Group audits & governments.
While the Auditing Standards Board's Clarity Project was primarily a reformatting of existing standards, some areas received significant substantive edits. AU-C 600, Special Considerations --Audits of Group Financial Statements was one of those sections. The convergence with the International Auditing and Assurance Standards Board (IAASB)'s ISA 600 led to many changes, particularly in the scope of the standard.
Terminology is a key player in some of these implementation issues. In order to understand how to properly perform procedures for a group audit, a definition of "group audit" must be established.
"Group financial statements" is a good place to start. AU-C 600 defines group financial statements as "financial statements that include the financial information of more than one component." This is a major change from AU Section 543, Part of Audit Performed by Other Independent Auditors. The term "group audit" makes no reference to "other auditors." The key element in AU-C 600 is having more than one "component." This term is not to be confused with the governmental term, "component unit."
So how did the AICPA define "component"? A component is "an entity or business activity for which group or component management prepares financial information that is required by the applicable financial reporting framework to be included in the group financial statements." "Component unit" and "component" can be easily confused, but once again, there is no mention of other auditors in AU-C 600, as there was in the former AU Section 553. The key to the definition of a component was that separate information was being combined to form the group. This was a new concept to the auditing standards, so the AICPA used several explanatory paragraphs to make sure it was understood.
Unlike a clearly defined rule, the guidance uses a principles-based approach that depends largely on how an individual entity is structured. The examples that are listed include "parent and one or more subsidiaries," "investees accounted for by the equity or cost method of accounting," and "head of one or more divisions or branches." Accordingly, these scenarios include business activities (or separate entities) where the accounting is performed separately for each component and then combined to form a "group." However, the explanatory information doesn't stop there; it also says that a group can be identified by the combining of "function, process, product or service ... or geographic locations." To qualify as a group audit, separate financial information needs to be included in the group financial statements. While AU 543 primarily focused on "other auditors," AU-C 600 focuses on combining information.
AU-C 600 eventually brings in the concept of "other auditors," referring to them as "component auditors." A component auditor is defined as "an auditor who performs work on the financial information of a component that will be used as audit evidence for the group audit." Once again, unlike AU 543, the definition is expanded to include a "group engagement partner's firm, a network firm of the group engagement partner's firm, or another firm." Another partner in the same firm could qualify as a component auditor. This is of particular interest when dealing with a government environment. Other firms hired by component units are not the only concern; having multiple engagement teams from one firm working on the component units can also trigger a group audit and the requirements related it.
The uniqueness of a government both simplifies and complicates the standard. The AICPA was very much aware of this, and the Clarified Standards contain approximately 50 paragraphs titled "Considerations Specific to Audits of Governmental Entities" to provide special guidance for those auditing governments. Two of the key implementation issues are identification of components and communication with component auditors.
Identification of Components. There is a variety of interpretations of how governments can identify components, but a key feature of a government audit--unlike a commercial one--is the long-held concept of multiple opinion units. In a general-purpose government financial statement, governments present their governmental activities, business-type activities, and fund financial statements. Auditors are required to opine separately on the governmental activities, business-type activities, and each major governmental and enterprise fund. Discretely presented component units are then aggregated into a separate opinion unit. In addition, blended component units may or may not be a separate opinion unit. Finally, all non-major governmental funds, enterprise funds, internal service funds, and fiduciary funds are aggregated into a single unit typically called "remaining fund information." Because materiality is calculated for each opinion unit, aggregation risk is reduced. The true goal of group audits is to reduce aggregation risk, so governments have been in the process of reducing this risk for some time now.
As noted previously, a component unit is not the same as a component, which is the term used in AU-C 600. A component unit is a legally separate organization for which elected officials of the primary government are financially accountable, and it can be a governmental, not-for-profit, or for-profit organization. The term "component unit" is used for financial reporting purposes and tells the government what should or should not be reported in the government's financial statements. The term "component" is an auditing concept that is used by the auditor to identify where separate materiality thresholds should be calculated to reduce aggregation risk.
