In accordance with the Treaty on the Functioning of the European Union (TFEU), the internal market comprises an area without internal frontiers in which the free movement of goods and services and the freedom of establishment are ensured. It is necessary to enable statutory auditors and audit firms to develop their statutory audit service activities within the Union by making it possible for them to provide such services in a Member State other than that in which they were approved. Enabling statutory auditors and audit firms to provide statutory audits under their home-country professional titles in a host Member State addresses, in particular, the needs of groups of undertakings which, owing to the increasing trade flows resulting from the internal market, draw up financial statements in several Member States and are required to have them audited under Union law. The elimination of barriers to the development of statutory audit services between Member States would contribute to the integration of the Union audit market.

Whilst the primary responsibility for delivering financial information should rest with the management of the audited entities, statutory auditors and audit firms play a role by actively challenging the management from a user's perspective. In order to improve audit quality, it is therefore important that the professional scepticism exercised by statutory auditors and audit firms vis-à-vis the audited entity be reinforced. Statutory auditors and audit firms should recognise the possibility that a material misstatement due to fraud or error could exist, notwithstanding the auditor's past experience of the honesty and integrity of the audited entity's management.

It is particularly relevant to reinforce independence as an essential element when carrying out statutory audits. In order to enhance the independence of statutory auditors and audit firms from the audited entity when they are carrying out statutory audits, a statutory auditor or an audit firm, and any natural person in a position to directly or indirectly influence the outcome of the statutory audit, should be independent of the audited entity and should not be involved in the audited entity's decision-making process. In order to maintain that independence, it is also important that they keep records of all threats to their independence and of the safeguards applied to mitigate those threats. Moreover, where the threats to their independence, even after the application of safeguards to mitigate those threats, are too significant, they should resign or abstain from the audit engagement.

Statutory auditors and audit firms should be independent when carrying out statutory audits of audited entities, and conflicts of interest should be avoided. In order for the independence of statutory auditors and audit firms to be determined, the concept of a network in which statutory auditors and audit firms operate has to be taken into account. The independence requirement should at least be fulfilled during the period covered by the audit report, including both the period covered by the financial statements to be audited and the period during which the statutory audit is carried out.

Statutory auditors, audit firms and their employees should in particular refrain from carrying out the statutory audit of an entity if they have a business interest or financial interest in it, and from trading in financial instruments issued, guaranteed or otherwise supported by an audited entity, other than holdings in diversified collective investment schemes. The statutory auditor or the audit firm should abstain from participating in the internal decision-making processes of the audited entity. Statutory auditors, audit firms and their employees directly involved in the statutory audit engagement should be prevented from taking up duties in the audited entity at managerial or board level until an appropriate period has elapsed since the end of the audit engagement.

Adequate internal organisation of statutory auditors and audit firms should help to prevent any threats to their independence. Thus, owners or shareholders of an audit firm, as well as those managing it, should not intervene in the carrying-out of a statutory audit in any way which jeopardises the independence and objectivity of the statutory auditor who carries out the statutory audit on behalf of the audit firm. Additionally, statutory auditors and audit firms should establish appropriate internal policies and procedures in relation to employees and other persons involved in the statutory audit activity within their organisations, in order to ensure compliance with their statutory obligations. Those policies and procedures should in particular seek to prevent and address any threats to independence and should ensure the quality, integrity and thoroughness of the statutory audit. Those policies and procedures should be proportionate, in view of the scale and complexity of the business of the statutory auditor or the audit firm.

The statutory audit results in the expression of an opinion that the financial statements give a true and fair view of the audited entities in accordance with the relevant financial reporting framework. Stakeholders, however, might be unaware of the limitations of an audit, as regards, for example, materiality, sampling techniques, the role of the auditor in the detection of fraud and the responsibility of managers, which can lead to an expectation gap. In order to reduce that gap, it is important to provide greater clarity as to the scope of the statutory audit.

It is important to ensure high-quality statutory audits within the Union. All statutory audits should therefore be carried out on the basis of the international auditing standards adopted by the Commission. As international auditing standards are designed to be usable for entities of all sizes, of all types and in all jurisdictions, the competent authorities in Member States should take into account the scale and complexity of the business of small undertakings when assessing the scope of application of international auditing standards. Any provision or measure adopted by a Member State in this regard should not result in statutory auditors or audit firms being unable to carry out statutory audits in compliance with the international auditing standards. Member States should be allowed to impose additional national audit procedures or requirements only if they stem from specific national legal requirements relating to the scope of the statutory audit of annual or consolidated financial statements, meaning that those requirements have not been covered by the adopted international auditing standards, or if they add to the credibility and quality of annual financial statements and consolidated financial statements. The Commission should continue to be involved in the monitoring of the content of the international auditing standards and the process for their adoption by the International Federation of Accountants (IFAC).

In the case of consolidated financial statements, it is important that there be a clear definition of the responsibilities of statutory auditors who audit different entities within the group concerned. For this purpose, the group auditor should bear full responsibility for the audit report.

In order to enhance the credibility and transparency of the quality assurance reviews performed in the Union, Member States' quality assurance systems should be governed by the competent authorities designated by the Member States to ensure public oversight of statutory auditors and audit firms. Quality assurance reviews are designed to prevent or address potential deficiencies in the manner in which statutory audits are carried out. In order to ensure that the quality assurance reviews are sufficiently comprehensive, the competent authorities, when carrying out such reviews, should take into account the scale and complexity of the activity of the statutory auditors and the audit firms.

