Legal provisions of COM(2024)102 - EUROPEAN SYSTEMIC RISK BOARD Joint Report on developments in the EU market for statutory audit services to public-interest entities from 2019 to 2021 - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2024)102 - EUROPEAN SYSTEMIC RISK BOARD Joint Report on developments in the EU market for statutory audit services to public-interest ... |
---|---|
document | COM(2024)102 |
date | March 5, 2024 |
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN CENTRAL BANK AND THE EUROPEAN SYSTEMIC RISK BOARD
Joint Report on developments in the EU market for statutory audit services to public-interest entities from 2019 to 2021
1. Introduction
This joint report assesses developments in the EU market for carrying out statutory audits on public-interest entities (PIEs) from 2019 to 2021. It focuses on:
- market concentration;
- the risks arising from audit quality deficiencies; and
- the performance of audit committees.
It is the third report drawn up pursuant to Article 27 of Regulation (EU) No 537/2014(1) (‘the Regulation’). The first market monitoring report(2) covered developments from 2014 to 2015, and the second report(3) covered developments from 2016 to 2018.
The Committee of European Auditing Oversight Bodies (CEAOB) prepared this report. Unless specified otherwise, reports from the national competent authorities responsible for audit oversight (NCAs) are the main source of data. The data mostly refers to 2020 and 2021, and was collected in 2022.
For the first time, the report includes data collected from Norway. It is used in paragraph 2.1 on ‘market overview’ and paragraph 2.2 on ‘market concentration’. No data has been collected for the United Kingdom (UK). Where 2018 comparatives are included in this report, and unless specified otherwise, UK data is included in the 2018 figures.
2. Developments in the EU market for statutory audits of PIEs
1. Market overview
In 2021, there were 200 484 statutory auditors and 22 427 audit firms registered in the EU and Norway. Table 1 shows the figures for both 2021 and 2018 (without the UK). The number of audit practitioners (servicing PIE or non-PIE audit clients) fell by 6% from 2018 and the number of registered audit firms fell by 11%. Audit firms auditing PIEs represent close to 4% of all registered audit firms, consistent with the share in 2018.
The number of statutory auditors employed by and associated with audit firms (as partners or otherwise) increased by 7%.
Table 1: EU registered statutory auditors and audit firms (2018-2021)(4) | |||
2018 | 2021 | Change | |
Statutory auditors | 213 299 | 200 484 | -6% |
Statutory auditors employed by or associated as partners or otherwise with an audit firm | 47 944 | 51 388 | 7% |
Audit firms | 25 110 | 22 427 | -11% |
Of which, audit firms auditing PIEs | 1 090 | 1 008 | -8% |
The number of PIE statutory audits increased by 11% between 2018 and 2021 (Figure 1). Listed companies were the biggest category of PIEs across the Member States in 2021, representing 37% of the total (44% in 2018).
Joint PIE audits represent 16% of PIE statutory audits. Of the 13 Member States that reported joint audits(5), France again had the most (87% of the EU‑27 and Norway combined). Belgium, Croatia, Finland, Ireland and Poland reported joint audits in 2021, while no joint audit had been reported in those five countries in 2018.
Figure 1: PIEs and PIE statutory audits (2018-2021)(6)
The turnover of audit firms in the EU‑25(7) and Norway auditing PIEs was some €30 billion(8) in 2021. Data for the 10 key audit firms (10KAP(9)) indicates an estimated revenue for EU‑25 and Norway of around €28 billion.
Turnover figures by Member State vary widely, with Germany and France the two largest markets (accounting for 47% of the turnover of audit firms in the EU)(10).
11% of the turnover of audit firms auditing PIEs, reported by firm or at network level, is generated by non-audit services revenue (permitted non-audit services to audited entities) and 56% by non-audit services (NAS) to other entities.
10% of the total turnover of audit firms auditing PIEs in the EU was generated by revenue from statutory audits of PIEs and entities belonging to a group of undertakings whose parent undertaking is a PIE (up from 9% in 2018). 23% was generated by revenue from statutory audits of other entities (Figure 2) (26% in 2018). However, this share varies across the Member States: in seven countries over 50% of revenue was generated by statutory audit services but in six countries, less than a third of revenue was generated by statutory audits(11).
