Why is statutory audit important?
The role of statutory auditors is to certify companies’ financial statements, i.e. to provide stakeholders such as investors and shareholders with an opinion on the accuracy of companies’ accounts. A broad community of people and institutions rely on the quality of a statutory audit. For this reason, statutory audit contributes to the orderly functioning of markets by improving the integrity and efficiency of financial statements. Its importance is reflected in the legal requirement for certain companies to have a statutory audit. Moreover, only approved auditors can undertake these statutory audits.
Why reform the rules governing statutory audit?
The new rules address a number of shortcomings observed on the audit market:
- Deficiencies, and in some instances misstatements, have been observed in audit reports by Member States’ competent authorities.
- Doubts have emerged amongst investors on the credibility and reliability of the audited financial statements of banks, other financial institutions and listed companies, as highlighted by the economic and financial crisis. This has seriously dented the confidence of investors in the reports of statutory auditors.
- An excessive familiarity between the management of a company and its audit firm, risks of conflicts of interest, and threats to the independence of statutory auditors can challenge the ability of statutory auditors to exert thorough professional scepticism.
- A lack of choice of audit firms emanating from high concentration levels in the top-end of the audit market.
- A systemic risk as the audit market is effectively dominated at the top end by four networks.
What are the main objectives of the reform of statutory audit?
The reform aims to improve audit quality and restore investor confidence in financial information, an essential ingredient for future investment and economic growth.
The main objectives of the reform are to:
- Ensure further transparency on the financial information of companies
- Provide statutory auditors with a strong mandate to be independent and exert professional scepticism
- Contribute to a more dynamic audit market in the EU
- Improve the supervision of statutory auditors and the coordination of audit supervision by competent authorities in the EU
DEFINITIONS, SCOPE AND IMPLEMENTATION
What is a public-interest entity (PIE)?
PIEs are defined as listed companies, credit institutions and insurance undertakings. In addition, Member States can designate as PIEs other undertakings that are of significant public relevance, because of the nature of their business, their size or the number of their employees.
The definition of public-interest entities (PIEs) is the same as under the Accounting Directive (2013/34/EU).
What are the main elements of the reform?
The new legal framework is based on two legislative instruments.
On the one hand, a Directive amends the 2006 Statutory Audit Directive (2006/43/EC), which first set out the duties of statutory auditors and audit firms and introduced a requirement for public oversight of the audit profession and co-operation between regulatory authorities in the EU. On the other hand, a new Regulation establishes specific requirements regarding statutory audit of public-interest entities. The new rules follow an extensive consultation process which started with the Commission's Green Paper on Audit Policy in October 2010 (seeIP/10/1325), and resulted in the presentation of two Commission proposals in November 2011 (seeIP/11/1480).
The reform rests on two pillars, encompassing both horizontal and specific measures.
The following horizontal measures apply to all statutory auditors and audit firms, regardless of whether the audited entity is a public-interest entity or not:
- Introducing stronger requirements on independence, notably by improving the organisational requirements of statutory auditors and audit firms
- Making the audit report more informative for investors, providing them with relevant information about the audited company beyond a mere standardised opinion on the financial statements
- Strengthening the competences and powers of the competent authorities responsible for the public oversight of the audit profession
- Establishing a more effective sanctioning regime by harmonising the types and addressees of sanctions as well as, for instance, the criteria to be taken into account by competent authorities when applying sanctions
- Renewing the competence of the European Commission to adopt the International Standards on Auditing (ISAs) at EU level.
In addition, the following stricter requirements apply to the statutory audit of PIEs:
- Strengthening the requirements on the audit report, and introducing an additional, more detailed, report to the audit committee, containing thorough information about the performance of the audit;
- Introducing mandatory rotation of statutory auditors and audit firms;
- Establishing a list of non-audit services that cannot be provided by the statutory auditor or audit firm to the audited entity;
- Imposing limitations on the fees charged for non-audit services;
- Enhancing the role and competences of the audit committee, giving it a prominent direct role in the appointment of the statutory auditor or the audit firm, as well as in the monitoring of the audit;
- Establishing a dialogue between the statutory auditor or audit firm of a PIE on the one hand and the supervisor of that given PIE on the other hand.
