Skip to main content
    All articles Audit & Assurance

    Group Audits for CPA Firms: AU-C 600 Essential Guide

    Group audits for CPA firms with subsidiaries, joint ventures, or multiple locations run under AU-C 600, and the standard is about to change. Here is what governs component auditor work today and what SAS No. 149 changes starting December 15, 2026.

    Ricky Patel, CPA Jul 4, 2026 7 min read
    Group Audits for CPA Firms: AU-C 600 Essential Guide

    Group Audits for CPA Firms: Why AU-C 600 Gets Complicated Fast

    Group audits for CPA firms turn into a different kind of engagement the moment a client has a subsidiary, a joint venture, or even a single out-of-state branch with its own books. AU-C 600 component auditors rules govern every one of these situations, and it introduces multi-entity audit standards planning and documentation that a single-entity audit never requires. At BusAcTa Advisors, we support your audit documentation and workpaper preparation needs for U.S. CPA partners, and your group audit engagements are consistently where we see the most planning gaps, usually because your firm has only run a handful of multi-entity engagements and hasn't built a repeatable process around component auditor coordination.

    SAS 149 group audits requirements add a deadline behind this topic that didn't exist a year ago. SAS No. 149 supersedes AU-C 600 for audits of group financial statements for periods ending on or after December 15, 2026, replacing the current significant-component approach with a fully risk-based model. If your firm runs calendar-year group audits, your engagement this year may be the last one under the current standard. This guide covers what your firm needs from AU-C 600 right now and what changes when SAS 149 takes effect.

    This is general information about group audit standards, not a substitute for professional judgment on a specific engagement. Confirm the applicable standard and effective date for your engagement directly with AICPA guidance.

    Rule 1: Get the Terminology Right, Because It Drives the Responsibility Structure

    AU-C 600 replaced the older term "principal auditor" with "group engagement partner" and "group engagement team," and it introduced "component auditor" to describe an auditor who performs work on financial information for a component, typically a subsidiary, joint venture, branch, or variable interest entity, that will be used as evidence for the overall group opinion. The terms aren't interchangeable with the old language, and the responsibility structure that comes with them is more specific than what "principal auditor" implied.

    Group engagement partner responsibilities include the direction, supervision, and performance of the group engagement in accordance with professional standards and regulatory requirements, and for the auditor's report being appropriate in the circumstances. That responsibility doesn't transfer to a component auditor just because the component auditor performed the fieldwork. Does your firm's engagement letter and your internal documentation consistently use group engagement partner and component auditor, or does older language from before AU-C 600 still show up in your templates?

    Rule 2: Decide Early Whether You're Referencing or Assuming Responsibility

    One of the most consequential decisions on a group audit happens before fieldwork starts: will the group engagement partner assume responsibility for the component auditor's work, or will the group audit report make reference to the component auditor instead? This decision shapes the rest of your engagement, including how much communication and review your team needs to perform.

    • Assuming responsibility: The group engagement partner takes full responsibility for the component auditor's work as if it were the group team's own. This requires significantly more communication with the component auditor and a documented evaluation of the adequacy of their work before the group opinion is issued.

    • Making reference: The group audit report explicitly references the component auditor's report on the component's financial statements. This is a long-established U.S. practice, and it remains permitted under AU-C 600 even though the international standard, ISA 600, does not allow it. Reference is particularly useful when access to a component is limited by extenuating circumstances, or in governmental engagements where withdrawing isn't a realistic option.

    Making this decision before the rest of your group audit strategy is designed is what lets your team plan efficiently. Your firm, if it defaults into assuming responsibility on every component without weighing the reference option, often takes on more communication burden than the engagement actually requires.

    Rule 3: Know How Significant Components Are Identified Today

    Significant components audit planning under the current AU-C 600 standard centers on identifying components, those that are individually financially significant to the group or that, due to their specific nature or circumstances, are likely to include significant risks of material misstatement to the group financial statements. The level of work your team performs at each component scales with that significance determination.

