Financial Audit: Process and Compliance with Standards

Introduction

Financial audit constitutes an essential pillar of corporate governance and financial market transparency. In an increasingly complex regulatory environment, marked by the entry into force of the Sapin II Law, the MiFID II Directive and the growing requirement for compliance with IAS/IFRS standards, listed companies and large groups must structure their audit processes with rigour. This article proposes an in-depth analysis of internal and external audit mechanisms, applicable standards and best practices enabling companies to secure their financial reporting, prevent fraud risks and meet the expectations of regulators such as the AMF and the ECB.

The fundamentals of internal audit

Internal audit is an independent and objective function aimed at assessing the internal control processes, risk management and governance of an organisation. Generally reporting to the audit committee of the board of directors, it is exercised in accordance with international standards published by the IIA (Institute of Internal Auditors) and the COSO and COBIT frameworks.

For listed companies, internal audit plays a strategic role: it identifies weaknesses in the internal control system, verifies the reliability of interim and consolidated financial statements, and assesses compliance with internal procedures. Article L. 823-19 of the French Commercial Code moreover requires public interest entities to establish a specialised committee responsible for monitoring the process of drawing up financial information.

Risk mapping constitutes the starting point for any internal audit mission. It enables intervention areas to be prioritised according to a risk-based auditing approach, taking into account the financial, operational and regulatory issues specific to each business.

The specificities of external audit

External audit, or statutory audit, is carried out by independent statutory auditors (Commissaires aux Comptes), registered with the National Company of Statutory Auditors (CNCC) and supervised by the High Council of Statutory Auditors (H3C). Their mission is to certify that the annual and consolidated accounts give a true and fair view of the company's assets, financial position and results.

The external audit process follows the French Professional Practice Standards (NEP), which are themselves aligned with the International Standards on Auditing (ISA). It comprises four main phases: planning and risk assessment, tests of controls, substantive controls, and formulation of the audit opinion.

For large listed groups, the mandatory rotation of audit firms every 10 years (24 years in the case of joint audit), imposed by European Regulation No 537/2014, aims to guarantee the independence of the statutory auditor. The audit report now includes Key Audit Matters (KAM) which describe the most significant areas examined.

Audit standards and their application

Audit standards form a harmonised framework ensuring the quality and comparability of missions. IAS/IFRS standards, mandatory for consolidated accounts of listed companies in Europe since 2005 (EC Regulation No 1606/2002), structure financial reporting. ISA standards, for their part, govern audit methodology.

The auditor must in particular apply ISA 315 (identification of risks of material misstatement), ISA 330 (responses to assessed risks), and ISA 700 (formulation of opinion). For financial institutions subject to MiFID II, additional procedures concern investor protection and transaction transparency.

Audit reports and financial communication

The audit report constitutes the outcome of the mission. It formalises the statutory auditor's opinion: unqualified certification, qualified certification, refusal to certify or inability to express an opinion. Beyond this opinion, the report includes a description of the KAM, the specific verifications provided for by law, and information relating to corporate governance.

Communication with the audit committee, formalised by the supplementary report provided for in Article 11 of European Regulation No 537/2014, strengthens the transparency of the system.

Conclusion

Financial audit is not limited to a regulatory requirement: it constitutes a genuine tool for strategic management and building trust with stakeholders. By effectively articulating internal and external audit, relying on IAS/IFRS and ISA standards, and complying with the requirements of the Sapin II Law and MiFID II, companies strengthen their financial credibility and their resilience in the face of risks.