SA 600 — Using the Work of Another Auditor: Complete Guide for Group Audits [2026]

Group audits are among the most complex engagements that Indian CA firms undertake. When a parent company has subsidiaries, joint ventures, or associates audited by other auditors, the principal auditor must navigate a structured framework to ensure audit quality across the entire group. SA 600 (Using the Work of Another Auditor) provides that framework.

This guide covers every aspect of SA 600 compliance that matters to practicing CAs in India — from the fundamental principles to practical workflows, NFRA inspection findings, and technology-driven coordination strategies.

---

What Is SA 600 and When Does It Apply?

SA 600 is a Standard on Auditing issued by the Institute of Chartered Accountants of India (ICAI) that governs situations where a principal auditor uses the work of another auditor in forming an opinion on group financial statements. The standard applies whenever the financial statements of one or more components (subsidiaries, joint ventures, associates, divisions, or branches) are audited by auditors other than the principal auditor.

Applicability Scenarios

SA 600 applies in the following situations:

1. Consolidated financial statements — Where a parent entity prepares consolidated financial statements under Ind AS 110 or AS 21, and one or more subsidiaries are audited by component auditors
2. Joint ventures — Where the group's interest in a joint venture is audited by a separate auditor
3. Associates — Where an associate entity accounted for under the equity method has its own auditor
4. Divisions or branches — Where geographically distinct divisions or branches of a single entity are audited by different auditors
5. Multi-location entities — Where an entity has operations across multiple jurisdictions, each with local audit requirements

Scale of the Problem in India

The scale of group audits in India is substantial. Listed companies on NSE and BSE routinely have between 5 and 50 or more subsidiaries, many of which are audited by different firms. Large conglomerates may have over 100 entities requiring consolidation. Even mid-sized groups with 3 to 10 subsidiaries face the same coordination challenges under SA 600.

The Companies Act, 2013 mandates consolidation for all companies having subsidiaries, associates, or joint ventures. Section 129(3) requires preparation of consolidated financial statements in Form AOC-1, which means group audits are not optional for companies with any subsidiary relationships.

---

Role and Responsibilities of the Principal Auditor

The principal auditor bears ultimate responsibility for the audit opinion on the group financial statements. This responsibility cannot be diluted by relying on the work of component auditors. SA 600 establishes specific obligations that the principal auditor must fulfil.

Deciding Whether to Act as Principal Auditor

Before accepting the role of principal auditor, the firm must consider:

• Materiality of the portion audited by the principal auditor — The principal auditor should ordinarily audit a significant portion of the group's financial statements
• Level of knowledge of the component's business — The principal auditor must have sufficient understanding of each component's operations
• Risk of material misstatement in components audited by others — Higher-risk components require more extensive oversight
• Extent of additional procedures the principal auditor can perform — The principal auditor must be able to carry out meaningful review procedures on the component auditor's work

If the principal auditor audits an insignificant portion of the group and has limited ability to oversee component auditors, it may be inappropriate to accept the role.

Evaluating Competence of Component Auditors

One of the principal auditor's most critical duties is evaluating whether component auditors are competent and capable of performing work that meets the required quality standards. This evaluation should consider:

• Professional qualifications — Whether the component auditor holds relevant qualifications (membership of ICAI or equivalent body)
• Experience with the industry — Whether the component auditor has experience auditing entities in the same industry as the component
• Resources and capacity — Whether the component auditor has adequate staff and infrastructure to complete the work within the required timeline
• Quality management systems — Whether the component auditor operates under a quality management framework aligned with SQM 1 or equivalent standards
• Regulatory standing — Whether the component auditor is in good standing with ICAI, and whether there are any disciplinary proceedings or NFRA findings against them
• Independence — Whether the component auditor satisfies independence requirements with respect to the component entity

The principal auditor should document this evaluation. A simple declaration of competence is insufficient — the assessment must be substantive and evidence-based.

