Respond to assessed risks (32, A65)
• Audit the consolidation process (33-38, A53-A66)
• Perform subsequent events procedures (39, A667)
• Communicate with component auditor (40-41)
• Evaluate communication from component auditor (42)
• Evaluate sufficiency and appropriateness of audit evidence (43-44, A68)
• Communicate with group management and those charged with governance (45-48, A70-A79)
• Document the process (49)
Additional steps by group auditor
Adapted from Thomas & Wedemeyer, “Clarifying the Standard for Group Audits”, Journal of Accountancy, March 2013.
Yes No
Yes
Withdraw (or disclaim if required to
report by law or regulation) (16, A21)
No
12
Topics We Will Discuss Today
• Risk assessment and quality control (Phil)
• Engagement acceptance and continuance (Ahava)
• Understanding the group and its components (Phil)
• Significant components and work effort on components (Trevor)
• Component auditors (Ahava)
• Materiality and component materiality (Trevor)
• Communication (Ahava)
• Additional aspects of group audits (Ahava)
13
RISK ASSESSMENT AND QUALITY CONTROL
Philip Santarelli, Parente Beard
Concepts
• Change in focus
― The group audit itself rather than the interactions with
other auditors
― Moves toward a more unified approach focusing on the
group financial statements rather than pieces of it; moves
away from the coverage concept, “How much does the
principal auditor cover versus the other auditor?”
• Modernizes the approach to bring in the risk assessment
standards and their application in a group audit setting
• In many cases, the RA concepts are repeated in the standard,
in order to calibrate procedures to a group setting.
15
Special Considerations For Risk Assessments And Quality Control
• In general, all of the clarified audit standards are applicable in
a group audit setting.
• What the group auditor needs to do is to sit back and consider
what special risks may be present in a group audit setting.
• This involves considering not only the structure and context of
the group itself, but also what risks are created when working
with component auditors.
• The group auditor must always be mindful of the responsibility
inherent in the group audit report. Although references may
be made, the opinion on the group is not diminished.
16
Special Considerations When It Comes To Quality Control
• AU-C 220, Quality Control for an Engagement Conducted in
Accordance With Generally Accepted Auditing Standards, applies to
group audits. What are some special considerations when working
with component auditors?
• Relevant ethical requirements:
― Group auditor must be satisfied that component auditors possess
competence and capabilities, even when making reference to
their report.
― Component auditors may have different ethical standards,
depending on jurisdiction.
― Component auditors may be less regulated or unregulated as to
audit quality. That is, no peer review system may be in place.
― Component auditors may be unfamiliar with U.S. GAAS.
17
Slide Intentionally Left Blank
Special Considerations When It Comes To Quality Control (Cont.)
• Acceptance and continuance of clients
― Acceptance decisions should include a thorough understanding of
the group and how component auditors may be involved.
― How much of the group audit can be conducted by the group
auditor? While not a requirement, it may be a consideration,
based on the composition of the group
― Does a group with 90% of its operations being conducted in
an emerging market, and a U.S. parent, lend itself to
acceptance?
― What has changed within the group that may affect continuance?
― Has a material component been added in a jurisdiction
where the group auditor is not comfortable
19
• Has group management imposed requirements which create a
concern as to:
― Certain group auditors must be utilized, and the group
auditor is uncomfortable with abilities.
― Group management indicates that communication with
component management must be limited.
― The group has added a component that operates in an
industry with which the group auditor is not familiar.
• In general, a different mindset must be adopted, with a
different perspective to properly make acceptance and
continuance decisions.
Special Considerations When It Comes To Quality Control (Cont.)
20
• Engagement performance
― Can the component auditor conduct its work in a way that
meets engagement performance standards that a firm has
established?
― If not determinable, can the group auditor add
sufficient measures to become comfortable?
Special Considerations When It Comes To Quality Control (Cont.)
21
Special Considerations When It Comes To Risk Assessments
• Generally follows the concepts in AU-C 330 (clarified SAS 107)
as applied to the group financial statements, including group-
wide controls
• Once more, the group auditor must broaden the mindset to
deal with specific risk issues that come into play by the nature
of the group.
