Financial Audit: Process and Compliance with Standards

Introduction

Financial audit constitutes an essential pillar of corporate governance and transparency of financial markets. In an increasingly complex regulatory environment, marked by the entry into force of the Sapin II Law, the MiFID II Directive and the growing requirement for compliance with IAS/IFRS standards, listed companies and large groups must structure their audit processes rigorously. This article provides an in-depth analysis of internal and external audit mechanisms, applicable standards and best practices allowing companies to secure their financial reporting, prevent fraud risks and meet the expectations of regulators such as the AMF and the ECB.

The fundamentals of internal audit

Internal audit is an independent and objective function which aims to evaluate an organization's internal control, risk management and governance processes. Generally attached to the audit committee of the board of directors, it is carried out in accordance with international standards published by the IIA (Institute of Internal Auditors) and the COSO and COBIT standards.

For listed companies, internal audit plays a strategic role: it identifies weaknesses in the internal control system, verifies the reliability of interim and consolidated financial statements, and assesses compliance with internal procedures. Article L. 823-19 of the French Commercial Code also requires public interest entities to set up a specialized committee responsible for monitoring the process of preparing financial information.

Risk mapping is the starting point for any internal audit mission. It allows areas of intervention to be prioritized using a risk-based auditing approach, taking into account the financial, operational and regulatory issues specific to each profession.

The specificities of the external audit

The external audit, or legal audit, is carried out by independent auditors (CAC), registered with the National Company of Auditors (CNCC) and supervised by the High Council of the Audit Office (H3C). Their mission is to certify that the annual and consolidated accounts give a true and fair image of the company's assets, financial situation and results.

The external audit process follows the French Professional Practice Standards (NEP), which are themselves aligned with the International Standards on Auditing (ISA). It is broken down into four main phases: planning and risk assessment, control tests, substantive controls, and formulation of the audit opinion.

For large listed groups, the mandatory rotation of audit firms every 10 years (24 years in the case of co-audit), imposed by European Regulation No. 537/2014, aims to guarantee the independence of the CAC. The audit report now includes Key Audit Matters (KAM) which describe the most significant areas examined.

Audit standards and their application

Audit standards form a harmonized framework guaranteeing the quality and comparability of missions. IAS/IFRS standards, mandatory for the consolidated accounts of companies listed in Europe since 2005 (EC regulation no. 1606/2002), structure the financial presentation. The ISA standards govern the audit methodology.

The auditor must notably apply ISA 315 (identification of risks of material misstatement), ISA 330 (responses to assessed risks), and ISA 700 (formulation of the opinion). For financial institutions subject to MiFID II, additional due diligence concerns the protection of investors and the transparency of transactions.

Audit reports and financial communication

The audit report constitutes the outcome of the mission. It formalizes the opinion of the auditor: certification without reservation, with reservations, refusal to certify or impossibility of expressing an opinion. Beyond this opinion, the report includes a description of KAM, the specific verifications required by law, and information relating to corporate governance.

Communication with the audit committee, formalized by the additional report provided for in Article 11 of European Regulation No. 537/2014, reinforces the transparency of the system.

Conclusion

The financial audit is not limited to a regulatory obligation: it constitutes a real tool for strategic management and building trust with stakeholders. By effectively articulating internal audit and external audit, relying on IAS/IFRS and ISA standards, and respecting the requirements of the Sapin II Law and MiFID II, companies strengthen their financial credibility and their resilience to risks.