1. Statutory auditors
The statutory auditor examines the annual (consolidated) accounts and the annual (consolidated) report as to whether they provide a true and fair view of the company’s assets and liabilities, financial position and profit or loss. The annual auditor’s report can be unqualified or qualified. The observations of the auditor provide valuable information to investors and to internal supervisors of management.
2. Purpose and concept of the statutory audit
Auditors are information intermediaries whose services support financial intermediation (financial intermediary). Financial intermediation in the narrow sense is predominantly conducted by banks (European banking market). Banks serve to match supply of and demand for financial funds in a wide range of economic relations especially between private households and commercial entities. In essence, they compensate for differences in batch sizes, maturity, liquidity and risks by transforming assets or liabilities into different forms of assets and liabilities (transformation function). Auditors are information intermediaries or financial intermediaries in the broader sense. Their information services enable financial intermediation. Financial analysts and rating agencies provide information services that are comparable in function. Financial analysts, rating agencies and auditors are considered the most important information intermediaries in financial markets. Information intermediaries verify available information, supply missing information and evaluate it in line with macroeconomic developments. Auditors provide verification services, ie the evaluation of the accuracy of financial statements.
Financial intermediaries are necessary because of the high complexity of financial products. From an economic point of view financial products exhibit strong characteristics of credence goods. Their adequacy to fulfil individual investment objectives can only be evaluated with the help of reliable, ie sufficiently objective, information. The disclosure of accounting information by the management of a business is subject to undisclosed filters or biases. It may be fragmentary or even deliberately inaccurate. Information asymmetries exist between capital-seeking issuers and capital-supplying investors and creditors. Auditors help to overcome the information asymmetries through their role in testing the accuracy of financial statements.
The statutory audit has a dual role for corporate governance. First, the publicly accessible audit statement strengthens the level of information available to investors and enhances the disciplinary powers of the financial market. Secondly, the auditor is the most important independent source of information for non-executive directors or supervisory board members vis-à-vis executive directors or members of the management board. Hence, the external auditor serves a double role for corporate governance: he is an intermediary providing transparency to the market as well as to internal management supervision.
The auditor is sometimes considered as warranting proper entrepreneurship. However, the purpose of the statutory audit differs greatly from that of entrepreneurial supervision. In particular, the statutory assignment of the external auditor does not include the assessment of the expediency of the company’s accounting policy. This function is assigned to internal supervision through non-executive directors or the supervisory board.
3. State of European legal harmonization
European legal harmonization in the area of auditing—like in the area of corporate disclosure—has advanced very far. Disclosure obligations and their enforcement are at the core of European company law. Several directives form a comprehensive system of general disclosure rules for businesses and their corporate structures (corporate group law) which are complemented by sector specific rules for banks and insurance companies.
The statutory obligation to perform an annual audit was introduced into European law in 1978 by the Fourth Council Directive 78/660 on annual accounts. In 1983, the Seventh Council Directive 83/349 on consolidated accounts added specific requirements for groups of companies. One year later, the Eighth Council Directive 84/253—the so-called ‘Audit Directive’—laid out professional qualification requirements. It failed, however, to provide rules on independence. This gap was initially bridged in 2002 by the European Commission Recommendation setting fundamental principles for auditors’ independence ( OJ L191/22). The current state of European harmonization is reflected by Dir 2006/43 on statutory audits of annual accounts and consolidated accounts passed in 2006. This so-called ‘Modernized Audit Directive’ provides for a more detailed regime than its predecessor. Besides the rules on approval and registration it also covers independence requirements stemming from the aforementioned Commission Recommendation.
The Modernized Audit Directive differentiates—in line with the general trend in European company law—between two classes of entities and applies a higher standard of financial disclosure and corporate governance to public-interest entities such as listed companies, banks and insurance companies. For that reason the directive requires the establishment of an audit committee which is charged with supervising the accounting process, the effectiveness of internal control and risk management systems, the auditing process as well as the independence of auditors. At least one member of this committee has to be independent and must possess some accounting and/or auditing expertise. This can be seen in line with the international trend to professionalize auditing committees composed of (supervisory) board directors. With respect to independence requirements, however, the codes of corporate governance (private rule making and codes of conduct) in some Member States are stricter up to the point that the whole committee has to be independent.