• The most significant of theses is the consolidation process and
how the financial statements come together (which we will
discuss in more detail a bit later).
22
• Other considerations unique to groups:
― Identifying all of the components
― Identifying risks at components in order to determine
significance
― Risks in components that arise due to accounting capabilities
― How much risk is added due to differing financial reporting
framework? The greater the distance from U.S. GAAP, the more
risk of misstatement.
― What are cultural issues at components that may add risk due to
poor tone at the top of the entity?
• Depending on the number, size and location of the components, the
risk assessment process may be much more complicated.
Special Considerations When It Comes To Risk Assessments (Cont.)
23
• Ultimately, the group auditor as part of the process must make a
determination as to whether to make reference to the component
auditor or take responsibility.
• Whereas under AU-543 there were implied considerations, under AU-
C 600 there are implicit considerations that must be addressed.
― Specific requirements with respect to the conduct of the audit
― In accordance with U.S. GAAS or PCAOB standards, or in a
manner that is equivalent
― Issuance of an unrestricted audit report
― If reporting on a different financial reporting framework, it
is similar to U.S. GAAP.
― The group engagement team has sufficient evidence to
determine that the reconciling adjustments are appropriate.
Special Considerations When It Comes To Risk Assessments (Cont.)
24
When Making Reference To A Component Auditor
• When the group auditor decides to make reference, sufficient
competent evidence should be obtained by:
― Requesting component auditor to acknowledge:
― That they will cooperate
― Independence
― Significant identified RMM
― Review of matters related to elimination of intercompany
transactions, including communicating with component
auditor in this regard
― Reading the components’ financial information and
component audit report (if issued) to identify significant
findings or issues
25
ENGAGEMENT ACCEPTANCE AND CONTINUANCE
Ahava Goldman, AICPA
American Institute of CPAs
Acceptance And Continuance
Previously framed as, “Can the auditor act as a principal?”
• Decision based on coverage and participation
• Coverage: How much of the revenue or how much of the
balance sheet is being audited by principal?
- SEC: “Generally, the principal auditor is expected to have
audited or assumed responsibility for reporting on at least
50% of the assets and revenues of the consolidated entity.”
- Many firms adopted this guidance as a threshold issue.
• Government audits also considered who audited the primary
government or primary operating fund.
• Other considerations: Knowledge of overall f/s and importance
of components directly audited to whole
27
American Institute of CPAs®
Acceptance And Continuance (Cont.)
AU-C 600 asks:
• Can sufficient audit evidence regarding the consolidation process and component financial information be obtained on which to base an opinion?
- By group engagement team directly
- Thru involvement with the work of component auditors, or
- By making reference to audit of component auditor
Previous considerations are still relevant.
Result under AU 543 or AU-C 600 wouldn’t necessarily differ.
28
American Institute of CPAs®
Acceptance And Continuance (Cont.)
Required to obtain understanding of group, its components
and their environments sufficient to identify components likely
to be significant
Precluded from accepting or required to withdraw if
management-imposed scope limitation will result in disclaimer
of opinion
Exception if the entity is required to have an audit
• For example, employee benefit plans
29
American Institute of CPAs®
Acceptance And Continuance (Cont.)
What if:
1. Management won’t allow confirmation of a material accounts
receivable from a partly-owned subsidiary, but the auditor is able to
obtain sufficient appropriate audit evidence by performing other
procedures?
Allowed to accept, won’t result in disclaimer
2. The auditor is unable to have access to equity method component
management, auditor or those charged with governance; but has F/S,
auditor’s report and group management’s information?
Allowed to accept, circumstantial not management-imposed.
3. Management won’t allow the auditor to confirm a material loan to a
former employee of a fully-owned subsidiary, and the auditor is
unable to obtain sufficient appropriate audit evidence by performing
other procedures?
Not allowed to accept, unless audit required by law
30
American Institute of CPAs®
Acceptance And Continuance (Cont.)