Communicating Scope and Requirements

The principal auditor must issue clear, written instructions to each component auditor covering:

1. Scope of work — Specific areas to be audited, materiality levels to be applied, and any areas requiring particular attention
2. Group materiality and component materiality — The overall group materiality and the materiality allocated to each component
3. Significant risks — Any group-level risks that affect the component, and specific audit procedures the principal auditor expects the component auditor to perform
4. Related party transactions — Known related parties at the group level and specific procedures for identifying and testing related party transactions at the component level
5. Reporting deadlines — Clear timelines for delivery of audit reports, management letters, and supporting working papers
6. Format of communication — The form and content of reports, confirmations, and working papers expected from the component auditor

These instructions are commonly referred to as "group audit instructions" and form a critical part of the documentation trail.

---

Documentation Requirements Under SA 600

SA 600 requires the principal auditor to maintain documentation that demonstrates how the group audit was planned, executed, and concluded. This documentation must be sufficient for an experienced auditor, having no previous connection with the engagement, to understand the work performed.

Key Documentation Elements

• List of all components — Identifying which are audited by the principal auditor and which by component auditors, with materiality for each
• Assessment of component auditors — The evaluation of each component auditor's competence and independence
• Group audit instructions — Copies of instructions issued to component auditors, including materiality thresholds and scope requirements
• Component auditor reports and confirmations — Reports received from component auditors, including any qualifications or emphasis of matter paragraphs
• Review of component auditor work — Evidence of the principal auditor's review of component auditor working papers, including the nature and extent of review procedures performed
• Communication records — Documentation of all significant communications between the principal and component auditors during the engagement
• Consolidation adjustments — Working papers supporting all consolidation entries, elimination entries, and group-level adjustments
• Conclusions — The principal auditor's overall conclusion on whether the component auditor's work is sufficient and appropriate for group audit purposes

Reliance Letters

A reliance letter (also called a letter of reliance or comfort letter) is a formal communication from the component auditor to the principal auditor. It typically confirms:

• The component auditor's independence from the component entity
• The component auditor's compliance with applicable auditing standards
• The scope of work performed and any limitations
• Any matters that the component auditor believes should be brought to the attention of the principal auditor

The reliance letter is not a substitute for the principal auditor's own review and assessment. It is one piece of evidence within a broader framework of oversight procedures.

---

NFRA Findings on SA 600 Non-Compliance

The National Financial Reporting Authority (NFRA) has made group audit oversight a focus area in its inspection reports. Across multiple inspection cycles, NFRA has identified recurring deficiencies in how principal auditors manage group audit engagements.

Common Deficiency Categories

1. Inadequate Assessment of Component Auditors

NFRA inspections have found instances where principal auditors failed to perform any documented evaluation of component auditor competence. In some cases, the principal auditor accepted the component auditor's work without verifying qualifications, independence, or quality management practices. NFRA has emphasized that a perfunctory assessment does not meet the requirements of SA 600.

2. Insufficient Group Audit Instructions

Inspectors have noted cases where principal auditors issued no formal instructions to component auditors, or where instructions were generic and did not address component-specific risks. NFRA expects group audit instructions to be tailored to each component, with explicit materiality thresholds and risk-based procedures.

3. Failure to Review Component Auditor Working Papers

NFRA has found that some principal auditors signed group audit opinions without reviewing any working papers of component auditors. The standard requires the principal auditor to determine the nature, timing, and extent of review procedures — performing no review at all is a clear non-compliance.

4. Missing Documentation of Group-Level Controls

Where the group entity maintains centralized controls (such as a shared services centre for accounting), NFRA expects the principal auditor to document how those controls were tested. Failure to address group-level controls has been cited as a deficiency.

5. Inadequate Consolidation Procedures

NFRA has identified cases where consolidation adjustments were not supported by adequate working papers, intercompany eliminations were incomplete, or the principal auditor failed to verify that uniform accounting policies were applied across the group.

Implications for Firms

These findings carry real consequences. NFRA can impose sanctions on audit firms and individual partners, including monetary penalties and debarment from auditing listed companies. Beyond regulatory action, these deficiencies represent genuine risks to audit quality — a failure in group audit oversight can result in material misstatements in consolidated financial statements going undetected.

