How it works
A group has eight components. Each one reports an uncorrected misstatement at 90% of its component materiality. Every individual component auditor signs off with a clean conscience. The group engagement team (EP) adds them up and discovers the aggregate is 2.4x group materiality. Nothing is wrong at any component, and yet the group financial statements (FS) are materially misstated. This is aggregation risk, and in our experience it is one of the most SALY'd parts of group audits. Teams copy the component materiality percentage from the prior year (PY) file without redoing the calculation when the number or mix of components has changed.
ISA 600 (Revised) treats aggregation risk as one of the factors the group engagement team considers when determining the nature and extent of work on components. The concept exists because component materiality is always set below group materiality. Even so, if every component has a misstatement just below its own component materiality threshold, those misstatements can sum to an amount that exceeds group materiality.
The reduction from group to component materiality is not formulaic. ISA 600 does not prescribe a specific percentage or discount factor. The group engagement team exercises judgment based on the number of components and the distribution of financial activity across them. A group with two components generating 85% and 15% of revenue faces a different aggregation profile than a group with twelve components each contributing 6%–10%. The first can set component materiality closer to group materiality for the dominant component. The second needs a steeper reduction.
At the evaluation stage, ISA 450.11 requires the auditor to assess uncorrected misstatements individually and in aggregate. For group audits, this means collecting all uncorrected misstatements from component auditors and testing whether their sum approaches or exceeds group materiality.
Key Points
- Setting component materiality lower than group materiality is the primary control against aggregation risk.
- The more components a group has, the higher the aggregation risk if component materiality is not reduced accordingly.
- Aggregation risk cannot be eliminated; it can only be reduced to an acceptably low level.
- Failing to consider aggregation risk is a recurring finding in regulatory inspections of group audit files.
Aggregation risk vs component materiality
Nobody enjoys redoing the component materiality math on a PY group audit, but skipping it is how aggregation risk becomes a review note at year-end. This is the finding that shows up most often in AFM and FRC inspections of group files.
| Dimension | Aggregation risk | Component materiality |
|---|---|---|
| What it is | The risk that sub-threshold items combine into a group-level misstatement | The materiality amount applied to an individual component's audit |
| Who controls it | The group engagement team, through component materiality and procedures | The group engagement team sets it; the component auditor applies it |
| When it matters most | At completion, when evaluating aggregate uncorrected misstatements | At planning, when scoping the component audit |
| Common documentation gap | Not assessed at group level during the evaluation stage | Set without documented link to aggregation risk |
Worked example: Groupe Vaillant Industries S.A.
Client: French engineering group, FY2024, consolidated revenue €180M, IFRS reporter. Six reporting entities across France, Belgium, Poland, and Portugal.
Set group materiality
The group engagement team sets group materiality at €900K (0.5% of consolidated revenue). The benchmark is revenue because the group's profit before tax (PBT) has been volatile over the last two years, making it an unstable base.
Set component materiality
With six active components, the team applies a 50% reduction. Component materiality (mat) is set at €450K. If no reduction were applied and all six components reported misstatements at full group materiality (€900K each), the theoretical aggregate would be €5.4M. The 50% factor reduces each component's contribution ceiling to €450K, capping the theoretical maximum at €2.7M.
Evaluate aggregate results
At completion, four of the six components report uncorrected misstatements: France €210K, Belgium €160K, Poland €120K, and Portugal €70K. Each is below component mat of €450K. The aggregate is €560K.
The 50% reduction factor controlled aggregation risk. The aggregate uncorrected misstatement (€560K) stays below group materiality (€900K), and the file supports the conclusion.
What reviewers and practitioners get wrong
A second recurring issue is evaluating uncorrected misstatements at the component level in isolation without performing the group-level aggregation assessment required by ISA 450.11 . A component auditor ("sub") who reports "no uncorrected misstatements above component materiality" has answered a different question from "what is this component's contribution to aggregate group exposure." The EP must aggregate across all components before concluding.
Key standard references
- ISA 600 (Revised) paragraphs 30–32: Requirements for setting component materiality and considering aggregation risk.
- ISA 450.11 : Evaluation of uncorrected misstatements individually and in aggregate.
Related terms
Related tools
Related reading
Frequently asked questions
Can aggregation risk be eliminated?
No. Aggregation risk can only be reduced to an acceptably low level. The primary control is setting component materiality below group materiality, but even with a steep reduction, the theoretical possibility of sub-threshold misstatements combining above group materiality always exists.
How do you determine the right reduction from group to component materiality?
ISA 600 does not prescribe a specific percentage. The group engagement team exercises judgment based on the number of components and the distribution of financial activity across them. A group with two components needs a smaller reduction than a group with twelve. The file must document why the chosen reduction is appropriate.