    For each significant component, your team determines what work needs to be performed, whether by the group team directly, by a component auditor, or through some combination. For components that aren't individually significant, the standard still requires your team to perform analytical procedures at the group level to address the risk that the aggregate of these smaller components could be materially misstated, even though no single one of them would be significant on its own.

    The documentation gap we see most often in significant-component planning is a workpaper that lists which components were selected without a documented basis connecting that selection to the group's risk assessment. "Component X is included because it's the largest subsidiary" is a starting point, not a complete justification. The file needs to show how each component's selection responds to identified or assessed risks at the group level, not just its size.

    Rule 4: Build Communication With Component Auditors Into the Plan, Not Around It

    Component auditor communication requirements run deep once the group engagement team assumes responsibility for a component auditor's work, requiring a level of two-way communication that goes well beyond a single instruction letter sent at the start of fieldwork. Your team needs to communicate its requirements clearly, including the scope of work needed, materiality for the component, identified risks relevant to the component, and the form and content of their reporting back to you.

    Your team's responsibility doesn't end with sending instructions. It includes evaluating the component auditor's communication and the adequacy of the work performed before the group team relies on it for the overall opinion. That evaluation has to be documented, not just inferred from the fact that their reporting package arrived complete on your desk. What does your firm's standard component auditor instruction package actually require them to report back, and does someone on your team formally sign off that their response was adequate before you finalize the group opinion?

    Rule 5: Start Preparing for SAS No. 149 Now, Not at the December 2026 Deadline

    SAS No. 149 will supersede AU-C 600 for audits of group financial statements for periods ending on or after December 15, 2026. The most significant change is structural: instead of the current approach centered on identifying significant components, SAS 149 requires the group engagement team to use professional judgment in determining the components at which to perform procedures that respond to assessed risks, applying a fully risk-based methodology consistent with how AU-C 315 and AU-C 330 already work for single-entity engagements.

    Three changes your firm should plan for ahead of the effective date:

    • Risk-based component selection replaces the significant-component framework. Component selection will be driven by the same risk assessment process used elsewhere in the audit, rather than a separate significance test applied specifically to group components.

    • Aggregation risk group audit evaluation becomes an explicit consideration. SAS 149 defines aggregation risk as the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole, requiring teams to evaluate this risk explicitly rather than relying on the significant-component selection to manage it implicitly.

    • Group audit materiality determination at the component level is formalized. The group engagement team will be required to determine component materiality for any component where the team assumes responsibility for a component auditor's audit or review work, connecting the group's overall materiality framework more tightly to each component.

    If your firm runs calendar-year group audits, the period ending December 31, 2026 is your first engagement under the new standard. Building your firm's familiarity with the risk-based approach now, on your current AU-C 600 engagement, makes the transition considerably smoother than treating it as a separate project you start in late 2026.

    You can see how we support audit documentation across multi-entity engagements on the how it works page. Our audit support service covers component auditor communication packages, significant component documentation, and group materiality workpapers. Our quality control framework includes a group audit planning checklist built around AU-C 600's current requirements and is being updated for the SAS 149 transition. For firms preparing their group audit methodology for the new standard, our advisory service can run a gap analysis against the risk-based requirements before your first SAS 149 engagement.

    For the full AU-C 600 standard text and SAS No. 149 details, see the AICPA AU-C 600 standard document, which is the authoritative source for group audit requirements under U.S. GAAS.

    The Standard Is Changing, but the Discipline It Requires Isn't

    Group audits for CPA firms reward the same discipline under AU-C 600 today and under SAS 149 once it takes effect: clear terminology, an early decision on reference versus responsibility, defensible component selection tied to risk, and documented, two-way communication with every component auditor on the file. Firms that build that discipline into their current AU-C 600 engagements will find the shift to SAS 149's risk-based framework an extension of work they're already doing, not a separate methodology to learn from scratch.

    If you'd like to discuss how we support group audit workpaper preparation for CPA partners managing multi-entity engagements, book a scoping call with BusAcTa Advisors, and we'll walk your team through the component auditor coordination process before you commit to anything.

