THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 44(2)(g) thereof,

Having regard to the proposal from the Commission,

Having regard to the opinion of the European Economic and Social Committee(1),

Acting in accordance with the procedure laid down in Article 251 of the Treaty(2),

Whereas:

(1) Currently, the Fourth Council Directive 78/660/EEC of 25 July 1978 on the annual accounts of certain types of companies(3), the Seventh Council Directive 83/349/EEC of 13 June 1983 on consolidated accounts(4), Council Directive 86/635/EEC of 8 December 1986 on the annual accounts and consolidated accounts of banks and other financial institutions(5) and Council Directive 91/674/EEC of 19 December 1991 on the annual accounts and consolidated accounts of insurance undertakings(6) require that the annual accounts or consolidated accounts be audited by one or more persons entitled to carry out such audits.

(2) The conditions for the approval of persons responsible for carrying out the statutory audit were laid down in the Eighth Council Directive 84/253/EEC of 10 April 1984 on the approval of persons responsible for carrying out the statutory audits of accounting documents(7).

(3) The lack of a harmonised approach to statutory auditing in the Community was the reason why the Commission proposed, in its 1998 Communication on the statutory audit in the European Union: the way forward(8), the creation of a Committee on Auditing which could develop further action in close cooperation with the accounting profession and Member States.

(4) On the basis of the work of that Committee, on 15 November 2000 the Commission issued a Recommendation on quality assurance for the statutory audit in the European Union: minimum requirements(9) and on 16 May 2002 a Recommendation on Statutory Auditors' Independence in the EU: A Set of Fundamental Principles(10).

(5) This Directive aims at high-level — though not full — harmonisation of statutory audit requirements. A Member State requiring statutory audit may impose more stringent requirements, unless otherwise provided for by this Directive.

(6) Audit qualifications obtained by statutory auditors on the basis of this Directive should be considered equivalent. It should therefore no longer be possible for Member States to insist that a majority of the voting rights in an audit firm must be held by locally approved auditors or that a majority of the members of the administrative or management body of an audit firm must be locally approved.

(7) The statutory audit requires adequate knowledge of matters such as company law, fiscal law and social law. Such knowledge should be tested before a statutory auditor from another Member State can be approved.

(8) In order to protect third parties, all approved auditors and audit firms should be entered in a register which is accessible to the public and which contains basic information concerning statutory auditors and audit firms.

(9) Statutory auditors should adhere to the highest ethical standards. They should therefore be subject to professional ethics, covering at least their public-interest function, their integrity and objectivity and their professional competence and due care. The public-interest function of statutory auditors means that a broader community of people and institutions rely on the quality of a statutory auditor's work. Good audit quality contributes to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements. The Commission may adopt implementing measures on professional ethics as minimum standards. When doing so, it might consider the principles contained in the International Federation of Accountants (IFAC) Code of Ethics.

(10) It is important that statutory auditors and audit firms respect the privacy of their clients. They should therefore be bound by strict rules on confidentiality and professional secrecy which, however, should not impede proper enforcement of this Directive. Those confidentiality rules should also apply to any statutory auditor or audit firm which has ceased to be involved in a specific audit task.

