ISA 260 (Revised) — Communication with Those Charged with Governance: Complete Guide

Key Takeaways

ISA 260 (Revised) provides the overarching framework for the auditor's communication with those charged with governance (TCWG) in a financial statement audit. It identifies specific matters that must be communicated and establishes the principle of effective two-way communication.
Those charged with governance are the person(s) or organisation(s) responsible for overseeing the entity's strategic direction and accountability, including the financial reporting process. In different entities, this may be a board of directors, supervisory board, audit committee, trustees, or even an owner-manager.
The auditor must communicate: the auditor's responsibilities under the ISAs; the planned scope and timing of the audit (including significant risks); significant findings from the audit (including qualitative aspects of accounting, significant difficulties, and significant matters discussed with management); and the auditor's independence (for listed entities).
Communication should promote effective two-way dialogue — it assists the auditor in obtaining information relevant to the audit and assists TCWG in fulfilling their oversight responsibilities.
Significant audit findings must be communicated in writing if, in the auditor's professional judgment, oral communication alone would be inadequate. For listed entities, independence-related matters must always be in writing.
ISA 260 works in tandem with ISA 265 (communicating internal control deficiencies) and ISA 701 (communicating key audit matters in the auditor's report).

What is ISA 260 (Revised)?

ISA 260 (Revised), titled "Communication with Those Charged with Governance," recognises that effective communication between the auditor and those charged with governance is fundamental to a high-quality audit. It is not simply about the auditor delivering a report — it is about establishing an ongoing dialogue that serves both parties.

The standard serves three interconnected purposes:

It helps the auditor. TCWG can provide information that enhances the auditor's understanding of the entity, its risks, and specific transactions or events. An auditor who communicates effectively with the board or audit committee gains access to insights that improve audit quality.
It helps those charged with governance. The auditor's communications assist TCWG in fulfilling their oversight responsibilities — particularly their oversight of the financial reporting process and internal control.
It reduces the risk of material misstatement. When auditors and governance bodies communicate effectively, issues are identified earlier, misunderstandings are reduced, and the quality of financial reporting improves.

ISA 260 (Revised) became effective for audits of financial statements for periods ending on or after 15 December 2016, following revisions linked to the introduction of ISA 701 (Key Audit Matters).

Identifying Those Charged with Governance

The diversity challenge

ISA 260.A1–A8 acknowledges that governance structures vary enormously. The auditor must determine the appropriate person(s) with whom to communicate:

Governance Structure	Typical TCWG	Communication Approach
Large listed company	Board of directors, audit committee, supervisory board	Communicate with audit committee for most matters; full board for the most significant issues
Mid-sized private company with board	Board of directors (possibly non-executive directors)	Communicate with the board or a designated governance subgroup
Owner-managed entity	Owner-manager (where no separate governance exists)	Communicate directly — but recognise the limitations of communicating governance matters to management
Public sector entity	Governing council, trustees, oversight body	Identify the body with oversight responsibility for financial reporting
Partnership	Managing partners, management committee	Determine which partners have governance responsibilities

When management and governance overlap

In many smaller entities, the same individuals serve in both management and governance roles — the owner-manager is both the person responsible for preparing the financial statements and the person overseeing that process. ISA 260.A8 addresses this directly: if the auditor communicates matters in a management capacity to people who also have governance roles, those matters need not be communicated again in a governance capacity. However, the auditor must ensure that communication reaches all individuals who have a governance role — a matter discussed with the managing director may not have reached non-executive directors or supervisory board members.

The audit committee

Where an audit committee exists, it is usually the primary communication channel for audit-related matters. The auditor should determine the committee's terms of reference and authority to understand which matters fall within its mandate and which require escalation to the full board. ISA 260.A4 notes that the auditor may need to communicate with the full governing body when the audit committee's authority is limited.

Matters to Be Communicated

ISA 260 requires communication of four categories of matters:

1. The auditor's responsibilities (ISA 260.14)

The auditor must communicate that they are responsible for forming and expressing an opinion on the financial statements — and that the audit does not relieve management or TCWG of their responsibilities. This may seem obvious, but misunderstandings about the scope and limitations of an audit are common. Clarifying responsibilities at the outset reduces the risk of disputes later.

