SAS No. 149, Special Considerations — Audits of Group Financial Statements (Including the Work of Component Auditors and Audits of Referred-to Auditors) defines what firms must do in group audits.
Sometimes, auditors have a group audit but don’t know it (as Michael Westervelt pointed out in his JOA article), or they are aware that a group audit is in play but don’t know the requirements. Either way, if your firm doesn’t comply with group audit standards and your peer reviewer notices, you’ve got a problem—sometimes a big one.
Group audits raise questions such as who is responsible for what. Below, I explain the responsibilities of the following:
I also provide key group audit definitions and communication and documentation requirements.
I will use a question-and-answer format to explain the following:
What is a group audit?
It’s an audit of group financial statements.
But what are group financial statements? They are financial statements that include multiple entities or business units or the aggregation of financial information from entities or business units such as branches or divisions. Group financial statements include aggregating financial information from business units with separate locations, management, or information systems. (See A4 and A5 of SAS 149 for additional information.)
Here are examples of group financial statements:
If you are auditing one of these, you are conducting a group audit, and specific audit requirements apply. If you are directing the audit, you are the group auditor; in some cases, other audit firms might participate.
So, what is a group auditor?
It’s the group engagement partner and engagement team members other than component auditors (see component auditor definition below).
The group auditor performs duties including the following:
When component auditors are in use, the group auditor has specific responsibilities, including the following:
The group auditor should communicate the following to component auditors:
Who is the group engagement partner?
The auditor responsible for the group audit.
The group engagement partner’s responsibilities include:
Here are examples of different ways the group engagement partner can direct and supervise component auditors:
What is a component auditor?
An auditor that audits a group audit component, such as a business subsidiary.
A component auditor (working with the group auditor) is a part of the audit team.
Component auditors can include:
It is possible that all component auditors are from the group audit firm. It is also possible that component auditors include the group audit firm and audit firms external to the group audit firm.
The group auditor should ask the component auditor to communicate certain component matters, including the following:
The group audit report should not reference any component auditors when component auditors participate in the group audit.
What are components?
A component is an:
The group auditor determines how components relate to one another for planning and performing audit procedures.
For instance, the group auditor might decide that the group audit firm will audit entities A, B, and C, and another firm (a component auditor) will audit entity D. In this example, the group audit firm and the component audit firm comprise the audit team.
In another example, the group auditor might decide that the group audit firm will audit entities A, B, and C and reference the audit report of entity D performed by another firm (called the referred-to auditor). The referred-to auditor is not a part of the audit team.
A component auditor needs to know what the component materiality is.
What is component performance materiality?
It’s the amount the group auditor sets to reduce aggregation risk (see below) to an appropriate level. The component performance materiality must be less than the group performance materiality.
Additionally, the component auditor must communicate any misstatements above a certain amount (component threshold) to the group auditor. The group auditor specifies this component threshold, and it should not exceed the trivial amount in the group financial statement.
For example, the trivial misstatement amount for the ABC Consolidated financial statements might be $75,000 (as set by Cole CPA firm), and the component threshold could be $25,000 for entity B, a component audited by the Gee Whiz CPA firm. If Gee Whiz identifies one misstatement of $15,000 and another for $55,000, it must communicate the second misstatement to Cole CPA firm, the group audit firm.
One unique risk in group audits is aggregation risk.
What is aggregation risk?
It’s the risk that aggregate uncorrected and undetected misstatements might exceed the financial statements’ materiality.
Suppose the group auditor audits companies A and B, and a component auditor audits company C. And say the group audit materiality is $750,000. If company A has a passed adjustment of $300,000 in accounts receivable (an overstatement) and company C has an undetected misstatement in accounts receivable of $600,000 (also an overstatement), the aggregate uncorrected and undetected misstatements is material.
So, the group auditor needs to plan the engagement to keep aggregation risk at an appropriate level. One way to do so is to lower the materiality thresholds for the various components.
Sometimes, another auditor audits a component and issues an opinion on the entity. When this occurs, the group auditor can elect to reference the other auditor’s opinion.
What is a referred-to auditor?
An auditor who audits an entity that the group audit report references.
The group engagement partner can only make reference when the referred-to auditor issues an audit report on a component that is not restricted as to use.
A referred-to auditor is not part of the audit team or a component auditor.
Should the group auditor direct the referred-to auditor’s work? No, the group auditor does not direct or supervise the referred-to auditor or review their work. Even so, the group engagement partner should determine whether the referred-to auditor followed generally accepted auditing standards (GAAS) or the PCAOB standards. Additionally, the group auditor should read the component’s financial statements and the referred-to audit report to see if there are any significant matters.
For example, Big CPA firm might audit ABC Company and XYZ Company. Little CPA firm audits DEF Company and issues an audit opinion on it. Big CPA’s audit report can reference Little CPA’s audit (provided specific requirements are met; see below). Illustration 2 in SAS 149 provides a sample report for this situation.
Here’s a sample referred-to paragraph that would follow the Big CPA firm’s opinion paragraph:
We did not audit the financial statements of DEF Company, a wholly owned subsidiary, whose statements reflect total assets constituting 15 percent and 20 percent, respectively, of consolidated total assets on December 31, 20X1 and 20X0, and total revenues constituting 14 percent and 17 percent, respectively, of consolidated total revenues for the years then ended. Those statements were audited by other auditors, whose report has been furnished to us, and our opinion, insofar as it relates to the amounts included for DEF Company, is based solely on the report of the other auditors.
(Note – I bolded some words to highlight the language in this example paragraph. Standard audit opinions do not bold such wording.)
The purposes of this referred-to paragraph are to communicate:
The group auditor can provide the magnitude of the referred-to auditor’s work in percentages or dollar amounts. (The example above uses percentages.)
The group auditor does not direct the audit of the referred-to auditor’s work, so the group auditor says its opinion (concerning that portion of the group financial statements) is based solely on the referred-to auditor’s report.
What communications should occur between the group auditor and the referred-to auditor?
The group auditor should communicate the related party relationships identified by group management, any other related party, and any related party transactions (that affect the referred-t0 auditor’s work) to the referred-to auditor.
Moreover, the group engagement partner should do the following:
Referencing the referred-to auditor’s report may not be suitable if the group auditor believes the referred-to auditor lacks appropriate competence and capabilities or has not complied with ethical requirements.
The group auditor should request the following from the referred-to auditor:
So, do group audits always include more than one audit firm?
No, not necessarily. One firm can audit all entities in group audit financial statements. Alternatively, one or more component auditors from other audit firms can audit one or more components.
Here are examples of group audits:
Exhibit A of SAS 149 (titled Relevancy of Requirements in Various Group Audit Scenarios) outlines the paragraphs in this standard that are relevant to various scenarios. The scenarios include the following:
So, see exhibit A for the pertinent SAS 149 paragraphs when performing a group audit.
What group audit documentation do you need?
Group audit documentation includes the following (this is not a comprehensive list):
Here are summary points from the above:
SAS 149 is effective for audits of group financial statements for periods ending on or after December 15, 2026.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
The group audit standards are pertinent to all audits of consolidated financial statements. So, the guidance in this article applies.
Thanks Charles. Less common, but any specific advice for preforming a group review engagement of consolidated financials stataments?
thank you for the detailed information!