What is Management?
ISA 200.13(m) defines management as the person or persons with executive responsibility for the conduct of the entity's operations. ISA 260.10(a) requires the auditor to determine the appropriate persons within the entity's governance structure to communicate with, which starts with identifying who is management and who constitutes those charged with governance.
In two-tier governance structures common across continental Europe, the distinction is structural. The Vorstand (Germany) or directie (Netherlands) constitutes management. The Aufsichtsrat or raad van commissarissen constitutes those charged with governance. Communication requirements, representation letters, and reporting lines follow that split directly.
In one-tier structures with a sole director, the same individual may be both management and those charged with governance. ISA 260.A8 permits this but requires the auditor to document which capacity the person acts in for each communication. The ISA 580 representation letter addresses them as management. ISA 260 communications address them as TCWG. Same person, different capacity, documented separately.
Key Points
- ISA 200.13(m) defines management as the person(s) with executive responsibility for conducting the entity's operations.
- ISA 260.10(a) requires identification of management vs TCWG at the start of the engagement.
- Owner-managed entities need both capacities documented separately, even when one person fills both roles.
- Component structures require reconsideration of who constitutes management at each subsidiary level.
Why it matters in practice
On owner-managed engagements, teams frequently issue a single combined letter instead of documenting both capacities. The ISA 580 representation letter must be addressed to management in their executive capacity. ISA 260 communications must be directed to the person in their governance capacity. When both roles sit with one individual, the file must show the auditor distinguished between the two, even if the recipient is the same person.
A second common issue arises in group audits. Teams identify management at the parent entity level but fail to reconsider management at the component or subsidiary level. Under ISA 600, the group engagement team must understand the governance structure of significant components. Where a subsidiary has its own board, the management of that subsidiary is not automatically the same as the management of the group. Representation letters and communications must reflect the actual governance structure at each level.
Key standard references
- ISA 200.13(m): Definition of management as the person(s) with executive responsibility for the conduct of the entity's operations.
- ISA 260.10(a): Requirement to identify and distinguish management from those charged with governance.
- ISA 260.A8: Guidance on overlap where one person serves as both management and TCWG.
- ISA 580.9: Requirement to obtain written representations from management with appropriate responsibility.
Related terms
Frequently asked questions
Why does it matter who is 'management' on an audit?
Misidentifying management causes errors in representation letters (ISA 580) and communication requirements (ISA 260). The ISA 580 management representation letter must be addressed to the person with executive responsibility, not to those charged with governance.
What happens when one person is both management and TCWG?
ISA 260.A8 permits this on owner-managed entities. The auditor must still document which capacity the person acts in for each communication. The ISA 580 letter addresses them as management; ISA 260 communications address them as TCWG.