Engagement letter
• As required by AU-C 210, Terms of Engagement
• Additional matters may include addressing:
- Whether reference will be made to component auditor
- Unrestricted communication between the group engagement
team and component auditors
- Communication to the group engagement team of important
communications between:
o The component auditors, those charged with
governance of the component, and component
management, including communications on significant
deficiencies and material weaknesses in internal control
o Regulatory authorities and components related to
financial reporting matters
31
American Institute of CPAs®
Acceptance And Continuance (Cont.)
Engagement letter
• Additional matters may include addressing:
- To the extent the group engagement team considers
necessary:
- Access to component information, those charged with
governance of components, component management
and the component auditors (including relevant audit
documentation sought by the group engagement team)
- Permission to perform work, or request a component
auditor to perform work, on the financial information of
the components
32
UNDERSTANDING THE GROUP AND ITS COMPONENTS
Philip Santarelli, Parente Beard
Understanding The Group, Components And Environment
• Application of AU-C 315 (clarified SAS 109) to the group audit
environment
― Group
― Components
― Groupwide controls
― Consolidation process
― Determine significant components
― Assess RMM
34
Consolidation Process
• Obtain an understanding of the process
• Design and perform procedures on the consolidation process to
respond to assessed RMM related to the consolidation,
including whether all components are included
• Test operating effectiveness of the controls when deemed
efficient, or when necessary due to nature of the risks
• Evaluate completeness and appropriateness of consolidation
adjustments and eliminations; evaluate fraud risk factors or
indications of management bias
35
Consolidation Process (Cont.)
• Obtaining an understanding
― Recognition, measurement, presentation and disclosure of
financial information of the components. How is
information aggregated:
― Parent and subsidiaries, joint venture, investees
accounted for by the equity method
― Head office with one or more divisions
― Function, products, services
― Geographical locations
36
Consolidation Process (Cont.)
• How does group management aggregate this information?
• Do the entities or business activities that are aggregated for the
group financial statements use a common financial reporting system
or separate systems?
• What controls are in place to reduce the risk that errors might occur
in the aggregation process and not be detected or corrected in the
group financial statements?
• What controls are in place at the separate entity or business activity
level to reduce the risk that errors might occur and not be detected
or corrected in the financial information that is aggregated in the
group financial statements?
• Do the group financial statements include an investment accounted
for under the equity method of accounting?
37
What Adds Risk In A Consolidation?
• Reconciliations entries to the group financial reporting framework
― Financial reporting frameworks other than IFRS may create
increased risk, due to more differences with U.S. GAAP.
• Foreign exchange adjustments
― A complex area of GAAP and depending on the jurisdiction,
increased risk may result from a highly inflationary economy
• Intra-component accounts
― A noted area for fraud risk
― Often inadequate periodic reconciliations
― Highly susceptible to “plug” entries
38
What Adds Risk In A Consolidation? (Cont.)
• Related-party transactions
― Generally considered a higher risk area in all audits
― Should the related party be consolidated? VIE issues
• Top-side adjustments made to reflect acquisition accounting
― Highly acquisitive entities are subject to a high risk of error in applying
acquisition accounting.
― Typically, “step-up” adjustments are not pushed down to target
company.
― Group must maintain a “second” set of ledgers to manage the
adjustments.
― Deprecation schedules
― Amortization
― Valuation accounts
39
• Reconciliation of component tax provisions to group tax
provision
― Differing tax rates by jurisdiction
― Dealing with inter-component tax treaties
― Determining appropriateness of “permanent” deferral of
tax on repatriated foreign earnings
― Different tax bases due to acquisitions
• Share-based compensation across components
― Share awards based in equity of a foreign subsidiary
• Evaluate impact of different component year-ends
What Adds Risk In A Consolidation? (Cont.)
40
Consolidation Process
• Dealing with investments that are not consolidated
― Cost method investments subject to impairment
― Equity method investments: Dealing with equity method
goodwill
• Depending on the size and complexity of the group, the
biggest risk in the engagement may lie in the consolidation
process itself. Individual components are fairly stated, and the
consolidation is not.
