Commission Recommendation of 15 November 2000 on quality assurance for the statutory audit in the European Union: minimum requirements (Text with EEA relevance) (notified under document number C(2000) 3304)
OJ L 91, 31.3.2001, p. 91–97 (ES, DA, DE, EL, EN, FR, IT, NL, PT, FI, SV)
DA DE EL EN ES FI FR IT NL PT SV
|Bilingual display: DA DE EL EN ES FI FR IT NL PT SV|
of 15 November 2000
on quality assurance for the statutory audit in the European Union: minimum requirements
(notified under document number C(2000) 3304)
(Text with EEA relevance)
THE COMMISSION OF THE EUROPEAN COMMUNITIES,
Having regard to the Treaty establishing the European Community, and in particular Article 211, second indent thereof,
(1) Council Directive 84/253/EEC, of 10 April 1984, based on Article 54(3)(g) of the EEC Treaty, on the approval of persons responsible for carrying out the statutory audits of accounting documents(1), lays down the requirements for persons who are allowed to carry out statutory audits.
(2) Quality assurance for the statutory audit is fundamental for ensuring good audit quality. Good audit quality implies adding credibility to published financial information and adding value and protection to shareholders, investors, creditors and other stakeholders.
(3) Quality assurance is the profession's principal means of assuring the public and regulators that auditors and audit firms are performing at a level that meets the established auditing standards and ethical rules. Quality assurance also allows the profession to encourage quality improvements.
(4) Audit opinions throughout the European Union should give a certain minimum level of assurance concerning the reliability of financial information. It could therefore be argued that Member States should have already taken measures to ensure that all statutory auditors carrying out statutory audits are subject to a quality assurance system.
(5) However, quality assurance in the European Union is a relatively new phenomenon which is reflected in the fact that several Member States have implemented it very recently and several other Member States did not have a quality assurance system as at 1 January 1999.
(6) The current national quality assurance systems differ in several aspects such as the scope of the quality review, being mandatory or voluntary, the cycle of coverage and the existence of public reporting. Such differences make it difficult to assess whether national quality assurance systems meet relevant minimum requirements.
(7) At this moment there is no internationally accepted standard defining minimum requirements for quality assurance which could be used as a benchmark for national quality assurance systems.
(8) The scope of this initiative on quality assurance is the EU statutory audit profession as a whole and it aims at setting a benchmark for Member State quality assurance systems throughout the European Union.
(9) The definition of minimum requirements can be complemented by other forms of external control on the statutory audit function that may be carried out by supervisory authorities, stock exchange regulators or other sector specific regulators with the objective of improving the quality of statutory audit.
(10) Additional quality controls of the statutory audit are at the discretion of Member States.
(11) The issue of quality assurance was addressed by the Commission's Green Paper on the role, position and liability of the statutory auditor in the European Union(2), which was supported by the Council, the Economic and Social Committee and the European Parliament.
(12) Following on to the Commission's Communication "The statutory audit in the European Union, the way forward"(3) the EU Committee on Auditing was established which has decided to put quality assurance as one of the priorities on its agenda and its discussions showed agreement that each Member State should have in place a system of quality assurance for statutory audit.
(13) The abovementioned Communication clearly contains an intention to work on harmonising and improving quality on statutory audit preferably without preparing new legislation. It is therefore appropriate to issue a Commission recommendation. If this Recommendation does not bring about the desired harmonisation on quality assurance, the Commission will reconsider the need for legislation. To this effect, the Commission intends to review the situation three years after the adoption of this Recommendation.
(14) The Commission has, following the conclusions of the Lisbon European Council, issued a communication "The financial reporting strategy: the way forward"(4) which underlines the importance of a statutory audit carried out to uniformly high levels across the European Union.
(15) There is general agreement in the EU Committee on Auditing and in the Contact Committee on the Accounting Directives on the minimum requirements in this Recommendation,
That quality assurance systems in the Member States of the European Union should meet the following minimum requirements:
1. COVERAGE OF THE QUALITY ASSURANCE REGIME
Member States should take measures to ensure that all persons carrying out statutory audits are subjected to a quality assurance system.
The term persons is related to the eighth Directive which defines rules on the approval of persons carrying out statutory audits (statutory auditors). Currently not every person in the European Union carrying out statutory audits is subject to a system of quality assurance.
Both peer review and monitoring are acceptable methodologies for quality assurance.
There are essentially two different methodologies of quality assurance applied within the European Union: monitoring and peer review. Monitoring refers to a situation where staff employed by the professional body or regulator manages the quality assurance system and carries out the quality assurance reviews. Peer review refers to a situation where (active) members, "peers", carry out review visits.
Monitoring and peer review are considered as methodologies of equal stature. In either case, care should be taken to ensure both the quality of the reviewers and their objectivity. Adequate measures should be taken to ensure that reviewers have an up-to-date knowledge on auditing standards and quality control systems (see also point 9). This is in particular relevant where the monitoring methodology is applied.