(11) Statutory auditors and audit firms should be independent when carrying out statutory audits. They may inform the audited entity of matters arising from the audit, but should abstain from the internal decision processes of the audited entity. If they find themselves in a situation where the significance of the threats to their independence, even after application of safeguards to mitigate those threats, is too high, they should resign or abstain from the audit engagement. The conclusion that there is a relationship which compromises the auditor's independence may be different as regards the relationship between the auditor and the audited entity from that in respect of the relationship between the network and the audited entity. Where a cooperative within the meaning of Article 2(14), or a similar entity as referred to in Article 45 of Directive 86/635/EEC, is required or permitted under national provisions to be a member of a non-profit-making auditing entity, an objective, reasonable and informed party would not conclude that the membership-based relationship compromises the statutory auditor's independence, provided that when such an auditing entity is conducting a statutory audit of one of its members, the principles of independence are applied to the auditors carrying out the audit and those persons who may be in a position to exert influence on the statutory audit. Examples of threats to the independence of a statutory auditor or audit firm are a direct or indirect financial interest in the audited entity and the provision of additional non-audit services. Also, the level of fees received from one audited entity and/or the structure of the fees can threaten the independence of a statutory auditor or audit firm. Types of safeguards to be applied to mitigate or eliminate those threats include prohibitions, restrictions, other policies and procedures, and disclosure. Statutory auditors and audit firms should refuse to undertake any additional non-audit service that compromises their independence. The Commission may adopt implementing measures on independence as minimum standards. In doing so, the Commission might take into consideration the principles contained in the abovementioned Recommendation of 16 May 2002. In order to determine the independence of auditors, the concept of a ‘network’ in which auditors operate needs to be clear. In this regard, various circumstances have to be taken into account, such as instances where a structure could be defined as a network because it is aimed at profit- or cost-sharing. The criteria for demonstrating that there is a network should be judged and weighed on the basis of all factual circumstances available, such as whether there are common usual clients.

(12) In cases of self-review or self-interest, where appropriate to safeguard the statutory auditor's or audit firm's independence, it should be for the Member State rather than the statutory auditor or the audit firm to decide whether the statutory auditor or audit firm should resign or abstain from an audit engagement with regard to its audit clients. However, this should not lead to a situation where Member States have a general duty to prevent statutory auditors or audit firms from providing non-audit services to their audit clients. For the purposes of determining whether it is appropriate, in cases of self-interest or self-review, that a statutory auditor or audit firm should not carry out statutory audits, so as to safeguard the statutory auditor's or audit firm's independence, the factors to be taken into account should include the question whether or not the audited public-interest entity has issued transferable securities admitted to trading on a regulated market within the meaning of point 14 of Article 4(1) of Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments(11).

(13) It is important to ensure consistently high quality in all statutory audits required by Community law. All statutory audits should therefore be carried out on the basis of international auditing standards. Measures implementing those standards in the Community should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission(12). A technical committee or group on auditing should assist the Commission in the assessment of the technical soundness of all the international auditing standards, and should also involve the system of public oversight bodies of the Member States. In order to achieve a maximum degree of harmonisation, Member States should be allowed to impose additional national audit procedures or requirements only if these stem from specific national legal requirements relating to the scope of the statutory audit of annual or consolidated accounts, meaning that those requirements have not been covered by the adopted international auditing standards. Member States could maintain those additional audit procedures until the audit procedures or requirements have been covered by subsequently adopted international auditing standards. If, however, the adopted international auditing standards contain audit procedures the performance of which would create a specific legal conflict with national law stemming from specific national requirements related to the scope of the statutory audit, Member States may carve out the conflicting part of the international auditing standard as long as those conflicts exist, provided the measures referred to in Article 26(3) are applied. Any addition or carving out by Member States should add a high level of credibility to the annual accounts of companies and be conducive to the public good. The above implies that Member States may, for example, require an additional auditor's report to the supervisory board or prescribe other reporting and audit requirements based on national corporate governance rules.

(14) For the Commission to adopt an international auditing standard for application in the Community, it must be generally accepted internationally and have been developed with full participation of all interested parties following an open and transparent procedure, add to the credibility and quality of annual accounts and consolidated accounts and be conducive to the European public good. The need for the adoption of an International Auditing Practice Statement as part of a standard should be assessed in accordance with Decision 1999/468/EC on a case-by-case basis. The Commission should ensure that before the start of the adoption process a review is conducted in order to verify whether those requirements have been met and report to members of the Committee set up under this Directive on the outcome of the review.

(15) In the case of consolidated accounts, it is important that there be a clear definition of responsibilities as between the statutory auditors who audit components of the group. For this purpose, the group auditor should bear full responsibility for the audit report.

(16) In order to increase comparability between companies applying the same accounting standards, and to enhance public confidence in the audit function, the Commission may adopt a common audit report for the audit of annual accounts or consolidated accounts prepared on the basis of approved international accounting standards, unless an appropriate standard for such a report has been adopted at Community level.

