Public companies in the European Union’s 27 member states should be complying with “EuroSox” by the end of the summer to establish a pan-European framework for governance and financial reporting akin to the Sarbanes-Oxley Act in the United States.
At least, that’s the theory, anyway.
EU nations were supposed to implement two directives this year to bring themselves up to EuroSox standards: the Statutory Audit Directive, which clarifies the duties of external auditors; and the Company Reporting Directive, to adopt Britain’s “comply or explain why” approach to governance standards. The audit directive had to be “transposed” into EU state’s national laws by June, the company directive by September.
Unfortunately, several countries have missed both deadlines. And some of those that have implemented the directives have added their own unique spin to their national laws, leading to claims that they have undermined the aim of creating a single EU-wide approach, and produced a patchwork of different compliance regimes … which is precisely what Europe had in the first place.
The reforms followed the spate of corporate scandals in the early 2000s (Enron and WorldCom in the United States, Parmalat and Ahold in Europe). Having seen American lawmakers react with the Sarbanes-Oxley Act, the European Commission reviewed the state of corporate governance in Europe and published the two new directives in 2006.
The Statutory Audit Directive requires common ethical principles for auditors and tells member states to create independent audit oversight bodies if they don’t have them already. It also requires all “public interest companies”—typically those that are publicly traded—to have an audit committee or a similar body. Technically, it modifies the EU’s existing Eighth Company Law Directive.
The Company Reporting Directive tells companies to publish a corporate governance statement and disclose how closely they have complied with a corporate governance code, or explain areas where they have not complied. The statement must also describe the company’s system of internal control and risk management. This directive modifies the existing Fourth and Seventh Company Law Directives.
“The reason I hate that term [EuroSox] is that it makes people think about Section 404 ... Neither of these directives has anything to do with that.”
— Tim Copnell,
Director,
KPMG Audit Institute
Tim Copnell, director of KPMG’s Audit Committee Institute in Britain, says the two directives clearly are cousins to SOX, especially pertaining to audit oversight. But to call the whole package “EuroSox” is misleading, he contends. “The reason I hate that term is that it makes people think about Section 404,” the portion of SOX that requires companies to certify that their internal controls over financial reporting are effective. “Neither of these directives has anything to do with that,” he stresses.
That said, the directives are important nevertheless, says Copnell. For example, for many countries and companies in Europe, the requirement to have an audit committee “will be a big change,” he says.
However, it’s hard to know just how significant the directives will be, because many member states have missed the deadline for implementing them. Just how far behind they are is hard to determine.
The Commission published a “scorecard” last month setting out how far member states progressed on the Statutory Audit Directive. This showed that only 12 member states had transposed the entire directive into their national laws. The Czech Republic and Ireland were among the worst offenders, with more than 50 parts of the directive not yet adopted. Seven member states did not yet have a public oversight system to monitor audit work, and one state that did have such a system had not yet appointed anyone to run it.
DIRECTIVE BREAKDOWN
The following excerpt is from the ‘Comitology’ section of the ICAEW briefing on the Statutory Audit Directive.
Comitology: The Directive identifies a number of areas which either must be or alternatively may be implemented through so-called “comitology” – i.e. delegated decision-making procedures. In brief, comitology is where a Directive (or Regulation) delegates to a specialized Committee the implementation of detailed measures or rules in specific areas. Composed of representatives of EU Member States, the Committee is chaired by the European Commission and its decision-making, where Internal Market legislation such as the Statutory Audit Directive is concerned, is made on the basis of qualified majority voting. The proposed implementing measures are then submitted to the EU Council and the EU Parliament, which may block their adoption if it is deemed that the proposed measures have either exceeded the remit set out in the Directive (or Regulation), or are incompatible with the aims or the content of the Directive or are inconsistent with the principles of subsidiarity and proportionality.
In the case of the Statutory Audit Directive, the dedicated committee is the Audit Regulatory Committee. In addition to the Directive’s mandatory comitology procedures on registration and oversight of third country auditors and assessment thereof to ascertain possible equivalence, the adoption of international auditing standards (ISAs) is a key priority for comitology procedures. The Directive also foresees the possibility of comitology in a wide range of other areas: for example, independence requirements, education and training (test of theoretical knowledge) and quality assurance. The inclusion in the Directive of non-mandatory comitology procedures indicates that the EU legislator wishes to leave open the possibility of modifying requirements included in the Directive without having to undertake the formal revision of the Directive itself. Formal revision in this way can be complex and time consuming. It should be emphasized though that the granting of comitology powers in these areas does not oblige their use.