Figure 2: Revenue breakdown of EU turnover of audit firms auditing PIEs (2021)
21 out of 24 NCAs from the European Competition Network reported that in the period 2019-2021 they did not carry out a sector inquiry in the audit market nor did they report any antitrust or enforcement activity in this sector. Two NCAs mentioned having analysed the concentration level in the audit market. One NCA mentioned an antitrust investigation that took place during this period (12).
2. Market concentration
This report presents market data(13) for PIE statutory audits by the ‘Big Four’ (Deloitte, EY, KMPG and PwC), ‘CR4’ (the four biggest audit firms in each country) and the 10KAP.
The Big Four account for over 80% of the market share in 11 Member States(14) (compared to 13 in 2018) and an average EU market share of 59% (down from 70% in 2018) of all PIE statutory audits.
In 13 Member States (up from 7 in 2018), the Big Four are not the four largest audit firms(15) in terms of total number of PIEs statutory audit opinions. The average market share for CR4 is 70% and 81% for 10KAP.
Figure 3: Audit firms’ market share in number of PIE statutory audits (2021)
The Big Four remain dominant in terms of revenue from PIE statutory audits. At EU level, the Big Four accounted for 86% of revenue from PIE statutory audits, and 71% of revenue from statutory audits of other entities (Figure 4).
Figure 4: % of PIE statutory audits, % of revenue from PIE statutory audits and % of revenue from audits of other entities, by Member State [Big 4] (2021)
In terms of audit firms’ total turnover, the Big Four accounted for around 80% of the EU total, consistent with 2018 figures. As shown in Figure 5, individually the Big Four are the largest firms in terms of market share of number of PIE statutory audits, collectively accounting for 59% of the market for PIE statutory audits. Mazars is the fifth largest firm, with 7% of market share, followed by BDO with 5% of market share.
Figure 5: 10KAP market share of number of PIE statutory audits (2021)
Although their prevalence in terms of number of PIE audits is decreasing, the Big Four continue to dominate the PIE statutory audit market, with 86% of revenue for statutory audits of PIEs (Figure 6). This is lower than the 92% of revenue in 2018, partially explained by the fact that UK audit firms are no longer included in the EU total, following the withdrawal of the United Kingdom from the EU.
In the market for statutory audits of other entities, the Big Four have a share of 71% of revenues, up slightly from 68% in 2018.
The Big Four generate a significant proportion (around 82-84%) of non-audit services revenue(16) from audit and non-audit clients. The situation varies across Member States.
The estimated EU revenue structure shows that the Big Four dominate the market both in statutory audits and in non-audit services provided by statutory auditors. The highest proportion of revenue of other audit firms (not the Big Four) comes from statutory audits of other entities (15% for the remaining 10KAP and 14% for all other firms) and from non-audit services to other entities (13% remaining 10KAP and 5% for all other firms). The remaining 10KAP have increased their share of revenue from statutory audits of PIEs (from 5% in 2018 to 9% in 2021).
Figure 6: EU market shares of audit firms auditing PIEs, by revenue (2021)
The estimated EU revenue structure by firm in Figure 7 shows that the Big Four generate a higher percentage of their total revenue from statutory audits of PIEs than the remaining 10KAP (5%) and all other firms (7%). However, the Big Four generate a lower share of revenue from statutory audits of other entities of total revenue than the remaining KAP10 (45%) and all other firms (26%).
Figure 7: Revenue structure by firm (2021)
3. Risks arising from quality deficiencies
In total, NCAs reviewed 737 PIE audit files, mostly related to yearly inspection cycles, carried out in 2021(17). On average, the reviews led to an average of 2.6 inspection findings(18) per PIE audit file. Firm-wide procedures conducted on 361 audit firms/sole practitioners auditing PIEs led to an average of 3.5 findings per audit firm.
The qualitative assessment below covers the area of mitigation and systemic risk analysis.
In previous years, the findings mostly related to deficiencies in audit firms’ internal quality control systems, but the recent findings(19) show that most deficiencies were found in the PIE audit engagement files. Two thirds of NCAs indicated that their recommendations to put in place mitigation measures and remedies to address those deficiencies had been satisfactorily implemented.
Below are the most commonly reported areas for mitigation and risk analysis (where repeated findings were observed, i.e. the same findings were identified in the same audit firm/practitioners in previous inspection cycles).
