Règlement CSSF N° 19-02 du 26 avril 2019 relatif :
1) à l’adoption des normes d’audit dans le domaine du contrôle légal des comptes dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit ;
2) à l’adoption des normes relatives à la déontologie et au contrôle interne de qualité dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit.
Acte plus en vigueur
Type : règlement CSSF
Plus en vigueur : 27/01/2022
Signature : 26/04/2019
Publication : 07/05/2019
Prise d'effet : 11/05/2019
Mémorial : A299
Auteur : Finances
Sujets principaux : Commission de Surveillance du Secteur Financier
Sujets secondaires : audit, norme, profession
Permalink ELI : http://data.legilux.public.lu/eli/etat/leg/rcsf/2019/04/26/a299/jo
Adapter la taille du texte :
Le contenu de la version HTML du Journal officiel luxembourgeois est identique à la version PDF.
Règlement CSSF N° 19-02 du 26 avril 2019 relatif :
1) | à l’adoption des normes d’audit dans le domaine du contrôle légal des comptes dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit ; |
2) | à l’adoption des normes relatives à la déontologie et au contrôle interne de qualité dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit. |
Chapitre 1
— Adoption des normes d’audit dans le domaine du contrôle légal des comptesChapitre 2
— Adoption des normes relatives à la déontologie et des normes relatives au contrôle interne de qualité des cabinets de révision agréésChapitre 3
— Dispositions communesLa Direction de la Commission de Surveillance du Secteur Financier,
Vu l’article 108bis de la Constitution ;
Vu la loi du 23 décembre 1998 portant création d’une commission de surveillance du secteur financier et notamment son article 9, paragraphe 2 ;
Vu la loi du 23 juillet 2016 relative à la profession de l’audit, et notamment son article 33 et son article 39, paragraphe 3, lettres d) ;
Vu l’avis du Comité consultatif de la profession de l’audit ;
Arrête :
Chapitre 1
: Adoption des normes d’audit dans le domaine du contrôle légal des comptesArt. 1er.
Sont obligatoires, dans le cadre des activités de contrôle légal des comptes visées par l’article 1er, point 6 de la loi du 23 juillet 2016 relative à la profession de l’audit, les parties « Introduction », « Objective », « Definitions » et « Requirements » des normes internationales d’audit telles qu’établies par l’International Auditing and Assurance Standards Board (IAASB) dans leur version publiée dans le « Handbook of International Quality Control, Auditing, Review, Other Assurance, and Related Services Pronouncements - 2018 Edition » de l’International Federation of Accountants (IFAC) ainsi que les compléments luxembourgeois à ces normes internationales repris en annexe 2 à ce règlement.
Chapitre 2
: Adoption des normes relatives à la déontologie et des normes relatives au contrôle interne de qualité des cabinets de révision agréésArt. 3.
(1)
Sont obligatoires la norme internationale de contrôle qualité telle qu’établie par l’ International Auditing and Assurance Standard Board (IAASB) dans sa version publiée dans le « Handbook of International Quality Control, Auditing, Review, Other Assurance, and Related Services Pronouncements – 2018 Edition » de l’International Federation of Accountants (IFAC), ainsi que les compléments luxembourgeois à cette norme.(2)
Est obligatoire le code de déontologie de la profession de l’audit à Luxembourg, qui correspond au code d’éthique tel qu’émis par l’International Ethics Standards Board for Accountants (IESBA) dans sa version 2018 telle qu’amendée et publiée le 14 août 2018 et à son complément luxembourgeois.Chapitre 3
: Dispositions communesArt. 5.
Le Règlement CSSF N° 18-02 relatif 1) à l’adoption des normes d’audit dans le domaine du contrôle légal des comptes dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit ; 2) à l’adoption des normes relatives à la déontologie et au contrôle interne de qualité dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit, y compris ses annexes, est abrogé.
Luxembourg, le 26 avril 2019.
COMMISSION DE SURVEILLANCE DU SECTEUR FINANCIER
|
|
Annexe 1
Adoption des normes d’audit dans le domaine du contrôle légal des comptes en vertu de l’article 33, paragraphe 2 de la loi du 23 juillet 2016 relative à la profession de l’audit.
