In this page, we provide answers to frequently asked questions on auditors, audit and oversight to inform the European policy debate.
For more information on sustainability information assurance, see our related FAQ. Further details on non-audit services and auditor’s independence are available in our publication.
Questions & answers
- What is statutory audit?
- What information do the audited financial statements provide?
- How is an audit performed?
- What is the outcome of an audit?
- What is a public interest entity and why is the definition important?
- What is the role of an audit committee?
- What is the ‘accountancy profession’?
- What is the difference between an auditor and an accountant?
- What are the requirements to become an auditor?
- Who appoints the auditor?
- Who legislates on audit in the EU?
- Who supervises audit in the EU?
- What role do the international standards play in auditor’s work?
- What are the measures to ensure auditor’s independence?
- What is mandatory auditor / audit firm rotation?
- Are auditors allowed to provide other services to their audit clients?
About the audit
1. What is statutory audit?
A statutory audit (hereafter: audit) is a legally mandated check of a company’s annual financial statements. Companies prepare these statements to explain their financial performance. Investors, shareholders and other stakeholders rely on audited financial statements when making their decisions. EU law requires large and medium-sized companies to be audited. Member States may decide to require audits of smaller entities too.
2. What information do the audited financial statements provide?
Financial statements are published for external users including current and potential investors, lenders and other creditors. They show the company’s financial position, which is information about the company’s assets such as cash, inventory and fixed assets; and liabilities such as loans, trade payables and tax liabilities. They also present results of company’s operations such as revenue, expenses, taxes and profit.
3. How is an audit performed?
Typically, an audit engagement has three stages: planning, execution and reporting. It requires a year-long cooperation among a multi-disciplinary team of auditors and experts in different areas (see our publication How do multidisciplinary teams contribute to audit quality?). For planning the audit team aims to understand the company’s operating environment and identify the risks relevant to its financial statements.
During execution, auditors gather and evaluate evidence through a combination of procedures e.g.: inquire management, test the company’s internal controls, analyse transactions and balances, and obtain third party confirmations. The auditor’s objective is to obtain sufficient audit evidence to be able to draw reasonable conclusions. The audit opinion is based on these conclusions and is publicly reported.
4. What is the outcome of an audit?
The main output of an audit is the publicly available audit report. The audit opinion in this report states whether the accompanying financial statements are prepared in accordance with the accounting standards and present fairly, in a material way, the financial position and performance of the company.
Public Interest Entities’ (PIEs) auditors also explain key audit matters (KAMs) in their audit reports. KAMs are factors representing the most significant risks with the highest impact on the audit’s results.
5. What is a Public Interest Entity and why is the definition important?
A PIE is defined in the EU Accounting Directive and the EU Audit Directive as a:
- listed entity
- credit institution
- insurance undertaking
Member States may designate additional entities as PIE at a national level, for instance entities which are important/strategic for the country’s economy. See our publication Definition of Public Interest Entities in Europe for more detail.
The EU Audit Regulation provides specific requirements regarding statutory audit of PIEs. Therefore PIEs’ definition and identification are crucial to determine which entities are within this EU Regulation’s scope. These requirements are more demanding and go beyond the EU Audit Directive’s requirements which applies to all statutory audits.
6. What is the role of an audit committee?
An audit committee consists of: i) members of a company’s board of directors and/or ii) members appointed by the shareholders. It ensures that shareholders’ interests are properly protected in relation to the financial reporting process.
To achieve this, the majority of an audit committee members have to be independent from the company. The EU legislation also requires at least one audit committee member to have competence in accounting and/or auditing.
The most important roles included in EU legislation for PIE audit committees are to:
- monitor the financial reporting process and relevant controls
- review the auditor’s independence including pre-approval of all permitted non-audit services
- make a recommendation about auditor’s appointment
About the auditor
7. What is the “accountancy” profession?
The ‘accountancy profession’ is comprised of accountants, auditors and advisors. They provide a wide range of services in diverse capacities and sectors.
8. What is the difference between an auditor and an accountant?
Accountants help companies prepare their financial statements and sustainability reporting to measure performance, including their economic activities’ environmental and social impacts. The EU Accounting and Transparency Directives requirements, relevant national legislation & standards apply for accountants’ work, as well as International Financial Reporting Standards (IFRS) for companies under the International Accounting Standards (IAS) Regulation.