- Methodology:
- insufficient audit procedures performed and/or evidence obtained;
- non-compliance with International Auditing Standard (ISA) 500 Audit Evidence, ISA 530 Audit Sampling, ISA 540 Auditing Accounting Estimates and Related Disclosures, or ISA 230 Audit Documentation;
- need to improve audit methodology/documentation templates to achieve compliance with legislation/ISAs.
- Engagement quality control review – EQCR:
- failure to perform timely EQCR and/or inadequate documentation;
- ineffective internal monitoring on EQCRs carried out by audit partners;
- lack of consideration, in the partners’ evaluation and remuneration, of the deficiencies identified in relation to EQCR performance.
- Ethics & independence:
- non-audit service provision to audit clients insufficiently assessed for the following areas:
- consider whether to consult with the risk management partner if independence threats or conflicts of interest arise;
- obtain and document the audit committee approval before providing non-audit services;
- critically perform and adequately document the acceptance process, especially when self-review risks or conflicts of interest may arise.
- Audit documentation and data security:
- improvements required in archiving audit files;
- need to improve audit documentation.
- Risk assessment and internal control testing:
- insufficient risk assessment by the auditor;
- improper identification of internal general controls within the audited entity;
- lack of testing of internal controls.
In five cases, NCAs discussed with regulatory colleges and within the CEAOB inspections subgroup whether particular shortcomings, mainly related to the overall quality of audit firms’ internal control systems, should qualify as systemic risks. Although the outcome was negative in each case, the discussions were important to enhance audit quality across audit firms.
4. Performance of audit committees
Article 39 of the Audit Directive (20) sets out the main requirements for audit committees, their composition, tasks and interaction with the administrative or supervisory body. This report assesses the performance of audit committees. It is largely based on input from the audit committees themselves. The NCAs invited 1506 audit committees across Member States to reply to a CEAOB questionnaire(21) and about 60% of the audit committees (across 23 Member States) responded.
Interaction with the administrative or supervisory body
The responses show that the interaction of audit committees with the administrative or supervisory body is adequate and indicates sufficient understanding of the requirements in this area. Over half of the audit committees had met the administrative or supervisory body at least three times to communicate on its activities, issues and related recommendations following the statutory audit. Sometimes the management of the audited entity was present.
About 77% of the audit committees spent between 10% and 50% of their meeting time on matters related to the outcome and monitoring of the audit when they met with the administrative or supervisory body (see Figure 8).
Figure 8: Time spent by audit committees on matters related to the outcome and monitoring of the audit
Independence, including permitted non-audit services and fees cap
Audit committees are responsible for reviewing the independence of statutory auditors or audit firms, including the approval of permitted non-audit services(22). In 66% of cases, audit committees had received written representations from the auditors. In 32% of cases, the audit committees had raised further questions. In 24% of cases, audit committees had reported formal discussions with statutory auditors or audit firms on the risks to the auditor’s independence and the safeguards applied to mitigate those risk. 2% of audit committees had not carried out any measures to monitor the auditors’ independence.
Figure 9: Monitoring the independence of auditors
24% of audit committees had set further criteria limiting non-audit services that would be permissible under the Regulation or national legislation.
65% of audit committees (2018: about 50%) confirmed that the statutory auditor (or any member of its network) had submitted proposals to provide non-audit services during the reference period(23).
37% of audit committees mentioned that they had not examined requests for providing non-audit services under Article 5(4) of the Regulation, which is a significant decrease from 80% in 2018. Half stated that they had not examined requests because the non-audit services were on a pre-approved list (36%) or were not permitted by the entity (14%).
Where audit committees were involved in the approval of non-audit services, audit committees had withheld approval in 2% of cases. The reasons mentioned for withholding approval of the provision of non-audit services were a risk to the independence of the statutory auditor, prohibited non-audit services under the Regulation or under national law, or the audit committee’s objective to enhance competition between audit firms. None of the audit committees identified the fee cap as a reason for that decision.
12% of the audit committees did not examine the non-audit services provided, which means they did not check that the entity’s management had ensured that the non-audit services provided were consistent with the approved non-audit services (nature and fees).