Les présentes normes d’audit sont applicables et obligatoires dans le domaine du contrôle légal des comptes :
200 - 299 GENERAL PRINCIPLES AND RESPONSIBILITIES
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing
ISA 210, Agreeing the Terms of Audit Engagements
ISA 220, Quality Control for an Audit of Financial Statements
ISA 230, Audit Documentation
ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 250 (Revised), Consideration of Laws and Regulations in an Audit of Financial Statements
ISA 260 (Revised), Communication with Those Charged with Governance
ISA 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
300 - 499 RISK ASSESSMENT AND RESPONSE TO ASSESSED RISKS
ISA 300, Planning an Audit of Financial Statements
ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment
ISA 320, Materiality in Planning and Performing an Audit
ISA 330, The Auditor’s Responses to Assessed Risks
ISA 402, Audit Considerations Relating to an Entity Using a Service Organization
ISA 450, Evaluation of Misstatements Identified during the Audit
500 - 599 AUDIT EVIDENCE
ISA 500, Audit Evidence
ISA 501, Audit Evidence - Specific Considerations for Selected Items
ISA 505, External Confirmations
ISA 510, Initial Audit Engagements - Opening Balances
ISA 520, Analytical Procedures
ISA 530, Audit Sampling
ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
ISA 540 (Revised), Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures (effective for audit of financial statements for periods beginning on or after December 15, 2019)
ISA 550, Related Parties
ISA 560, Subsequent Events
ISA 570 (Revised), Going Concern
ISA 580, Written Representations
600 - 699 USING THE WORK OF OTHERS
ISA 600, Special Considerations - Audits of Group Financial Statements (Including the Work of Component Auditors)
ISA 610 (Revised 2013), Using the Work of Internal Auditors
ISA 620, Using the Work of an Auditor’s Expert
700 - 799 AUDIT CONCLUSIONS AND REPORTING
ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements
ISA 701, Communicating Key Audit Matters in the Independent Auditor’s Report
ISA 705 (Revised), Modifications to the Opinion in the Independent Auditor’s Report
ISA 706 (Revised), Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report
ISA 710, Comparative Information - Corresponding Figures and Comparative Financial Statements
ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information in Documents Containing Audited Financial Statements
Annexe 2
Compléments luxembourgeois aux normes d’audit dans le domaine du contrôle légal des comptes en vertu de l’article 33, paragraphe 2 de la loi du 23 juillet 2016 relative à la profession de l’audit.
Les présents compléments aux normes d’audit sont applicables et obligatoires dans le domaine du contrôle légal des comptes :
Remarque :
Les amendements provenant du règlement UE n° 537/2014 relatif aux exigences spécifiques applicables au contrôle légal des comptes des entités d’intérêt public sont généralement marqués par un « R » après le numéro du paragraphe et ne s’appliquent de fait qu’au contrôle légal des comptes d’entités d’intérêt public.
Les amendements provenant de la loi audit respectivement de la directive audit sont généralement marqués par un « D » après le numéro du paragraphe et s’appliquent de fait à tous les contrôles légaux des comptes et s’appliquent à tous les contrôles légaux des comptes.
Les amendements qui ne sont ni marqués par la lettre « D » ou « R » sont des amendements qui viennent soit compléter le paragraphe de la norme (indiqué par […]) soit le modifier et s’appliquent à tous les contrôles légaux des comptes.
1. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON AUDITING
Introduction
An Audit of Financial Statements
3.
[…] The scope of an audit shall not include assurance on the future viability of the audited entity or on the efficiency or effectiveness with which the management or administrative body has conducted or will conduct the affairs of the entity. [AL/ Article 26]Requirements
Professional Skepticism
15.
[…] The auditor shall maintain professional skepticism throughout the audit, recognising the possibility of a material misstatement due to facts or behaviour indicating irregularities, including fraud , or error, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and of those charged with governance. [AL/Article 18(2)]23.
[…] Where the ISA requirements reflect the provisions prescribed by the Audit Law or the Audit Regulation, the auditor shall not depart from such relevant requirement.2. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS
Definitions
7.
For purposes of the ISAs, the following terms have the meanings attributed below : […]Engagement team – All partners and staff performing the engagement, and any individuals engaged by the firm or a network firm who perform audit procedures on the engagement. This excludes an auditor’s external expert engaged by the firm or by a network firm.1
7D-1.