Governments have already reduced aggregation risk by having multiple opinion units, but that does not mean that components do not exist. Each opinion unit is its own group, for group audit purposes. Therefore, identifying components means looking separately at each opinion unit. Identifying components within a major enterprise fund is less likely because a major fund serves as a separate opinion unit. You would be more likely to find components in the aggregate remaining fund information and aggregate discretely presented component units because these separate items have been aggregated, increasing the likelihood that a component would or should be identified. Since governmental and business-type activities are derived from the underlying funds (major and aggregated), and separate opinions are expressed for each major fund and the aggregated remaining funds, it is not necessary to identify components for the separate governmental and business-type activities.
The big question is how a component in the aggregated information is identified. Paragraph A5 of AU-C 600 says, "In audits of state and local governments, a component may be a separate legal entity reported as a component unit or part of the governmental entity, such as a business activity, department, or program." There are a variety of indicators to consider for governments. An equity method investment is a pretty good indicator of a component, as it is specifically identified in the standard as being a component. Another good indicator is the existence of component auditors. If another firm was hired to audit a fund or component unit, it is likely that a component exists. These examples require very little judgment. Other indicators include separate general ledgers, separate reporting packages, or financial information prepared by others, all examples of "financial information" that needs to be "included in the group financial statements." Other indicators include different legal structures, governance structures, management structures, and control environments. Identifying components requires significant consideration and judgment in these circumstances.
The AICPA State and Local Governments Audit and Accounting Guide helps with the identification of components. Step 1 is to consider whether any opinion unit has more than one component. Auditors would typically look at the aggregate information to determine if any common indicators were present. If multiple components were identified, AU-C 600 would apply. If no opinion units had more than one component, then the next question would be whether there are any opinions audited by other auditors whose work will be relied upon. If component auditors exist, AU-600 would apply. If no component auditors are identified, then no additional procedures would be required.
How does the identification of components and component auditors affect the engagement? Group auditors are required to understand all components (even those audited by component auditors) and identify components that are significant, either because of their individual significance or because they possess a significant risk of material misstatement. For those significant components, a separate component materiality must be calculated. For components audited by component auditors that will be referenced in the auditor's report on the group financial statements, the component auditors can calculate the component materiality. For components audited by component auditors where reference is not made or for which the group engagement team will be performing the audit of the component, a separate materiality determination has to be made and communicated to the component auditor. Therefore, while the Governmental Accounting Standards Board (the applicable financial reporting framework) aggregates multiple funds into one opinion unit, the auditing standards would require that separate components be identified and audited separately.
In addition, group audits require the understanding of the consolidation process and a response to risks (including aggregation risk). However, consolidation is part of the financial reporting process, and the audit steps are similar in nature to the work performed as part of that process.
If a component auditor is present, the standards require that the group auditor obtain an understanding of the component auditor, whether or not they are being referenced. Gaining an understanding includes confirming the independence of the component auditors and determining their professional competence. In addition, the group auditor must determine whether or not they wish to make reference to the component auditor in the group audit report.
Identifying components requires significant professional judgment and has been a difficult concept for many to apply. A thorough assessment should be made annually, and any changes from the prior year should be identified. Auditors should ensure that they document the factors considered and the analysis of potential components in order to support their professional judgment.
Communication with Component Auditors. Communication is important if a group engagement team's audit includes a component auditor. Coordination is the key to success when dealing with multiple auditors. The use of component auditors is very common in the government world, and audit contracts often require that the audit process include a minority firm. In addition, component units are legally separate and often hire their own auditors for their financial statement audit. As such, the primary government that consolidates the component unit will have little choice but to use the auditors hired by the component unit.
Coordinating a group audit starts with the annual acceptance and continuance process. Even if there is a multiple year contract, AU-C 210, Terms of Engagement, requires that the agreement be re-communicated. The update to the Clarity standards requires that before agreeing to be part of the group engagement team, firms need to make sure they will be able to obtain enough information about the group to opine on the group financial statements as a whole, including any components. The more component auditors there are, or the larger the size of the components audited by component auditors, the more difficult this decision can become. Another consideration would be the amount of risk for which the group auditor will assume responsibility if it chooses not to make reference to the component auditor. If the group engagement team assumes responsibility for the work of the component auditor, the amount of coordination between the auditors becomes very important because the group engagement team must be involved in the audit of the component, even if it is legally separate. The determination of whether there is sufficient appropriate evidence is solely the responsibility of the group engagement partner. During the acceptance process, exactly what each auditor is responsible for must be clarified, along with what expectations exist. Many of the problems that arise are caused by an engagement letter that is unclear as to the roles and responsibilities of the individual auditors.