The overwhelming majority of audit committees (87%) did not set a non-audit services fee cap lower than 70%(24) for monitoring. Only about a third reviewed the calculation made by the entity in relation to the permitted non-audit services fee cap of 70%. Calculation methods vary across the audit committees, with close to 50% performed at group level for the PIE sitting at group level. Other entities calculate the fee cap at subsidiary level (20%), at group level for all PIEs within the group (16%) or, where there is no group structure, at company level (16%). The non-audit services fee cap of 70% was exceeded according to 1% of the audit committees.
The auditor selection process
Audit committees are responsible for the procedure of selecting the statutory auditor. Over 95% (2018: 87%) report being in charge of the tendering process, although for some audit committees this remains challenging.
19% of the audit committees mentioned appointing a new statutory auditor (or audit firm). For two thirds, the auditor had been in place up to 10 years before a new statutory auditor was appointed. 18% of cases had had the same auditor for over 20 years.
Under Article 16(2) of the Audit Regulation, 90% of the PIEs that proceeded to tender had invited at least two statutory auditors or audit firms (6% more than in 2018).
Figure 10: Statutory auditors/audit firms invited to participate in tender
35% of the audit committees did not give any specific consideration to the requirement that the tender process must not prevent firms that received less than 15% of their total fees from PIEs in the Member State in the previous calendar year from participating in the selection procedure(25).
Regarding the announcement or disclosure of the tendering process, 76% did not follow the CEAOB guidelines ‘Appointment of statutory auditors or audit firms by public-interest entities’, encouraging PIEs to make the request for tender public to enable non-invited statutory auditors (or audit firms) to participate.
The tender documentation was either made publicly available (13%) or sent to selected audit firms (87%, of which 25% went to the Big Four audit firms only).
The numbers of statutory auditors (or audit firms) that submitted a bid are shown in the chart overleaf:
Figure 11: Number of statutory auditors/audit firms that submitted a bid
73% of audit committees checked whether the audited entity would be able to demonstrate, upon request, to the competent authority that the selection procedure had been conducted in a fair manner.
51% of audit committees who had changed the auditors indicated that it was too early to evaluate the impact of auditor rotation, or that no assessment had been made at the time of the questionnaire. 22% of audit committees rated the impact of auditor rotation as neutral and 12% rated the impact as positive.
Monitoring the statutory audit
Audit committees are also responsible for monitoring statutory audits. 77% of audit committees met with the statutory auditors (or the audit firm) more than once and with management present (36% did so without management present). 36% of audit committees assessed audit quality with criteria/metrics such as quality of communication, audit engagement team (including technical expertise displayed), degree of auditor challenge, and the amount of time spent on the statutory audit by the partner/senior audit management.
Audit committees made little use (17%) of NCA inspection reports/findings from the last inspection of the statutory auditor in monitoring the performance of the statutory audit. Over half of the audit committees stated that no findings reports were available or they lacked access to them, while 30% of audit committees did not enquire whether findings were available.
3. Key findings
The key findings resulting from the CEAOB survey are as follows:
1. The decline in the number of individual auditors and audit firms observed in the last report continued.
Impacts such as the age structure of the audit profession, its capacity to attract new professionals and the increase in regrouping professionals into bigger structures might have both positive and negative consequences on the quality of audit delivered, and will need to be monitored over the next period.
2. On average, PIE audit firms derive 67% of their revenue from non-audit services. This is a decrease of about 2% compared to the previous period. It shows that the focus of audit firms continues to go beyond statutory audit work.
It is a potential concern for regulators that the provision of non-audit services may affect independence and audit quality. It is thus important to keep monitoring market developments closely, in particular while audit firms compete for new tasks, as a result of recent EU legislation such as the Corporate Sustainability Reporting Directive(26) requiring the assurance of sustainability reports, and the Digital Services Act(27) requiring an assessment of compliance with the obligations for designated very large online platforms and search engines.
3. A small shift in the European audit market was noted, where the Big Four have relinquished a portion of their market share in favour of the remaining 10 Key Audit Players, though they maintain a high degree of market concentration.
The distribution of PIE audits amongst the players has changed, with a larger proportion of work carried out by other market players than the Big Four. However, changes in the market structure in terms of revenue are less important than the number of engagements.
A slight increase was found in the frequency of joint audits in several EU Member States. However, joint audits are still primarily carried out in France.
4. While no “systemic risk” has been identified, NCAs continued to detect in their inspections a high frequency of deficiencies. They often, but not always, assessed the level of responsiveness of audit firms to deal with inspection findings as sufficient.