What types of audits are covered?
The new framework covers all statutory audits required by EU law. Several legislative texts at EU level establish the obligation to have a statutory audit, including notably the Accounting Directive 2013/34/EU, the Transparency Directive 2004/109/EC and the Solvency II Directive 2009/138/EC.
In addition, the new framework also covers audits for small undertakings and audits voluntarily conducted by small undertakings, where defined by national legislation as statutory audits.
The framework contains specific requirements regarding the statutory audit of PIEs. However, Member States have the possibility to exempt cooperatives and savings banks from these specific requirements.
Why are there stricter requirements for the audit of public-interest entities (PIEs)?
Stricter requirements govern the statutory audit of PIEs because the potential negative consequences of misstatements for shareholders, investors and more broadly society at large, are usually greater than for other types of undertakings. The possible costs of the specific rules concerned are thus far outweighed by the benefits of avoiding audit problems in those public-interest entities.
Where does implementation stand?
The Directive entered into force on 16 June 2014, 20 days after its publication in the Official Journal of the European Union (see OJ L 158). Member States had two years to adopt and publish the provisions necessary to comply with the revised Directive. The Regulation also entered into force 20 days after its publication in the Official Journal (see OJ L 158).
Both the Directive and the Regulation become applicable on 17 June 2016. This is to allow that, by the time of the application of the Regulation, every Member State should have put in place the provisions necessary to comply with the Directive.
However, some specific provisions will become applicable later. For instance, rotation periods are subject to specific and calibrated transitional periods. Similarly, the prohibition of the “Big Four Only” contractual clauses will apply three years after the entry into force of the Regulation.
The Commission has worked closely with Member States, national authorities and stakeholders to smooth the implementation process and facilitate the transition to the new rules. The Commission is following the transposition process and is gathering information as national implementing rules are adopted. Information relating to each Member State is available and will be regularly updated.
WHAT WILL CHANGE: KEY MEASURES
I. Enhanced information to investors
Why establish new rules on the audit report?
The primary objective of the reform is to increase the quality of statutory audit. This means both enhancing statutory auditors’ independence and providing investors and shareholders of audited entities with better and more detailed information via the audit report.
The new rules will increase the informational value of the audit report – which is an essential tool from the investors’ perspective. Provisions spelling out the content of the audit report are set out both in the Directive and in the Regulation, as the reform differentiates audit reports for non-PIEs and for PIEs and imposes further requirements on the latter.
For instance, in the case of a PIE audit, the Regulation introduces a requirement for statutory auditors auditing PIEs to report on key areas of risk of material misstatement of the annual or consolidated financial statements. In addition, statutory auditors will need to explain to what extent the statutory audit was considered capable of detecting irregularities, including fraud.
By improving the information that the statutory auditor or the audit firm provides to the audited entity, be it a PIE or not, the reform aims to help reduce the ‘expectation gap’ that often exists between the perceptions of what auditors should be delivering and what they are bound to deliver.
What is the purpose of the additional report to the audit committee?
The additional report to the audit committee, which is to be prepared only when auditing PIEs, aims to increase further audit quality and avoid any loopholes, via enhanced communication between the statutory auditor or the audit firm on the one hand, and the entity’s audit committee on the other hand. The additional report will provide the audited PIE with more detailed information on the outcome of the statutory audit, including for instance on the methodology used, on possible significant deficiencies identified in the internal control system, on the valuation methods applied, etc.
In principle, the additional report is not public; however Member States may allow the audit committee to disclose that additional report, if provided for in their national law.
Why strengthen the role of the audit committee?
The Statutory Audit Directive (2006/43/EC) introduced the requirement for PIEs to have an audit committee. As part of an effective internal control system, audit committees help minimise financial, operational and compliance risks. They also have a decisive role to play in contributing to high-quality statutory audit.
