EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52021DC0029

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN CENTRAL BANK AND THE EUROPEAN SYSTEMIC RISK BOARD on developments in the EU market for statutory audit services to public-interest entities pursuant to Article 27 of Regulation (EU) No 537/2014

COM/2021/29 final

Brussels, 28.1.2021

COM(2021) 29 final


on developments in the EU market for statutory audit services to public-interest entities pursuant to Article 27 of Regulation (EU) No 537/2014


on developments in the EU market for statutory audit services to public-interest entities pursuant to Article 27 of Regulation (EU) No 537/2014


The audit legislation adopted in the aftermath of the financial crisis was aimed at improving statutory audits in the EU by reinforcing auditors’ independence and their professional scepticism vis-à-vis the management of the audited company. Pursuant to Article 27 of Regulation (EU) No 537/2014 1 (‘the Regulation’), this report assesses developments in the EU market for carrying out statutory audits on public-interest entities (PIEs) between 2015 and 2018, focusing on:

-market concentration;

-the risks arising from audit quality deficiencies; and

-the performance of audit committees (ACs).

Unless otherwise specified, reports from the national authorities responsible for audit oversight (NCAs) are the main source of data. It refers mostly to 2017 and 2018 and was collected in 2019 on the basis of selected market indicators. It thus includes data from the United Kingdom. The Commission prepared the report in cooperation with the Committee of European Auditing Oversight Bodies (CEAOB).

This is the first such report since the EU audit reform (see above). Overall, the data was more accurate than in 2017. However, EU-level data consolidation remains a challenge, due to a lack of national data on turnover and revenues, different reporting periods and differences in the implementation of EU audit legislation. Also, comparability in the area of quality assurance indicators remains a challenge, due to the NCAs’ use of different methodologies.

2.Developments in the EU market for statutory audits of PIEs

2.1.Market overview

The Regulation lays down specific requirements for statutory audits of PIEs whose definition is given in the audit Directive 2 such as listed companies, banks, insurance undertakings and ‘national PIEs’ designated by Member States (e.g. undertakings that are of significant public relevance because of the nature of their business, their size or how many employees they have).

This section describes the PIE statutory audit market 2 years after the audit reform.

Fewer statutory auditors and audit firms in the EU; less choice for PIEs.

The figures show a decrease from 2015 in the number of EU sole practitioners, including a slight fall in the number of statutory auditors employed by and associated with audit firms (as partners or otherwise) 3 . The number of registered audit firms in the EU also dropped, by 6%. The proportion of audit firms auditing PIEs is close to 4% of all registered audit firms, down almost 2 percentage points from 2015.

Table 1:    EU registered statutory auditors and audit firms (2015-2018)

This contraction in the number of registered statutory auditors and audit firms coincided with a fall in the number of PIEs, mostly driven by a cut in the number of ‘national PIEs’ as a result of most Member States revising their definition of that concept.

The number of PIE statutory audits also shrank, by around a third 4 , in 2015‑2018 (Figure 1). Listed companies were the largest type of PIE across the EU in 2018, representing 44% of the total. The relative weights of PIE categories 5 vary by Member State, but the most significant change was a 73 percentage points cut in the ‘national PIE’ category, which was the largest in 2015 but represented just 19% of all PIEs in 2018.

Joint PIE audits represent only 9% of PIE statutory audits. Of the 10 Member States that reported joint audits 6 , France again had the most (86% of the EU‑28 total).

Figure 1:    PIEs and PIE statutory audits, EU‑28 (2015-2018)

The EU turnover of audit firms auditing PIEs 7 increased by an estimated 9% 8 in 2015‑2018, while non-audit work dominated the revenues of large audit firms.

EU‑27 9 turnover of audit firms auditing PIEs was about €34 billion 10  in 2018. Data for the 10 key audit firms (10KAP 11 ) supports an estimate for EU‑28 turnover of around €40 billion. Revenues from statutory audits 12 rose by 6% 13 to almost €12.7 billion, 25% of which was from PIE statutory audits.

Turnover figures by Member State vary widely, with Germany and the UK still the two largest markets (65% of EU turnover of audit firms) 14 .

Around two thirds of the EU turnover of audit firms auditing PIEs, reported by firm or at network level, originated from non-audit service (NAS) revenues (from permitted NAS to audited entities and NAS to other entities 15 ), showing business diversification and a focus beyond traditional audit work.

Only 9% of total EU turnover was from revenues from PIE statutory audits; 35% was from all statutory audit services (Figure 2). However, this varies across Member States; in seven Member States 16 , less than a third of revenues was from statutory audits.

Figure 2:    Revenue breakdown of EU turnover of audit firms auditing PIEs 17 (2018)

Four NCAs 18 from the European Competition Network reported that they had carried out a sector inquiry in the audit market or an antitrust or merger activity in the sector in 2015‑2018. The UK reported on a study on its national statutory audit market 19 .

2.2.Market concentration

Member States provided market data 20 for PIE statutory audits by the ‘Big Four’ (PwC, Deloitte, KPMG and EY), ‘CR4’ (the four biggest audit firms in each country) and the 10KAP.

Persistently high market concentration in 2015-2018. Overall, the Big Four remained the largest audit firms, but changes in their individual shares are visible 21 . There are also signs of higher concentration in the 10KAP than in the previous report 22 .

The Big Four hold an oligopoly 23 in 13 Member States (up from 11 in 2015) and an average EU market share of 70% of all PIE statutory audits. In seven Member States only are they not the four largest audit firms (Figure 3).

Figure 3:    Audit firms’ market share in number of PIE statutory audits (2018)

The Big Four are even more dominant in terms of revenue from PIE statutory audits (Figure 4). Among the Member States in which they had an aggregate market share below the EU average, France 24 reported that 60% of all PIE statutory audits were joint audits.

Figure 4:    % of PIE statutory audits, % of revenue from PIE statutory audits and % of revenue from audits of other entities, by Member State (2018) 25

The Big Four still dominate the PIE statutory audit market

The Big Four’s EU 26 aggreggated concentration level in number of PIE statutory audits fell by about 3 percentage points, with Deloitte experiencing a drop of close to 9 percentage points. The Big Four held about 66% of the aggregated market of PIE statutory audits in 2018 (Figure 5). In terms of audit firms’ total turnover 27 , they accounted for around 80% of the EU total.

Figure 5:    10KAP market share 28 of number of PIE statutory audits (2018)

The Big Four dominate the PIE statutory audit market, with over 90% of total revenues.

In the market for statutory audits of other entities, the Big Four have a share of close to 70%. They also hold an aggregated market share of around 85% in segments not related to audit work (permitted NAS to audited entities and NAS to other entities) (Figure 6).

Figure 6:    EU market shares of audit firms auditing PIEs in each market segment, revenues (2018)

The Big Four or their network 29 derive a significant proportion (around 70%) of NAS revenues 30 from audit and non-audit clients; the situation varies across Member States.

The estimated EU revenue structure shows that the Big Four generate close to 30% 31 of their revenues from audit practices and a high percentage (close to 60%) from non‑audit work, particularly NAS for other entities.

2.3.Risks arising from quality deficiencies

Most NCAs’ reporting on quality assurance related to inspection cycles of 1 year, carried out mostly in 2018 but with different start and end dates. Seven NCAs reported data referring to 3‑year inspection cycles. For the purpose of this report, we use the CEAOB definition of findings, which tallies with that of the International Forum of Independent Audit Regulators (IFIAR) 32 . Because of the need to exercise professional judgment when interpreting Member States’ categorisation of quality deficiency data, it is difficult to aggregate the information and draw general conclusions at EU level.

The number of PIE audit files inspected decreased by 25%, along with a 35% drop in the number of PIE statutory audits (due to changes in Member States’ definition of ‘PIE’). Despite fewer PIE audit engagement inspections, there appears to have been more of a focus on PIE audit engagements as compared with the full audit inspection population in 2015-2018.

The qualitative assessment section below is based on data from national market monitoring reports and a CEAOB analysis 33 . It covers two main areas:

-deficiencies; and

-mitigation and systemic risk analysis.