On the one hand, this echoes the call for more transparency of inspection results by the public, or at least by audit committees, to provide greater accountability and better understanding of the level of audit quality at firm level. On the other hand, it is important for NCAs to continue to press the audit firms to make improvements through the CEAOB and European colleges of regulators, so that they put in place more preventive internal measures to avoid audit shortcomings.
5. In general, audit committees have improved the performance of their supervisory responsibilities since the last reporting period.
Most audit committees actively monitor auditor independence and participate in the selection of new auditors or firms, as well as the approval of non-audit services. There is more oversight and scrutiny of non-audit services. In most tenders, several statutory auditors or audit firms are invited, leading to an increase in the number of bids per tender.
Given the significant role of audit committees in ensuring audit quality, further discussions are needed between audit committees and NCAs. Harmonising and strengthening the oversight of audit committees by NCAs should also be considered.
6. The effects of inflationary pressures, rising interest rates, geopolitical instability, and the increasing use of data analysis tools and artificial intelligence in the field of audit may pose challenges to the audit sector over the coming years. The impacts of these changes should be monitored.
Given the transnational nature of those changes, strengthening European collaboration and ensuring coherence between regulations and cooperation tools will facilitate this monitoring process. Joint inspections between NCAs and through the CEAOB should be considered to improve the oversight of audit firms and networks operating throughout the EU.
1() Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (OJ L 158, 27.5.2014, p. 77).
2()https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52017DC0464.
3()https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021DC0029.
4() Norway is included in 2021 figures, but not in 2018. UK is not included in 2021 nor in 2018 figures.
5() Austria, Belgium, Bulgaria, Greece, Spain, France, Finland, Croatia, Ireland, Malta, Poland, Romania and Sweden reported joint audits in 2021.
6() Norway is included in 2021 figures, but not in 2018. UK is not included in 2021 nor in 2018 figures.
7() No data from Belgium and Sweden.
8() Data collected in national currencies has been converted into euro using 31/12/2021 exchange rates. Source: Bloomberg.
9() Baker Tilly, BDO, Deloitte, EY, Grant Thornton, KPMG, Mazars, Nexia, RSM and PwC. Largest audit firms in the EU as identified by the CEAOB based on the 2021 Survey.
10() Data for 25 Member States and Norway (no data from Belgium and Sweden).
11() No data from Belgium and Sweden.
12() 2 NCAs: Denmark and Spain and 1 NCA: The Netherlands.
13() Most NCAs based turnover on audit firms (as defined in Article 2(3) of Directive 2006/43/EC) as opposed to the audit network (as defined in Article 2(7)). The data is approximate due to differing reference periods.
14() Austria, Belgium, Cyprus, Denmark, Estonia, Finland, Italy, Luxemburg, Norway, The Netherlands and Sweden.
15() Bulgaria, Greece, France, Croatia, Ireland, Lithuania, Latvia, Malta, Poland, Portugal, Romania, Slovakia and Slovenia.
16() Some NCAs reported challenges in measuring non-audit services to other entities, as those are services outside the audit firm.
17()Eight NCAs reported data referring to 3‑year inspection cycles.
18()Inspection findings are deficiencies in audit procedures that indicate that the audit firm did not obtain sufficient appropriate audit evidence to support its opinion, but do not necessarily imply that those financial statements are also materially misstated.
19() This analysis is based on audit inspection findings, as reported by Member States in 2020/2021, in the database maintained by the CEAOB Inspection Sub-Group. The CEAOB analysed the database to identify themes that drive dialogue between audit firms / standard-setters and CEAOB and to alert inspectors to high-risk areas. It focused on the incidence of findings by ISAs, quality control and ethics.
20() Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87).
21()The aim of the questionnaire was to assess compliance with the requirements of the audit legislation and to foster the relationship between NCAs and audit committees. In 2018, the questionnaire was sent to 2 770 audit committees across 26 Member States with a similar response rate of about 60%.
22() Article 4(2) and 6(2)(b) of the Regulation, Article 39(6)(e) of Directive 2006/43EC.
23() Article 5(4) of the Regulation.
24()Article 4(2) of the Regulation.
25()Article 16(3)(a) of the Regulation.
26()Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting.
27()Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC.
EN EN