Communication from the Commission to the Council and the European Parliament - Reinforcing the statutory audit in the EU /* COM/2003/0286 final */
Official Journal 236 , 02/10/2003 P. 0002 - 0013
COMMUNICATION FROM THE COMMISSION TO THE COUNCIL AND THE EUROPEAN PARLIAMENT - Reinforcing the statutory audit in the EU TABLE OF CONTENTS 1. Background and introduction 2. A Modern Regulatory Framework 2.1. A modernised and principles-based 8th Directive 2.2. Creation of an Audit Regulatory Committee 3. Reinforcing the audit function 3.1. The use of International Standards on Auditing (ISAs) for all EU statutory audits from 2005 3.2. Public oversight of the audit profession 3.3. Corporate governance in relation to statutory audit; Audit committees and internal control 3.4. Code of ethics 3.5. Auditor independence 3.6. Quality assurance 3.7. Education and training 3.8. Systems of disciplinary sanctioning 3.9. Transparency of audit firms and their networks 3.10. Auditor liability 3.11. International aspects of the Commission's strategy; the Sarbanes Oxley Act and mutual recognition. 4. Deepening the internal market for audit services 4.1. The establishment of audit firms in the EU 4.2. The cross border provision of audit services 4.3. Market structure and access to the EU audit market. 10 Point action plan on statutory audit List of Abbreviations 1. BACKGROUND AND INTRODUCTION The collapse of Enron and subsequent financial reporting scandals have prompted calls in the European Union for further examination of financial reporting, statutory audit, corporate governance and securities markets. In the last 12 months investors' confidence in capital markets worldwide has eroded and public credibility of the audit profession has been impaired. The aftermath of Enron and the US response to restore investors' confidence, the Sarbanes-Oxley Act (SOA), and recent EU financial reporting problems require reconsidering EU priorities on statutory audit, as a part of the Commission's initiatives on the enhancement of corporate governance. The Commission will issue in parallel to this Communication on audit priorities its Communication "Modernising Company Law and Enhancing Corporate Governance in the European Union". The lack of a harmonised approach to statutory auditing in the EU was the reason why, in 1996, the Commission organised a wide-ranging reflection on the scope and need for further action at EU level on the statutory audit function. This reflection was initiated by the Commission's 1996 Green Paper [1] on "The Role, Position and Liability of the Statutory Auditor in the EU". Responses to the Green Paper suggested a need for action at EU level beyond that laid down in Council Directive 84/253/EEC [2] "the 8th Directive" that broadly deals with the approval of statutory auditors in the EU. The policy conclusions which the Commission drew from these reflections were included in a Commission's 1998 Communication "The Statutory Audit in the European Union, the way forward" [3]. [1] O.J. N° C 321, 28.10.1996, p. 1 [2] O.J. N° L 126, 12.5.84, p. 20 [3] O.J. N° C 143, 8.5.1998, p. 12 The 1998 Communication proposed the creation of an EU Committee on Auditing, which would develop further action in close co-operation between the accounting profession and Member States. The overarching objective of this Committee is to improve the quality of the statutory audit. Key subjects on its agenda have been external quality assurance, auditing standards and auditor independence. On the basis of the work of this Committee, the Commission issued a Recommendation on "Quality Assurance for the Statutory Auditor in the EU" [4] in November 2000 and a Recommendation on "Statutory Auditors' Independence in the EU" in May 2002 [5]. Both these Recommendations are being implemented by Member States. Preparatory work on the use of international standards on auditing (ISAs) has also been carried out. [4] O.J. N° L 091 , 31.3.01, p. 91 [5] O.J. N° L 191, 19.07.02, p. 22 Despite these achievements, the Commission believes that the present situation requires further initiatives to reinforce investor confidence in capital markets and to enhance public trust in the audit function in the EU. Calls have been made to avoid knee-jerk regulatory reactions but to progress steadily in line with the overall objective of creating of an efficient EU capital market by 2005, the European Council's target. The Commission is aware of the risk of "legislating by accident" and is intent on delivering a robust, effective but also comprehensive, balanced and proportionate response - after a wide consultation process. Whilst audit is a major instrument to ensure proper financial reporting, it is not the only factor under scrutiny following recent financial reporting scandals. Audit is an element of a larger system of actors and regulators involved in transparent financial reporting for the EU capital market. The proposed regulatory initiatives on statutory audit should therefore be seen in the wider context of the Commission's Financial Services Action Plan and the Commission's reaction to the collapse of Enron [6] ("First EU response to Enron related policy issues") - which was widely endorsed at the Oviedo Informal ECOFIN Council in April 2002. It also complements the Commission's Communication on company law and corporate governance - its response to the Winter report. Audit is an important part of good corporate governance practice. [6] Published online by DG Markt with a press release (IP/02/584). Website: http://europa.eu.int/comm/internal_market/ en/company/company/news/ecofin_2004_04_enron_en.pdf The EU capital market operates in a global context evidenced by cross border investors, multi-listed companies and foreign registrants. From this perspective, the EU capital market should be attractive to all issuers and investors and ensure a globally understood, high level of investor protection. The EU pursues these objectives by promoting and requiring the use of high quality internationally accepted standards relevant to the functioning of the EU capital market, surrounded by an infrastructure ensuring the proper application of such standards. The credibility of financial information provided by auditors is essential for a broader scope of entities than merely listed companies. This is reflected in current Community law that defines audit requirements for all limited liability companies, all banks and insurance undertakings [7]. Therefore, the starting point for coherent and consistent EU policy making on audit continues to cover all (more than a million) statutory audits conducted within the EU, a number that is significantly higher than the 7.000 listed EU companies. Where necessary, policies and measures should be differentiated on the basis of the level of public interest ("public interest entities") specifically taking into account the needs of Small and Medium Sized Enterprises (SME's). [7] 4th (78/660/EEC) and 7th (83/349/EEC) Company Law Directive, Directives on banks (86/635/EEC) and insurance accounting (91/674/EEC) include audit requirements. In accordance with the 4th and 7th Directive, Member States may exempt small companies for the audit requirement. Following the EU's first response to the Commission's Enron paper, the Commission services have consulted with the Members of the EU Committee on Auditing on priorities for the future. Chapter 2 of this Communication sets out the Commission's vision for a modern regulatory framework for statutory audit in the EU and chapters 3 and 4 describe the envisaged initiatives on statutory audit. Commission proposals on the outlined initiatives will be prepared in close co-operation with the EU Committee on Auditing and will be subject to proper and transparent due process. 2. A MODERN REGULATORY FRAMEWORK 2.1. A modernised and principles-based 8th Directive The 1998 Communication on statutory audit led to the adoption of Commission Recommendations on External Quality Assurance in 2000 and Auditor Independence in 2002. Member States are already implementing the Recommendations and the degree of harmonisation achieved will be assessed by the Commission three years after adoption of these Recommendations. However, non-binding instruments should not be solely relied upon to deliver the necessary degree of rigorous application required by the present post Enron situation. The Commission therefore proposes a modernisation of the 8th Directive to provide a comprehensive legal basis for all statutory audits conducted within the EU. To the extent appropriate, these principles should be applicable to non-EU audit firms performing audit work in relation to companies listed on the EU capital markets. The 8th Directive which was adopted in 1984, and never amended since, deals mainly with the approval of (natural and legal) persons that are allowed to perform statutory audits. It also contains numerous provisions on transposition that all have become outdated since the beginning of the 90's. The present 8th Directive lacks a comprehensive set of elements for ensuring an appropriate audit infrastructure (for example public oversight, disciplinary systems and systems of quality assurance) and it does not refer to the use of auditing standards, independence requirements and ethical codes. In the light of recent developments the time has come to modernise the 8th Directive into a shorter, more comprehensive piece of European legislation with sufficiently clear principles that will underpin all statutory audits conducted within the EU. The European approach to audit (and financial reporting) policy making is fundamentally a principles-based approach and future actions should reflect this approach. However, proper and consistent application of principles may require additional clarification, through, for example, detailed guidance, best practice recommendations, etc. This approach has been followed in the Recommendation on Auditor Independence. Sufficiently clear principles in EU legislation flanked with implementing measures is an approach that is also in line with the Lamfalussy approach to securities markets regulation, now being considered also for the banking and insurance sector. Since the European capital market operates in a global context, the application of these principles also to non-EU audit firms performing audit work in relation to the EU capital market, shall allow for the recognition of equivalent solutions in other regulatory systems. 2.2. Creation of an Audit Regulatory Committee The approach to EU statutory audit policy making laid down in the 1998 Communication is essentially "monitored self-regulation". The EU audit profession is challenged to live up to its commitment to deal with audit matters on the basis of self-regulation. In line with this approach, the EU Committee on Auditing includes representatives from the audit profession. So far, this arrangement has proven fruitful. Representatives from the profession have contributed significantly to the work of the EU Committee on Auditing and a direct exchange of views with Member States' regulators improves mutual understanding on the key policy issues. However, in the present situation, a shift in the balance between representatives of the public interest and those of the audit profession must take place in order to sufficiently ensure the independence of EU policy making. This shift in balance does not imply that EU policy making would no longer involve and draw upon the profession's knowledge and resources. Rather, it will ensure that, both in fact and in perception, the public interest is and remains the overriding principle for EU audit policy making. This balance could be achieved by the establishment of an Audit Regulatory Committee. The present EU Committee on Auditing, that should be renamed to be the Audit Advisory Committee, will keep its function as a preparatory discussion forum between regulators and the audit profession. The new Audit Regulatory Committee will be a separate regulatory Committee of Member State representatives only chaired by the Commission. The Commission will adopt appropriate implementing measures in accordance with comitology procedures. The new audit regulatory committee would be established by an amendment to the 8th Directive, and operate in accordance with existing inter-institutional arrangements on comitology. Accordingly, initiatives on statutory auditing will no longer be processed via the Contact Committee on the Accounting Directives which will continue to deal with accounting Summary of actions on the Creation of a Modern Regulatory Framework 1) Commission: Propose to modernise the 8th Company law Directive giving a comprehensive principles-based Directive applicable to all statutory audits conducted in the EU in the first quarter of 2004. The modernised Directive will clarify the role and position of the auditor and define requirements for the audit infrastructure to ensure high quality audits. It will include provisions on: education (see 3.7), public oversight (see 3.2), quality assurance (see 3.6), disciplinary sanctions (see 3.8), auditing standards (see 3.1), ethics and independence (see 3.4 and 3.5). 2) Commission: Include the establishment of an Audit Regulatory Committee in the modernised 8th Directive. 3. REINFORCING THE AUDIT FUNCTION After the collapse of Enron, the Commission issued a paper entitled "A first EU response to Enron-related policy issues" that gives a comprehensive overview of the policy actions in five key areas including the statutory audit. EU Finance Ministers signalled their agreement to the conclusions of the Commission's Enron paper at the informal meeting in Oviedo in April 2002. A majority of the proposed initiatives (3.1 to 3.7 below) flow directly from those conclusions. They were also discussed with the members of the EU Committee on Auditing. 3.1. The use of International Standards on Auditing (ISAs) for all EU statutory audits from 2005 A key element to support a uniformly high level of audit quality throughout the EU is the use of common auditing standards. The EU Committee on Auditing has, since 1999, undertaken preparatory work on the use of ISAs in the EU by conducting a benchmarking exercise of ISAs against Member States' audit requirements. This exercise has shown that there is already a high degree of convergence with ISAs. However, this exercise identified also the need to improve the set of ISAs on particular issues, such as the development of a standard on international group audit, updating the ISAs audit risk model and the development of audit guidance related to International Accounting Standards (IAS). The International Auditing and Assurance Standards Board (IAASB) is currently actively working on improving present ISAs. The Commission encourages the IAASB to continue along those lines in order to develop the highest quality standards on auditing. The Commission envisages the use of ISAs as a requirement for all EU statutory audits from 2005 onwards. However, a successful implementation of a binding requirement to apply ISAs in the EU from 2005, requires the completion of a number of preliminary actions: the update and completion of the analysis of differences between ISAs and national audit requirements; the development of a set of principles ("framework") for the assessment of ISAs; the evaluation of possible endorsement systems; the development of a common audit report; and the availability of high quality translations into all Community languages. As to audit reporting, the Commission plans to use the forthcoming revision of ISA 700 (audit reporting) as a starting-point for analysing differences between national audit reports by EU professional bodies, facilitated by the European Federation of Accountants (FEE). The IAASB is one of the standing technical committees of IFAC, the International Federation of Accountants. In this post-Enron era, the Commission believes that separating IAASB's standard-setting activities from IFAC should be seriously considered. Currently, IAASB audit standard setting activities are fundamentally conducted by and for the audit profession. Although improvements have been made recently to the transparency of the due process and to better represent the public interest by the inclusion of a limited number of non-practitioners in the IAASB, the over-arching governance structure of IFAC implies control by the international accounting profession. A standard-setting body independent of IFAC, operating primarily from a public interest perspective, under a governance structure with a majority of (non-practitioners) international stakeholders would be more credible from a public interest perspective and could be more easily recognised by the EU. Summary of actions on ISAs 1. Commission: Announcement, via this Communication, of EU's objective to use ISAs from 2005 onwards for all EU statutory audits; 2. Commission/Audit Advisory Committee: Preliminary actions ensuring a successful implementation of ISAs from 2005. These will include: an analysis of EU and Member State audit requirements not covered by ISAs;; a common audit report and high quality translations; initiation of further improvements to IFAC/IAASB audit standard setting process, notably by ensuring proper public interest; 3. Assuming satisfactory results of the preliminary analysis, the Commission intends to propose a binding instrument requiring the use of ISAs from 2005. 3.2. Public oversight of the audit profession Public oversight is a major element in the maintenance of confidence in the audit function. The present erosion of confidence is partly based on a public perception that any self-regulating profession runs a risk of conflicts of interests in dealing with its shortcomings. At EU level, public oversight has so far been dealt with only in the Commission Recommendation on Quality Assurance. Additional initiatives should build on what has already been agreed, such as the requirement for such an oversight body to comprise a majority of non-practitioners. The actual organisation of public oversight for quality assurance differs between Member States depending on existing structures of supervision of the audit profession and the importance of sector specific regulatory monitoring of audit quality. Securities regulators or sector specific regulators may be a proxy for representation of the public interest. But any initiative concerning public oversight should take into account also the potential role of other stakeholders. No single supervisor or stakeholder has a sufficiently broad scope to adequately reflect these diverse interests in the oversight of auditors that perform more than one million statutory audits in the EU. To support harmonisation of public oversight, there is first of all a need to analyse differences and commonalties of the present Member States systems of public oversight. The EU Committee on Auditing has already started analysing existing public oversight systems and discussing minimum requirements (principles) of national systems for consistent public oversight throughout the EU. The following issues in relation to public oversight should be addressed: - the scope of oversight (e.g. education, licensing, standard setting, quality assurance, disciplinary systems); - the competences of oversight (e.g. investigative and disciplinary powers); - the composition of oversight boards (e.g. majority of non-practitioners, proper nomination procedures); - the transparency of oversight (e.g. publication of annual work programmes and activity reports); - the funding (e.g. not solely by the audit profession). In the light of the emerging EU capital market