EUROPEAN COMMISSION
Brussels, 28.1.2021
COM(2021) 29 final
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN CENTRAL BANK AND THE EUROPEAN SYSTEMIC RISK BOARD
on developments in the EU market for statutory audit services to public-interest entities pursuant to Article 27 of Regulation (EU) No 537/2014
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN CENTRAL BANK AND THE EUROPEAN SYSTEMIC RISK BOARD
on developments in the EU market for statutory audit services to public-interest entities pursuant to Article 27 of Regulation (EU) No 537/2014
1.Introduction
The audit legislation adopted in the aftermath of the financial crisis was aimed at improving statutory audits in the EU by reinforcing auditors’ independence and their professional scepticism vis-à-vis the management of the audited company. Pursuant to Article 27 of Regulation (EU) No 537/2014 (‘the Regulation’), this report assesses developments in the EU market for carrying out statutory audits on public-interest entities (PIEs) between 2015 and 2018, focusing on:
-market concentration;
-the risks arising from audit quality deficiencies; and
-the performance of audit committees (ACs).
Unless otherwise specified, reports from the national authorities responsible for audit oversight (NCAs) are the main source of data. It refers mostly to 2017 and 2018 and was collected in 2019 on the basis of selected market indicators. It thus includes data from the United Kingdom. The Commission prepared the report in cooperation with the Committee of European Auditing Oversight Bodies (CEAOB).
This is the first such report since the EU audit reform (see above). Overall, the data was more accurate than in 2017. However, EU-level data consolidation remains a challenge, due to a lack of national data on turnover and revenues, different reporting periods and differences in the implementation of EU audit legislation. Also, comparability in the area of quality assurance indicators remains a challenge, due to the NCAs’ use of different methodologies.
2.Developments in the EU market for statutory audits of PIEs
2.1.Market overview
The Regulation lays down specific requirements for statutory audits of PIEs whose definition is given in the audit Directive such as listed companies, banks, insurance undertakings and ‘national PIEs’ designated by Member States (e.g. undertakings that are of significant public relevance because of the nature of their business, their size or how many employees they have).
This section describes the PIE statutory audit market 2 years after the audit reform.
Fewer statutory auditors and audit firms in the EU; less choice for PIEs.
The figures show a decrease from 2015 in the number of EU sole practitioners, including a slight fall in the number of statutory auditors employed by and associated with audit firms (as partners or otherwise). The number of registered audit firms in the EU also dropped, by 6%. The proportion of audit firms auditing PIEs is close to 4% of all registered audit firms, down almost 2 percentage points from 2015.
Table 1:
EU registered statutory auditors and audit firms (2015-2018)
This contraction in the number of registered statutory auditors and audit firms coincided with a fall in the number of PIEs, mostly driven by a cut in the number of ‘national PIEs’ as a result of most Member States revising their definition of that concept.
The number of PIE statutory audits also shrank, by around a third, in 2015‑2018 (Figure 1). Listed companies were the largest type of PIE across the EU in 2018, representing 44% of the total. The relative weights of PIE categories vary by Member State, but the most significant change was a 73 percentage points cut in the ‘national PIE’ category, which was the largest in 2015 but represented just 19% of all PIEs in 2018.
Joint PIE audits represent only 9% of PIE statutory audits. Of the 10 Member States that reported joint audits, France again had the most (86% of the EU‑28 total).
Figure 1:
PIEs and PIE statutory audits, EU‑28 (2015-2018)
The EU turnover of audit firms auditing PIEs increased by an estimated 9% in 2015‑2018, while non-audit work dominated the revenues of large audit firms.
EU‑27 turnover of audit firms auditing PIEs was about €34 billion in 2018. Data for the 10 key audit firms (10KAP) supports an estimate for EU‑28 turnover of around €40 billion. Revenues from statutory audits rose by 6% to almost €12.7 billion, 25% of which was from PIE statutory audits.
Turnover figures by Member State vary widely, with Germany and the UK still the two largest markets (65% of EU turnover of audit firms).
Around two thirds of the EU turnover of audit firms auditing PIEs, reported by firm or at network level, originated from non-audit service (NAS) revenues (from permitted NAS to audited entities and NAS to other entities), showing business diversification and a focus beyond traditional audit work.