2. Planned scope and timing of the audit (ISA 260.15)

The auditor must communicate an overview of the planned scope and timing, including:

Significant risks identified by the auditor — this helps TCWG understand the areas of greatest concern and why the auditor is focusing attention there.
The auditor's approach to internal control relevant to the audit — clarifying that the audit is designed to express an opinion on the financial statements, not to provide assurance on internal control.
The application of the concept of materiality in the audit context.
Where applicable, the most significant assessed risks that may be communicated as key audit matters under ISA 701.

This communication typically occurs during the planning phase, often through a planning meeting or a written audit plan presented to the audit committee.

3. Significant findings from the audit (ISA 260.16)

This is the most substantive communication requirement. The auditor must communicate:

Significant qualitative aspects of accounting practices (ISA 260.16(a)) — including accounting policies, accounting estimates, and financial statement disclosures. This includes the auditor's views on whether accounting policies are appropriate and consistent with the applicable framework, whether accounting estimates appear reasonable, and whether disclosures are adequate.

Significant difficulties encountered (ISA 260.16(b)) — for example, significant delays by management in providing information, an unreasonably brief time frame for completing the audit, extensive unexpected effort required to obtain evidence, or unavailability of expected information. The auditor must also consider whether the difficulty may represent a scope limitation.

Significant matters discussed with management (ISA 260.16(c)) — including matters arising from the audit that were discussed or were the subject of correspondence with management. Where ISA 701 applies, the auditor must also communicate which matters are expected to be reported as key audit matters.

Written representations requested (ISA 260.16(d)) — the auditor must inform TCWG about the written representations required from management under ISA 580.

Other significant matters (ISA 260.16(e)) — any other matters that, in the auditor's professional judgment, are relevant to TCWG's oversight of the financial reporting process. This may include matters identified through other ISAs — for example, fraud or suspected fraud (ISA 240), non-compliance with laws and regulations (ISA 250), or going concern issues (ISA 570).

Making communications meaningful

The most common criticism of auditor communications with governance bodies is that they are formulaic — a standard template letter that says the same thing every year. Effective communication is the opposite: it highlights what is different this year, what the auditor found surprising, where management's judgments are at the aggressive or conservative end of the range, and what kept the auditor up at night. An audit committee chair should be able to read the auditor's communications and immediately identify the three or four things that need their attention. If the communication reads like it could apply to any client in any year, it is not serving its purpose.

4. Auditor independence (ISA 260.17)

For listed entities, the auditor must communicate:

A statement that the engagement team, the firm, and where applicable, network firms have complied with relevant independence requirements.
All relationships and other matters between the firm, network firms, and the entity that, in the auditor's professional judgment, may reasonably be thought to bear on independence, and the related safeguards applied.
The total fees charged during the period covered by the financial statements — broken down by category — for audit and non-audit services, to enable TCWG to assess the effect on independence.

In the EU, the Audit Regulation (537/2014) adds further independence-related communication requirements for PIE audits, including confirmation that the firm is not providing prohibited non-audit services and that the fee cap has not been exceeded.

Form and Timing of Communication

Written vs. oral

ISA 260.19–20 provides flexibility: communication may be oral or in writing. However, significant audit findings must be communicated in writing if the auditor's professional judgment determines that oral communication alone would be inadequate (ISA 260.19). In practice, most auditors communicate in writing for documentation and accountability reasons. The independence statement for listed entities must always be in writing.

Timing

ISA 260.21 requires communication on a timely basis. The planned scope and timing should be communicated during planning — early enough for TCWG to provide input. Significant findings should be communicated as they arise, not deferred until after the audit report is issued. Some matters (such as significant difficulties or disagreements) should be communicated as soon as practicable.

Documentation

ISA 260.23 requires the auditor to include in the audit documentation matters communicated orally — including when and to whom they were communicated. Written communications must be retained as part of the audit file.