Concerns regarding reviewers objectivity should be mitigated by a sufficient public supervision over the administration and functioning of the quality assurance system and the presentation of its results (see also points 6 and 10). This is of particular importance when the peer review methodology is used.
3. REVIEW COVERAGE AND SELECTION OF REVIEWEES
3.1. The subject for a quality review is the statutory auditor, which can be an audit firm or an individual auditor (see point 1).
Some Member States require joint audits. In this situation the starting point for selection of the subject of quality review could be the individual statutory audit assignment instead of the statutory auditor but the subject of quality review remains the statutory auditor.
3.2. The selection of the statutory auditors for review should be made on a consistent basis so as to ensure coverage of all statutory auditors over a predetermined period.
Provided that a full coverage of all statutory auditors is ensured over a predetermined period of time, the annual selection of statutory auditors for review could be made on a risk basis (for example based on the nature of the client portfolio, the turnover from auditing in relation to total turnover or the results of previous reviews), on a random basis or by a combination of these methods.
3.3. In the case of a multi-office audit firm the optimal unit size for a quality review is the office. A quality assessment of a multi-office audit firm should always include an adequate coverage of its offices.
Larger audit firms have firm wide control policies and procedures ensuring a certain degree of uniformity but individual offices might apply norms and standards differently. It is therefore considered that offices are the most appropriate subject for quality assurance reviews.
3.4. The cycle to achieve full coverage of all statutory auditors should be a maximum of six years.
The current EU systems of quality assurance achieve full coverage in cycles varying from one year to 10 years. In accordance with the differentiation under point 5.1, the cycle of full coverage should be shortened for statutory auditors with "public interest entity" clients.
Where a statutory auditor audits only small, low-risk entities it may be acceptable for the cycle of review to extend to a maximum of 10 years. In such cases it will be necessary to obtain regular information from the statutory auditor to confirm that the nature of his client portfolio has not changed significantly.
3.5. The cycle should be shortened for statutory auditors previously reviewed with less than satisfactory results.
In situations where the outcome of the quality review was in general satisfactory but with some recommendations for improvement it could be more effective to follow up the implementation of the specific recommendations than to carry out a new comprehensive quality review.
4. SCOPE OF QUALITY REVIEW
4.1. Quality assurance relates to statutory audits of financial statements carried out by statutory auditors in public practice. The scope of the quality review should include an assessment of the internal quality control system of an audit firm with sufficient compliance testing of procedures and audit files to verify its adequate functioning.
All Member States have already required audit firms to implement an internal quality control in line with the International Standard on Auditing 220 "Quality Control for Audit work". In addition to the black-lettered paragraphs of ISA 220 it could be necessary to establish at Member State level more specific requirements on the internal quality control of statutory auditors underpinning the quality reviews. These additional requirements could be based on the quality control procedures as mentioned in point 6 of ISA 220, dealing with the objectives of internal quality control systems of audit firms.
4.2. The scope of quality review should include the following subjects for testing individual audit files:
- the quality of the evidence from the audit working papers as a basis for assessing the quality of the audit work,
- compliance with auditing standards,
- compliance with ethical principles and rules, including independence rules,
- audit reports:
1. appropriate format and type of opinion;
2. compliance of financial statements with the financial reporting framework as referred to in the audit report;
3. failure to mention non-compliance of financial statements with other legal requirements as referred to in the audit report.
A statutory audit carried out in compliance with legal requirements, established auditing standards and respecting ethical rules is crucial to users of audited financial information because it ensures a certain level of credibility of audited financial statements. Specific requirements are laid down concerning the audit report because of its importance as the public product of a statutory audit. Compliance with a financial reporting framework is included to underline the instrumental role of the statutory audit for the enforcement of accounting standards.
5. DIFFERENTIATION IN METHODOLOGY
5.1. It is considered appropriate to differentiate between the approach of quality assurance for statutory auditors with public interest entity clients and quality assurance for those with no public interest entity clients. The differentiation relates to some systematic aspects of quality assurance such as a higher frequency of coverage, increased public oversight on managing the quality assurance, and the possibility of access to files of the reviewer by the competent authorities (see point 5.2). Differentiation does not alter the scope, the objectives or the overall methodology of the individual quality review.
The term "public interest entity" includes amongst others: listed companies, credit institutions, insurance companies, investment firms, UCITS (undertakings for collective investments in transferable securities) and pension funds.
5.2. The regulator or competent authority ultimately responsible for administrating and maintaining the quality assurance system may have access to individual files of the reviewer prepared on statutory auditors with, in particular, public interest entity clients. The access to files of the reviewer should be subject to the confidentiality provisions outlined under point 8.
6. PUBLIC OVERSIGHT AND PUBLIC REPORTING
6.1. Quality assurance systems should have adequate public oversight consisting of a majority of non-practitioners on the overview board of the quality assurance system.