The following terms have the meanings attributed below :(a) | Audit Regulation [AR] – refers to Regulation (EU) N° 537/2014 of the European Parliament and of the Council of 16 April 2014. | ||||||
(b) | Audit Law [AL] – refers to Law of July 23rd, 2016 related to the audit profession. | ||||||
(c) | Competent authority – is defined in Article 1(2) of the Audit Law as “the authorities designated by law that are in charge of the regulation and/or oversight of statutory auditors and audit firms or of specific aspects thereof.” In Luxembourg the competent authority is the CSSF. | ||||||
(d) | Key audit partner – is defined in the Audit Law [AL/Article 1(1)] as :
|
||||||
(e) | Listed entity - is as defined in the Luxembourg supplement to the IESBA Code as entities governed by Luxembourg law whose securities are admitted to trading on a recognized market. | ||||||
(f) | Public-interest entity – is as defined in Article 1(20) of the Audit Law. | ||||||
(g) | Statutory audit – is defined in Article 1(6) of the Audit Law as an audit of financial statements or consolidated financial statements in so far as required by Union law or by national law. |
Requirements
Engagement Performance
15D-1.
For statutory audits of financial statements, the key audit partner(s) shall be actively involved in the carrying-out of the audit, devoting sufficient time to the engagement. [AL/Article 25(1)(2)]19R-1
For statutory audits of financial statements of public-interest entities, the engagement partner shall […](c) | not date the auditor’s report and the additional report to the audit committee2 until the completion of the engagement quality control review. |
21R-1.
For statutory audits of financial statements of public-interest entities, the engagement quality control reviewer, on performing an engagement quality control review required by ISQC 1 3 , shall at least assess the following elements :(a) | The independence of the firm from the entity ; |
(b) | The significant risks which are relevant to the audit and which the key audit partner(s) has identified during the performance of the audit and the measures that the key audit partner(s) has taken to adequately manage those risks ; |
(c) | The reasoning of the key audit partner(s), in particular with regard to the level of materiality and the significant risks referred to in paragraph 21R-1(b) ; |
(d) | Any request for advice to external experts and the implementation of such advice ; |
(e) | The nature and scope of the corrected and uncorrected misstatements in the financial statements that were identified during the carrying out of the audit ; |
(f) | The subjects discussed with the audit committee and the management and/or supervisory bodies of the entity ; |
(g) | The subjects discussed with competent authorities and, where applicable, with other third parties ; and |
(h) | Whether the documents and information selected from the file by the engagement quality control reviewer support the opinion of the key audit partner(s) as expressed in the draft of the auditor’s report4 and the additional report to the audit committee5. [AR/Article 8.5] |
21R-2.
For statutory audits of financial statements of public-interest entities, the engagement quality control reviewer shall discuss the results of the review , including the elements assessed in paragraph 21R-1 , with the key audit partner(s). [AR/Article 8.6]Documentation
24D-1.
For statutory audits of financial statements, the auditor shall include in the audit documentation :(a) | All significant threats to the firm’s independence as well as the safeguards applied to mitigate those threats ; and [AL/Article 22] |
(b) | Those matters it is required to assess before accepting or continuing a statutory audit engagement in accordance with ISQC 16. [AL/Article 25(5)] |
25R-1.
For statutory audits of financial statements of public-interest entities, the engagement quality control reviewer shall also record :(a) | The oral and written information provided by the key audit partner(s) to support the significant judgements as well as the main findings of the audit procedures carried out and the conclusions drawn from those findings, whether or not at the request of the engagement quality control reviewer ; and [AR/Article 8.4(a)] |
(b) | The opinions of the key audit partner(s), as expressed in the draft of the reports required by ISA 260 (Revised) and ISA 700 (Revised). [AR/Article 8.4(b)] |
25R-2.
For statutory audits of financial statements of public-interest entities, the auditor shall keep a record of the results of the engagement quality control review, together with the considerations underlying those results in the audit documentation. [AR/Article 8.7] / [AL/Article 25(5)]3. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION
Requirements
Documentation of the Audit Procedures Performed and Audit Evidence Obtained
Form, Content and Extent of Audit Documentation
8D-1.
For statutory audits of financial statements, the auditor shall retain any other data and documents that are important in supporting the auditor’s report as part of the audit documentation. [AL/Article 25(5)]Departure from a relevant requirement
12 [...].