Communication and coordination between group and component auditors are the keys to success for a group audit. A failure to address small details can lead to delays in issuing financial statements or even modified opinions. The Government Finance Officers Association (GFOA) recommends that all parties involved (group and component auditors as well as group and component management) meet at least twice during the audit to ensure that everyone is on the same page. Component auditors need to be aware of whether or not the group auditor is going to make reference to or assume responsibility for their work.
The timing of component audits must be agreed on. To prevent a delay for the group auditor, the component auditor should receive a timeline with multiple deadlines along the way, ensuring that any issues are caught early in the process. The discussion should include the requirements of the component auditor, including the form and content of the report, how findings will be communicated, and how the group auditor intends to get comfortable with the work of the component auditor. The more detailed the discussion and instructions, the better the probability that the group auditor will obtain the evidence it needs to form an opinion on the group financial statements as a whole.
The standards leave room open for engagement teams to decide who performs various items. Subsequent events testing must be performed for both the group and the components, but the standards do not state who must perform it. Often, the component auditor will issue its report on the component's financial statements weeks before the group auditor issues its report on the group financial statements. Component auditors are often uncomfortable performing subsequent events work after their report date. The group engagement team is ultimately responsible for the evaluation of subsequent events for the group (including components) to the date that the group's financial statements are available to be issued. It is up to the engagement teams to decide at the beginning which auditor will be responsible for subsequent events testing. Group management should help coordinate the discussions and assist in obtaining the required component information.
Another area for discussion and coordination is access to work papers, especially when the auditor is going to assume responsibility. The timing of the review, the level of review, and other items need to be discussed at the beginning of the audit, not as the group auditor needs to wrap up. The group auditor often wants to see copies of the draft reports and communications before they are finalized, since it will need to use these as evidence for its audit, even when making reference to the component auditor.
The final item that needs to be addressed is best determined during client acceptance: who is paying for what. Questions like who is responsible for the costs of reviewing the component auditor's work papers or who is responsible for the cost of subsequent events testing of the component all need to be decided in advance instead of turning into surprises at the end of the engagement. While group management doesn't have control over component management in all cases, it needs to help coordinate and ensure that everyone is on the same page. Detailed instructions and thorough engagement letters can alleviate many of these issues.
June 2015 marks the implementation date for many governments of the GASB Statement No. 68, Financial Reporting for Pension Plans--an amendment of GASB Statement No. 27, and a key audit interpretation, Auditing Interpretation No. 1, Auditor of Participating Employer in a Governmental Pension Plan, related to group audits. As many state auditors are auditing the state pension plan under GASB 67, Financial Reporting for Pension Plans--an amendment of GASB Statement No. 25, there was a desire by many to consider state auditors as component auditors in hopes of being able to rely on their work and simply make reference to their work related to the information from the plan included in the employer's financial statements. AU-C 9600, Special Considerations--Audits of Group Financial Statements (Including the Work of Component Auditors): Auditing Interpretations of AU-C Section 600 was issued in April 2014 to clarify the AICPA's position on this concept. Per the Auditing Interpretation, the pension plan does not qualify as a component of the participating government; therefore, reference cannot be made to the plan auditor. This leaves the participating government's auditors of the employer data with some GASB Statement No. 68 implementation issues regarding the pension plan information included in the audited financial statements as far as it relates to the overall plan information in both single and multiple employer plan scenarios. The AICPA's State and Local Government Expert Panel wrote multiple white papers addressing these issues and provided excellent suggestions. In addition, the updated Audit Guide for State and Local Governments has an entirely new chapter devoted to pensions, and it has very thorough procedures and considerations.
In closing, group audits can be a tricky area for many auditors, especially in the government arena. However, with a little planning and consideration, group audits can be effectively and efficiently performed with minimal impact on the audit process.
MELISA F. GALASSO is senior manager, Audit Professional Practices, for Cherry Bekaert LLP.
|Printer friendly Cite/link Email Feedback|
|Publication:||Government Finance Review|
|Date:||Jun 1, 2015|
|Previous Article:||A humbling experience: lessons learned in implementing the new GASB pension standards.|
|Next Article:||Relating the COSO Internal Control--Integrated Framework and COBIT.|