For firms looking to strengthen their overall quality management framework — which directly supports SA 600 compliance — see our SQM1 & EQCM Complete Guide.

---

Practical Workflow for Managing Component Auditors

Effective group audit management requires a structured workflow from engagement acceptance through to completion. Here is a practical framework for Indian CA firms.

Phase 1: Planning (Weeks 1-4)

Step 1: Map the Group Structure

Prepare a comprehensive group structure chart identifying all entities requiring consolidation — subsidiaries, joint ventures, associates, and any special purpose entities. For each entity, document:

• Ownership percentage and consolidation method (full consolidation, equity method, proportionate consolidation)
• Component auditor identity and contact details
• Financial significance (revenue, total assets, profit before tax as a percentage of group totals)
• Industry and risk profile

Step 2: Determine Component Materiality

Calculate group materiality and allocate component-level materiality. Component materiality should be lower than group materiality to allow for aggregation risk. A common approach is to set component materiality at 50-75% of group materiality for significant components, with adjustments based on risk assessment.

Step 3: Classify Components

Classify each component as significant (requiring full scope audit), non-significant but requiring specified procedures, or non-significant requiring only analytical procedures at the group level. This classification drives the extent of work required from component auditors and the depth of the principal auditor's review.

Step 4: Issue Group Audit Instructions

Prepare and issue detailed instructions to each component auditor well before the component audit commences. Allow adequate time for component auditors to plan their work within the framework provided.

Phase 2: Execution (During Component Audits)

Step 5: Maintain Ongoing Communication

Establish regular communication with component auditors throughout the audit. This is not a one-time event — the principal auditor should be aware of significant findings, control deficiencies, and any changes in risk assessment at the component level as they emerge.

Step 6: Attend Key Meetings Where Warranted

For significant or high-risk components, the principal auditor (or a senior team member) should consider attending key planning meetings, closing meetings with management, or governance discussions. This provides direct insight into the component's operations and audit issues.

Step 7: Review Work in Progress

For significant components, consider reviewing working papers on significant risk areas before the component audit is finalised. This allows the principal auditor to request additional work if needed, rather than discovering deficiencies after the component audit report has been issued.

Phase 3: Review and Conclusion (Weeks Following Component Completion)

Step 8: Review Component Auditor Deliverables

On receipt of the component auditor's report and supporting deliverables, the principal auditor should:

• Review the audit report for any qualifications, emphasis of matter, or other modifications
• Evaluate whether the component auditor followed the group audit instructions
• Review key working papers on significant risk areas, material balances, and areas of significant judgment
• Assess whether the component auditor's conclusions are consistent with the evidence reviewed

Step 9: Evaluate Consolidation

Perform or review the consolidation process, including:

• Verification that uniform accounting policies have been applied across all components
• Testing of intercompany transactions and balances, and completeness of elimination entries
• Review of goodwill calculations, non-controlling interest computations, and foreign currency translation adjustments
• Assessment of consolidation adjustments for reasonableness

Step 10: Form Group Audit Opinion

Assess whether, taken together, the audit evidence from all components (those audited by the principal auditor and those audited by component auditors) provides sufficient appropriate basis for the group audit opinion.

---

Technology Solutions for Group Audit Coordination

The complexity of group audits — multiple entities, multiple auditors, tight deadlines, and voluminous documentation — makes them a natural candidate for technology-driven solutions.

Challenges That Technology Addresses

• Version control — Multiple auditors working on interconnected deliverables creates version management challenges. Cloud-based platforms ensure all parties work from current data.
• Deadline tracking — With numerous component auditors delivering work at different times, tracking completion status manually is error-prone. Automated tracking and reminders ensure timely delivery.
• Standardisation — Ensuring that all component auditors apply consistent procedures, use comparable materiality thresholds, and document in a uniform format is difficult without a shared platform.
• Review efficiency — When the principal auditor must review working papers from multiple component auditors, a centralized platform allows structured review with audit trails.
• Communication records — SA 600 requires documentation of communications between principal and component auditors. A platform that captures all communications automatically addresses this requirement.