The directive lays the foundation for the recognition of the International Standards on Auditing (ISA). Like the International Financial Reporting Standards (IFRS), the ISA are drafted by a privately organized international standards board. In this and other areas of the directive, the European Commission is supported by the European Group of Auditors’ Oversight Bodies (EGAOB) appointed in 2005.
The directive requires the establishment of an external quality assurance system. At least every six years an independent quality assurance review has to take place. An annual report shall be published on the overall conclusions from the quality assurance reviews conducted during that one year. In its recommendation of May 2008 the European Commission further explained the requirements placed on external quality assurance for statutory auditors and firms auditing public interest entities ( OJ L120/20). In Germany, for example, the task is performed by the Financial Reporting Enforcement Panel (FREP) founded in 2004.
Member States are further obliged to establish an effective system of public oversight for statutory auditors and to ensure that regulatory arrangements for public oversight systems permit effective cooperation at the Union level. In each Member State one entity has the ultimate responsibility for the oversight of the approval and registration of statutory auditors and audit firms, the adoption of standards on professional ethics and internal quality control. Additional oversight requirements concern the continuing education of auditors as well as quality assurance and investigative and disciplinary systems. In order to avoid conflicts of interest and to ensure a high degree of independence the system of public oversight is to be governed almost exclusively by non-practitioners with some expertise in the areas relevant to statutory audit. In Germany, this is performed by the Auditor Oversight Commission (AOC) which is composed exclusively of non-practitioners.
An additional objective of the Modernized Auditors’ Directive is the formalisation of the transatlantic dialogue with the US Public Company Accounting Oversight Board (PCAOB).
4. Regulatory structure and issues
Compared with other information intermediaries like financial analysts or rating agencies, provisions on the regulation of auditors are most developed. This is true for the areas of professional qualification, independence, quality assurance and oversight systems. The high degree of development reflects the considerable influence of the audit report on the chances and costs of companies to participate in the capital market. Due to this influence auditors are said to have a gatekeeper responsibility similar to that of other financial intermediaries.
A regulatory challenge derives from the strong concentration of the market for audits of large listed companies. The accounting scandal and collapse of the second largest US electricity supplier Enron in 2001 led to the breakdown of Arthur Andersen, one of the then top five auditing firms. Since then the worldwide oligopoly is comprised of only four large audit firms (or networks): KPMG, PricewaterhouseCoopers, Deloitte and Ernst & Young. These four provide the essential audit services: consultancy, support in preparing the annual accounts, audit of the annual accounts and peer review. The conflicts of interest between these four services are palpable, and it is apparent that each service must be provided by a different audit firm. A consequential insight is that the downfall of just one additional firm out of the top-four group would lead to dangerous disturbances of the information services structure in capital markets worldwide.
Against this background, well-balanced provisions for professional liability are of special importance. In 1996, the European Commission became involved in the harmonization of auditors’ liability ( OJ C321/1). Since then, numerous studies have been conducted on the subject. The predominant view is that the sometimes considerable differences, especially with regards to remedies and enforcement, do not lead to disturbances of the single market for audit services. Claims may be asserted in all Member States by the audited entity (internal liability). According to the law of some Member States such as the United Kingdom, damaged investors may not assert claims against auditors. Similarly, in Germany, claims of investors are generally precluded but in exceptional cases a third-party liability can be constructed under contract law (external liability). In France, as in most Member States, an investor may resort to liability in tort. Causality between breach of duty and damage are, however, difficult to show. In Portugal and Spain investors may resort to forms of class actions.
Attempts to harmonize auditors’ liabilities initially emanated from European company law which aimed at improving the credibility of accounting measures by stock companies. The original draft of the Fifth Council Directive ( OJ C131/49, see Art 62) stipulated third party liability. This approach was mirrored in the first draft of the statute for the European Company (Societas Europaea) ( OJ C124/1, see Art 209).