    FAQ

    Frequently Asked Questions

    Verified

    Sources

    1. AU-C 600, Special Considerations, Audits of Group Financial Statements (Including the Work of Component Auditors), applies whenever an audit involves financial information from more than one component, including subsidiaries, joint ventures, branches, or variable interest entities. It has been effective for audit periods ending on or after December 15, 2012. AU-C Section 600: Special Considerations, Audits of Group Financial Statements (AICPA ยท 2012)
    2. AU-C 600 permits the group engagement partner to either assume responsibility for a component auditor's work or to reference the component auditor's report in the group audit report. This reference option is a long-established U.S. practice that remains permitted under AU-C 600, unlike the international standard ISA 600, which does not allow the group auditor to reference component auditors' reports. Clarifying the Standard for Group Audits (Journal of Accountancy (AICPA) ยท 2013)
    3. The group engagement partner is responsible for the direction, supervision, and performance of the group engagement, and for determining whether sufficient audit evidence can be obtained to issue an opinion on the group financial statements, including evaluating each component auditor's communication and the adequacy of their work before the group opinion is issued. AU-C Section 600: Group Engagement Partner Responsibilities (AICPA ยท 2012)
    4. SAS No. 149 will supersede AU-C 600 for audits of group financial statements for periods ending on or after December 15, 2026. The standard introduces a fully risk-based approach to component selection, replacing the current significant-component identification framework, and requires the group engagement team to use professional judgment in determining components at which to perform procedures responding to assessed risks, consistent with AU-C 315 and AU-C 330. AICPA's Auditing Standards Board Votes to Finalize Proposed Group Audits Standard (Thomson Reuters Tax & Accounting ยท 2023)
    5. SAS No. 149 defines aggregation risk as the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole, and clarifies that the group engagement team is required to determine component materiality for components on which the team will assume responsibility for the work of a component auditor performing an audit or review. SAS No. 149: Aggregation Risk and Component Materiality (Thomson Reuters Tax & Accounting ยท 2023)
    Ready to scale?

    Put these insights to work in your firm.

    Book a 30-minute consultation. A CPA, not a salesperson, will walk through your workflow.

    NDA-first ยท Reply within 1 business day
    Schedule Consultation
    Ricky Patel, CPA

    Written by

    Ricky Patel, CPA

    Co-Founder, Growth & Quality Assurance

    Ricky Patel, CPA, CA, leads client growth and quality assurance at BusAcTa. With 10+ years in U.S. auditing and accounting, he structures offshore engagements that fit the client firm's actual workflow and holds delivery to the same senior-reviewer standard throughout. His dual CPA (U.S.) and CA (India) credentials give him technical fluency on both sides of every engagement.

    AccountingAuditingClient Relations
    Connect on LinkedIn

    Related articles

    All articles
    Subsequent Events in Auditing: AU-C 560 Documentation Guide
    Audit & Assurance

    Subsequent Events in Auditing: AU-C 560 Documentation Guide

    Jul 4 6 min
    Engagement Letters for Audit, Review, and Compilation
    Audit & Assurance

    Engagement Letters for Audit, Review, and Compilation

    Jul 4 6 min
    CFO-Lite Services for Small CPA Firms: 6 Essential Offerings
    Advisory Services

    CFO-Lite Services for Small CPA Firms: 6 Essential Offerings

    Jun 24 7 min
    Cash Flow Forecasting for CPA Firms: 5 Essential Pricing Steps
    Advisory Services

    Cash Flow Forecasting for CPA Firms: 5 Essential Pricing Steps

    Jun 24 7 min
    Client Communication Cadence for CPA Firms: 5 Essential Touchpoints
    Advisory Services

    Client Communication Cadence for CPA Firms: 5 Essential Touchpoints

    Jun 24 7 min
    Non-Profit Fund Accounting: What CPA Firms Need to Know
    Outsourcing & Offshore

    Non-Profit Fund Accounting: What CPA Firms Need to Know

    Jul 4 5 min
    Accounting Software by Client Size: A CPA Firm Guide to 3 Tiers
    Bookkeeping