Where the ISA requirements reflect the provisions prescribed by the Audit Law or the Audit Regulation, the auditor shall not depart from such relevant requirement.Assembly of the Final Audit File
14D-1.
For statutory audits of financial statements, the auditor shall retain any other data and documents that are of importance for monitoring compliance with ISAs and other applicable legal requirements. [AL/Article 25(5)]14D-2.
For statutory audits of financial statements, the audit file shall be closed no later than 60 days after the date of signature of the auditor’s report. [AL/Article 25(5)]4. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN THE AUDIT OF FINANCIAL STATEMENTS
Requirements
Communications to Management and with Those Charged With Governance
41R-1.
For statutory audits of financial statements of public-interest entities, when an auditor suspects or has reasonable grounds to suspect that fraud with regard to the financial statements of the entity, may occur or have occurred, the auditor shall (unless prohibited by law or regulation) inform the entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future. (Ref : Para. A63-1) [AR/Article 7]Communications to Regulatory and Enforcement Authorities
43R-1.
For statutory audits of financial statements of public-interest entities, where the entity does not investigate the matter referred to in paragraph 41R-1, the statutory auditor or the audit firm shall inform the authorities responsible for investigating such fraud. (Ref : Para. A65-1) [AR/Article 7]5. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 250 (REVISED) CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS
Requirements
Communicating and Reporting Identified or Suspected Non-Compliance
Communicating Identified or Suspected Non-Compliance with Those Charged with Governance
23R-1.
For statutory audits of financial statements of public-interest entities, when an auditor suspects or has reasonable grounds to suspect that irregularities with regard to the financial statements of the audited entity, may occur or have occurred, the auditor shall (unless prohibited by law or regulation) inform the audited entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future [AR/ Article 7]Reporting of Identified or Suspected Non-Compliance to an Appropriate Authority outside the entity
29R-1.
For statutory audits of financial statements of public-interest entities, the auditor shall :(a) | Report promptly to the competent authorities any information concerning that public interest entity of which the auditor has become aware while carrying out the audit and which may bring about any of the following :
|
||||||
(b) | Report any information referred to in paragraph 29R-1(a)(i)-(iii) of which the auditor becomes aware in the course of carrying out the audit of an undertaking having close links7 with the public-interest entity for which they are also carrying out the audit. [AR/Article 12.1] |
29R-2.
For statutory audits of financial statements of public-interest entities, where the entity does not investigate the matter referred to in paragraph 23R-1, the statutory auditor or the audit firm shall inform the authorities responsible for investigating such irregularities. (Ref : Para. A33-1) [AR/Article 7]6. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 260 (REVISED) COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE
Requirements
Those Charged With Governance
11R-1.
For statutory audits of financial statements of public-interest entities, if an entity which does not fall under the exemption criteria set in article 52 paragraph 5) of the law dated 23 July 2016 on the audit profession does not have an audit committee, the additional report to the audit committee required by paragraph 16R-1 shall be submitted to the body performing equivalent functions within the entity. [AR/Article 11(1)]Matters to Be Communicated
Significant Findings from the Audit
16R-1.