Only 9% of total EU turnover was from revenues from PIE statutory audits; 35% was from all statutory audit services (Figure 2). However, this varies across Member States; in seven Member States, less than a third of revenues was from statutory audits.
Figure 2:
Revenue breakdown of EU turnover of audit firms auditing PIEs (2018)
Four NCAs from the European Competition Network reported that they had carried out a sector inquiry in the audit market or an antitrust or merger activity in the sector in 2015‑2018. The UK reported on a study on its national statutory audit market.
2.2.Market concentration
Member States provided market data for PIE statutory audits by the ‘Big Four’ (PwC, Deloitte, KPMG and EY), ‘CR4’ (the four biggest audit firms in each country) and the 10KAP.
Persistently high market concentration in 2015-2018. Overall, the Big Four remained the largest audit firms, but changes in their individual shares are visible. There are also signs of higher concentration in the 10KAP than in the previous report.
The Big Four hold an oligopoly in 13 Member States (up from 11 in 2015) and an average EU market share of 70% of all PIE statutory audits. In seven Member States only are they not the four largest audit firms (Figure 3).
Figure 3:
Audit firms’ market share in number of PIE statutory audits (2018)
The Big Four are even more dominant in terms of revenue from PIE statutory audits (Figure 4). Among the Member States in which they had an aggregate market share below the EU average, France reported that 60% of all PIE statutory audits were joint audits.
Figure 4:
% of PIE statutory audits, % of revenue from PIE statutory audits and % of revenue from audits of other entities, by Member State (2018)
The Big Four still dominate the PIE statutory audit market
The Big Four’s EU aggreggated concentration level in number of PIE statutory audits fell by about 3 percentage points, with Deloitte experiencing a drop of close to 9 percentage points. The Big Four held about 66% of the aggregated market of PIE statutory audits in 2018 (Figure 5). In terms of audit firms’ total turnover, they accounted for around 80% of the EU total.
Figure 5:
10KAP market share of number of PIE statutory audits (2018)
The Big Four dominate the PIE statutory audit market, with over 90% of total revenues.
In the market for statutory audits of other entities, the Big Four have a share of close to 70%. They also hold an aggregated market share of around 85% in segments not related to audit work (permitted NAS to audited entities and NAS to other entities) (Figure 6).
Figure 6:
EU market shares of audit firms auditing PIEs in each market segment, revenues (2018)
The Big Four or their network derive a significant proportion (around 70%) of NAS revenues from audit and non-audit clients; the situation varies across Member States.
The estimated EU revenue structure shows that the Big Four generate close to 30% of their revenues from audit practices and a high percentage (close to 60%) from non‑audit work, particularly NAS for other entities.
2.3.Risks arising from quality deficiencies
Most NCAs’ reporting on quality assurance related to inspection cycles of 1 year, carried out mostly in 2018 but with different start and end dates. Seven NCAs reported data referring to 3‑year inspection cycles. For the purpose of this report, we use the CEAOB definition of findings, which tallies with that of the International Forum of Independent Audit Regulators (IFIAR). Because of the need to exercise professional judgment when interpreting Member States’ categorisation of quality deficiency data, it is difficult to aggregate the information and draw general conclusions at EU level.
The number of PIE audit files inspected decreased by 25%, along with a 35% drop in the number of PIE statutory audits (due to changes in Member States’ definition of ‘PIE’). Despite fewer PIE audit engagement inspections, there appears to have been more of a focus on PIE audit engagements as compared with the full audit inspection population in 2015-2018.
The qualitative assessment section below is based on data from national market monitoring reports and a CEAOB analysis. It covers two main areas:
-deficiencies; and
-mitigation and systemic risk analysis.
The most frequent issues highlighted (as in 2017) are deficiencies in audit firms’ internal quality control systems (e.g. lack of sufficient audit evidence and documentation). Audit supervisors will continue to focus on these.
The main common findings with respect to internal quality control systems relate to:
·ethics and the independence of statutory auditor or statutory audit firm staff;
·engagement quality control review (EQCR);
·lack of, or inappropriate, monitoring of high-risk audited entities; and
·lack of audit evidence and audit documentation.
As regards the inspections on PIE audit engagement files, NCAs identified common findings in the following main areas:
·risk assessment;
·materiality and sampling;
·internal control testing;
·audit quality and evidence; and
·group audits.