The most frequent issues highlighted (as in 2017) are deficiencies in audit firms’ internal quality control systems (e.g. lack of sufficient audit evidence and documentation). Audit supervisors will continue to focus on these.

The main common findings with respect to internal quality control systems relate to:

·ethics and the independence of statutory auditor or statutory audit firm staff 34 ;

·engagement quality control review (EQCR) 35 ;

·lack of, or inappropriate, monitoring of high-risk audited entities; and

·lack of audit evidence and audit documentation.

As regards the inspections on PIE audit engagement files, NCAs identified common findings in the following main areas:

·risk assessment 36 ;

·materiality and sampling 37 ;

·internal control testing 38 ;

·audit quality and evidence; and

·group audits.

This tallies with the five international standards on auditing (ISAs) identified in CEAOB’s analysis as the subject of the most findings (over 60% of all audit findings from 22 NCAs in the CEAOB database):

-the auditor’s responses to assessed risks (ISA 330) 39 ;

-audit evidence (ISA 500) 40 ;

-auditing accounting estimates, including fair value accounting estimates, and related disclosures (ISA 540) 41 ;

-identifying and assessing the risks of material misstatement through understanding the entity and its environment (ISA 315) 42 ; and

-special considerations — audits of group financial statements, including the work of component auditors (ISA 600) 43 .

Most NCAs put in place mitigation measures and remedies to address the identified findings. However, most of the audit oversight bodies reported no sanctions being applied as a result of the findings and no systemic risk. In general, the findings and sanctions do not apply to the same reporting period (it takes some time to investigate and impose sanctions).

A third of the Member States provided no information as regards repeat findings (i.e. same findings identified in the same audit firms in previous inspection cycles) or stated that there were none.

The most common reported areas for mitigation and risk analysis were:

·ethics and independence;

·risk assessment and EQCR;

·analysis of the internal control system and EQCR; and

·fair value measurements and fraud procedures.

Remediation action plans and root‑cause analysis are among the most common follow‑up measures. Not all findings will warrant sanctions and 60% of NCAs said that they had not imposed any. Some audit oversight bodies made recommendations to the audit firms, with implementation deadlines.

The level and measurement of systemic risk 44 remains diverse. Most NCAs identified no systemic risks. Four reported systemic deficiencies at national level, but indicated that the findings could not, in combination, lead to the demise of an audit firm. The CEAOB analysis reported that NCAs engage with and challenge audit firms through interaction in regulatory colleges and meetings at Inspections Sub-Group plenary sessions.

2.4.Performance of audit committees

The available data does not allow for an overall assessment of ACs’ performance, given the differing approaches to AC monitoring across Member States and the fact that most information is based on ACs’ self-assessment. However, NCAs have made progress in gathering information and establishing a relationship with ACs.

Article 39 of the Audit Directive 45 requires companies to set up ACs (of which there are about 6 400 46 ) and Article 27(1)(c) of the Regulation requires NCAs to monitor the ACs’ performance. ACs are most commonly constituted as a stand-alone committee or a committee of a supervisory/administrative body and play a central role in the corporate governance model, in particular for larger PIEs. They interact with various actors, internally (e.g. management, supervisory/administrative bodies) and externally (e.g. external auditors, shareholders and regulators).

Oversight bodies obtained information from the ACs through various channels. For example, a targeted CEAOB questionnaire 47 was sent to a sample of ACs across Member States. However, as this involved AC self-assessment, it has limitations when it comes to interpreting the data.

ACs are subject to NCA oversight in 21 Member States.

The EU legislation does not specify NCAs’ oversight tasks vis-à-vis the ACs. There are wide variations among Member States as regards which authority is responsible for supervising and interacting with them. Most often, NCAs share responsibility with the national financial supervisory authority.

NCAs engage in different ways with the ACs under their jurisdiction. Most do so mainly through surveys/questionnaires, dialogue and workshops, webinars and conferences.

The CEAOB questionnaire 48 showed a need for more monitoring of ACs’ interactions with external auditors, the organisation of tender processes, approval of the provision of permitted NAS, and the recording of fees paid.

The feedback indicates compliance with the main requirements for ACs’ composition and skills 49 , their independence and interaction with the administrative/supervisory body, and the oversight of the audit function.