41
SIGNIFICANT COMPONENTS, AND WORK ON THEM
Trevor Stewart, Rutgers University
Significant Components
• AU-C 600 introduces important concept of a “significant component.”
– A component individually is financially significant to the group
(i.e., size).
– A component is likely to include significant risks of material
misstatement of the group financial statements, due to its specific
nature or circumstances (i.e., specific risks).
• Significance determines the nature of the work to be performed.
– Work effort is focused on components with greatest risks.
43
Work Effort On
Significant Components
• For a component that is significant due to size, an audit of the
component’s financial information is required.
• For a component that is significant due to specific risks, one or more of
the following is required:
– An audit of the component’s financial information
– An audit of one or more account balances, classes of transactions
or disclosures affected by the significant risks
– Specified audit procedures responsive to the significant risks
• For components that are not significant, one should perform analytical
procedures at the group level.
44
Slide Intentionally Left Blank
Audit Of Component
Financial Information • Not the same as audit of statutory financial statements
• For example, component auditor may not need to audit:
– Items that will be audited centrally, if so informed by
group engagement team
– Disclosures required for statutory purposes, but not for
group audit purposes
• Audit to component materiality (materiality for statutory
audit may be lower)
• Group engagement specifies the form of reporting expected
from component auditor.
– Standard does not mandate a form of reporting.
46
Significant Components Audited
By Component Auditors
If significant components are audited by component auditors, the group
engagement team must be involved in:
• Component auditor’s risk assessment
– Have all the significant risks been identified?
– Group auditor involvement depends on understanding of
component auditor, but standard specifies minimum work required.
• Component auditor’s responses to significant risks
– Are the responses appropriate?
– Direct involvement by group engagement team in responding to
the significant risks may be necessary, based on understanding of
component auditor. 47
Additional Procedures For Group Auditor When Assuming
Responsibility For Component Auditor’s Work References are to paragraph numbers in AU-C 600
Adapted from AU-C 600
Yes
No
Is component of individual
significance to the group? (52,
A75)
Is component likely to include
significant risks of misstatement to the
group FS due to specific nature or
circumstances? (53, A76-A78)
Audit component’s financial
information (52-56)
Is planned scope such that sufficient appropriate
audit evidence for group audit opinion can be
obtained? (55, A79-A83)
Audit component’s financial information; OR audit
one or more account balances, transaction
classes, or disclosures; OR perform specified
audit procedures (53, 57, 58)
Perform analytical procedures
at group level for non-significant
components (54, A79)
Communicate with component
auditors (59-60, A86-A89)
For further selected components: Audit
financial information;* or one or more account
balances, transaction classes, or disclosures;
OR review financial information; OR perform
specified audit procedures (55)
Yes
No No
* Adapted as necessary to to meet
the needs of the group engagement
team using component materiality
Yes
• Evaluate appropriateness of
performance materiality at
component level (50, A73-A74)
• Determine type of work to be
performed on financial information
of components (51)
• Evaluate component auditor’s
communication and adequacy of
work (61-62, A90)
• Communicate with group
management and those charged
with governance (63)
• Document the process (64)
General
48
COMPONENT AUDITORS Ahava Goldman, AICPA
American Institute of CPAs®
Understanding The Component
Auditor
Required regardless of whether reference is made to the component auditor’s report
• Understands relevant ethical requirements, in particular independence, and will comply
• Professional competence
• The extent of involvement with the work of the component auditor
• Whether the group team can obtain information with respect to the consolidation process
• Whether the component auditor operates in a regulatory environment that actively oversees auditors
The group auditor may not place any reliance on work performed, if independence is impaired or there are serious concerns about bulleted items above.
50
American Institute of CPAs®
Component Auditor
If the group engagement team identifies components in the
financial statements of a single entity, it is a group audit, and
AU-C Sect. 600 applies. As defined in AU-C Sect. 600, a
component auditor may be part of the group engagement
partner’s firm, a network firm of the group engagement
partner’s firm or another firm.