This tallies with the five international standards on auditing (ISAs) identified in CEAOB’s analysis as the subject of the most findings (over 60% of all audit findings from 22 NCAs in the CEAOB database):
-the auditor’s responses to assessed risks (ISA 330);
-audit evidence (ISA 500);
-auditing accounting estimates, including fair value accounting estimates, and related disclosures (ISA 540);
-identifying and assessing the risks of material misstatement through understanding the entity and its environment (ISA 315); and
-special considerations — audits of group financial statements, including the work of component auditors (ISA 600).
Most NCAs put in place mitigation measures and remedies to address the identified findings. However, most of the audit oversight bodies reported no sanctions being applied as a result of the findings and no systemic risk. In general, the findings and sanctions do not apply to the same reporting period (it takes some time to investigate and impose sanctions).
A third of the Member States provided no information as regards repeat findings (i.e. same findings identified in the same audit firms in previous inspection cycles) or stated that there were none.
The most common reported areas for mitigation and risk analysis were:
·ethics and independence;
·risk assessment and EQCR;
·analysis of the internal control system and EQCR; and
·fair value measurements and fraud procedures.
Remediation action plans and root‑cause analysis are among the most common follow‑up measures. Not all findings will warrant sanctions and 60% of NCAs said that they had not imposed any. Some audit oversight bodies made recommendations to the audit firms, with implementation deadlines.
The level and measurement of systemic risk remains diverse. Most NCAs identified no systemic risks. Four reported systemic deficiencies at national level, but indicated that the findings could not, in combination, lead to the demise of an audit firm. The CEAOB analysis reported that NCAs engage with and challenge audit firms through interaction in regulatory colleges and meetings at Inspections Sub-Group plenary sessions.
2.4.Performance of audit committees
The available data does not allow for an overall assessment of ACs’ performance, given the differing approaches to AC monitoring across Member States and the fact that most information is based on ACs’ self-assessment. However, NCAs have made progress in gathering information and establishing a relationship with ACs.
Article 39 of the Audit Directive requires companies to set up ACs (of which there are about 6 400) and Article 27(1)(c) of the Regulation requires NCAs to monitor the ACs’ performance. ACs are most commonly constituted as a stand-alone committee or a committee of a supervisory/administrative body and play a central role in the corporate governance model, in particular for larger PIEs. They interact with various actors, internally (e.g. management, supervisory/administrative bodies) and externally (e.g. external auditors, shareholders and regulators).
Oversight bodies obtained information from the ACs through various channels. For example, a targeted CEAOB questionnaire was sent to a sample of ACs across Member States. However, as this involved AC self-assessment, it has limitations when it comes to interpreting the data.
ACs are subject to NCA oversight in 21 Member States.
The EU legislation does not specify NCAs’ oversight tasks vis-à-vis the ACs. There are wide variations among Member States as regards which authority is responsible for supervising and interacting with them. Most often, NCAs share responsibility with the national financial supervisory authority.
NCAs engage in different ways with the ACs under their jurisdiction. Most do so mainly through surveys/questionnaires, dialogue and workshops, webinars and conferences.
The CEAOB questionnaire showed a need for more monitoring of ACs’ interactions with external auditors, the organisation of tender processes, approval of the provision of permitted NAS, and the recording of fees paid.
The feedback indicates compliance with the main requirements for ACs’ composition and skills, their independence and interaction with the administrative/supervisory body, and the oversight of the audit function.
However, the results show that the selection process for audit tenders is a challenge for ACs – replies on this topic indicate either non-compliance with the audit legislation or a lack of understanding of how to apply it.
The auditor selection process
ACs are responsible for the procedure for selecting statutory auditors. About 87% actually claim to do so. 75% of the PIEs that proceeded to tender invited two to seven audit firms. 16% issued an invitation to tender to just one, even though Article 16(2) of the Regulation requires that at least two be invited to participate in the tender process.
In addition, there is a correlation between the number of audit firms invited to participate in a tender and the number that finally submitted an offer. About 55% of ACs reported that two or three statutory auditors (audit firms) generally submitted an offer following the tendering process. However, analysis of the responses showed that 19% of ACs receive only one credible bid.
Half of the ACs said that the tender process allows for the participation in the selection procedure of firms that received less than 15% of their total fees from PIEs in the Member State in the previous calendar year. These ACs may not fully understand, or may not be applying, Article 16(3) of the Regulation.