External auditors provide audit services to companies and thereby add credibility to information by giving an independent expert opinion on the information reported by a company, such as the annual financial statements (see question 1). Auditors’ work is regulated by the requirements of the EU Audit Directive and Regulation and relevant national legislation. Auditors also apply for their work professional standards like International Standards on Auditing (ISAs).
Both accountants and auditors abide by the International Code of Ethics or national equivalents.
9. What are the requirements to become an auditor?
The EU Audit Directive determines that only people that fulfill set legal requirements on education, experience and examination can use the auditor title. It also defines how to qualify as auditor, remain qualified and the reserved activities that only auditors can carry out. See our publication How is access to the European accountancy profession regulated?
Auditors must participate in continued professional development (CPD) to maintain their theoretical knowledge and keep their qualification. The EU Audit Directive lists the minimum requirements including the main topics and sanctions for not complying. National requirements are often more stringent, requiring on average 40 CPD hours per year.
10. Who appoints the auditor?
All auditors are appointed at the audited company’s general meeting of shareholders in accordance with the 2014 EU Audit Directive.
As an additional procedure for PIEs, the 2014 EU Audit Regulation requires the audit committee to search for the auditor. Audit committees make a recommendation to company’s Board for the auditor’s appointment following a selection process (see question 6).
About the regulation/standards/supervisions
11. Who legislates on the audit in the EU?
Since 1984, the EU Statutory Audit Directive contains requirements governing all statutory audits and auditors in the EU.
The 2014 EU Audit Regulation contains additional requirements with regards to PIE audits (see question 5).
As the EU legislation sets only minimum criteria, Member States have the option to add more demanding requirements.
12. Who supervises audit in the EU?
EU legislation requires each Member State to set up a dedicated audit oversight body (AOB) which needs to be independent from auditors and audit firms. These AOBs supervise auditors at national level and cooperate at EU level within the Committee of European Auditing Oversight Bodies (CEAOB).
For more information on how audit oversight is organised in Europe (see our publication Organisation of the public oversight of the audit profession in 30 European countries).
13. What role do the international standards play in auditor’s work?
Auditors abide by the international ethics and auditing standards developed by independent Boards, the IESBA and IAASB or national equivalents. These standards set out minimum requirements and practical guidance for an independent and high-quality audit. They help global consistency in audits.
Ethical standards focus on auditor’s independence. Internal standards on auditing (ISAs) determine how an auditor plans and conducts the audit engagement and communicates the results.
14. What are the measures to ensure auditor’s independence?
The EU and national legislation and international standards establish specific independence requirements for auditors.
Auditors’ compliance with these requirements is subject to inspections by independent oversight bodies in each Member State. Audit firms have comprehensive policies to comply with these requirements.
For PIEs, a company’s audit committee has the responsibility to ensure that the audit is conducted in an independent manner. This includes pre-approving any service other than audit to be provided by the auditor, having satisfied that the auditor’s independence would not be compromised (see our publication
Another measure that was introduced by EU legislation to help reinforce auditors’ independence is mandatory auditor / audit firm rotation (see question 15).
See our publication Non-audit services and auditor’s independence for more information.
15. What is mandatory auditor / audit firm rotation?
Mandatory auditor / audit firm rotation means that there is a maximum duration for the audit engagement, to reinforce the auditor’s independence from the audited entity. This is one of the EU Audit Regulation’s measures for PIEs.
This means that PIEs are required to find a new audit firm after a certain period, which is set at 10 years by the Regulation. Member States may set a shorter period at a national level or allow limited extension of the audit engagement’s duration in case of tendering or joint audit (i.e., more than one firm performing the audit). As a result, there are divergences among European countries on the audit engagement duration. (See our publication Implementation of the 2014 EU Audit Directive and regulation in 30 European countries).
16. Are auditors allowed to provide other services to their audit clients ?
Auditors provide a limited number of non-audit services to their audit clients on the conditions that they:
- are not prohibited by legislation like the EU Audit Directive or ethical standards
- do not compromise auditor’s independence
- do not involve assuming a management role
These services are either closely linked to the financial statements audit (e.g., review of financial information) or come in demand of other stakeholders who expect reliable information checked by a third party like an auditor (e.g., sustainability assurance).
The EU Audit Regulation introduced additional restrictions for PIE auditors:
- there is an extensive list of services that are prohibited (the ‘black-list’)
- there is a 70% cap for the fees that the auditor can receive for the provision of non-audit services
See our publication Non-audit services and auditor’s independence for more information.