Managing group audit risk in a multicomponent audit setting

Abstract

This paper considers the challenges in planning the scope of auditing procedures in a group audit setting for an entity with geographically dispersed components which vary in risk characteristics. Auditing all the components for a complex group entity is often infeasible, hence the auditor faces risk from components not audited, as well as the normal sampling risk resulting from applying audit procedures to certain components. Auditing standards do not explain how to consider the risk factors and consider what portion of a multiple component entity should be selected for audit to be able to issue an unqualified audit opinion on the group. In this paper we describe a step-by-step method for determining a minimum number of component audits needed to support an aggregate low level of audit risk of material misstatement. The paper responds to calls from academics, practitioners, and standards-setters for theoretically valid and practically feasible solutions to the group audit problem, using a method that combines professional judgment and experience with basic statistical principles in an ensemble approach.