Those Charged with Governance

What are those charged with governance?

On about half the smaller engagements we have seen, the file jumps straight into substantive testing with no record of who is charged with governance. The team did the work, but the file does not tell the story of who should receive the ISA 260 letter or the ISA 265 deficiency report. Inspectors flag this consistently.

TCWG is a functional concept, not a job title. ISA 260.10 requires the auditor to identify TCWG on every engagement. TCWG are whoever has responsibility for overseeing the entity's strategic direction and accountability, including the financial reporting process. The specific body varies by jurisdiction and entity structure: it may be a board of directors, a supervisory board, an audit committee, or on an owner-managed entity, the owner-manager themselves.

ISA 260.11 addresses delegation. Where the full board has delegated governance responsibilities to a sub-committee such as an audit committee, the auditor must determine whether to communicate with the sub-committee or the full board (or both). In practice, the answer depends on the sub-committee's terms of reference and whether it has the authority to act on the matters being communicated.

Communication with TCWG is two-way. ISA 260.14 requires the auditor to obtain TCWG's views on matters relevant to the audit, including their views on fraud risk and the entity's risk of material misstatement. This input from TCWG feeds into the auditor's understanding of the entity under ISA 315 .

Why it matters in practice

On smaller engagements, the most common finding is missing TCWG identification. Without it, there is no documented basis for determining who should receive ISA 260 communications or ISA 265 deficiency letters. Nobody enjoys going back to add this paperwork after the fact, but skipping it is how files get flagged.

Where TCWG and management are the same person (common on owner-managed entities), teams frequently skip ISA 260 communications on the basis that "management already knows," even though ISA 260 .A8 specifically addresses this situation and does not permit that shortcut. The standard requires the auditor to address the person in their governance capacity. So the ISA 260 communication letter addresses the person as TCWG, while the ISA 580 representation letter addresses the same person as management. Both letters exist in the file, even though they go to the same individual. Treating this as a SALY formality is exactly what inspectors look for.

Absent TCWG identification undermines the entire communication framework. If the auditor has not identified TCWG, there is no assurance that the people responsible for oversight have received the information they need to fulfil their governance role.

Key standard references

• ISA 260.10 –11 requires identification of TCWG and consideration of delegation to sub-committees.
• ISA 260.14 establishes two-way communication between auditor and TCWG.
• ISA 260 .A1 describes how governance structures vary across jurisdictions.
• ISA 260 .A8 addresses the overlap between TCWG and management on owner-managed entities.

Related terms

Related reading

Frequently asked questions