All areas in the Directive where comitology is relevant – with the sole exception of the article dealing with auditing standards – are subject to a “sunset clause” for introducing
implementing measures, which expires on April 1, 2008. (As noted above, this is slightly earlier than the deadline for the transposition of the Directive.) Implementing measures agreed before this date will continue to apply after April 2008. However, it will not be possible for new implementing measures in other areas to be adopted after 2008 unless an extension of the period for the application of such measures under the Directive is approved at EU Institutional level.
(1) Audit Regulatory Committee (AuRC)
The Audit Regulatory Committee is composed of the officials of the relevant national ministries: in the UK, this is the Department of Trade and Industry (DTI). Chaired by the European Commission, the AuRC has delegated authority with regard to implementing measures, as identified in the Directive. This Committee should not be confused with the Accounting Regulatory Committee – the implementing committee responsible for the adoption of financial reporting standards. It is clear that the AuRC will be concerned primarily in the first instance with the questions of auditing standards and third country auditors. It is currently less clear which, if any, of the other areas noted above will be treated as a priority for implementing measures.
(2) European Group of Auditors’ Oversight Bodies (EGAOB)
The establishment of the EGAOB was announced in December 2005. The EGAOB is composed of high-level representatives from the entities responsible for the public oversight of statutory auditors in Member States or, in their absence, of representatives from the competent national ministries. Only non-practitioners can be designated as members of the EGAOB.
The first aim of the Group is to ensure the effective coordination of new public oversight systems of statutory auditors within the EU. It will also provide technical input to the AuRC on implementing measures as required in the Directive, beginning with the adoption of auditing standards, the assessment of third country auditors and the practical implementation of a quality assurance system. In order to undertake these specific functions, the EGAOB has established subgroups to deal with these issues. As per the appended chart, the profession is present directly only on the ISA subgroup, via FEE (Fédération des Experts Comptables Européens – European Federation of Accountants) EFAA (European Federation for Accountants and Auditors for SMEs) and the European Contact Group (ECG) /European Group of International Accounting Networks (EGIAN). The EGAOB’s fourth subgroup, “Scoreboard and monitoring”, will seek to assist in the dissemination of best practice among oversight bodies.
(3) European Forum on Auditors’ Liability
The European Forum on Auditors’ Liability was established in November 2005 to assist the Commission to meet the obligation set by the Directive to produce a report on auditor liability. The Forum will continue providing input into this debate, following the publication of the Commission’s report/consultation in January 2007.
Source
ICAEW briefing on the Statutory Audit Directive .
But the Commission couldn’t provide a similar scorecard detailing implementation of the Company Reporting Directive and says it has no plans to produce one. It couldn’t even name any of the member states that had implemented the directive, although some obviously have.
Jennings
“I find it strange that the [European] Commission doesn’t have a more formal basis for monitoring the implementation of the directives,” says Jeremy Jennings, a Brussels-based Ernst & Young partner who chairs the European Contact Group, a policy grouping of the top six global accounting firms that builds relationships between the profession and EU officials. “We have created a database so that we can do it, and why the Commission can’t do something like that is beyond me,” he says.
Jennings says his database, which tracks implementation of both directives, doesn’t tally entirely with the Commission’s scorecard. “It’s a case of garbage in, garbage out,” he explains. The Commission sent member states a simple checklist questionnaire to complete: “It doesn’t really get behind how a country has implemented and whether they have done so properly.”
Dig into the detail of what member states have done, and important differences emerge. Denmark has expanded the definition of “public interest entities” to include large private companies, which widens the scope of the reforms. France has gone much further than anyone else on auditor independence and is trying to adopt an ethical code that would stop firms providing services to connected audit clients—a move the Commission is trying to block through the courts.
The requirement that member states have been slowest to adopt is probably the most important one, says Jennings: the creation of audit committees. “That is quite frustrating,” he says, as the existence of an audit committee underpins many of the other reforms.
Implications for Companies
If audit firms have to comply with 27 different oversight and ethics regimes, that will push up audit fees, Jennings warns. And both he and Copnell argue that some of the seemingly minor tweaks that member states are making to their national laws could have important consequences for companies.
The corporate governance statement is one example. The relevant directive is open on whether this should be a standalone statement, or one included in the annual report. “If it’s standalone, it doesn’t need to be audited or reviewed,” Jennings says. “But if it is part of your financial statements, you might find that the audit opinion has to encompass the corporate governance statement.” That would involve the auditors forming an opinion about management statements on internal control, Jennings says—which sounds ominously like Sarbanes-Oxley, an idea sure to send Corporate Europe to the battlements.
This is one of the issues where member states are taking different approaches. In Spain and Sweden, national law says the governance statement should be separate from the financial statements. In Britain and the Netherlands, it is included. Other member states are yet to decide. So much for the common European framework.
No comments yet