Requirements are not substantially different from AU 543.
If only performing analytical procedures at group level on
component, don’t need understanding of component auditor
51
American Institute of CPAs®
Component Auditor (Cont.)
Part of your firm (engagement team working on component)
• Can’t make reference
• Need to be as involved in their work as if your engagement team
Other firm – no difference if network or not
• If not making reference, comparable to using work of internal
auditors or engagement team members
Use the work of component auditor by:
• Making reference to their audit
• Assuming responsibility for, and being involved in, their work
52
Slide Intentionally Left Blank
American Institute of CPAs®
Using Work Of Component Auditors
Factors affecting this decision include:
• (a) Differences in the financial reporting framework applied in
preparing the component and group financial statements
• (b) Whether the audit of the component financial statements will
be completed in time to meet the group reporting schedule
• (c) Differences in the auditing and other standards applied by
the component auditor and those applied in the audit of the
group financial statements
• (d) Whether it is impracticable for the group engagement team
to be involved in the work of the component auditor.
Making reference is using component auditor work.
54
MATERIALITY
Trevor Stewart, Rutgers University
AU-C 600 Requires Different
Types Of Materiality Determinations
• Group materiality
– If relevant, materiality levels for particular classes of transactions,
account balances or disclosures
– Group performance materiality
– Determined just as per AU-C 320
• Component materiality when an audit or a review of a component is
necessary
– Component performance materiality
• Threshold above governs which misstatements cannot be treated as
clearly trivial to the group.
56
Component Materiality
• Materiality for a component necessary for group engagement partner
to form an opinion on group financial statements
• Generally greater than that required for the component auditor to form
a separate opinion on the component’s financial statements
• Should be lower than group materiality
– Sufficiently low enough to reduce the risk that the aggregate of
uncorrected and undetected misstatements in the group financial
statements exceeds group materiality, i.e., to control aggregation
risk
• The sum of component materiality amounts may exceed group
materiality (i.e., component materiality may be greater than an
arithmetic proportion).
• Should be set for each component for which an audit or review is
required
57
So, How Is Component
Materiality Determined? • Consider a really simple group
– Two identical independent components
– Group materiality $100,000
• Standard just says component materiality must be less than $100,000
but need not be as low as $50,000.
– Huge range, within which the extent of component audit and cost
thereof could vary by a factor of 2
• Widely differing approaches in practice
• Ad hoc methods being used lack appropriate theoretical support.
• Significant potential for undue information and audit risk or excessive
audit cost
58
Component Materiality Methods Assume group materiality = $100,000 and there are two identical components
Method Handle Formula Origin / Usage Amount
Group materiality FULL 100,000 ISA 600 upper extreme; certain
firms $100,000
Group materiality allocated
proportional to size PROP 100,000 × ½
ISA 600 lower extreme;
sometimes used $50,000
Half group materiality, regardless HALF 100,000 × ½ Source unknown; certain firms $50,000
Group materiality times square root
of relative size SQRT 100,000 × √½
Zuber, Elliott, Kinney, and
Leisenring (1983); certain firms $71,000
Maximum Aggregate Component
Materiality (tabulated factor ×
group materiality) allocated in
proportion to square root of size
MACM 1.5 × 100,000 × ½ Glover, Prawitt, Liljegren, and
Messier (2008); certain firms $75,000
General Unified Assurance and
Materiality (Bayesian probability) GUAM Algorithm Stewart & Kinney (2013); new
$63,000-
$100,000*
* GUAM amount
depends on group
structure, group
auditor’s assessment
of component risk,
and other factors
such as statutory
audit constraints. 59
For More Than You Ever Wanted To Know About Component Materiality:
![PDF Printing 600 dpi · mzw'aui j u"aZnm~u~iazE]szi~uwaInz~n~sW"au~luzz~u~~n](https://static.documents.pub/doc/80x56/5f61ef32fab12d1fff1cd188/pdf-printing-600-mzwaui-j-uaznmuiazesziuwainznswauluzzun.jpg)