The new rules strengthen the audit committee, both in its composition (most members shall be independent; the committee as a whole shall now have competence relevant to the sector in which the audited entity is operating), and in its competences. For instance, the audit committee will play a direct role in the appointment of the statutory auditor or the audit firm. It will also monitor the statutory audit, as well as the performance and independence of the statutory auditor.
Is the reform directly empowering shareholders vis-à-vis statutory auditors?
The new rules offer the possibility for 5% of the shareholders to initiate action to dismiss the undertaking’s statutory auditor or audit firm, This will provide shareholders with a direct tool to address potential concerns with the quality of the statutory audit, regardless of whether the audited entity is a PIE or not. In addition, with regard to the selection by a PIE of a statutory auditor or an audit firm, shareholders will be provided with information about which statutory auditor or audit firm the PIE’s audit committee recommends and prefers, and why, based on tender documents setting out transparent and non-discriminatory selection criteria. This will allow shareholders to make a more informed decision in the selection of statutory auditors or audit firms by PIEs.
II. Statutory audit of PIEs: Mandatory rotation of statutory auditors
Why PIEs need to change their statutory auditors or audit firms?
There are obvious risks for PIEs in having the same statutory auditors or audit firms for 50 or 100 years as happens today. Such a long professional relationship may undermine the statutory auditor's independence and negatively impact on its professional scepticism. Rotation of the key audit partner within an audit firm is insufficient because the main focus of the audit firm remains client retention. A new partner would be under pressure to retain a long-standing client of the firm.
Mandatory audit firm rotation will help reduce excessive familiarity between the statutory auditor and its clients, limit the risks of carrying over repeated inaccuracies, and encourage fresh thinking, thus strengthening the conditions for genuine professional scepticism.
Mandatory rotation will hence contribute to a better audit quality.
In order to facilitate the smooth transition to the new statutory auditor or audit firm, the new rules require that the former auditor transfer a handover file with the relevant information to the incoming statutory auditor.
When will PIEs need to change statutory auditors or audit firms?
Following the entry into force of the new rules, PIEs will be required to change their statutory auditors or their audit firms every 10 years as a maximum. The duration of the audit engagement shall be calculated as from the date of the first financial year covered in the audit engagement letter.
Member States, however, can establish shorter rotation periods (e.g. a maximum of seven or eight years). In addition, Member States can allow PIEs to extend the audit engagement: i) by an additional 10 years upon tender; or ii) by an additional 14 years in the case of joint audit.
What is joint audit?
Joint audit is the expression commonly used to refer to the appointment of more than one statutory auditor or audit firm by the PIE. The appointed auditors present a joint audit report to the audited entity and bear the full responsibility for the audit.
Why are there transitional periods for rotation?
The Regulation sets out transitional periods with regard to the application of the mandatory rotation requirement for long-lasting existing engagements between PIEs and statutory auditors or audit firms. This is to avoid a ‘cliff-edge’ effect on the audit market when the new rules apply.
III. Statutory audit of PIEs: Prohibition of certain non-audit services to audited PIEs
Why prohibit the provision of certain non-audit services to audited PIEs?
The objective of the reform is to ensure that statutory auditors and audit firms enjoy conditions of independence to perform their primary ‘societal’ role: statutory audit. When auditing PIEs, the provision of certain services other than audit (non-audit services) involve an inherent threat to their independence and may substantially increase the risks of conflicts of interest for statutory auditors and audit firms.
As a result, the Regulation introduces a list of non-audit services that statutory auditors and audit firms will not be able to provide to the audited entity, to its parent undertaking and to its controlled undertakings within the Union (the so-called ‘black list’), in order to avoid situations where the independence of statutory auditors or audit firms could be compromised.
Examples of services covered by the ‘black list’ include:
- Specific tax, consultancy, and advisory services to the audited entity
- Services that involve playing any part in the management or decision-making of the audited entity
- Services linked to the financing, capital structure and allocation, and investment strategy of the audited entity.
Member States can chose to derogate from the list of prohibited non-audit services to provide certain tax and valuation services when these services are immaterial or have no direct effect, separately or in aggregate, on the audited financial statements. Member States also have the possibility of prohibiting more non-audit services than those in the ‘black list’.