However, the results show that the selection process for audit tenders is a challenge for ACs – replies on this topic indicate either non-compliance with the audit legislation or a lack of understanding of how to apply it.

The auditor selection process

ACs are responsible 50 for the procedure for selecting statutory auditors. About 87% actually claim to do so. 75% of the PIEs that proceeded to tender invited two to seven audit firms. 16% issued an invitation to tender to just one, even though Article 16(2) of the Regulation requires that at least two be invited to participate in the tender process.

In addition, there is a correlation between the number of audit firms invited to participate in a tender and the number that finally submitted an offer. About 55% of ACs reported that two or three statutory auditors (audit firms) generally submitted an offer following the tendering process. However, analysis of the responses showed that 19% of ACs receive only one credible bid.

Half of the ACs said that the tender process allows for the participation in the selection procedure of firms that received less than 15% of their total fees from PIEs in the Member State in the previous calendar year. These ACs may not fully understand, or may not be applying, Article 16(3) of the Regulation.

Interaction with the external auditor

ACs are responsible for reviewing the independence of the audit firm and the quality of audit, including the approval of permitted NAS, tendering and the selection of the external auditor 51 . About half confirmed that the statutory auditor (or a member of its network) submitted a tender for the provision of permitted NAS 52 . 80% said that they did not examine requests for the provision of NAS in accordance with Article 5(4) of the Regulation. 4% did not monitor fees paid to the statutory auditor.


This report describes developments in the market for the provision of PIE statutory audits between 2015 and 2018. These give some preliminary indications as to the effects of the audit reform and point to possible areas for further assessment. Such assessment should take into account recent scandals involving high-profile corporate entities across the EU (e.g. Carillion, Thomas Cook and Wirecard), which can undermine the reputation of the audit profession and investor confidence.

The key findings of this report are as follows:

1)Persistent high concentration, as the Big Four still dominate the PIE statutory audit market in most Member States

The dominance of the Big Four in the majority of Member States, combined with the high proportion of revenue from non-audit work, could affect their independence, the level of audit fees and audit quality. The risk is exacerbated by the remedial measures to ease audit firms’ conflicts of interest as regards PIEs (e.g. rotation requirement, prohibited NAS, cap on permitted NAS, etc.), which may reduce yet further the choice of PIE statutory auditors or audit firms in the market.

The Commission will therefore pay particular attention to monitoring, in close cooperation with the NCAs and CEAOB, how the new rules are influencing competition on the market for PIE audits. In addition, it will assess how the options under the Regulation affect national markets and the EU level playing field.

NCAs are encouraged to close data gaps (e.g. on NAS revenues, etc.) to improve the monitoring of market developments and concentration analysis.

2)The assessment of quality deficiencies remains challenging

The quality issues that crop up most often at EU level remain:

·deficiencies in audit firms’ internal quality control systems;

·lack of, or inappropriate, monitoring of high-risk audited entities; and

·lack of audit evidence and documentation.

To improve the quality of assessments, it may help to enhance convergence for the audit industry in the EU as regards types of supervisory action, remedial follow-up measures and sanctions imposed.

Following these findings, the Commission will evaluate the EU audit legislation and assess possible ways of improving the consistency of quality assurance and investigation and sanctions arrangements across Member States. It will also assess the need to make inspection reports (including a description of work done as part of the inspection) more accessible by the public, or at least by ACs. This could involve digitalising or tagging reports more to facilitate access.

The pre-defined categorisation of findings used for the quality assurance indicators in the second report improved the assessment of the data provided by NCAs. Nonetheless, NCAs should do more to:

·ensure convergence in the interpretation of findings and categories;

·identify effective quality indicators to improve the measuring of audit quality; and

·enhance the evaluation and interpretation of systemic risk.

The report confirms that the same issues arise repeatedly and therefore seem to be structural. The Commission will liaise with CEAOB to identify measures to improve the situation.

3)Differing approaches to monitoring across the EU challenge NCAs’ assessment of ACs’ performance

Most audit supervisors engaged with ACs under their jurisdiction. NCAs improved their knowledge of the ACs’ work, especially through the CEAOB questionnaire, which was based on self-assessment. However, this provided only a limited insight into the ACs’ performance.

