Audit of Group Financial Statements: Key Updates from SSA 600 (revised)

SEE MORE ARTICLES FROM THIS NEWSLETTER

This article was originally published in BDO Spotlight - October 2024
 

Singapore Standard on Auditing 600 Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) (SSA 600 (revised)), addresses the considerations relevant to group audits, including situations where component auditors are involved. The SSA 600 (revised) is effective for audits of group financial statements for periods beginning on or after 15 December 2023.

The SSA 600 (revised) is now better aligned with the new and recently revised standards, such as the quality management standards and the SSA 315 (revised) Identifying and Assessing the Risks of Material Misstatement. This alignment promotes proactive quality management and ensures that the SSA 600 (revised) remains relevant and effective.

What are the Key Changes to the SSA 600 (Revised)?

•   Proactive risk-based approach

One of the key changes to the SSA 600 (revised) is the introduction of a proactive risk-based approach to the audit of the group financial statements. The focus is on identifying and assessing risks of material misstatement, planning the audit approach and responding to the identified risks.

Under the SSA 600 (revised), greater emphasis is placed on planning an appropriate audit approach to obtain sufficient audit evidence by addressing key questions such as:

  • What audit work needs to be performed to address the identified risks of material misstatement?
  • Where are these risks of material misstatement being identified? Which components are affected?
  • Who will be responsible for implementing audit procedures to address or mitigate these risks to an acceptable level?


Figure 1: Key questions to address when planning an audit approach.


SSA 220 (revised) Quality Management for an Audit of Financial Statements requires the engagement partner to ensure that sufficient and appropriate resources for performing the engagement are assigned or made available to the team in a timely manner. In a group audit, the resources may include component auditors. Under the risk-based approach, component auditors can be, and often are, involved in all phases of the group audit as they may have greater experience with and deeper knowledge of the components and their environments (including local laws and regulations, business practices, language, and culture) than the group auditor. 

•    Definition of a component

The SSA 600 (revised) has defined a ‘component’ as an entity, business unit, function or business activity, or a combination thereof, determined by the group auditor for the purpose of planning and performing audit procedures in a group audit. This new definition clarifies the scope of the SSA 600 (revised) and extends its scope to include branches, divisions, shared service centres and non-controlled entities. For example, an entity could have multiple business units or operate in multiple locations through branch offices. If the financial information is aggregated to prepare the financial statements of a single legal entity, these statements meet the definition of group financial statements, and therefore, the SSA 600 (revised) is applicable to the audit of these financial statements. 

Additionally, the definition of a ‘significant component’ has been removed. The emphasis is now on assessing the risks of material misstatement at the assertion level of the group financial statements associated with components. The group auditor should look beyond the group’s legal structure when planning and performing audit procedures by considering the availability of information systems and the client’s control processes over financial reporting. For example, a group may consist of six legal entities, with three of these entities having similar business characteristics, operating in the same geographical location, under the same management, and using a common system of internal control, including the information system. In this scenario, the group auditor may decide to treat these three legal entities as one component for group audit purposes. 

Therefore, a flexible approach should be adopted in determining components, as the definition of components is now broader than previously outlined.

•    Robust two-way communication

The SSA 600 (revised) enhances and clarifies the importance of effective two-way communication between the group auditor and component auditors. It covers various aspects of the group auditor’s interaction with component auditors, including communicating relevant ethical requirements, assessing the competence and capabilities of the component auditor, and determining the appropriate nature, timing and extent of the group auditor’s involvement in the work of the component auditor, including direction and supervision. Consequently, component auditors can be expected to be involved in all phases of the group audit, whether by providing information, or performing audit work.

Clear and timely communication between the group auditor and component auditors regarding their respective responsibilities, along with clear direction to component auditors, helps establish the foundation for effective two-way communication. This also provides an opportunity for the group engagement partner to reinforce the need for component auditors to exercise professional scepticism in the work performed for purposes of the group audit.

•    Others

Other key aspects of the SSA 600 (revised) include, but are not limited to, the following:

  • Enhanced requirements related to professional scepticism which is consistent with recent developments and stakeholder expectations.
  • Enhanced documentation requirements and application materials, emphasising the requirements in SSA 230 Audit Documentation and the documentation requirements in other relevant SSAs. 


Although a proactive risk-based approach is generally beneficial, it may lead to increased workload for both the group engagement team and the group engagement partner. This is particularly the case given the expanded responsibilities for overseeing, directing, and reviewing the work of component auditors. 

What are the Implictions for the Management?

Under the SSA 600 (revised) requirements, the scope of defining audit components has expanded, placing greater emphasis on planning and coordinating audit efforts across various components. Effective planning and tailoring of audit responses to address material misstatement risks now hinge significantly on the group's overarching internal control system, including its information systems.

In groups with a centralised and robust internal control system, audit tasks can often be handled by a centralised audit team at the group level. In contrast, if each entity or business unit within the group has its own internal control and financial reporting systems and operates in multiple locations, the audit work may need to be distributed among different component auditors. This decentralisation necessitates that the group auditor take on enhanced responsibilities, including effective two-way communication with component auditors and a more detailed evaluation of their work. As a result, this can lead to increased audit costs and longer audit durations.

Conclusion

In summary, the SSA 600 (revised) can lead to more rigorous and comprehensive audits for clients, emphasising a risk-based approach, clear communication, detailed documentation, and thorough evaluation of component auditors’ work. While this enhances audit quality and reliability, it can also increase audit complexity if client does not have a centralised system of internal controls over financial reporting. Groups with diverse business activities operating in multiple locations should consider whether there is a need to centralise or improve their internal control systems over financial reporting, including information systems.

Article by:
William Ng, Audit Partner
Aileen Yap, Director, Knowledge & Professional Development