(17) Regular inspections are a good means of achieving a consistently high quality in statutory audits. Statutory auditors and audit firms should therefore be subject to a system of quality assurance that is organised in a manner which is independent from the reviewed statutory auditors and audit firms. For the application of Article 29 on quality assurance systems, Member States may decide that if individual auditors have a common quality assurance policy, only the requirements for audit firms need to be considered. Member States may organise the system of quality assurance in such a manner that each individual auditor is to be subject to a quality assurance review at least every six years. In this respect, the funding for the quality assurance system should be free from undue influence. The Commission should have the competence to adopt implementing measures in matters relevant to the organisation of quality assurance systems, and in respect of its funding, in cases where public confidence in the quality assurance system is seriously compromised. The public oversight systems of Member States should be encouraged to find a coordinated approach to the carrying-out of quality assurance reviews with a view to avoiding the imposition of unnecessary burdens on the parties concerned.

(18) Investigations and appropriate penalties help to prevent and correct inadequate execution of a statutory audit.

(19) Statutory auditors and audit firms are responsible for carrying out their work with due care and thus should be liable for the financial damage caused by a lack of the care owed. However, the auditors' and audit firms' ability to obtain professional indemnity insurance cover may be affected by whether they are subject to unlimited financial liability. For its part, the Commission intends examining these issues, taking into account the fact that liability regimes of the Member States may vary considerably.

(20) Member States should organise an effective system of public oversight for statutory auditors and audit firms on the basis of home country control. The regulatory arrangements for public oversight should make possible effective cooperation at Community level in respect of the Member States' oversight activities. The public oversight system should be governed by non-practitioners who are knowledgeable in the areas relevant to statutory audit. These non-practitioners may be specialists who have never been linked with the audit profession or former practitioners who have left the profession. Member States may, however, allow a minority of practitioners to be involved in the governance of the public oversight system. Competent authorities of Member States should cooperate with each other whenever necessary for the purpose of carrying out their oversight duties on statutory auditors or audit firms approved by them. Such cooperation can make an important contribution to ensuring consistently high quality in the statutory audit in the Community. Since it is necessary to ensure effective cooperation and coordination at European level among competent authorities designated by Member States, the designation of one entity, responsible for ensuring cooperation, should be without prejudice to the ability of each single authority to cooperate directly with the other competent authorities of the Member States.

(21) In order to ensure compliance with Article 32(3) on principles of public oversight, a non-practitioner is deemed to be knowledgeable in the areas relevant to the statutory audit either because of his or her past professional skill or, alternatively, because he or she has knowledge of at least one of the subjects listed in Article 8.

(22) The statutory auditor or audit firm should be appointed by the general meeting of shareholders or members of the audited entity. In order to protect the independence of the auditor it is important that dismissal should be possible only where there are proper grounds and if those grounds are communicated to the authority or authorities responsible for public oversight.

(23) Since public-interest entities have a higher visibility and are economically more important, stricter requirements should apply in the case of a statutory audit of their annual or consolidated accounts.

(24) Audit committees and an effective internal control system help to minimise financial, operational and compliance risks, and enhance the quality of financial reporting. Member States might have regard to the Commission Recommendation of 15 February 2005 on the role of non-executive or supervisory directors of listed companies and on the committees of the (supervisory) board(13), which sets out how audit committees should be established and function. Member States may determine that the functions assigned to the audit committee or a body performing equivalent functions may be performed by the administrative or supervisory body as a whole. With regard to the duties of the audit committee under Article 41, the statutory auditor or audit firm should in no way be subordinated to the committee.

(25) Member States may also decide to exempt public-interest entities which are collective investment undertakings whose transferable securities are admitted to trading on a regulated market from the requirement to have an audit committee. This option takes into account the fact that where a collective investment undertaking functions merely for the purpose of pooling assets, the employment of an audit committee will not always be appropriate. The financial reporting and related risks are not comparable to those of other public-interest entities. In addition, undertakings for collective investment in transferable securities (UCITS) and their management companies operate in a strictly defined regulatory environment and are subject to specific governance mechanisms such as controls exercised by their depositary. For those collective investment undertakings which are not harmonised by Directive 85/611/EEC(14) but are subject to equivalent safeguards as provided for by that Directive, Member States should, in this particular case, be allowed to provide for equal treatment with Community-harmonised collective investment undertakings.

