How it works

ISA 600 (Revised) requires the group engagement team to be involved in the work of component auditors throughout the audit. That involvement includes the ability to access relevant audit documentation. In practice, the group engagement partner must determine, before accepting or continuing the engagement, whether restrictions exist that would prevent the team from obtaining sufficient appropriate audit evidence.

Restrictions take different forms. Some jurisdictions prohibit transferring working papers across borders. Others allow access only through a local regulator's approval process. In certain cases, the component auditor's firm policies (not law) restrict sharing of documentation. ISA 600 (Revised) requires the group engagement team to evaluate whether it can overcome those restrictions through alternative procedures. If it cannot, the group engagement partner must consider the effect on the group audit opinion.

The practical question is binary. Either the group engagement team has enough evidence to support the opinion on the group financial statements, or it does not.

Key Points

  • The group engagement partner must evaluate whether access restrictions affect the sufficiency of group audit evidence.
  • Legal or regulatory barriers in some jurisdictions can block direct access to component auditor files entirely.
  • Restricted access does not excuse the group engagement team from obtaining sufficient appropriate audit evidence.
  • If access is denied, the group engagement team must determine whether alternative procedures can close the evidence gap.

Worked example: Schütz Holding GmbH

Client: German holding company, FY2024, consolidated revenue €320M, IFRS reporter. Four subsidiaries: two in Germany, one in Brazil, one in China.

Identifying the restriction

The group engagement team (based in Frankfurt) plans the group audit and identifies that the Chinese subsidiary (revenue €48M, 15% of group) is audited by a local firm. Chinese regulations restrict the transfer of audit working papers outside mainland China without regulatory approval.

The team records the nature of the restriction, the regulatory basis, the financial significance of the affected subsidiary (€48M revenue, 15% of group), and the effect on planned audit procedures.

Evaluating the restriction's effect

The group engagement team considers whether it can obtain sufficient appropriate audit evidence through alternative means: remote review sessions via screen share, requesting the component auditor to provide specified deliverables (including detailed findings memoranda and completed group reporting packages), performing additional group-level analytical procedures, or obtaining written representations from the component auditor on specified matters.

Reaching a conclusion

The group engagement team determines that the combination of the group reporting package, a detailed findings memorandum from the component auditor, the remote review session, and written representations on key balances provides sufficient appropriate audit evidence for the Chinese subsidiary. No scope limitation applies.

Had the restriction been absolute (no alternative procedures available for a 15% subsidiary), a qualified opinion would have been the likely outcome.

What reviewers and practitioners get wrong

The FRC's 2023 inspection findings on group audits noted that group engagement teams frequently failed to document their evaluation of access restrictions at the planning stage. Teams identified the restriction but did not record what alternative procedures they considered or why the remaining evidence was sufficient. ISA 600 (Revised) requires this evaluation to be documented, not assumed.

A separate pattern is teams confusing firm-level policies with legal restrictions. A component auditor's internal policy against sharing files is not a jurisdictional access barrier. ISA 600 (Revised) requires the group engagement team to understand the component auditor, including any practical restrictions on access. Firm policy restrictions often resolve through direct negotiation between the network firms.

Key standard references

  • ISA 600 (Revised) paragraphs 24–25: Requirements for group engagement team involvement in the work of component auditors, including access to documentation.
  • ISA 600 (Revised) paragraph 26: Understanding the component auditor, including practical restrictions on access.
  • ISA 705: Modified opinions when sufficient appropriate audit evidence cannot be obtained.

Related terms

Aggregation Risk (Group Audit)Scoping (Group Audit)Full Scope vs Specified vs Analytical ProceduresComponent MaterialityGroup Engagement Partner

Related reading

Component Materiality in Group Audits: ISA 600 Guide
Blog guide

Frequently asked questions

What happens if the group engagement team cannot access component auditor working papers?

ISA 600 (Revised) requires the group engagement team to evaluate whether alternative procedures can close the evidence gap. If they cannot, the group engagement partner must consider the effect on the group audit opinion, which may result in a qualified opinion or disclaimer under ISA 705.

Is a component auditor's internal policy the same as a legal restriction on access?

No. A firm-level policy against sharing files is not a jurisdictional access barrier. ISA 600 (Revised) requires the group engagement team to understand the nature of the restriction. Firm policy restrictions often resolve through direct negotiation between network firms, while legal restrictions require alternative procedures or opinion modification.

This glossary entry is for educational purposes and does not constitute legal or professional advice. Always consult the applicable standard text for authoritative guidance.

Last reviewed: March 2026 · Standards version: IAASB 2024 Handbook