In order to improve compliance with the requirements of this Directive and of Regulation (EU) No 537/2014, and in the light of the Commission Communication of 8 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures by, and the sanctioning powers of, competent authorities should be enhanced. Provision should be made for the imposition of administrative pecuniary sanctions on statutory auditors, audit firms and public-interest entities for identified infringements of the rules. The competent authorities should be transparent about the sanctions and measures that they apply. The adoption and publication of sanctions should respect fundamental rights as laid down in the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life, the right to the protection of personal data, and the right to an effective remedy and to a fair trial.

Competent authorities should be able to impose administrative pecuniary sanctions that have a real deterrent effect, for instance in an amount of up to one million euros or higher in the case of natural persons and up to a percentage of total annual turnover in the preceding financial year in the case of legal persons or other entities. That goal is better achieved by relating the pecuniary sanction to the financial situation of the person committing the breach. Without prejudice to the possibility of withdrawing the approval of the statutory auditor or audit firm concerned, other types of sanctions which have a suitable deterrent effect should be envisaged. In any case, Member States should apply identical criteria when determining the sanction to be imposed.

Whistleblowers can bring new information to the attention of competent authorities which may assist them in detecting and imposing sanctions for irregularities, including fraud. However, whistleblowers may be deterred from doing so for fear of retaliation, or may lack incentives to do so. Member States should therefore ensure that adequate arrangements are in place to encourage whistleblowers to alert them to possible infringements of this Directive or of Regulation (EU) No 537/2014 and to protect them from retaliation. Member States should also be able to provide them with incentives for doing so; however, whistleblowers should only be eligible for such incentives where they bring to light new information which they are not already legally obliged to notify and where that information results in a sanction for an infringement of this Directive or of Regulation (EU) No 537/2014. However, Member States should also ensure that whistleblowing schemes implemented by them include mechanisms that provide appropriate protection for the reported persons, particularly as regards the right to the protection of their personal data and procedures to ensure their right of defence and their right to be heard before the adoption of a decision concerning them, as well as the right to seek an effective remedy before a tribunal against such a decision. The mechanisms established should also provide appropriate protection for whistleblowers, not only as regards the right to the protection of personal data but also by ensuring that they are not victims of undue retaliation.

The public oversight of statutory auditors and audit firms encompasses the approval and registration of statutory auditors and audit firms, the adoption of standards in respect of professional ethics and internal quality control of audit firms, continuing education, and the systems of quality assurance, investigation and sanctions for statutory auditors and audit firms. In order to enhance the transparency of auditor oversight and to allow for greater accountability, each Member State should designate a single authority to be in charge of public oversight of statutory auditors and audit firms. The independence of such public oversight authorities from the audit profession is a core prerequisite for the integrity, efficiency and orderly functioning of public oversight of statutory auditors and audit firms. Consequently, the public oversight authorities should be governed by non-practitioners and Member States should establish independent and transparent procedures for the selection of such non-practitioners.

Member States should be able to create exemptions to the requirements imposed on auditing services when they are provided to cooperatives and savings banks.

Member States should be able to delegate or allow competent authorities to delegate the tasks of those competent authorities to other authorities or to bodies authorised or designated by law. Such delegation should be subject to several conditions and the competent authority concerned should bear the ultimate responsibility for the oversight.

Public oversight authorities should be vested with sufficient powers to fulfil their tasks in an effective manner. In addition, they should be provided with sufficient human and financial resources to perform their tasks.

Adequate oversight of statutory auditors and audit firms that engage in cross-border activities or are part of networks necessitates exchange of information between the public oversight authorities of the Member States. In order to protect the confidentiality of the information that may be thus exchanged, Member States should subject to the obligation of professional secrecy not only the employees of the public oversight authorities but also all persons to whom the public oversight authorities may have delegated tasks.

Where there are proper grounds for acting, shareholders, other bodies of the audited entities when defined by national law or the competent authorities responsible for the oversight of statutory auditors and audit firms or, when provided for by national law, the competent authorities responsible for the supervision of the public-interest entity should be empowered to bring a claim before a national court for the dismissal of the statutory auditor.

In order to preserve the rights of the parties concerned when the competent authorities of Member States cooperate with the competent authorities of third countries on the exchange of audit working papers or other relevant documents for the assessment of the quality of the audit performed, Member States should ensure that the working arrangements entered into by their competent authorities on the basis of which any such exchange takes place include sufficient safeguards to protect the business secrecy and commercial interests, including the industrial and intellectual property rights, of the audited entities. Member States should ensure that those arrangements comply and are compatible with the provisions of Directive 95/46/EC.

In order to give full effect to the new legal framework provided for in the TFEU, it is necessary to adapt and replace the implementing powers provided for under Article 202 of the Treaty establishing the European Community with the appropriate provisions in accordance with Articles 290 and 291 TFEU.

The alignment of the procedures for the adoption of delegated and implementing acts by the Commission to the TFEU and, in particular, to Articles 290 and 291 thereof, should be done on a case-by-case basis. In order to take into account the developments in auditing and the audit profession, and to facilitate the oversight of statutory auditors and audit firms, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission. In the field of auditor oversight, the use of delegated acts is necessary in order to develop the procedures for cooperation between the competent authorities of Member States and those of third countries. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

Since the objective of this Directive, namely to reinforce investor confidence in the truth and fairness of the financial statements published by undertakings by further enhancing the quality of statutory audits that are performed within the Union, cannot be sufficiently achieved by Member States but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective.

Directive 2006/43/EC should therefore be amended accordingly.