(26) In order to reinforce the independence of auditors of public-interest entities, the key audit partner(s) auditing such entities should rotate. To organise such rotation, Member States should require a change of key audit partner(s) dealing with an audited entity, while allowing the audit firm with which the key audit partner(s) is/are associated to continue being the statutory auditor of such entity. Where a Member State considers it appropriate in order to attain the objectives pursued, that Member State might, alternatively, require a change of audit firm, without prejudice to Article 42(2).

(27) The interrelation of capital markets underlines the need also to ensure high-quality work performed by auditors from third countries in relation to the Community capital market. The auditors concerned should therefore be registered so as to make them subject to quality assurance reviews and to the system of investigations and penalties. Derogations on the basis of reciprocity should be possible subject to an equivalence testing to be performed by the Commission in cooperation with Member States. In any case, an entity which has issued transferable securities on a regulated market within the meaning of point 14 of Article 4(1) of Directive 2004/39/EC should always be audited by an auditor either registered in a Member State or overseen by competent authorities of the third country from which the auditor comes from, provided that the said third country is acknowledged by the Commission or a Member State as meeting the requirements equivalent to Community requirements in the field of principles of oversight, quality assurance systems and systems of investigations and penalties, and that the basis of this arrangement is reciprocity. While one Member State may consider a third country's quality assurance system equivalent, other Member States should not be bound to accept that assessment, nor should the Commission's decision be pre-empted thereby.

(28) The complexity of international group audits requires good cooperation between the competent authorities of Member States and those of third countries. Member States should therefore ensure that competent authorities of third countries can have access to audit working papers and other documents through the national competent authorities. In order to protect the rights of the parties concerned and at the same time facilitate access to those papers and documents, Member States should be allowed to grant direct access to the competent authorities of third countries, subject to the agreement of the national competent authority. One of the relevant criteria for the granting of access is whether the competent authorities in third countries meet requirements which the Commission has declared adequate. Pending such a decision by the Commission, and without prejudice thereto, Member States may assess whether the requirements are adequate.

(29) Disclosure of information as referred to in Articles 36 and 47 should be in accordance with the rules on the transfer of personal data to third countries as laid down in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(15).

(30) The measures necessary for the implementation of this Directive should be adopted in accordance with Decision 1999/468/EC and with due regard to the declaration made by the Commission in the European Parliament on 5 February 2002 concerning the implementation of financial services legislation.

(31) The European Parliament should be given a period of three months from the first transmission of draft amendments and implementing measures to allow it to examine them and to give its opinion. However, in urgent and duly justified cases, it should be possible to shorten that period. If, within that period, a resolution is adopted by the European Parliament, the Commission should re-examine the draft amendments or measures.

(32) Since the objectives of this Directive — namely requiring the application of a single set of international auditing standards, the updating of the educational requirements, the definition of professional ethics and the technical implementation of the cooperation between competent authorities of Member States and between those authorities and the authorities of third countries, in order further to enhance and harmonise the quality of statutory audit in the Community and to facilitate cooperation between Member States and with third countries so as to strengthen confidence in the statutory audit — cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of this Directive, be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(33) With a view to rendering the relationship between the statutory auditor or audit firm and the audited entity more transparent, Directives 78/660/EEC and 83/349/EEC should be amended so as to require disclosure of the audit fee and the fee paid for non-audit services in the notes to the annual accounts and the consolidated accounts.

(34) Directive 84/253/EEC should be repealed because it lacks a comprehensive set of rules to ensure an appropriate audit infrastructure, such as public oversight, disciplinary systems and systems of quality assurance, and because it does not provide specifically for regulatory cooperation between Member States and third countries. In order to ensure legal certainty, there is a clear need to indicate that statutory auditors and audit firms that have been approved under Directive 84/253/EEC are considered as approved under this Directive,

HAVE ADOPTED THIS DIRECTIVE: