6 minute read
Audits
Group audits across multi‑ jurisdictions
Theo C Theodoulou, Chairman, Kreston Global Audit Group considers the challenges of inter‑country data gathering, and how group auditors canengage with component auditors.
Group audits can be the most challenging audit engagements as the risk of the group auditor is significant. They require perfect planning with structured audit risk assessment throughout the group and multi-jurisdictional resource management in order to minimise the audit risk.
The importance of the various components and subsidiaries to the group audit opinion is determined by a risk assessment and their relevance at a group level.
The group audit process
Once a group auditor has established which components are relevant, it is essential to build good professional relationships, as the group audit process will require the input and collaboration of the component auditors. If the component auditors are not part of the same network, there will almost certainly be differences in the audit methodology and culture that need to be addressed. The main issues that are usually identified are the different methodologies in terms of calculating relevance (or ‘materiality’), audit risk assessment, sample size, substantive and analytical testing and even how the audit file is structured to reach to the audit opinion.
Prior to assessing these differences, the group auditor needs to ensure that all component auditors comply with the ethical standards relevant to the group and are ultimately independent.
Other than independence, the group auditor needs to be sure of the professional competence of the component auditors and to know that the work done will stand up to scrutiny. Of course, this will be more straightforward if the component auditors operate in a regulatory environment in which professional bodies and authorities monitor them regularly.
Similarly, if component auditors are part of the same network, this gives additional assurance to the group auditor and potentially minimises the work required on ensuring independence and professional competency of the component auditor. This is especially the case if the network uses a common methodology amongst its member firms, as there will be a common understanding of what is expected by all auditors involved, thus reducing the administrative burden mentioned earlier.
Jurisdictional challenges
Irrespective of whether or not group and component auditors are part of the same network, once the group auditor feels comfortable engaging with the component auditors, there are several jurisdictional obstacles that need to be assessed as part of the audit planning.
Firstly, understanding the audit regulatory environment in each jurisdiction. For example, is the audit a statutory requirement or are there audit thresholds that need to be met? If certain components are not required by law to prepare audits, then this implies that component auditors will need to perform the audit from scratch, therefore increasing the workload and potentially failing to meet the deadlines of the audit engagement.
The local financial reporting standards of each component are also important in assessing the risk and workload of the engagement. Where the parent company reports in a different accounting framework than that of its components, this creates both increased audit work and a significant increase in audit risk, especially where fundamental differences in the accounting treatment of key audit areas arise.
The consolidated financial statements are prepared on the basis that the group has a unified set of accounting standards. Where this is not the case, the retranslation of accounting standards by the management to match those of the parent company is another challenge that requires careful consideration when planning the group audit. The complexity of retranslation can cause delays, miscommunication and potentially lead to fundamental deficiencies in the group audit process.
It is often the case that different jurisdictions have different reporting periods. Depending on the gap between the reporting date of the parent company and the component reporting date, this can create a significant obstacle which the group auditor needs to address. Depending on the gap, there might also be the need to re-audit certain financial periods of the component so as to provide the assurance the group auditor requires. This again requires planning ahead and efficient communication between the group and auditors of the components.
Language barrier is another key challenge that needs to be taken into consideration during audit planning. This will certainly delay the review process and potentially could lead to incorrect conclusions. Often the use of different languages in the preparation of audit working papers has also hidden costs for the group audits as there is a need for translation resulting in more time and cost for the engagement. It is therefore essential that language barriers are dealt with in advance.
Data gathering and review
The post-Covid era has had both positive and negative impacts in the data gathering and review work of the group auditor.
Where previously the group auditor would visit the component auditors in person to review their work and collect relevant audit data, the Covid era has made this much more challenging, creating obstacles and opportunities for the group audit review. Certainly, the in-person review simplifies the audit process review and it is much more efficient as most of the questions and requirements are solved instantly.
It is commonly found that the review of work and data gathering post-Covid is now done electronically; therefore, there are certain risks and challenges that the group auditor needs to foresee and be able to manage. Data privacy is of paramount importance and creating a secure online remote environment where the group auditors can access and review the working paper of component auditors is essential. The IT infrastructure of the auditors involved, as well as the cybersecurity level of each auditor, are hard to align and therefore a common IT framework should be agreed well in advance.
The data privacy and access to audit data should also comply with each jurisdiction’s data privacy laws, such as the General Data Protection Regulation for the European Union. The group auditor therefore needs to be in a position to understand and comprehend the different data privacy rules in the jurisdictions where the components are involved and include relevant disclosures in the engagement letters.
The group auditor may also face obstacles in transferring large volumes of data online or accessing the audit data online, as certain jurisdictions have restrictions in exporting client data out of their country’s online ecosystem, which can create delays or even make the review process not possible.
Conclusion
A group audit requires contemplation and skills from every individual involved, as well as the collection of appropriate and sufficient data. Furthermore, a group audit which involves many jurisdictions has its own complications due to multiplicity in operational modes and the conduct of the firms. These problems can be overcome only if the group audit properly implements a process and is able to manage the conflicts emerging within the team with respect to communication and other issues. ●