Group Audits – Referencing Component Auditors

Does your firm audit consolidated financial statements that contain a subsidiary audited by another firm? How about a governmental audit that contains a component unit audited by another firm? Or maybe an audit of an entity that has an equity-method investment audited by another firm?

Decision – Assume Responsibility or Not

If you audit an entity (e.g., Father Company, Inc.) that contains a component (Son Company, Inc.) audited by another firm, you will, under the new Clarity standards, make a decision to reference or not reference the component auditor.

assume

If you reference the component auditors, you are not taking responsibility for the component.

If you don’t reference the component auditors, you are, in effect, taking responsibility for the audit of all entities comprising the entity. (There will be additional work for the group auditor as he directs audit activities related to the entity as a whole, including procedures of the component auditor.)

1. When to Reference Component Auditors

photo-1First Question – Are there any significant components of the consolidated financial statements that are audited by an external audit firm?

If yes, go to the second question below.

If no, then there is no need to reference the component auditor (and you – the group auditor – will probably just perform analytical procedures for the component).

Second Question – Do you (the group auditor) want to assume responsibility for the work of the component auditor?

Sometimes the answer will be “no,” and you will reference the other firm.

When referencing occurs, the group auditor’s report will normally state “we did not audit the financial statements of X Company” and that “those statements were audited by other auditors.”

The component auditor is usually not named, but you may, if you wish, provided that you:

  • Obtain permission from the component auditor
  • Include the component auditor’s report with the group auditor’s report

Communication with Component Auditor

Whether you name the component auditor or not, AU-C 600 requires the group auditor to check (orally or in writing) on the component auditor’s:

  • Compliance with independence and ethical requirements
  • Competence

Referencing should not occur unless the following are true:

  • The financial statements were prepared using the same accounting framework as the group financial statements.
  • The component auditor follows GAAS (or, when required by law, PCAOB audit standards).
  • The component auditor’s report is not restricted as to use.

2. How to Reference Component Auditors

photo-4

Changes will be made to two auditor’s report paragraphs:

Auditor’s Responsibility Paragraph

You will add a paragraph like the following:

We did not audit the financial statements of ABC Company, Inc., a wholly owned subsidiary, which statements reflect total assets of $3,020,000 as of March 31, 2013, and total revenues of $7,050,200 for the year then ended. Those statements were audited by other auditors, whose report has been furnished to us, and our opinion, insofar as it relates to the amounts included for ABC Company, Inc., is based solely on the report of the other auditors.

Notice you will disclose the magnitude of the financial statements not audited in:

  • Dollar amounts or
  • Percentages

Those magnitudes may be expressed using one or more of the following:

  • Total assets
  • Total revenues
  • Other appropriate criteria (whichever appropriately describes the portion not audited)

Opinion Paragraph

The opinion paragraph will state “In our opinion, based on our audits and the report of the other auditors…”

To see a full sample auditor’s report (with these changes), click here.

Your Thoughts

I’m curious. Do you think your firm will normally reference or not reference outside component auditors?

Illustrative Group Auditor’s Report – Component Audited by Component Auditor

Below is an illustration of a group auditor’s report when a component is audited by a component auditor (AU-C Section 600 – Exhibit A – Illustration 2 of Auditor’s Reports on Group Financial Statement).

If you audit a consolidated entity that has a component (e.g., subsidiary) audited by another CPA firm, then consider this sample report. If the group auditor does not reference the component audit, then he is assuming responsibility for the audit of the component.

Independent Auditor’s Report

[Appropriate Addressee]

Report on the Consolidated Financial Statements

We have audited the accompanying consolidated financial statements of ABC Company and its subsidiaries, which comprise the consolidated balance sheets as of December 31, 20X1 and 20X0, and the related consolidated statements of income, changes in stockholders’ equity, and cash flows for the years then ended, and the related notes to the financial statements.

Management’s Responsibility for the Financial Statements

Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of consolidated financial statements that are free from material misstatement, whether due to fraud or error.

Auditor’s Responsibility

Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We did not audit the financial statements of B Company, a wholly-owned subsidiary, which statements reflect total assets constituting 20 percent and 22 percent, respectively, of consolidated total assets at December 31, 20X1 and 20X0, and total revenues constituting 18 percent and 20 percent, respectively, of consolidated total revenues for the years then ended. Those statements were audited by other auditors, whose report has been furnished to us, and our opinion, insofar as it relates to the amounts included for B Company, is based solely on the report of the other auditors. We conducted our audits in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement.

An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the consolidated financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Opinion

In our opinion, based on our audit and the report of the other auditors, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of ABC Company and its subsidiaries as of December 31, 20X1 and 20X0, and the results of their operations and their cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America.

[Auditor’s signature]

[Auditor’s city and state]

[Date of the auditor’s report]

Understanding and Communicating Control Weaknesses

How do you categorize a control weakness? Is it a material weakness, a significant deficiency or something less? This seems to be the greatest struggle in addressing internal control issues.

iStock_000014377944XSmall

Below we will answer this sometimes puzzling question, but first let’s take a look at how control weaknesses are defined. 

Definitions on Control Weaknesses

  1. Material weakness. A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
  2. Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  3. Other deficiencies. For purposes of this blog post, we’ll define other deficiencies as any control deficiencies that are not material weaknesses or significant deficiencies.

How to Categorize a Control Weaknesses

First ask these two questions:

  1. Is there a reasonable possibility that a misstatement could occur?
  2. Could the misstatement be material?

If your answer to both questions is “yes”, then the client has a material weakness. (By the way, if you propose a material adjustment, it’s difficult to argue that there is no material weakness. As you write your control letter, consider examining your proposed audit entries for congruence.)

If your answer to either of the questions is “no”, then ask the following:

Is the weakness important enough to merit the attention of those charged with governance? In other words, are there board members who would see the weakness as important.

If the answer is “yes”, then it is a significant deficiency.

If the answer is “no”, then the weakness is an other deficiency.

Communicating Control Deficiencies

The following deficiencies must be communicated in writing to management and to those charged with governance:

  • Material weaknesses
  • Significant deficiencies

The written communication must include:

  • the definition of the term material weakness and, when relevant, the definition of the term significant deficiency
  • a description of the significant deficiencies and material weaknesses and an explanation of their potential effects
  • sufficient information to enable those charged with governance and management to understand the context of the communication
  • that the audit included consideration of internal control over financial reporting in order to design audit procedures that are appropriate in the circumstances and that the audit was not for the purpose of expressing an opinion on the effectiveness of internal control
  • that the auditor is not expressing an opinion on the effectiveness of internal control
  • that the auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies, and therefore, material weaknesses or significant deficiencies may exist that were not identified
  • an appropriate alert, in accordance with section 905, Alert That Restricts the Use of the Auditor’s Written Communication

Other deficiencies can be communicated in writing or orally and need only be communicated to management (and not to those charged with governance). The communication must be documented in the audit file. So if you communicate orally, then follow up with a memo to the file addressing who you spoke with, what you discussed, and the date the discussion occurred.

photo

Stand-alone management letters are often used to communicate other deficiencies. Since there is no authoritative guidance for management letters, you may word them as you wish. Also, you may, if you like, include other deficiencies in your written communication of significant deficiencies or material weaknesses.

Here’s a slide deck summarizing control weakness issues. Feel free to use it to teach a class about this topic.