Interaction with the external auditor
ACs are responsible for reviewing the independence of the audit firm and the quality of audit, including the approval of permitted NAS, tendering and the selection of the external auditor. About half confirmed that the statutory auditor (or a member of its network) submitted a tender for the provision of permitted NAS. 80% said that they did not examine requests for the provision of NAS in accordance with Article 5(4) of the Regulation. 4% did not monitor fees paid to the statutory auditor.
3.Conclusions
This report describes developments in the market for the provision of PIE statutory audits between 2015 and 2018. These give some preliminary indications as to the effects of the audit reform and point to possible areas for further assessment. Such assessment should take into account recent scandals involving high-profile corporate entities across the EU (e.g. Carillion, Thomas Cook and Wirecard), which can undermine the reputation of the audit profession and investor confidence.
The key findings of this report are as follows:
1)Persistent high concentration, as the Big Four still dominate the PIE statutory audit market in most Member States
The dominance of the Big Four in the majority of Member States, combined with the high proportion of revenue from non-audit work, could affect their independence, the level of audit fees and audit quality. The risk is exacerbated by the remedial measures to ease audit firms’ conflicts of interest as regards PIEs (e.g. rotation requirement, prohibited NAS, cap on permitted NAS, etc.), which may reduce yet further the choice of PIE statutory auditors or audit firms in the market.
The Commission will therefore pay particular attention to monitoring, in close cooperation with the NCAs and CEAOB, how the new rules are influencing competition on the market for PIE audits. In addition, it will assess how the options under the Regulation affect national markets and the EU level playing field.
NCAs are encouraged to close data gaps (e.g. on NAS revenues, etc.) to improve the monitoring of market developments and concentration analysis.
2)The assessment of quality deficiencies remains challenging
The quality issues that crop up most often at EU level remain:
·deficiencies in audit firms’ internal quality control systems;
·lack of, or inappropriate, monitoring of high-risk audited entities; and
·lack of audit evidence and documentation.
To improve the quality of assessments, it may help to enhance convergence for the audit industry in the EU as regards types of supervisory action, remedial follow-up measures and sanctions imposed.
Following these findings, the Commission will evaluate the EU audit legislation and assess possible ways of improving the consistency of quality assurance and investigation and sanctions arrangements across Member States. It will also assess the need to make inspection reports (including a description of work done as part of the inspection) more accessible by the public, or at least by ACs. This could involve digitalising or tagging reports more to facilitate access.
The pre-defined categorisation of findings used for the quality assurance indicators in the second report improved the assessment of the data provided by NCAs. Nonetheless, NCAs should do more to:
·ensure convergence in the interpretation of findings and categories;
·identify effective quality indicators to improve the measuring of audit quality; and
·enhance the evaluation and interpretation of systemic risk.
The report confirms that the same issues arise repeatedly and therefore seem to be structural. The Commission will liaise with CEAOB to identify measures to improve the situation.
3)Differing approaches to monitoring across the EU challenge NCAs’ assessment of ACs’ performance
Most audit supervisors engaged with ACs under their jurisdiction. NCAs improved their knowledge of the ACs’ work, especially through the CEAOB questionnaire, which was based on self-assessment. However, this provided only a limited insight into the ACs’ performance.
The Commission will assess possible ways of improving NCAs’ ability to oversee ACs. It will also analyse how to reinforce ACs’ independent role in the selection process and oversight of the auditor. It has been working with CEAOB to facilitate the dialogue between ACs and NCAs, in particular through seminars or conferences. It will evaluate how further to facilitate such interaction.
In order to facilitate a more detailed assessment of ACs’ functioning and effectiveness, NCAs are recommended to reach out to more ACs at national level and to develop their understanding of how ACs operate and take decisions.
The Commission will continue to monitor market events. Some NCAs are launching studies and reviews into their national audit markets to gather more information on possible market weaknesses. As some of the issues identified in the report may be of relevance to the Wirecard case, the Commission will discuss with CEAOB what lessons need to be learned in light of this case.
Finally, the Commission has launched a study to assess the effects of the EU audit legislation on the statutory audit market. The findings of the study and of this report will feed into an evaluation of the EU audit framework, to review its effectiveness in improving transparency, audit quality and competition in the audit market, particularly for PIEs. The evaluation will also examine the effects on the audit sector of the economic crisis induced by the COVID‑19 pandemic.