22 November 2021 — Publication
In this page, we provide answers to frequently asked questions on auditors, audit and oversight to inform the European policy debate.
A statutory audit (hereafter: audit) is a legally mandated check of a company’s annual financial statements. Companies prepare these statements to explain their financial performance. Investors, shareholders and other stakeholders rely on audited financial statements when making their decisions. EU law requires large and medium-sized companies to be audited. Member States may decide to require audits of smaller entities too.
Financial statements are published for external users including current and potential investors, lenders and other creditors. They show the company’s financial position, which is information about the company’s assets such as cash, inventory and fixed assets; and liabilities such as loans, trade payables and tax liabilities. They also present results of company’s operations such as revenue, expenses, taxes and profit.
Typically, an audit engagement has three stages: planning, execution and reporting. It requires a year-long cooperation among a multi-disciplinary team of auditors and experts in different areas (see our publication How do multidisciplinary teams contribute to audit quality?). For planning the audit team aims to understand the company’s operating environment and identify the risks relevant to its financial statements.
During execution, auditors gather and evaluate evidence through a combination of procedures e.g.: inquire management, test the company’s internal controls, analyse transactions and balances, and obtain third party confirmations. The auditor’s objective is to obtain sufficient audit evidence to be able to draw reasonable conclusions. The audit opinion is based on these conclusions and is publicly reported.
The main output of an audit is the publicly available audit report. The audit opinion in this report states whether the accompanying financial statements are prepared in accordance with the accounting standards and present fairly, in a material way, the financial position and performance of the company.
Public Interest Entities’ (PIEs) auditors also explain key audit matters (KAMs) in their audit reports. KAMs are factors representing the most significant risks with the highest impact on the audit’s results.
Member States may designate additional entities as PIE at a national level, for instance entities which are important/strategic for the country’s economy. See our publication Definition of Public Interest Entities in Europe for more detail.
The EU Audit Regulation provides specific requirements regarding statutory audit of PIEs. Therefore PIEs’ definition and identification are crucial to determine which entities are within this EU Regulation’s scope. These requirements are more demanding and go beyond the EU Audit Directive’s requirements which applies to all statutory audits.
An audit committee consists of: i) members of a company’s board of directors and/or ii) members appointed by the shareholders. It ensures that shareholders’ interests are properly protected in relation to the financial reporting process.
To achieve this, the majority of an audit committee members have to be independent from the company. The EU legislation also requires at least one audit committee member to have competence in accounting and/or auditing.
The most important roles included in EU legislation for PIE audit committees are to:
The ‘accountancy profession’ is comprised of accountants, auditors and advisors. They provide a wide range of services in diverse capacities and sectors.
Accountants help companies prepare their financial statements and sustainability reporting to measure performance, including their economic activities’ environmental and social impacts. The EU Accounting and Transparency Directives requirements, relevant national legislation & standards apply for accountants’ work, as well as International Financial Reporting Standards (IFRS) for companies under the International Accounting Standards (IAS) Regulation.
External auditors provide audit services to companies and thereby add credibility to information by giving an independent expert opinion on the information reported by a company, such as the annual financial statements (see question 1). Auditors’ work is regulated by the requirements of the EU Audit Directive and Regulation and relevant national legislation. Auditors also apply for their work professional standards like International Standards on Auditing (ISAs).
Both accountants and auditors abide by the International Code of Ethics or national equivalents.
The EU Audit Directive determines that only people that fulfill set legal requirements on education, experience and examination can use the auditor title. It also defines how to qualify as auditor, remain qualified and the reserved activities that only auditors can carry out. See our publication How is access to the European accountancy profession regulated?
Auditors must participate in continued professional development (CPD) to maintain their theoretical knowledge and keep their qualification. The EU Audit Directive lists the minimum requirements including the main topics and sanctions for not complying. National requirements are often more stringent, requiring on average 40 CPD hours per year.
All auditors are appointed at the audited company’s general meeting of shareholders in accordance with the 2014 EU Audit Directive.
As an additional procedure for PIEs, the 2014 EU Audit Regulation requires the audit committee to search for the auditor. Audit committees make a recommendation to company’s Board for the auditor’s appointment following a selection process (see question 6).
Since 1984, the EU Statutory Audit Directive contains requirements governing all statutory audits and auditors in the EU.
The 2014 EU Audit Regulation contains additional requirements with regards to PIE audits (see question 5).
As the EU legislation sets only minimum criteria, Member States have the option to add more demanding requirements.
EU legislation requires each Member State to set up a dedicated audit oversight body (AOB) which needs to be independent from auditors and audit firms. These AOBs supervise auditors at national level and cooperate at EU level within the Committee of European Auditing Oversight Bodies (CEAOB).
For more information on how audit oversight is organised in Europe (see our publication Organisation of the public oversight of the audit profession in 30 European countries).
Auditors abide by the international ethics and auditing standards developed by independent Boards, the IESBA and IAASB or national equivalents. These standards set out minimum requirements and practical guidance for an independent and high-quality audit. They help global consistency in audits.
Ethical standards focus on auditor’s independence. Internal standards on auditing (ISAs) determine how an auditor plans and conducts the audit engagement and communicates the results.
The EU and national legislation and international standards establish specific independence requirements for auditors.
Auditors’ compliance with these requirements is subject to inspections by independent oversight bodies in each Member State. Audit firms have comprehensive policies to comply with these requirements.
For PIEs, a company’s audit committee has the responsibility to ensure that the audit is conducted in an independent manner. This includes pre-approving any service other than audit to be provided by the auditor, having satisfied that the auditor’s independence would not be compromised (see our publication
Another measure that was introduced by EU legislation to help reinforce auditors’ independence is mandatory auditor / audit firm rotation (see question 15).
See our publication Non-audit services and auditor’s independence for more information.
Mandatory auditor / audit firm rotation means that there is a maximum duration for the audit engagement, to reinforce the auditor’s independence from the audited entity. This is one of the EU Audit Regulation’s measures for PIEs.
This means that PIEs are required to find a new audit firm after a certain period, which is set at 10 years by the Regulation. Member States may set a shorter period at a national level or allow limited extension of the audit engagement’s duration in case of tendering or joint audit (i.e., more than one firm performing the audit). As a result, there are divergences among European countries on the audit engagement duration. (See our publication Implementation of the 2014 EU Audit Directive and regulation in 30 European countries).
Auditors provide a limited number of non-audit services to their audit clients on the conditions that they:
These services are either closely linked to the financial statements audit (e.g., review of financial information) or come in demand of other stakeholders who expect reliable information checked by a third party like an auditor (e.g., sustainability assurance).
The EU Audit Regulation introduced additional restrictions for PIE auditors:
See our publication Non-audit services and auditor’s independence for more information.