    Accounting Software by Client Size: A CPA Firm Guide to 3 Tiers

    Jul 2 8 min
    Restaurant Accounting Outsourcing: A 5-Area CPA Firm Guide
    Outsourcing & Offshore

    Restaurant Accounting Outsourcing: A 5-Area CPA Firm Guide

    Jul 2 7 min
    Utah State Tax Compliance: Essential 2025 Business Guide
    Tax Guides & Compliance

    Utah State Tax Compliance: Essential 2025 Business Guide

    Jun 29 3 min
    Subsequent Events in Auditing: AU-C 560 Documentation Guide
    Audit & Assurance

    Subsequent Events in Auditing: AU-C 560 Documentation Guide

    Jul 4 6 min
    Engagement Letters for Audit, Review, and Compilation
    Audit & Assurance

    Engagement Letters for Audit, Review, and Compilation

    Jul 4 6 min
    CFO-Lite Services for Small CPA Firms: 6 Essential Offerings
    Advisory Services

    CFO-Lite Services for Small CPA Firms: 6 Essential Offerings

    Jun 24 7 min
    Cash Flow Forecasting for CPA Firms: 5 Essential Pricing Steps
    Advisory Services

    Cash Flow Forecasting for CPA Firms: 5 Essential Pricing Steps

    Jun 24 7 min
    Client Communication Cadence for CPA Firms: 5 Essential Touchpoints
    Advisory Services

    Client Communication Cadence for CPA Firms: 5 Essential Touchpoints

    Jun 24 7 min
    Non-Profit Fund Accounting: What CPA Firms Need to Know
    Outsourcing & Offshore

    Non-Profit Fund Accounting: What CPA Firms Need to Know

    Jul 4 5 min
    Accounting Software by Client Size: A CPA Firm Guide to 3 Tiers
    Bookkeeping

    Accounting Software by Client Size: A CPA Firm Guide to 3 Tiers

    Jul 2 8 min
    Restaurant Accounting Outsourcing: A 5-Area CPA Firm Guide
    Outsourcing & Offshore

    Restaurant Accounting Outsourcing: A 5-Area CPA Firm Guide

    Jul 2 7 min
    Utah State Tax Compliance: Essential 2025 Business Guide
    Tax Guides & Compliance

    Utah State Tax Compliance: Essential 2025 Business Guide

    Jun 29 3 min
    Subsequent Events in Auditing: AU-C 560 Documentation Guide
    Audit & Assurance

    Subsequent Events in Auditing: AU-C 560 Documentation Guide

    Jul 4 6 min
    Engagement Letters for Audit, Review, and Compilation
    Audit & Assurance

    Engagement Letters for Audit, Review, and Compilation

    Jul 4 6 min
    CFO-Lite Services for Small CPA Firms: 6 Essential Offerings
    Advisory Services

    CFO-Lite Services for Small CPA Firms: 6 Essential Offerings

    Jun 24 7 min
    Cash Flow Forecasting for CPA Firms: 5 Essential Pricing Steps
    Advisory Services

    Cash Flow Forecasting for CPA Firms: 5 Essential Pricing Steps

    Jun 24 7 min
    Client Communication Cadence for CPA Firms: 5 Essential Touchpoints
    Advisory Services

    Client Communication Cadence for CPA Firms: 5 Essential Touchpoints

    Jun 24 7 min
    Non-Profit Fund Accounting: What CPA Firms Need to Know
    Outsourcing & Offshore

    Non-Profit Fund Accounting: What CPA Firms Need to Know

    Jul 4 5 min
    Accounting Software by Client Size: A CPA Firm Guide to 3 Tiers
    Bookkeeping

    Accounting Software by Client Size: A CPA Firm Guide to 3 Tiers

    Jul 2 8 min
    Restaurant Accounting Outsourcing: A 5-Area CPA Firm Guide
    Outsourcing & Offshore

    Restaurant Accounting Outsourcing: A 5-Area CPA Firm Guide

    Jul 2 7 min
    Utah State Tax Compliance: Essential 2025 Business Guide
    Tax Guides & Compliance

    Utah State Tax Compliance: Essential 2025 Business Guide

    Jun 29 3 min