there is a need for an EU co-ordination mechanism to bring together the national systems into a cohesive, efficient pan-European network. It is important that those people who are in charge of public oversight at national level have the possibility to meet regularly to discuss their concerns, to exchange experiences and to develop best practices. Respecting the principle of subsidiarity, the Commission believes that the practical implementation of oversight should remain the responsibility of Member States. The Commission sees its role as encouraging convergence of principles and practice in the committee which it will chair. An effectively co-ordinated EU mechanism would then assess the need for registration and oversight requirements of non-EU audit firms that perform audit work for companies whose securities are traded on the EU regulated capital markets. Whatever initiative on the important issue of public oversight will be considered as most appropriate, it will need to be anchored in the modernised 8th Directive. Summary of actions on Public Oversight 1) Commission/Audit Advisory Committee: Analysis of existing systems of public oversight; 2) Commission: Definition of minimum requirements (principles) for public oversight to be laid down in the 8th Directive; 3) Commission: Define co-ordination mechanism at EU level to link up national systems of public oversight into an efficient EU network; 3.3. Corporate governance in relation to statutory audit; Audit committees and internal control Regarding the role of the statutory auditor in the context of a company's corporate governance, one of the main objectives is that statutory auditors should maintain an appropriate degree of independence from executive directors. It is clear that the auditor should not become too familiar with or too dependent on executive directors which prepare financial statements that he is supposed to assess objectively and critically in the best interest of shareholders and other stakeholders. Therefore, the Commission will consider the development of principles in a modernised 8th Directive on the appointment, dismissal and remuneration of statutory auditors that would guarantee fundamental "sovereignty" from executive directors. Equally important issues are the communication of the statutory auditor with the governance body [8] and principles on the independence and competence of the members of the governance body and effective working procedures. [8] Governance Body: A body or a group of persons which is embedded in a company's corporate governance structure to exercise oversight over management as a fiduciary for investors and, if required by national law, for other stakeholders such as employees, and which consists of or, at least, includes individuals other than management, such as a supervisory board, an audit committee, or a group of non-executive directors or external board members. In particular, audit committees can play an important role in the governance of a company by assisting the statutory auditors to stay at arm's length from management. Audit committees help to ensure high quality financial reporting and statutory audit as well as well functioning, effective internal control including internal audit practices. All members of the EU Committee on Auditing underlined the need for clarification of the role of the statutory auditor and audit committees and their interaction with the company's corporate governance system. But the requirement for, and composition of, audit committees is also a corporate governance issue. Accordingly, audit committees are addressed in the parallel Commission Communication "Modernising Company Law and Enhancing Corporate Governance in the European Union". Another important corporate governance issue is the responsibility for and quality of a company's internal control system including the internal audit function. Several corporate governance codes used in the EU and some Member State laws require the statutory auditor to specifically report on the internal control system. The Commission proposes to examine the present situation in the EU on the statutory auditor's involvement in the assessment and reporting on internal control systems, to possibly come forward with proposals on this issue. Summary of actions on corporate governance/audit committees 1) Commission: Define principles in a modernised 8th Directive on: the appointment, dismissal and remuneration of statutory auditors; as well as the communication with the statutory auditor. 2) Commission: Propose to examine the present situation in the EU on the statutory auditor's involvement in the assessment and reporting on internal control systems. 3.4. Code of ethics The recent financial reporting scandals have led to a public perception of inappropriate ethical behaviour by some auditors. This has highlighted the importance of ethical guidelines for auditors (and the need to follow these in practice). As a starting point, the Commission proposes to analyse together with the Audit Advisory Committee existing national codes of ethics and the international IFAC Code of Ethics. This analysis could be used also to consider whether there is a need for a harmonised EU code of ethics. General principles could be set out in the 8th Directive, which already contains some ethical principles such as the principle of professional integrity. Summary of actions on a code of ethics Commission/Audit Advisory Committee: Analyse existing national codes and the IFAC code of ethics to consider where further action may be necessary 3.5. Auditor independence The Commission Recommendation on auditor independence was adopted on 16 May 2002 (2002/590/EEC). It follows an innovative principles-based approach that provides the statutory auditor a sound framework against which he has to assess independence risks. The key objective of the EU approach is simple: the statutory auditor should not carry out a statutory audit if there are any financial, business, employment or other relationships between him and his client (including the provision of non audit services) that a reasonable and informed third party would conclude compromising the statutory auditor's independence. This approach of principles with sufficient guidance to demonstrate how those principles should be applied, is probably one of the most robust safeguards to auditor independence in the world as it allows auditors to deal with any situation where independence risks might occur. The Recommendation constitutes a major step forward in the harmonisation of an issue