Whilst the recent revisions to ISAs (UK) 315 and 240 may have auditors’ immediate attention, they may see looming on the horizon the next substantial ISA revision, which is to ISA (UK) 600.  This contains the special considerations required when auditing group financial statements.

Jez Williams wrote about the proposals for the ISA (UK) 600 revisions on the Insight blog a year ago.  The proposed revisions have now crystallized and will be applicable for periods commencing after 15 December 2023.

For the most part, the revisions will therefore be coming into force for December 2024 year ends.   So, there is time for auditors to get to grips with the changes.  That being said, the recent series of revisions to ISAs has surely taught us that it is best to start preparing for application early, and no doubt December 2024 will be with us in the blink of an eye!

In brief, the main changes are:

Risk focus

By far the most significant change to ISA (UK) 600 is that it has become very much aligned with revised ISA (UK) 315, taking a risk-based approach to the group audit.  This changes the entire focus of the standard.  In effect, the revision demands that, at least in the first instance, we treat the audit of consolidated financial statements in exactly the same way as we would do a single entity set – apply ISA (UK) 315 to determine where the risks of material misstatement lie, and plan audit work accordingly.

Whilst the focus of the objectives of the extant standard are on the interaction of group and component auditors, the revised standard’s objectives are primarily to assess the risks of material misstatement in the group financial statements, albeit that interaction with the component auditor will form a crucial part of that assessment.  Reflecting this, each section of the standard includes a subheading “Considerations when Component Auditors are involved”.

Components

It is made quite clear in the revised standard that its principles should be applied equally to businesses containing numerous branches or divisions under one corporate entity, just as it would to a consolidation made up of parent and subsidiary entities.  This is reflected in the definitions of both “component” and “group financial statements” (where it is clarified that the consolidation process can include the aggregation of the financial information of branches).

Whilst such scenarios are perhaps alluded to in the extant standard, the references now made are entirely explicit.  At least in theory this may therefore bring more entities into scope (i.e. those with multiple branches), although we suspect that this is not likely to cause significant issues in most SME audits.

“Significant Components”

It is ironically significant that the definition of “significant components” has been removed from the standard.  No longer does the group auditor explicitly consider which components may or may not be financially or otherwise significant.  The “step back” approach of assertion-driven risk assessment on the group accounts as a whole removes the necessity for this.

The knock-on consequence of this, is that there is no longer an explicit ruling on which components must be subject to full audit, audit of specific items or just desktop review.  Instead, the group audit strategy will simply need to determine those components and what audit work will need to be performed.

Materiality

Linked to the above, we find the notable deletion of the definition of “component materiality”.  In its place, there are now definitions for “component performance materiality” and “group performance materiality”.  This seems sensible.  Performance materiality in all audits is a means of addressing aggregation risk, and in many respects, this can be seen to be the predominant risk that arises in accumulating component financial information.

Quality Management

It would be fair to say that the revised ISA (UK) 600 embraces the recent revisions to quality management standards (ISA (UK) 220, in particular) in the same manner that it embraces ISA (UK) 315.

The responsibility for the quality of the engagement is placed firmly at the feet of the group engagement partner.  And component auditors are now clearly defined as being part of the Engagement Team.  Inevitably, that means that the engagement partner takes on much more responsibility for the quality of the component auditors’ work, through suitable direction, supervision and review.

Conclusion

We have seen with other recent revisions to ISAs that what initially appears to be a theoretically revolutionary change can often turn out to be pretty evolutionary when brought down to a practical level.  It remains to be seen whether this will also be the case for ISA (UK) 600.  Certainly, reflecting on some recent “whole group” audit file reviews, our suspicion is that in those cases the revisions will not change all that much – except that a formalised group risk assessment will be much more informative than the current requirements, many elements of which (such as component materiality) appear to have absolutely no impact on the audit work performed.

Small and medium-sized auditors may find that they see greater change when acting as component auditor to a much larger group, as there is a much greater emphasis on two-way communication in the revised standard.

If it transpires that the revision to ISA (UK) 600 is evolutionary, not revolutionary, then the predominant concerns for most audit firms regarding group audits will no doubt remain the same as always – how can we most efficiently accumulate group companies into our audit files?  And have we done enough to demonstrate our audit of the consolidation itself?

Join James Charlton for a discussion of the impact of the ISA (UK) 600 revisions and other group audit considerations on his Group Audit course.  For those focussed on the challenges of consolidation, join James for his Accounting for Groups course.