Will auditors be able to continue providing non-audit services to PIEs?
Apart from the non-audit services listed in the Regulation, and where Member States have not adopted more stringent provisions, statutory auditors and audit firms can provide services other than audit to the PIEs they audit.
In addition, statutory auditors and audit firms will continue to be able to provide all types of non-audit services to the PIEs they do not audit.
V. Structure of fees received from PIEs
Why introduce a cap on fees for non-audit services to PIEs?
Introducing a cap on fees for non-audit services to PIEs will strengthen the independence of statutory auditors and audit firms vis-à-vis their clients.
The Regulation establishes that when a statutory auditor or an audit firm has been providing non-audit services to the audited PIE for a period of three or more consecutive financial years, the total fees for such services shall be limited to a maximum of 70% of the average of the fees paid in the last three consecutive financial years for the statutory audit(s) of the audited entity and, where applicable, of its parent undertaking, of its controlled undertakings and of the consolidated financial statements of that group of undertakings.
All calculations for the cap need to be done at group level – i.e. they need to take into account not only the audited entity but also, where applicable, its parent undertaking, its controlled undertakings and the consolidated financial statements of that group of undertakings.
Is there any limit, with regard to the total fees - including audit and non-audit services - that statutory auditors or audit firms can receive from a given audited PIE?
There is no fixed limit with regard to the amount of fees that a statutory auditor or an audit firm can receive from a given audited PIE. However, there is a percentage limit to prevent the statutory auditor or audit firm from becoming too dependent on a given audited PIE.
Thus, when the total fees received - both for audit and non-audit services - by a statutory auditor or an audit firm from a single PIE in each of the last three consecutive financial years exceed 15% of the total fee income received by that statutory auditor or audit firm, that fact should be disclosed to the audit committee. The audit committee should then consider submitting the audit engagement to a quality control review. If the fees received continue to exceed 15%, the audit committee should also consider whether the audit engagement should be kept; if so, the audit engagement can remain in place, but for a period no longer than 2 years.
V. A more dynamic EU audit market
Will it be easier for audit firms to move within the EU?
The amended Directive encourages the development of a level playing field for audit firms at EU level in order to foster more dynamic and open audit markets. It establishes a “European passport” for audit firms in order to facilitate cross-border mobility within the EU and strengthen the single market for audit.
How will the new rules impact SMEs?
The audit reform does not impose any new burden on small and medium-sized undertakings that do not qualify as PIEs. This is in line with the conclusions presented in the "Small Business Act" adopted in June 2008 and revised in February 2011.
In addition, in accordance with the new Accounting Directive (2013/34/EU), there is no requirement at EU level for small undertakings that are not PIEs to have an audit, unless Member States see the need for assurance and set up specific requirements for certain small undertakings.
Under the amended Statutory Audit Directive, where a Member State requires a statutory audit for small undertakings, it has the possibility to establish simplified requirements to reduce the administrative burden for the auditor with regard to several obligations, such as the internal organisation of statutory auditors and audit firms, documentation of client records, and audit files.
When a small and medium-sized undertaking qualifies as a PIE, the specific requirements governing the audit of PIEs apply. However, the audit reform also provides for a proportionate approach for small and medium- sized undertakings that qualify as PIEs, taking into account their specificities.
Will the new rules promote market diversity?
Mid-tier audit firms (i.e. those who are not members of the largest networks) will benefit from the reform as new market opportunities emerge. Mandatory rotation, together with the incentives for joint audit and tendering, as well as the prohibition of certain non-audit services to audit clients - requiring de facto that another audit firm provides these services - are examples of measures that should make the market more dynamic and ultimately less concentrated.
In addition, tools to monitor the concentration of the audit market at EU level are reinforced. The European Competition Network (ECN), a network gathering the European Commission and the national competition authorities of the Member States, will have a role in monitoring the changes in the structure of the audit market. The ECN will not, however, replace the competent authorities in the field of audit.
What about third-party clauses restricting the choice of auditors?