that is controversial and difficult to regulate. Most Member States are already in the process of implementing the Recommendation and the Commission will, via the Audit Advisory Committee, closely monitor these exercises. Recent financial reporting scandals have emphasised that a (perceived) lack of auditor independence is one of the main issues impairing investor's confidence. The Commission proposes to incorporate the basic principles of the Recommendation in the modernised 8th Directive so as to provide a stronger, legal underpinning for auditor independence in the EU. Some are calling for even more stringent restrictions on auditors in the light of recent scandals. Indeed, the substance of the Commission's approach may be challenged by calls for more stringent measures if further scandals appear. In response, the Commission proposes to launch a study on the impact of a more restrictive approach, with a view to avoiding potential conflicts of interests, to the provision of additional services on auditor independence and the audit profession. Summary of actions on auditor independence 1) Commission: Include principles on auditor independence in a modernised 8th Directive that will further the independence of the auditor in accordance with the existing Commission Recommendation on auditor independence. 2) Commission: Study on the impact of a more restrictive approach on additional services provided to the audit client; 3.6. Quality assurance In November 2000, the Commission issued a Recommendation on "Quality Assurance for the Statutory Auditor in the EU". By virtue of this Recommendation all EU statutory auditors will be subject to a proper system of external quality assurance with public oversight by 2003. The Commission will review the results of its implementation in 2003. All Member States have indicated to conform with the requirements of the Recommendation by the end of 2003. The Commission will use a monitored self assessment on the basis of a standardised questionnaire to verify proper implementation of systems of quality assurance in all Member States. In addition, a requirement for quality assurance systems along the lines of the Recommendation will be included in the 8th Directive. Summary of actions on quality assurance 1) Commission: Review in 2003 of the implementation and effectiveness of the Quality assurance Recommendation by Member States; 2) Commission: Include requirement for quality assurance systems in the modernised 8th Directive; 3.7. Education and training To meet the required breadth and depth of competence, auditors must acquire a wide range of knowledge, and develop skills and understanding of professional values. Proper education and training are indispensable. Accordingly, and to ensure harmonisation, the 8th Directive lists the subjects which must be covered in an auditor's curriculum. To ensure the continued relevance of the educational requirements, the contents of the curriculum should be assessed against relevant developments in business practice and financial reporting (e.g. the IAS Regulation), taking account of international research and developments. Such an assessment should draw upon international education guidelines such as IFAC's International Education Standards for Professional Accountants. The revised requirements should be incorporated into principles wherever possible, so as to introduce the flexibility needed to track best practice more closely. Such an approach should not reduce the harmonisation of the present curriculum which has been particularly useful in the context of the EU enlargement process. The 8th Directive should also specifically include the principle of continuous education. Summary of actions on education and training 1) Commission/Audit Advisory Committee: Examine the relevance of the current EU curriculum requirements in the context of new developments. 2) Commission: Consider the inclusion of a principle on continuous education into the modernised 8th Directive 3.8. Systems of disciplinary sanctioning Systems of disciplinary sanctions are an important instrument to correct and prevent inadequate audit quality. At the same time they are also a means for the audit profession to demonstrate its public credibility. The enforcement of appropriate sanctions is already required under the 8th Directive. Furthermore, the Commission Recommendation on quality assurance requires a systematic link between negative outcomes of quality reviews and sanctions under the disciplinary system Whilst it may be difficult to harmonise sanctions due to differences in judicial and legal systems, the Commission will consider further steps towards the convergence of disciplinary procedures, notably with regard to transparency and publicity. An obligation to co-operate in cross border cases will be included, as in the Market Abuse Directive. In particular, systems of disciplinary sanctions should be subject to external public oversight (See Section 3.3.). The existing requirement for appropriate sanctions in the 8th Directive will be reinforced by requiring that all Member States will have an appropriate and effective system of sanctions. Summary of actions on disciplinary sanctions 1) Commission/Audit Advisory Committee: assess national systems of disciplinary sanctions to determine common approaches and to introduce an obligation to co-operate in cross border cases. 2) Commission: Define the principle for appropriate and effective systems of sanctions in the modernised 8th Directive 3.9. Transparency of audit firms and their networks There is concern that a significant discrepancy exists between the image of networks of audit firms as global practices and the level of control exercised over individual member firms of the international network. International networks are often based upon rather loose agreements between separate and independent legal entities which do not allow decisive control over (and responsibility for): individual member firm's audit client acceptance and retention procedures, audit procedures, partners decision making, etc. The recent implosion of one international network of audit firms has made apparent the loose character of network arrangements. As a result there is a risk of an expectation gap that one brand name also implies an equally high level of audit quality throughout the world. In order to clarify this situation, a minimum level of transparency of audit firms, their networks and their relationship to the network is necessary. Special emphasis should be placed on information pertinent to the internal quality assurance systems of such networks that are designed to ensure an equivalent audit quality across the member firms. The Commission will elaborate the circumstances under which disclosure is necessary and what the minimum disclosure requirements should be. The Commission views transparency as a natural requirement for audit firms which fundamentally operate to ensure the transparent financial reporting by companies. The Commission will also closely follow the work of the international Forum of Firms [9]. [9] Launched in January 2001, the Forum of Firms (FOF) is an organization of international firms that perform audits of financial statements that are or may be used across national borders. Members of the Forum voluntarily agree to meet certain requirements, including undergoing a global independent quality review. Website http://www.ifac.org/Forum_of_Firms/ Summary of actions on transparency of audit firms and their networks Commission: develop disclosure requirements of audit firms and their networks which could be included into the 8th Directive 3.10. Auditor liability In its 1998 Communication on Statutory Audit, the Commission noted that a majority of the respondents to its Green paper expressed the view that harmonisation of professional liability is impossible and unnecessary but that it received strong representation from the audit profession to initiate action in this area. Responding to this the Commission launched a study into the systems of civil liability which was completed in January 2001. [10] One of the conclusions of the study was that auditor's liability is part of a broader concept of national civil liability systems and that differences in auditors' civil liability are derived from the basic features of national legal regimes. Harmonisation of professional liability is therefore very difficult. [10] "A study on systems of civil liability of statutory auditors in the context of a Single Market for auditing services in the European Union" http://europa.eu.int/comm/internal_market/ en/company/audit/docs/auditliability.pdf The discussion of the study within the EU Committee on Auditing showed that there is agreement that statutory auditors should be held responsible for their failures. However, the audit profession is concerned about the concept of joint and several liability which means that plaintiffs can claim their total damage from one party, regardless of proportionality. The Commission considers auditor liability primarily as a driver for audit quality and does not believe that harmonisation or capping of auditor liability is necessary. There may, however, be a need to examine the broader economic impact of present liability regimes. Summary of actions on auditor liability Commission: Analysis of economic impact of auditor liability regimes. 3.11. International aspects of the Commission's strategy; the Sarbanes Oxley Act and mutual recognition. This Communication reinforces the existing EU policy on statutory audit and the proposed actions and their consequences should be considered also in the broader international context of a global capital market. In this regard, the adoption of the Sarbanes-Oxley Act and subsequent implementing measures by the SEC (Securities and Exchange Commission) and the PCAOB (Public Company Accounting Oversight Board) in the US are of particular interest and importance. Since the final legislative phase of the adoption of the SOA in mid-July 2002, the Commission has expressed serious concerns over the measures put forward. In particular, of major concern are the unnecessary outreach effects of the SOA for EU companies and EU auditors. Whilst the Commission shares the objectives of the SOA and supports many of its measures, differences in the EU's cultural and legal environments require mutual acceptance by the US of equally effective European solutions. A transatlantic (and global) capital market cannot be achieved unless the EU and the US mutually recognise the equivalence of high quality regulatory systems. The Commission has in co-ordination with Member States determined 7 main areas of concerns broadly divided into corporate governance and audit issues. They are: certification of financial statements and internal control systems, registration of EU audit firms in the US, direct US access to EU audit working papers, auditor independence, loans to bank management and audit committees. On the basis of this analysis the Commission has had regulatory discussions, in particular with the SEC but also with decision makers in US Congress and participated in international roundtables on auditor independence and the registration of foreign audit firms with the PCAOB. The key objective of these discussions has been to achieve recognition that EU regulatory approaches to the protection of investors and other stakeholders are equivalent to US rules. The result of these activities is mixed. The SEC and the PCAOB have not recognised the concept of equivalence as a basis for general EU wide exemptions in their rulemaking. The comfort given by the US in the rules adopted so far aim notably at resolving some legal conflicts. The Commission is particularly concerned about the required registration of EU audit firms with the US PCAOB by April 2004. The Commission continues to oppose the idea of registration of EU audit firms because: - equivalent systems of registration and oversight are already in place in Member States (and have been since the late 1980's); - the actions proposed in this Communication show that EU policy is confirming the broad regulatory equivalence; - the PCAOB oversight system is currently being developed and it is not clear what the implications of registration on foreign firms are either now or in the future; - there are major conflicts of law both with European and national laws on data protection and professional secrecy. For all those reasons, the Commission maintains its proposal for a moratorium to discuss and resolve registration issues aiming at an effective oversight of EU audit firms based on home country control and mutual recognition, a position that was supported by the EU finance Ministers at the informal ECOFIN meeting on 5 April. Given the regrettable decision of the PCAOB, the Commission urges the SEC which still needs to approve the PCAOB rule (expected mid June) to exempt EU audit firms from registration, on the basis of section 106 c of the SOA. This issue could be further discussed in the context of the EU-US regulatory dialogue on financial markets or in a broader international context. If that would fail, the EU will have to consider parallel solutions e.g. requiring the registration of US audit firms in the EU, a measure that will not contribute to creating an efficient, cost effective, global capital market. It is not acceptable for the EU to have its audit firms regulated by the United States. The EU should now try to open negotiations with the US to find a satisfactory solution well in advance of April 2004, the final date for registration of foreign audit firms. Since the European capital market operates in a global context, the application of the principles that will be included in EU legislation to also non-EU audit firms performing audit work in relation to the EU capital market, should allow to work towards the mutual recognition of equivalent solutions in other regulatory systems. The following actions of this Communication are relevant from an international perspective: Auditing standards (see 3.1) Mandatory use of high quality ISAs in the EU would not only contribute to the creation of an Internal Market in audit services but would also provide a sound basis for international mutual recognition of audits performed in third countries by third country auditors. The Financial Stability Forum (FSF) [11] has identified ISAs as one of the 12 key standards for sound financial systems. In this context, the Commission noted with regret that the US approach to auditing standards as laid down in the SOA, and the recent PCAOB decision on audit standard setting in the US, does not pursue a similar international direction of mutual acceptance of a comprehensive set of internationally accepted high quality auditing standards. Finally, a convincing EU strategy on the mandatory use of ISAs for all EU statutory audits from 2005 onwards could have an important knock-on effect on other countries. This could initiate global convergence similar to that catalysed by the adoption of the EU Regulation on the adoption of IAS, which has been followed by Australia and New Zealand. [11] On the initiative of the G7 finance ministers and central bank governors the FSF brings together senior representatives of national financial authorities, international financial institutions, regulatory and supervisory groupings and central banks. Public oversight (See 3.2) A co-ordinating mechanism of national systems of public oversight at EU level could also be an important platform for a regulatory dialogue on audit policy issues with regulators from third countries including with the PCAOB and/or SEC. Auditor independence (see 3.5) The Sarbanes-Oxley Act and the subsequent SEC implementing rule on auditor independence, introduced in the US a more restrictive and rule-based approach. This US rule-based approach is neither in line with the EU's principles- based, risks-safeguards approach, nor in line with the IFAC Code of ethics that is broadly similar to the EU approach (and which is recommended by IOSCO (International Organisation for Securities Commissions)). Although the SEC's final rulemaking on 22 January 2003 has accommodated several concerns, the Commission regrets that the SEC has not taken into account the Commission's proposal for a full exemption. The Commission will continue the regulatory dialogue with the SEC and the PCAOB on auditor independence and other audit issues with a view to achieve proper solutions that will effectively and efficiently protect the interests of investors and other stakeholders. Quality assurance (See 3.6) The SOA changed drastically the quality assurance system regarding US audit firms (and potentially foreign audit firms) by granting the responsibility for inspections to the PCAOB. In substance, the Commission Recommendation on Quality Assurance goes beyond the approach on quality assurance under the SOA. The Commission will therefore closely follow US developments also to ensure the equivalence of (future) US quality assurance on US audit firms that perform audit work in relation to the EU capital market. 4. DEEPENING THE INTERNAL MARKET FOR AUDIT SERVICES 4.1. The establishment of audit firms in the EU The Commission proposes to remove all unnecessary restrictions that could frustrate intra EU management and ownership of audit firms. Current provisions of the 8th Directive and their transposition into Member States law have not resulted in a level playing field and could effectively hinder the establishment of fully integrated EU audit firms. Moreover, ownership and management requirements should be reconsidered in the light of the modifications to the Treaty and case law enacted since the adoption of the 8th Directive in 1984. Finally, the Commission would favour the possibility of using any legal form for audit firms. The Commission is of the view that market access for audit firms should be facilitated by minimising ownership requirements within the limits of safeguarding auditor's independence. 4.2. The cross border provision of audit services EU efforts to further harmonise specific issues such as education, auditing standards and auditor independence lay an important foundation for a better integrated internal market for audit services. Although the 8th Directive specifically mentions in its preamble that it is not a mutual recognition Directive, some of its provisions are clearly relevant for mutual recognition. These provisions will be re-considered in line with the recently proposed Directive on the recognition of professional qualifications [12], which would allow the provision of services using domestic qualifications. [12] Brussels, 07.03.2002 COM(2002)119 final 2002/0061 (COD) At this point the Commission does not consider the home State regulation approach appropriate in the case of statutory auditors. Statutory audits require a fundamental knowledge of the host State laws on financial reporting, taxation, company law, social security, etc. Until these laws are sufficiently analogous, it is necessary to maintain specific safeguards of mutual recognition for statutory auditors. In this respect, all members of the EU Committee on Auditing are in favour of maintaining the current discretion of Member States to choose the most appropriate method of verifying that the migrant has the necessary knowledge. This approach can be justified by reference to the particular general interest requirements protected at EU level by the relevant Directive. 