How Audit Automation Supports Group Audits

Modern audit automation platforms address these challenges through:

• Centralised engagement management — A single platform where the principal auditor can track all components, assign tasks, monitor progress, and review deliverables
• Standardised templates — Group audit instructions, component auditor questionnaires, and reliance letter templates that enforce consistency
• Automated consolidation checks — Technology that flags intercompany imbalances, inconsistent accounting policies, and incomplete eliminations before the consolidation is finalised
• Real-time status dashboards — Visibility into which component audits are complete, which are in progress, and which are behind schedule
• Integrated documentation — Working papers from all components accessible in one location, with review notes and sign-off workflows built in

For firms that audit listed companies with complex group structures, see our detailed guide on audit automation for listed companies.

---

Reporting Considerations

When the principal auditor relies on the work of other auditors, the audit report on the group financial statements may need to reflect this fact.

Reference to Component Auditors

Under SA 600, the principal auditor may choose to:

1. Not refer to the other auditor — If the principal auditor is satisfied with the other auditor's work and takes full responsibility for the group opinion. This is the more common approach for listed company audits.
2. Refer to the other auditor — If the principal auditor decides to modify the report by referring to the work of the other auditor. In this case, the report should clearly identify the portion of the financial statements audited by the other auditor.

A reference to the other auditor is not a qualification — it is a division of responsibility. However, regulators and stakeholders may view such references as indicating less robust group audit oversight. NFRA has specifically noted that a reference to other auditors does not absolve the principal auditor of responsibility for the group audit.

Impact of Component Auditor Qualifications

If a component auditor issues a qualified opinion, the principal auditor must assess whether the qualification is material to the group financial statements. If it is, the principal auditor must either:

• Obtain sufficient audit evidence to resolve the matter at the group level, or
• Modify the group audit opinion accordingly

---

Connecting SA 600 to SQM 1 and Broader Quality Management

SA 600 does not operate in isolation. It connects directly to the firm's quality management system under SQM 1. Specifically:

• Component 3 (Acceptance and Continuance) — The firm's policies on accepting group audit engagements should address the factors in SA 600, including the ability to oversee component auditors
• Component 5 (Engagement Performance) — The firm must have policies and procedures that address how group audits are planned, executed, and reviewed
• Component 6 (Resources) — The firm must ensure it has sufficient resources (personnel with group audit experience, technology infrastructure) to manage complex group engagements

Firms should also consider how SA 600 interacts with global quality management standards. For a comparison of Indian and international approaches, see our India SQM1 vs Global ISQM1 Comparison.

---

Key Takeaways for Practicing CAs

1. SA 600 is not a formality — It imposes real, documented obligations on the principal auditor that NFRA actively enforces
2. Evaluate component auditors substantively — A cursory assessment will not satisfy regulators. Document qualifications, experience, independence, and quality management practices
3. Issue tailored instructions — Generic instructions are a red flag in NFRA inspections. Each component should receive risk-based, specific instructions
4. Review working papers — The extent of review should be proportionate to risk, but performing no review at all is indefensible
5. Maintain communication records — Every significant communication with component auditors should be documented in the engagement file
6. Leverage technology — The volume and complexity of group audits makes technology adoption not just desirable but essential for quality and efficiency
7. Connect to SQM 1 — Your firm's quality management system should specifically address group audit procedures as part of engagement performance policies

Group audits will remain a central feature of Indian audit practice as long as companies operate through subsidiary structures. Firms that invest in robust SA 600 processes — supported by clear policies, trained staff, and effective technology — will be better positioned to deliver quality group audit opinions and withstand regulatory scrutiny.

---

This guide reflects SA 600 requirements as applicable in India under ICAI standards. For firm-specific implementation, consult your firm's technical standards team and consider the specific facts and circumstances of each group audit engagement.