The Commission will assess possible ways of improving NCAs’ ability to oversee ACs. It will also analyse how to reinforce ACs’ independent role in the selection process and oversight of the auditor. It has been working with CEAOB to facilitate the dialogue between ACs and NCAs, in particular through seminars or conferences. It will evaluate how further to facilitate such interaction.

In order to facilitate a more detailed assessment of ACs’ functioning and effectiveness, NCAs are recommended to reach out to more ACs at national level and to develop their understanding of how ACs operate and take decisions.

The Commission will continue to monitor market events. Some NCAs are launching studies and reviews into their national audit markets to gather more information on possible market weaknesses. As some of the issues identified in the report may be of relevance to the Wirecard case, the Commission will discuss with CEAOB what lessons need to be learned in light of this case.

Finally, the Commission has launched a study to assess the effects of the EU audit legislation on the statutory audit market. The findings of the study and of this report will feed into an evaluation of the EU audit framework, to review its effectiveness in improving transparency, audit quality and competition in the audit market, particularly for PIEs. The evaluation will also examine the effects on the audit sector of the economic crisis induced by the COVID‑19 pandemic.

(1)      Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (OJ L 158, 27.5.2014, p. 77).
(2)      in Article 2(13) of Directive 2006/43/EC.
(3)      The figures are for 26 Member States (no data from Austria or France (2015)).
(4)      Reference year is 2018 (data for EU‑28).
(5)      The 2015 figures were based on the definition of ‘PIE’ before the audit reform.
(6)      Austria, Bulgaria, Estonia, Greece, Spain, France, Malta, Romania, Sweden and the UK. Most reported that joint audits accounted for fewer than 1% of their statutory audits.
(7)      Turnover indicators in the first report were based on the previous EU audit legislation. In this report, NCAs follow the definition and requirements in Article 13(2)(k) of the Regulation, which was implemented in 2016. For the purpose of this report, we compare ‘revenue from PIE statutory audits’ (2018) with ‘fees from PIE statutory audits’ (2015).
(8)      Using comparable data from Member States. Data for 2015 refer to 25 Member States (no data from Bulgaria, Spain or France); data for 2018 refer to 27 Member States (no data from France). Data not adjusted for inflation. On average, EU‑28 inflation (HICP) was 0.1% in 2015 and 1.9% in 2018; see Eurostat:
(9)      No data from France for ‘revenues from NAS’ or ‘total turnover’.
(10)      Data collected in national currencies has been converted into euros using 2018 annual average exchange rates. Source Eurostat:
(11)      Based on the list identified by CEAOB: Baker Tilly, BDO, EY, Deloitte, Grant Thornton, KPMG, Mazars, Moore Stephens, Nexia and PwC.
(12)      Article 13(2)(k)(i) and (ii) of the Regulation. Data for 27 Member States (no data from Bulgaria for ‘revenues from statutory audits’).
(13)      For Member States that provided data in both 2015 and 2018.
(14)      Data for 27 Member States (no data from France).
(15)      Article 13(2)(k)(iii) and (iv) of the Regulation.
(16)      Cyprus, Denmark, Ireland, the UK, Malta, Sweden and Luxembourg.
(17)      No data from France, Belgium Spain or Lithuania.
(18)      Italian, Romanian, Spanish and UK NCAs.
(20)      Most Member States based turnover on audit firms (as defined in Article 2(3) of Directive 2006/43/EC) as opposed to the audit network (as defined in Article 2(7)). Data presented is approximate due to differing reference periods.
(21)      See also European Parliament study, EU statutory audit reform: impact on costs, concentration and competition;  
(23)      CR4 = 0% means perfect competition; 0%<CR4<50% ranges from perfect competition to oligopoly; 50%<CR4<80% means oligopoly; 80%<CR4<100% ranges from concentrated oligopoly to monopoly; CR4= 100% means highly concentrated oligopoly and even monopoly (if CR1=100%).
(24)      France is the Member State with the biggest proportion of joint audits (compared to the total number of statutory audits). Estonia has the second biggest proportion (33%) and Bulgaria the third (19%). The other Member States that reported joint audits had proportions of around 1‑3%.
(25)      No data from Lithuania, Spain or Romania for Big Four market share. Data from Portugal not processed for technical reasons and needs to be updated in the next report.
(26)      Data from 25 Member States (no data from Spain, France or Romania).