Two-Way Communication

ISA 260.22 introduces an important concept: the auditor must evaluate whether the two-way communication between the auditor and TCWG has been adequate for the purposes of the audit. If it has not, the auditor must evaluate the effect on the assessment of risks and the ability to obtain sufficient appropriate evidence, and must take appropriate action.

In practice, inadequate two-way communication might manifest as: TCWG being unresponsive to the auditor's communications, TCWG being unwilling to meet with the auditor, a governance structure that prevents the auditor from communicating directly with TCWG (instead requiring all communication through management), or TCWG providing evasive or unhelpful responses.

Where the auditor concludes that two-way communication is inadequate and this cannot be resolved, the auditor must consider the effect on the audit opinion and may need to obtain legal advice.

ISA 260 in Your Jurisdiction

Netherlands. COS 260 follows ISA 260 (Revised) closely. For OOB (PIE) entities, the EU Audit Regulation adds further communication requirements, including the additional report to the audit committee required by Article 11 of Regulation 537/2014 — a detailed written report covering the audit methodology, materiality levels, key audit findings, and independence. Dutch practice places significant emphasis on the quality of the management letter (to management) and the audit committee report (to TCWG) as distinct communications.

Germany. German practice has historically placed strong emphasis on the Prüfungsbericht (audit report to the supervisory board), which in many cases is more detailed than the statutory auditor's report. The Prüfungsbericht, required under §321 HGB, covers findings, the auditor's assessment of the entity's position, and risk-related matters. This intersects with ISA 260's communication requirements but has a distinctly German character and legal basis.

United Kingdom. ISA (UK) 260 includes additional UK-specific requirements, particularly for PIE audits, including communication about the FRC's Ethical Standard requirements and enhanced independence communications. UK practice also requires communication about the auditor's assessment of the entity's going concern status, the viability statement (for premium-listed entities), and the Corporate Governance Code compliance.

France. NEP 260 implements ISA 260 within the French statutory framework. French practice is distinctive in that the commissaire aux comptes issues an annual report to the shareholders' meeting (rapport à l'assemblée générale) which is a public document. The private communication with the audit committee or board is separate and covers more detailed audit findings. For joint audits, the coordination of communications between the two audit firms and TCWG adds complexity.

Frequently Asked Questions

Who are "those charged with governance"?

Those charged with governance (TCWG) are the person(s) or organisation(s) with responsibility for overseeing the entity's strategic direction and accountability, including the financial reporting process. The specific identification depends on the entity's governance structure — it may be a board of directors, supervisory board, audit committee, trustees, partners, or even an owner-manager.

What is the difference between ISA 260 and ISA 265?

ISA 260 provides the overarching framework for auditor-governance communication and covers multiple categories of matters. ISA 265 specifically addresses the communication of deficiencies in internal control — it establishes specific requirements for what level of deficiency must be communicated and to whom.

Must all communications be in writing?

Not all — ISA 260 allows oral communication for many matters. However, significant audit findings must be in writing if oral communication alone would be inadequate, and independence-related communications for listed entities must always be in writing. In practice, most auditors communicate significant matters in writing for documentation and accountability purposes.

Does the auditor communicate directly with the audit committee or through management?

ISA 260 requires the auditor to communicate directly with TCWG, not through management. The auditor may discuss matters with management before communicating with TCWG (and this is often appropriate to clarify facts), but the communication to TCWG must come from the auditor. Where management attempts to control or filter the auditor's communications to TCWG, this is itself a matter the auditor should raise with TCWG.

How does ISA 260 relate to ISA 701 (Key Audit Matters)?

ISA 701 requires auditors of listed entities to communicate key audit matters (KAMs) in the auditor's report — the publicly visible report. ISA 260 requires private communication with TCWG about similar matters (significant risks, significant findings, matters requiring significant auditor attention). The matters communicated under ISA 260 inform the auditor's determination of KAMs under ISA 701, and ISA 260.16 specifically requires the auditor to communicate with TCWG about which matters are expected to be reported as KAMs.