Financial Audit: Process and Compliance with Standards

Introduction

Financial audit constitutes an essential pillar of corporate governance and the transparency of financial markets. In an increasingly complex regulatory environment, marked by the entry into force of the Sapin II Law, the MiFID II Directive and the growing requirement for compliance with IAS/IFRS standards, listed companies and large groups must structure their audit processes with rigour. This article proposes an in-depth analysis of the mechanisms of internal and external audit, the applicable standards and best practices that enable companies to secure their financial reporting, prevent fraud risks and meet the expectations of regulators such as the AMF and the ECB.

The fundamentals of internal audit

Internal audit is an independent and objective function that aims to assess the internal control processes, risk management and governance of an organisation. Generally attached to the audit committee of the board of directors, it is exercised in accordance with international standards published by the IIA (Institute of Internal Auditors) and the COSO and COBIT frameworks.

For listed companies, internal audit plays a strategic role: it identifies weaknesses in the internal control system, verifies the reliability of interim and consolidated financial statements, and assesses compliance with internal procedures. Article L. 823-19 of the French Commercial Code furthermore requires entities of public interest to establish a specialised committee responsible for monitoring the process of preparing financial information.

Risk mapping constitutes the starting point for any internal audit mission. It makes it possible to prioritise areas of intervention according to a risk-based auditing approach, taking into account the financial, operational and regulatory issues specific to each business line.

The specificities of external audit

External audit, or statutory audit, is carried out by independent statutory auditors registered with the National Company of Statutory Auditors (CNCC) and supervised by the High Council of Statutory Auditing (H3C). Their mission is to certify that the annual and consolidated accounts give a true and fair view of the company's assets, financial position and results.

The external audit process follows the French Professional Practice Standards (NEP), which are themselves aligned with the International Standards on Auditing (ISA). It is divided into four main phases: planning and risk assessment, control testing, substantive controls, and the formulation of the audit opinion.

For large listed groups, the mandatory rotation of audit firms every 10 years (24 years in the case of joint audit), imposed by European regulation No. 537/2014, aims to guarantee the independence of the statutory auditor. The audit report now includes Key Audit Matters (KAM) which describe the most significant areas examined.

Audit standards and their application

Audit standards form a harmonised framework guaranteeing the quality and comparability of missions. IAS/IFRS standards, mandatory for consolidated accounts of listed companies in Europe since 2005 (EC regulation No. 1606/2002), structure financial reporting. ISA standards, for their part, govern audit methodology.

The auditor must in particular apply ISA 315 (identification of risks of significant anomalies), ISA 330 (responses to assessed risks), and ISA 700 (formulation of opinion). For financial institutions subject to MiFID II, additional due diligence concerns the protection of investors and the transparency of transactions.

Audit reports and financial communication

The audit report constitutes the conclusion of the mission. It formalises the opinion of the statutory auditor: certification without qualifications, with qualifications, refusal to certify or inability to express an opinion. Beyond this opinion, the report includes a description of the KAM, specific verifications provided for by law, and information relating to corporate governance.

Communication with the audit committee, formalised by the supplementary report provided for in Article 11 of European regulation No. 537/2014, strengthens the transparency of the system.

Conclusion

Financial audit is not limited to a regulatory obligation: it constitutes a genuine tool for strategic piloting and confidence with stakeholders. By effectively articulating internal and external audit, by relying on IAS/IFRS and ISA standards, and by respecting the requirements of the Sapin II Law and MiFID II, companies strengthen their financial credibility and their resilience in the face of risks.