Quality assurance systems in the European Union should have enough credibility to satisfy the external objectives: sustaining public confidence and demonstrating to regulators the adequate discharge of self-regulating responsibilities. The public oversight requirement is meant to ensure that the quality assurance is in fact and appearance an exercise with sufficient public integrity. The actual organisation of public oversight for quality assurance will differ between Member States depending on existing structures of supervision on the statutory audit profession and the importance of sector specific regulatory monitoring of statutory audit quality.
Public oversight for quality assurance could be an "add-on" to existing supervision structures on the audit profession that already involve public participation whilst in other situations it would require a separate committee including non-professionals such as representatives of business, representatives of securities regulators and representatives of shareholders.
The objectives of public oversight on quality assurance could include:
1. supervision of the management (planning and control) of the quality assurance system;
2. evaluation of the review results;
3. approval of public reporting of results of quality assurance (see point 6.2).
6.2. The results of quality assurance should be adequately published.
Publication of quality assurance results is another means of adding public credibility to the quality assurance systems. Publication of aggregated results of the quality assurance without naming individual audit firms is considered to be adequate. Public credibility would be enhanced if the reporting also includes recommendations for professional and/or regulatory actions, follow-up to recommendations and sanctions.
7. DISCIPLINARY SANCTIONS
It is necessary to have a systematic link between negative outcomes of quality reviews and initiating sanctions under the disciplinary system. The disciplinary system should include the possibility of removal of the statutory auditor from the audit register.
Quality assurance is not in itself the only tool for disciplinary sanctions. Quality assurance aims at enforcing, demonstrating and improving audit quality. The link between quality reviews and disciplinary sanctions is adding public credibility and is also logical because quality assurance can be seen as an enforcement tool. The possibility of removal from the register is particularly relevant for countries where the registration of certified auditors is separated from the professional body carrying out the quality assurance system.
8.1. The statutory auditor should be exempted from confidentiality clauses concerning audit files of clients for quality assurance reviews.
Most Member States with a quality assurance system have exempted the handing over of audit working files to reviewers from the normal rules on auditor confidentiality. This implies that handing over audit files to the reviewer cannot be a breach of confidentiality and therefore cannot lead to liability actions.
8.2. The reviewer should be subject to confidentiality rules similar to those that statutory auditors have to comply with. Nevertheless, when giving the regulator or competent authority access to the files of the reviewer (see point 5.2) this cannot constitute a breach of confidentiality.
Most Member States with a quality assurance system have included rules on the confidentiality of the reviewer identical to the confidentiality rules that statutory auditors have to comply with when performing statutory audits.
8.3. It should be provided for that all persons who work or who have worked for the relevant regulators or competent authorities responsible for administrating and maintaining the quality assurance system, as well as the members of the public oversight board, shall be bound by the obligation of professional secrecy.
Ultimately depending on national legislation, professional secrecy in this context implies that persons concerned may not divulge confidential information which has been received in the course of their duties to any person or authority whatsoever, save in summary or aggregate form such that the reviewer or the statutory auditor subjected to the quality review, and the audit client to whom the reviewed files relate and the related parties of this audit client cannot be individually identified.
9. QUALITY OF REVIEWER
The quality assurance system should ensure that the persons, either peers or employees of a monitoring organisation, who carry out quality reviews should have appropriate professional education and relevant experience combined with specific training on quality assurance reviews.
In several countries only professionals active in public practice can be appointed as a peer-reviewer. The relevant experience can also relate to sector specific experience.
10. INDEPENDENCE AND OBJECTIVITY OF REVIEWER
The quality assurance system should ensure that for the selection of reviewers for individual review assignments possible conflicts of interest are adequately taken into account. The reviewers should be subjected to the independence requirements applicable to statutory auditors.
The selection of reviewers for individual quality reviews should be based on criteria ensuring the reviewer's independence and objectivity in fact and appearance. The actual application of selection criteria for reviewers could be monitored by the public oversight board.
Adequate resources (input) should be allocated to quality assurance systems in order to give them a realistic impact in the light of public credibility.
It will be clear that quality assurance systems cost money and should therefore be as efficient and effective as possible in order to fulfil the realistic requirements of the public and regulators. If a system of quality assurance is applied in an even-handed way to all statutory auditors in the European Union it will not effect the level playing field of competition in this area.
There are apparent differences in resources used for quality assurance. For a meaningful comparison the total resources should be related to the number of statutory audits, taking into account the (lack of) public interest entity clients of statutory auditors (see also point 3.4, full cycle of coverage). Publication of the resources allocated to external quality assurance will add public credibility.
12. FINAL PROVISION
This Recommendation is addressed to the Member States.
Done at Brussels, 15 November 2000.
For the Commission
Member of the Commission
(1) OJ L 126, 12.5.1984, p. 20.
(2) OJ C 321, 28.10.1996, p. 1.
(3) OJ C 143, 8.5.1998, p. 12.
(4) COM(2000) 359 final, 13 June 2000.