Explanatory Memorandum to COM(2011)779 - Specific requirements regarding statutory audit of public-interest entities - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2011)779 - Specific requirements regarding statutory audit of public-interest entities. |
|---|---|
| source | COM(2011)779  |
| date | 30-11-2011 |
The measures adopted both in Europe and elsewhere in the direct aftermath of the financial crisis have mainly focused on the urgent need to stabilise the financial system. While the role played by banks, hedge funds, rating agencies, supervisors or central banks has been questioned and analysed in depth in many instances, little or no attention had been given to the role auditors played in the crisis – or indeed the role they should have played. Given that many banks revealed huge losses from 2007 to 2009 on the positions they had held both on and off balance sheet, it is difficult for many citizens and investors to understand how auditors could give clean audit reports to their clients (in particular banks) for those periods.
It is important to note that in a crisis where €4 588.9 billion of taxpayer money was committed to support banks between October 2008 and October 2009 and where such aid accounted for 39% of EU 27 GDP in 2009 i, all components of the financial system need to be improved.
Robust audit is key to re-establishing trust and market confidence. It contributes to investor protection by providing easily accessible, cost-effective and trustworthy information about the financial statements of companies. It also potentially reduces the cost of capital for audited companies by ensuring more transparency and reliability of financial statements.
It is also important to stress that auditors are entrusted by law to conduct statutory audits of the financial statements of companies which enjoy limited liability and/or are authorised to provide services in the financial sector. This entrustment responds to the fulfilment of a societal role in offering an opinion on the truth and fairness of the financial statements of those companies.
Since 1984, EU rules have partially regulated statutory audit when a directive (Directive 1984/253/EEC) harmonized the procedures for the approval of auditors. Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (hereinafter Directive 2006/43/EC) was adopted in 2006 and considerably broadened the scope of the former Directive.
The financial crisis has highlighted weaknesses in the statutory audit especially with regard to Public-Interest Entities (PIE), entities which are of significant public interest because of their business, their size, their number of employees or their corporate status is such that they have a wide range of stakeholders. Therefore, this proposal lays down conditions for carrying out the statutory audit on the financial statements of PIEs.
Contents
- RESULTS OF CONSULTATIONS WITH THE INTERESTED PARTIES AND IMPACT ASSESSMENTS
- LEGAL ELEMENTS OF THE PROPOSAL
- BUDGETARY IMPLICATION
- 3.1 Legal basis
- 3.2. Subsidiarity and proportionality
- 3.3. Detailed explanation of the proposal
- 3.3.1. Title I (subject matter, scope and definitions)
- 3.3.2. Title II (Conditions for carrying out statutory audit of public-interest entities)
- Chapter II (Confidentiality and professional secrecy)
- Chapter III (Performance of the statutory audit)
- Chapter IV (Audit reporting)
- Chapter V (Transparency reporting by statutory auditors and audit firms and record keeping)
- 3.3.3. Title III (The appointment of statutory auditors or audit firms by public-interest entities)
- 3.3.4. Title IV (Surveillance of the activities of auditors and audit firms carrying out statutory audit of public-interest entities)
- Chapter II (Quality assurance, investigation, market monitoring, contingency planning and transparency of competent authorities)
- Chapter III (Cooperation between competent authorities and relations with the European supervisory authorities)
- Chapter IV (Cooperation with third country auditors and with international organisations and bodies)
- 3.3.5. Title V (Supervisory measures and penalties)
- 3.3.6. Title VI (Reporting and transitional and final provisions)
- 3.3.7. Regulatory technical standards and compliance with Article 290 TFE
The Commission conducted a consultation from 13 October to 8 December 2010 i.
In all, almost 700 responses from various stakeholders; these included members of the profession, supervisors, investors, academics, companies, government authorities, professional bodies and individuals were received.
The consultation has shown both an appetite for as well as resistance to change; stakeholders who are currently well established are particularly opposed to changes. On the other hand, especially small and medium sized practitioners as well as investors concluded that the recent financial crisis highlighted serious shortcomings. A summary of public submissions received can be found on:
ec.europa.eu/internal_market/consultations/docs
In addition, a high level conference on audit held by the Commission on 10 February 2011 i allowed for a further exchange of views.
The European Parliament adopted an own-initiative report on 13 September 2011 on this matter in reaction to the Commission's Green Paper and urges the Commission to ensure more transparency and competition in the audit market.[4] The European Economic and Social Committee (EESC) adopted a similar report on 16 June 2011.[5]
The issues were also brought to the attention of the Member States at the Financial Services Committee meeting of 16 May 2011 and at the Audit Regulatory Committee meeting of 24 June 2011.
In keeping with the principles of Better Regulation, the Impact Assessment identifies the various problem areas that may require regulatory action:
· There is an expectation gap between what stakeholders expect of an audit and what auditors actually do.
· Independence is neither assured nor demonstrable in a paradigm where audit has effectively become one of a plethora of commercial services. The lack of regular tendering of audit services and periodic rotation of audit firms has deprived audit of its key ethos: professional scepticism.
· Market concentration and lack of choice: The market is so polarised that rare is the occasion when the auditor of a PIE is not a Big Four firm. In the majority of Member States, the Big Four audit more than 85% of large listed companies.
The impact assessment resulted in the following preferred policy options:
· The scope of statutory audit should be clarified and specified and the information that the auditor provides to users, the audited entities, audit committees and supervisors improved.
· The prohibition of the provision of non-audit services to the audited entities and even the prohibition of the provision of non-audit services in general would effectively address the need to reinforce independence and professional scepticism. Moreover, stricter rules in the procedure for the appointment of auditors and the introduction of mandatory audit firm rotation would contribute to higher quality audits.
· To facilitate an objective choice of an audit provider, contractual clauses limiting audit firm choice should be prohibited, the transparency on audit quality and on audit firms should be increased and an audit quality certification should be established.
· To increase the choice of audit providers ownership restrictions should be lifted.
· National audit supervisory authorities should be strengthened and an EU-wide cooperation within the European Securities and Markets Authority (ESMA) should be set up.
The impact assessment report for this proposal can be found on:
ec.europa.eu/internal_market/auditing/index_en
The existing Directive 2006/43/EC is based on Article 50 TFEU. The establishment related requirements (e.g. those requirements that deal with the approval/registration of auditors) and amendments thereto remain within the purvey of the Directive i.
Specific additional requirements that deal with the conduct of a statutory audit of PIEs are set out in this regulation, based on Article 114 TFEU.
So far, EU rules have left a large discretion to Member States, which in turn have largely relied on self-regulation by the profession. The crisis has shown that self-regulation is not adequate when looking towards the future. Moreover, the problems highlighted in the Impact Assessment cannot be solved at a national level as important differences would emerge in the regulatory framework and this in turn would seriously undermine the single market.
Given the interconnected nature of securities markets and financial actors, audit should be conducted across the Union within a harmonised framework. It is critical that the role, independence of auditors and the market structure are dealt with at the level of the Union as PIEs in Europe often have cross-border activities. It is worth noting that legislation covering investor protection as well as financial institutions is already enacted at the level of the Union.
Moreover, a coordinated approach at the level of the Union, supplemented by international support, would also lower the risk of regulatory arbitrage.
The proposal respects the principle of proportionality and it does not go beyond what is necessary to achieve the objectives pursued.
Articles 39 to 43 of Directive 2006/43/EC already deal with certain requirements which apply to the statutory audit of PIEs. Those requirements will no longer be comprised in the Directive, but integrated (and further developed) in this Regulation.
A Regulation is a suitable and proportionate legal instrument to ensure high quality of audits of PIEs. The direct applicability of a Regulation offers greater legal certainty. Also, the legislation would become applicable at the same date across the Union, thus avoiding problems associated with the late transpostion of legislation by Member States[7]. Furthermore, a regulation offers the highest degree of harmonisation: statutory audits would be carried out under substantially identical rules in all Member States.
The Regulation applies to auditors that carry out statutory audits of PIEs and to the audited PIEs, e. g. rules on the audit committee which a PIE is required to have.
For the purpose of the Regulation the definitions that apply to the amended Directive 2006/43/EC should also apply here. As the financial sector evolves, new categories of financial institutions are created under Union law and it is thus appropriate that the definition of PIEs also encompasses investment firms, payment institutions, undertakings for collective investment in transferable securities (UCITS), electronic money institutions and alternative investment funds.
Chapter I (Independence and avoidance of conflict of interest)
An auditor should establish adequate policies and procedures to ensure compliance with the obligations under the Regulation regarding independence, internal quality control systems and the supervision of employees.
Former auditors, key audit partners or their employees are not allowed to take up a key management position in the audited entity, to become a member of the audit committee of the audited entity, to become a non-executive member of the administrative body or to join the supervisory body of the audited entity within two years after the termination of the audit engagement.
The fees for the provision of related financial audit services to the audited entity should be limited to 10 % of the audit fees paid by that entity. Additionally, where the total fees, audit and related financial audit services, received by an auditor from a PIE reach a significant percentage of his/her/its total annual fees, appropriate safeguards should be applied.
The statutory auditor, audit firm or member of the audit firm's network will be prevented from providing certain non-audit services which are fundamentally incompatible with the independent public-interest function of audit to their audited entities in all cases, while for other non-services that are not fundamentally incompatible with the audit services, the audit committee or the competent authority will be empowered to assess, depending on the concrete circumstances, whether or not they may be provided to the audited entity.. However, related financial audit services could be provided. The Commission is empowered to adapt the lists of authorised services and of prohibited services in accordance with the conditions set out in Title VI. In addition, audit firms of significant dimension should focus their professional activity on the carrying out of statutory audit and should not be allowed to undertake non-audit services.
Before accepting or continuing an engagement, an auditor should assess all potential threats to his/her/its independence and confirm his/her independence to the audit committee.
Auditors should not invoke professional secrecy rules to prevent the application of the provisions of this proposal.
Article 13 ensures that necessary information can be exchanged during the performance of the audit. However, such rules would not allow an auditor to cooperate with third country authorities outside the cooperation channels foreseen in Chapter XI of Directive 2006/43/EC.
The Regulation lays out that the auditor should take the necessary steps with a view to forming an opinion as to whether the financial statements give a true and fair view and have been prepared in accordance with the relevant financial reporting framework. It does not include the assurance on the future viability of the audited entity nor the efficiency or effectiveness with which the management or the administrative body has conducted or will conduct the affairs of the entity. However, this exclusion should neither undermine the tasks that an auditor needs to undertake in order to conduct the audit properly nor any reporting requirements.
Professional scepticism is reinforced. The auditor should always remain alert to the possibilty of a material misstatement due to error or fraud, notwithstanding the auditor's past experience with the entity.
Basic requirements for the performance of the statutory audit are established. The audit firm should designate at least a key audit partner, who should be actively involved in the carrying out of the statutory audit. Sufficient resources should be assigned as well. A client account record should be maintained and an audit file should be created. Moreover, the auditor should make sure that all the organisational requirements are properly applied.
Where an incident which has or may have serious consequences for the integrity of the statutory audit activities happens, the auditor should take appropriate measures with a view to managing the consequences of the incident and prevent any recurrence.
In the case of the audit of consolidated financial statements, where the group auditor is not in the position to document the audit work performed by third-country auditor(s), he needs to take appropriate measures including additional audit work and inform the competent authority.
An auditor/audit firm should carry out its own internal quality control review before submitting the audit report. The review should be the responsibility of an auditor who is not involved in the performance of the statutory audit to which the internal quality review relates.
The content of the audit report disclosed to the public is expanded so that it explains the methodology used, especially how much of the balance sheet has been directly verified and how much has been based on system and compliance testing, the levels of materiality applied to perform the audit, the key areas of risk of material misstatements of the financial statements, whether the statutory audit was designed to detect fraud and, in the event of a qualified or adverse opinion or a disclaimer of opinion, the reasons for such a decision. It should also explain the variation in the weighting of substantive and compliance testing when compared to the previous year.
Moreover, the auditor should also prepare a longer and more detailed report for the audit committee. This report would provide more detailed information on the audit carried out, on the situation of the undertaking as such (e. g. going concern) and the findings of the audit combined with the necessary explanations. This additional report would also present (and justify) the audit work carried out to the audit committee. This longer report would be submitted to the audit committee and to the management of the audited entity, but not to the public (given that its content would include business secrets and potentially price sensitive information). However, upon request, the auditor should make this report available to the competent authority.
In most of the financial services directives, the auditor is already required to the competent authorities supervising the PIE any fact or decision concerning the PIE. This obligation is now extended to all PIEs. Moreover, competent authorities supervising credit institutions and insurance undertakings should establish a regular dialogue with the auditors.
Auditors will be required to disclose financial information, showing in particular their total turnover divided into audit fees paid by PIEs, audit fees paid by other entities and fees for other services. They should also disclose financial information at the level of the network to which they belong.
The transparency reports of auditors of PIEs should be completed by a statement on the firms' own corporate governance. Additional supplementary information on audit fees should be provided to competent authorities with a view to facilitating their supervisory tasks.
The auditor should keep certain documents and information for a period of five years.
3.3.3. Title III (The appointment of statutory auditors or audit firms by public-interest entities)
In order to reinforce the independence and capacity of the audit committee, it should be composed of non-executive members, at least one member should have experience and knowledge in auditing and another one in accounting and/or auditing.
The proposal for the appointment of the auditor to the meeting of shareholders should be based on a recommendation of the audit committee. The recommendation should always contain a justification of the decision proposed. In addition, unless it concerns the renewal of an audit engagement, the recommendation should contain at least two choices (excluding the incumbent auditor) and the audit committee should express a duly justified preference for one of them. The recommendation of the audit committee should be made after the completion of a due tendering process. In the case of credit institutions or insurance undertakings, the audit committee should submit its recommendation to the prudential supervisory authority, which should have the right to veto the choice proposed.
Contractual clauses with third parties limiting the audited entity's choice of an auditor should be prohibited.
With a view to addressing the threat of familiarity that results from the audited undertaking often appointing and re-appointing the same audit firm for decades, the regulation introduces mandatory rotation of audit firms after a maximum period of 6 years that may be, under certain exceptional circumstances, extended to 8 years. Where a public-interest entity has appointed two or more statutory auditors or audit firms, the maximum duration of the engagements will be 9 years; on an exceptional basis, such duration may be extended to 12 years. It also provides for a cooling-off period before the audit firm is able to carry out the statutory audit of the same entity again. In order to ensure a smooth transition the former auditor is required to transfer a handover file with relevant information to the incoming auditor.
The audit committee, one or more shareholders, the competent authorities and the competent authorities for the supervision of the PIEs are empowered to bring a claim before a national court for the dismissal of the auditor where there are proper grounds.
3.3.4. Title IV (Surveillance of the activities of auditors and audit firms carrying out statutory audit of public-interest entities)
Chapter I (Competent authorities)
Each Member State should designate a competent authority responsible for the supervision of auditors and audit firms auditing PIEs. These authorities should be adequately staffed and independent of auditors. The obligations of professional secrecy apply to the competent authorities employees.
The competent authorities should have all supervisory and investigative powers that are necessary to exercise their function but should not interfere with the content of an audit report..
The competent authorities should cooperate at the national level with the authority responsible for the approval and registration of statutory auditors and audit firms (Directive 2006/43/EC) and with other supervisors of PIEs e. g. the banking or the insurance supervisor.
Chapter II (Quality assurance, investigation, market monitoring, contingency planning and transparency of competent authorities)
The tasks of the competent authorities include:
· undertaking quality assurance reviews on the statutory audits carried out. These reviews should be proportionate to the scale and dimension of activity of the reviewed auditor;
· investigating with a view to detecting, correcting and preventing inadequate statutory audits of PIEs;
· monitoring the developments in the market for the provision of statutory audit services to PIEs;
· regularly monitoring the possible threats to the continuity of the operations of large audit firms, including the risks arising from high concentration and requiring large audit firms to establish contingency plans to address such threats;
· being transparent about their activities, including the publication of individual quality assurance review reports.
Chapter III (Cooperation between competent authorities and relations with the European supervisory authorities)
The regulation requires that the EU-wide cooperation between competent authorities takes place within ESMA, thus taking over the current EU-wide cooperation mechanism under the aegis of the European Group of Auditors' Oversight Bodies (EGAOB), an expert group chaired by the European Commission. ESMA is already working in the field of auditing (and accounting) regarding PIEs and the legal framework foresees the cooperation of ESMA, the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) within their joint committee in the area of auditing. ESMA is required to create a permanent internal committee which should at least be composed of the national competent authorities.
ESMA should issue guidance on several issues: e.g. on the content and presentation of the audit report and the additional report to the audit committe, on the oversight activity of the audit committee or for conducting quality assurance reviews.
A voluntary pan-European audit quality certification is introduced to increase the visibility, recognition and reputation of all audit firms having capacities to conduct high quality audits of PIEs. ESMA should publish the requirements for obtaining the certificate along with any administrative and fee implications. National competent authorities should be involved in the examination of the application for the certificate. Concerning investigation and on-site inspections, competent authorities should notify the competent authority of the other Member State, if they conclude that activities contrary to the provisions of the Regulation are being or have been carried out. Moreover, a competent authority of a Member State may request that an investigation be carried out by the competent authority of another Member State in the latter's territory.
Furthermore, colleges of competent authorities may be established by ESMA upon request of one or more competent authorities in order to facilitate the exercise of certain tasks.
Chapter IV (Cooperation with third country auditors and with international organisations and bodies)
The competent authorities and ESMA may conclude cooperation agreements on the exchange of information with the competent authorities of third countries only if the information disclosed is subject to guarantees of professional secrecy and provided data protection rules are respected.
In order to improve compliance with the requirements of this Regulation and following the Commission Communication of 9 December 2010 entitled Reinforcing sanctioning regimes in the financial sector[8], the powers to adopt supervisory measures and the sanctioning powers of competent authorities are enhanced. Administrative pecuniary sanctions on auditors and PIEs for identified violations are envisaged. Authorities should be transparent about the sanctions and measures they apply.
A transitional regime is introduced regarding the entry into force of the obligation to rotate audit firms, the obligation to organise a selection procedure for the choice of audit firm and the establishment of audit firms that only provide audit services.
In order to take account of developments in auditing and the audit market, ESMA is requested to submit regulatory technical standards to the Commission in order to specify technical requirements on the content of the handover file that the new auditor should receive and the establishment of a European quality certificate for auditors carrying out statutory audits of PIEs. The Commission is empowered to adopt these technical standards as delegated acts.
On 23 September 2009, the Commission adopted proposals for Regulations establishing EBA, EIOPA (The European Insurance and Occupational Pensions Authority (EIOPA), and ESMA (European Securities and Markets Authority)[9]. In this respect the Commission wishes to recall the Statements in relation to Articles 290 and 291 TFEU it made at the adoption of the Regulations establishing the European Supervisory Authorities according to which: 'As regards the process for the adoption of regulatory standards, the Commission emphasises the unique character of the financial services sector, following from the Lamfalussy structure and explicitly recognised in Declaration 39 to the TFEU. However, the Commission has serious doubts whether the restrictions on its role when adopting delegated acts and implementing measures are in line with Articles 290 and 291 TFEU.'
The Commission's proposal has no direct or indirect impact on the European Union budget. In particular, tasks that would be entrusted to EU supervisory bodies as mentioned in the proposal would not entail additional EU funding.