Financial Audit: Process and Compliance with Standards

Introduction

Financial audit constitutes an essential pillar of corporate governance and financial market transparency. In an increasingly complex regulatory environment, marked by the entry into force of the Sapin II Law, the MiFID II Directive and the growing requirement for compliance with IAS/IFRS standards, listed companies and large groups must structure their audit processes with rigour. This article proposes an in-depth analysis of internal and external audit mechanisms, applicable standards and best practices enabling companies to secure their financial reporting, prevent fraud risks and meet the expectations of regulators such as the AMF and the ECB.

The fundamentals of internal audit

Internal audit is an independent and objective function aimed at assessing the internal control processes, risk management and governance of an organisation. Generally reporting to the audit committee of the board of directors, it is exercised in accordance with international standards published by the IIA (Institute of Internal Auditors) and the COSO and COBIT frameworks.

For listed companies, internal audit plays a strategic role: it identifies weaknesses in the internal control system, verifies the reliability of intermediate and consolidated financial statements, and assesses compliance with internal procedures. Article L. 823-19 of the French Commercial Code furthermore requires public interest entities to establish a specialised committee responsible for overseeing the process of preparing financial information.

Risk mapping constitutes the starting point for any internal audit assignment. It makes it possible to prioritise intervention areas according to a risk-based approach (risk-based auditing), taking into account the financial, operational and regulatory issues specific to each business line.

The specificities of external audit

External audit, or statutory audit, is performed by independent statutory auditors (CAC), registered with the National Company of Statutory Auditors (CNCC) and supervised by the High Council of Statutory Auditing (H3C). Their mission is to certify that the annual and consolidated accounts give a true and fair view of the company's assets, financial position and results.

The external audit process follows French Professional Practice Standards (NEP), which are themselves aligned with the International Standards on Auditing (ISA). It breaks down into four main phases: planning and risk assessment, control testing, substantive testing, and formulation of the audit opinion.

For large listed groups, the mandatory rotation of audit firms every 10 years (24 years in the case of joint auditors), imposed by European Regulation No. 537/2014, aims to guarantee the independence of the statutory auditor. The audit report now includes Key Audit Matters (KAM) which describe the most significant areas examined.

Audit standards and their application

Audit standards form a harmonised framework guaranteeing the quality and comparability of assignments. IAS/IFRS standards, mandatory for consolidated accounts of listed companies in Europe since 2005 (EC Regulation No. 1606/2002), structure financial reporting. ISA standards, for their part, govern audit methodology.

The auditor must in particular apply ISA 315 (identification of risks of significant misstatements), ISA 330 (responses to assessed risks), and ISA 700 (formulation of the opinion). For financial institutions subject to MiFID II, additional procedures relate to investor protection and transaction transparency.

Audit reports and financial communication

The audit report constitutes the culmination of the assignment. It formalises the statutory auditor's opinion: unqualified certification, with reservations, refusal to certify or inability to express an opinion. Beyond this opinion, the report includes a description of KAM, specific verifications required by law, and information relating to corporate governance.

Communication with the audit committee, formalised by the additional report provided for in Article 11 of European Regulation No. 537/2014, strengthens the transparency of the system.

Conclusion

Financial audit is not limited to a regulatory obligation: it constitutes a genuine tool for strategic management and building trust with stakeholders. By effectively articulating internal and external audit, relying on IAS/IFRS and ISA standards, and respecting the requirements of the Sapin II Law and MiFID II, companies strengthen their financial credibility and resilience in the face of risks.