However, in a move away from increasing liability and instead of attempting to further the harmonization of remedies the European Commission Recommendation of 2008 ( OJ L162/39) introduces liability caps. This measure aims to enhance competition within the oligopolistic market for audits of large listed companies and to minimise the danger of a downfall of one of the big four as a consequence of high liability payments. According to the European Commission, auditors’ liabilities should be limited to an insurable amount. The Recommendation sets out the following alternatives to achieve this goal: first, the specification of a fixed maximum liability or a formula to calculate such an amount; secondly, the specification of ground rules stating that an auditor cannot be held liable together with other liable parties beyond his actual share of the damage; or thirdly, a provision allowing a contractual limitation of liability. Statutory liability caps have already been introduced in some Member States such as Germany. In some jurisdictions contractual limitations are possible, eg in the United Kingdom. It is likely that caps will be raised in Member States where low maximum limits for claims regarding the audit of stock companies apply. To give an example: the liability in Germany is capped at €4 million whereas in Austria the limit is €12 million.
5. Prospects of harmonization
In October 2010 the European Commission published the green paper ‘Audit Policy: Lessons from the Crisis’ (COM 561 final) to open a debate on the role of the auditor, the governance and the independence of audit firms, the supervision of auditors, the configuration of the audit market, the creation of a single market for the provision of audit services, the simplification of rules for small and medium sized enterprises (SMEs) and practitioners (SMPs) and the scope of international co-operation for the supervision of global audit networks.
The prospects of harmonization accordingly relate mainly to the subjects raised already by the Modernized Audit Directive. In particular, the European Commission considers reviewing the provisions on the control of ownership and voting rights under the directive. The directive stipulates that approved auditors have to hold the majority of the shares and control the administrative or management body. A liberalization of these rules could encourage the growth of medium-sized audit companies by non-auditor investors. At the same time, this holds risks for the integrity of the auditors’ profession as a whole.
The European Commission will further take interest in the recommendations, reports and studies of the International Organization of Securities Commissions (IOSCO), which address financial intermediation within and beyond the subject of audit. This is essential also for strengthening communication and cooperation with non-European states.
From a broader perspective it has to be decided whether and to what extent auditing should be used as an integral element of a comprehensive system of market access control through information intermediaries (gatekeeping). This is a fundamental question for regulation which is applicable not only to auditors but to all information intermediaries.
Linda E De Angelo, ‘Auditor Independence, “Low Balling”, and Disclosure Regulation’ (1981) 3 Journal of Accounting and Economics 113; Frank Partnoy, ‘Barbarians at the Gatekeepers?’ (2001) 79 Washington University Law Quarterly 491; Jörg Baetge and Marcus Lutter (eds), Abschlussprüfung und Corporate Governance (2003); Werner F Ebke, ‘Corporate Governance and Auditor Independence: The Battle of the Private Versus the Public Interest’ in Guido Ferrarini and others (eds), Reforming Company and Takeover Law in Europe (2004) 507; John Armour and Joseph A McCahery (eds), After Enron, Improving Corporate Law and Modernising Securities Regulation in Europe and the US (2006); John C Coffee, Gatekeepers (2006); London Economics in association with Ralf Ewert, Study on the Economic Impact of Auditors’ Liability Regimes (MARKT/2005/24/F) (2006) <http://ec.europa.eu/internal_market/auditing/docs/liability/auditors-final-report_en.pdf>; Walter Doralt and others, ‘Auditor’s Liability and its Impact on the European Financial Markets’ (2008) 67 Cambridge LJ 62; Walter Doralt and others, ‘Max Planck Institute Working Group on Auditor Independence—Comments on the European Commission Green Paper: Audit Policy—Lessons from the Crisis’, Max Planck Private Law Research Paper No 10/24 (2010) <http://ssrn.com/abstract=1723039; Patrick C Leyens, ‘Intermediary Independence: Auditors, Financial Analysts and Rating-Agencies’ (2011) 11 Journal of Corporate Law Studies 33, earlier version in German: ‘Unabhängigkeit der Informationsintermediäre zwischen Vertrag und Markt’ in Harald Baum and others (eds), Perspektiven des Wirtschaftsrechts—Beiträge für Klaus J Hopt (2008) 423.