4.3. Market structure and access to the EU audit market. The financial reporting scandals in the US have led to the loss of one of the "big 5" international networks of accounting firms. As a consequence, only four big international networks of audit firms remain. This could potentially raise competition concerns in certain segments of the market for audit services such as that of listed companies. A high degree of concentration could make market access for audit firms in the EU increasingly difficult. The impact on the audit market of the loss of one of the large networks is being examined by the responsible department in the Commission on a country by country basis. Questions were also raised in the European Parliament on the concentration of the audit market in the EU. In the US, the SOA orders the Comptroller General of the US to conduct a study into the consolidation of accounting firms since 1989 and possible consequences of limited competition. The Commission proposes to carry out a study into the present structure of the audit market(s) in the EU. Summary of actions on deepening the internal market for audit services 1) Commission: Facilitate establishment of audit firms by removing restrictions on ownership and management requirements laid down in Article 2 of the 8th Directive; 2) Commission: Exempt provision of audit services from the proposal on the recognition of professional qualifications by amending the 8th Directive to require an aptitude test as a condition for mutual recognition; 3) Commission: Conduct a study on the audit market structure and market access in the EU. 10 Point action plan on statutory audit Short term priorities 2003-2004 Action // Description Modernising the 8th Directive // The Commission will put forward a proposal to modernise the 1984 8th Company law Directive to ensure a comprehensive, principles-based Directive applicable to all statutory audits conducted in the EU. The modernised 8th Directive will include sufficiently clear principles on: public oversight, external quality assurance, auditor independence, code of ethics, auditing standards, disciplinary sanctions and the appointment and dismissal of statutory auditors. Reinforcing EU regulatory infrastructure // The proposals for a modernised 8th Directive will also include the creation of an audit regulatory committee. The Commission will (via comitology procedures) decide on implementing measures necessary to underpin the principles set out in the modernised 8th Directive. The present EU Committee on Auditing, renamed the Audit Advisory Committee, composed of Member States and the profession, will continue its work as an advisory committee. Strengthening of EU Public oversight on the audit profession // The Commission, together with the Audit Advisory Committee, will analyse existing systems of public oversight. The Commission will develop minimum requirements (principles) for public oversight for inclusion in the 8th directive. The Commission will define a co-ordination mechanism at EU level to link up national systems of public oversight into an efficient EU network. Requiring ISAs (International Standards on Auditing) for all EU statutory audits from 2005. // The Commission and the Audit Advisory Committee will work on actions to ensure successful implementation of ISAs from 2005. These will include: an analysis of EU and Member State audit requirements not covered by ISAs; the development of an endorsement procedure; a common audit report and high quality translations. The Commission will work towards further improvements to the IFAC/IAASB audit standard setting process, notably by ensuring that public interest is taken fully into account. The principle of compliance with ISA will be included in the 8th directive. Assuming satisfactory results of the preliminary analysis, the Commission will propose a binding instrument requiring the use of ISAs from 2005. Mid term priorities 2004-2006 Action // Description Improving systems of disciplinary sanctions // The Commission and the Audit Advisory Committee will assess national systems of disciplinary sanctions to determine common approaches and will introduce an obligation to co-operate in cross border cases. The Commission will reinforce the existing requirements by introducing a principle for appropriate and effective systems of sanctions in the modernised 8th Directive. Making audit firms and their networks transparent // The Commission will develop disclosure requirements for audit firms covering, inter alia, their relationships with international networks. Corporate governance; strengthening Audit committees and internal control // The Commission and the Audit Advisory Committee will work on the: appointment, dismissal and remuneration of statutory auditors, as well as the communication with the statutory auditor. The Commission and the Audit Advisory Committee will examine the present situation in the EU on the statutory auditor's involvement in the assessment and reporting on internal control systems to identify the need for further initiatives. Reinforcing Auditor independence and code of ethics // The Commission will carry out a study on the impact of a more restrictive approach on additional services provided to the audit client. The Commission will continue the EU-US regulatory dialogue on auditor independence with the SEC and/or PCAOB aimed at recognition of equivalence of the EU approach. The Commission and the Audit Advisory Committee will analyse existing national codes of ethics and the IFAC code of ethics to consider further appropriate actions. Deepening the internal market for audit services // The Commission will work on facilitating the establishment of audit firms by proposing to remove restrictions in the present 8th Directive on ownership and management. The Commission will exempt the provision of audit services from its proposal on the recognition of professional qualifications by amending the 8th Directive to include a principle for mutual recognition. The Commission will carry out a study on the EU audit market structure and access to the EU audit market. Examining Auditor liability // The Commission will carry out a study analysing the economic impact of auditor liability regimes. List of Abbreviations FEE: European Federation of Accountants FSF: Financial Stability Forum IAASB International Auditing and Assurance Standards Board IAS: International Accounting Standards IFAC: International Federation of Accountants IOSCO: International Organisation for Securities Commission ISA: International Standards on Auditing PCAOB: Public Company Accounting Oversight Board SEC: Securities and Exchange Commission SME: Small and Medium Sized Enterprises SOA: Sarbanes-Oxley Act