The audit market is characterised by a high degree of concentration at the top end of the market, notably in the field of statutory audit of large undertakings, where only a handful of audit firms operate. In some instances, the choice of an audit firm is further restricted by the so-called ‘Big-Four Only’ clauses that third parties such as banks or insurance undertakings impose on large undertakings. In order to promote further choice, such restrictive contractual clauses are now prohibited, regardless of whether the undertaking is a PIE or not.
VI. Fostering convergence and cooperation
Will the International Standards on Auditing (ISAs) be adopted at EU level and when will they become mandatory for Member States?
Both the amended Directive and the Regulation renew the competence of the European Commission to adopt the ISAs via delegated acts. However, neither the 2006 Statutory Audit Directive, nor the new rules, create an obligation or a deadline for the Commission to adopt the ISAs at EU level.
The national standards, procedures or requirements that are in force in the Member States will remain applicable as long as the Commission has not adopted the International Auditing Standards covering the same subject matter.
Are there any significant changes with regard to cooperation with third countries?
The framework of existing requirements for the issuance of a Commission decision on equivalence and adequacy of third countries remains mostly unchanged. Minor changes have been introduced, notably to stress the need to ensure the protection of commercial interests in the field of exchange of information.
VII. Enhancing oversight at national and European level
What are the main changes in the organisation of the audit public oversight system?
Under the amended Directive and the Regulation each Member State should designate a single competent authority to bear ultimate responsibility for the audit public oversight system. This does not prevent Member States from envisaging the possibility for competent authorities to delegate some of the tasks that they have been assigned, whilst retaining ultimate responsibility for the carrying-out of these tasks. In addition, the powers and competences of the competent authorities have been enlarged, including investigative and sanctioning powers to detect, deter and prevent breaches of the provisions of the Directive and the Regulation.
Why strengthen the sanctioning regime?
A system of sanctions is key to ensuring that rules are respected and that statutory auditors and audit firms are held accountable, regardless of whether they audit a PIE or not. Considering that many audit firms are part of international networks and that audited entities are also often part of an international group, establishing a minimum level playing field with regard to sanctions is an important step to ensuring the necessary convergence between different regulatory frameworks.
The new rules require Member States to provide for appropriate administrative sanctions and measures that can be applied to violations of EU audit legislation. For this purpose, the Directive requires Member States to comply with common minimum standards on:
- Types and addressees of sanctions
- The criteria to be taken into account by competent authorities when applying sanctions
- The publication of sanctions
- Mechanisms to encourage reporting of potential violations.
All these provisions are without prejudice to provisions of national criminal law.
How will the cooperation between national supervisory authorities be enhanced?
Audit oversight will continue to be conducted at national level. However, cooperation and coordination is to be carried out at European level by a new Committee of European Auditing Oversight Bodies (CEAOB), a group that will replace the existing European Group of Auditor Oversight Bodies (EGAOB). The members of the CEAOB will include national audit supervisors and the European Securities and Markets Authority (ESMA). Its main task will be to promote an effective and consistent supervision of the audit firms operating across the EU.
Why give the European Securities and Markets Authority (ESMA) a specific role on international relations?
ESMA is an independent EU Authority that contributes to consolidating the EU’s financial stability and to strengthening investor protection via enhanced supervision. As part of its mandate, ESMA strengthens international supervisory co-operation. The role conferred on ESMA within the CEAOB aims to foster international cooperation between Member States and third countries relating to public oversight systems of auditors.
Is there any measure to contribute specifically to global financial stability?
The reform aims to improve statutory audit quality in general, through all segments of the economy.
With regards to financial stability in particular, the Regulation requires that a dialogue be established between the statutory auditor or audit firm of a PIE on the one hand and the supervisor of that given PIE on the other hand. This should help enhance supervision.
In addition, a meeting should take place on a yearly basis between the statutory auditors of global systematically important financial institutions, the CEAOB and the European Systemic Risk Board (ESRB). The role of the ESRB is to monitor the build-up of systemic risk in the Union. Its work can benefit from statutory auditors and audit firms of systemically important financial institutions, given their experience in financial information.
For more information: