How it works

You are signing the group audit opinion. A subsidiary in China accounts for 15% of consolidated revenue, and the local auditor will not share their working papers. You have never seen the file and you cannot verify what procedures were performed. You still need to conclude on whether you have enough evidence. We have seen this exact situation stall group audits for weeks, and it is the point where the file should tell a story that it often does not.

ISA 600 (Revised) requires the group engagement team (GET) to be involved in the work of component auditors throughout the audit. That involvement includes the ability to access relevant audit documentation. The group engagement partner must determine, before accepting or continuing the engagement, whether restrictions exist that would prevent the GET from obtaining sufficient appropriate audit evidence.

Restrictions take different forms. Some jurisdictions prohibit transferring working papers across borders. Others allow access only through a local regulator's approval process. Sometimes the component auditor's firm policies (not law) restrict sharing of documentation. ISA 600 (Revised) requires the GET to evaluate whether it can overcome those restrictions through alternative procedures. If it cannot, the group engagement partner must consider the effect on the group audit opinion.

The practical question is binary. Either the GET has enough evidence to support the opinion on the group financial statements, or it does not.

Key Points

  • The group engagement partner must evaluate whether access restrictions affect the sufficiency of group audit evidence.
  • Legal or regulatory barriers in some jurisdictions can block direct access to component auditor files entirely.
  • Restricted access does not excuse the GET from obtaining sufficient appropriate audit evidence.
  • If access is denied, the GET must determine whether alternative procedures can close the evidence gap.

Worked example: Schütz Holding GmbH

Schütz Holding GmbH is a German holding company (FY2024, consolidated revenue €320M, IFRS reporter) with four subsidiaries. Two are domestic. One is in Brazil and one in China, the latter audited by a local firm.

Identifying the restriction

The GET (based in Frankfurt) plans the group audit and identifies that the Chinese subsidiary (revenue €48M, 15% of group) is audited by a local firm. Chinese regulations restrict the transfer of audit working papers outside mainland China without regulatory approval.

The team records the nature of the restriction and its regulatory basis. It also documents the financial significance of the affected subsidiary (€48M revenue, 15% of group) and the effect on planned audit procedures.

Evaluating the restriction's effect

The GET considers whether it can obtain sufficient appropriate audit evidence through alternative means: remote review sessions via screen share, requesting the component auditor to provide specified deliverables (including detailed findings memoranda and completed group reporting packages), performing additional group-level analytical procedures, or obtaining written representations from the component auditor on specified matters.

Reaching a conclusion

The GET determines that the combination of the group reporting package, a detailed findings memorandum from the component auditor, the remote review session, and written representations on key balances provides sufficient appropriate audit evidence for the Chinese subsidiary. No scope limitation applies.

Had the restriction been absolute (no alternative procedures available for a 15% subsidiary), a qualified opinion would have been the likely outcome.

What reviewers and practitioners get wrong

A separate pattern is teams confusing firm-level policies with legal restrictions. A component auditor's internal policy against sharing files is not a jurisdictional access barrier. ISA 600 (Revised) requires the GET to understand the component auditor, including any practical restrictions on access. Firm policy restrictions often resolve through direct negotiation between the network firms.

Key standard references

  • ISA 600 (Revised) paragraphs 24–26 set out requirements for GET involvement in the work of component auditors, including access to documentation and understanding practical restrictions on that access.
  • ISA 705 addresses modified opinions when sufficient appropriate audit evidence cannot be obtained.

Related terms

Aggregation Risk (Group Audit)Scoping (Group Audit)Full Scope vs Specified vs Analytical ProceduresComponent MaterialityGroup Engagement Partner

Related reading

Component Materiality in Group Audits: ISA 600 Guide
Blog guide

Frequently asked questions

What happens if the group engagement team cannot access component auditor working papers?

ISA 600 (Revised) requires the group engagement team to evaluate whether alternative procedures can close the evidence gap. If they cannot, the group engagement partner must consider the effect on the group audit opinion, which may result in a qualified opinion or disclaimer under ISA 705.

Is a component auditor's internal policy the same as a legal restriction on access?

No. A firm-level policy against sharing files is not a jurisdictional access barrier. ISA 600 (Revised) requires the group engagement team to understand the nature of the restriction. Firm policy restrictions often resolve through direct negotiation between network firms, while legal restrictions require alternative procedures or opinion modification.

Get practical audit insights, weekly.

No exam theory. Just what makes audits run faster.

290+ guides published20 free toolsBuilt by practicing auditors

No spam. We’re auditors, not marketers.

This glossary entry is for educational purposes and does not constitute legal or professional advice. Always consult the applicable standard text for authoritative guidance.

Last reviewed: · Standards version: IAASB 2024 Handbook