(27)      As defined in Article 13(2)(k) of the Regulation.
(28)      Based on totals by Member State given in national reports and market monitoring sub-group analysis.
(29)      Some Member States reported revenues on an audit firm basis; others reported revenue at network level.
(30)      Some audit oversight authorities report challenges in measuring NAS to other entities, as those are services outside the audit firm.
(31)      Data from 24 Member States (data partly missing for Belgium, France and Lithuania). Data from Portugal not processed for technical reasons.
(32)    According to the IFIAR, inspection findings for PIE audits are deficiencies in audit procedures that indicate that the audit firm did not obtain sufficient appropriate audit evidence to support its opinion, but do not necessarily imply that those financial statements are also materially misstated.
(33)      The CEAOB analysis is based on audit inspection findings, as reported by Member States in 2017/2018, in the database maintained by the CEAOB Inspection Sub-Group. It analysed the database to identify themes that drive dialogue between audit firms / standard‑setters and CEAOB and to alert inspectors to high-risk areas. It focused on the incidence of findings by ISAs, quality control and ethics.
(34)      e.g. inappropriate assessment and approval of NAS and inappropriate testing of staff independence.
(35)      e.g. lack of compliance with main legal requirements, inappropriate documentation of the review, ineffective EQCR and inappropriate selection of staff performing the ECQR.
(36)      e.g. insufficient understanding of the audited entity and its environment, insufficient understanding of management’s risk assessment and identification process.
(37)      e.g. deficiencies in the method used for determining materiality level, lack of appropriate justification for sample size selection.
(38)      e.g. inappropriate documentation of key internal controls, insufficient testing on IT and other internal controls.
(39)      e.g. failure to design and perform appropriate audit procedures to address assertion‑level risk such as appropriate recognition, measurement and presentation of transactions, account balances and disclosures. Findings relating to a failure to perform sufficient audit procedures to conclude on the effectiveness of the controls tested and failure to adequately test revenue recognised in the financial statements.
(40)      e.g. IT remains an area of concern, as the auditors failed to adequately test IT systems used by the entity to prepare the financial information and to obtain sufficient audit evidence on the accuracy and completeness of the information produced by the entity and used for the auditors’ purposes.
(41)      e.g. failure to adequately challenge management’s valuation models (including inputs) and the reasonability of the key assumptions used to produce the estimates; failure to identify inadequate or incomplete financial statement disclosures.
(42)      e.g. failure of the auditor to gain an adequate understanding of the entity and of its environment; failure to adequately identify and assess key significant risks.
(43)      e.g. incomplete instructions given to the component auditor; lack of discussion with component auditors on the work planned or performed; component auditors not providing enough detail when reporting back to the group auditor; failure of the group auditor to evaluate the work performed by the component auditor and to take account of the findings reported by component auditors.
(44)      Article 27(1)(a) of the Regulation refers to risks arising from a high incidence of quality deficiencies of a statutory auditor or audit firm, including systemic deficiencies within an audit network.
(45)      Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87).
(46)      Data from 19 Member States. Of the remaining Member States, five have no direct oversight and four did not provide data.
(47)    The aim of the questionnaire was to assess compliance with the requirements of the audit legislation and establish a relationship between NCAs and ACs; 25 Member States (the exceptions were Estonia, Hungary and Slovakia) included their consolidated replies in their national reports. In total, 2 770 ACs across 26 Member States received the questionnaire and the response rate was about 60%.
(48)      The size of the sample chosen by each NCA varies considerably across the EU, when compared to the number of PIEs in each Member State.
(49)      Article 39(6)(a) of Directive 2006/43/EC.
(50)      Article 16(3) of the Regulation.
(51)      Article 4(2) of the Regulation; Article 39(6)(e) of Directive 2006/43/EC; Article 6(2)(b) of the Regulation.
(52)      Article 5(4) of the Regulation.