For statutory audits of financial statements of public-interest entities, the auditor shall submit an additional report to the audit committee of the entity explaining the results of the audit carried out and shall at least :(a) | Include the declaration of independence required by paragraph 17R-1(a) ; | ||||||
(b) | Identify each key audit partner(s)8 involved in the audit ; | ||||||
(c) | Where the auditor has made arrangements for any of the auditor’s activities to be conducted by another firm9 that is not a member of the same network, or has used the work of external experts, the report shall indicate that fact and shall confirm that the auditor received a confirmation from the other firm and/or the external expert regarding their independence ; | ||||||
(d) | Describe the nature, frequency and extent of communication with the audit committee or the body performing equivalent functions within the entity, the management body and the administrative or supervisory body of the audited entity, including the dates of meetings with those bodies ; | ||||||
(e) | Include a description of the scope and timing of the audit ; | ||||||
(f) | Where more than one auditor has been appointed, describe the distribution of tasks among the auditors ; | ||||||
(g) | Describe the methodology used, including which categories of the balance sheet have been directly verified and which categories have been verified based on system and compliance testing, including an explanation of any substantial variation in the weighting of system and compliance testing when compared to the previous year, even if the previous year’s audit was carried out by another firm ; | ||||||
(h) | Disclose the quantitative level of materiality applied to perform the audit for the financial statements as a whole and where applicable the materiality level or levels for particular classes of transactions, account balances or disclosures, and disclose the qualitative factors which were considered when setting the level of materiality ; | ||||||
(i) | Report and explain judgements about events or conditions identified in the course of the audit that may cast significant doubt on the entity’s ability to continue as a going concern and whether they constitute a material uncertainty, and provide a summary of all guarantees, comfort letters, undertakings of public intervention and other support measures that have been taken into account when making a going concern assessment ; | ||||||
(j) | Report on any significant deficiencies the entity’s or, in the case of consolidated financial statements, the parent undertaking’s internal financial control system, and/or in the accounting system. For each such significant deficiency, the additional report shall state whether or not the deficiency in question has been resolved by management ; | ||||||
(k) | Report any significant matters involving actual or suspected non-compliance with laws and regulations or articles of association which were identified in the course of the audit, in so far as they are considered to be relevant in order to enable the audit committee to fulfil its tasks ; | ||||||
(l) | Report the valuation methods applied to the various items in the annual or consolidated financial statements including any impact of changes of such methods ; | ||||||
(m) | In the case of an audit of consolidated financial statements, explain the scope of consolidation and the exclusion criteria applied by the entity to the non-consolidated entities, if any, and whether those criteria applied are in accordance with the financial reporting framework ; | ||||||
(n) | Where applicable, identify any audit work performed by in relation to an audit of consolidated financial statements other than by members of the same network to which the auditor of the consolidated financial statements belongs ; | ||||||
(o) | Indicate whether all requested explanations and documents were provided by the entity ; | ||||||
(p) | Report :
|
Where more than one auditor has been engaged simultaneously, and any disagreement has arisen between them on auditing procedures, accounting rules or any other issue regarding the conduct of the audit, the reasons for such disagreement shall be explained in the additional report to the audit committee. [AR/Article 11(1) (2) (3)]
Auditor Independence
17R-1.
For statutory audits of financial statements of public-interest entities, the auditor shall :(a) | Disclose to the audit committees when the total fees received from a public-interest entity in each of the last three consecutive financial years are more than 15% of the total fees received by the statutory auditor or the audit firm. [AR/Article 4(3)] |
(b) | Confirm annually in writing to the audit committee that the statutory auditor, the audit firm and partners, senior managers and managers, conducting the statutory audit are independent from the audited entity ; and |
(c) | Discuss with the audit committee the threats to the auditor’s independence and the safeguards applied to mitigate those threats. [AR/Article 6(2)] |
The Communication Process
Forms of Communication
20R-1.
For statutory audits of financial statements of public-interest entities :(a) | The additional report to the audit committee10 shall be in writing. [AR/Article 11.2] |
(b) | The additional report to the audit committee shall be signed and dated by the engagement partner. [AR/Article 11.4] |
(c) | Upon request by either the statutory auditor or the audit committee, the statutory auditor shall discuss key matters arising from the audit, referred to in the additional report to the audit committee, and in particular deficiencies communicated in accordance with paragraph 16R-1(j). [AR/Article 11.2] |
(d) | Upon request, the statutory auditor shall make available without delay the additional report to the audit committee to the CSSF. [AR/Article 11.5] |
Timing of communications
21R-1.
For statutory audits of financial statements of public interest entities, the auditor shall submit the additional report to the audit committee not later than the date of submission of the auditor’s report. [AR/Article 11(1)]Documentation
23D-1.
For statutory audits of financial statements of public-interest entities, the auditor shall retain any other data and documents that are important in supporting the additional report to the audit committee 11. [AL/Article 25(5)]7. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR’S RESPONSES TO ASSESSED RISKS
Requirements
Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level
Substantive Procedures
19R-1.
For statutory audits of financial statements of public interest entities, the auditor shall assess the valuation methods applied to the various items in the financial statements including any impact of changes of such methods. (Ref : Para. A51-1). [AR / Article 11.2(l)]8. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 510 INITIAL AUDIT ENGAGEMENTS - OPENING BALANCES
Requirements
Audit Procedures
Required Understanding of Prior Year Responses to Risks
8R-1.
For statutory audits of financial statements of public-interest entities, the auditor shall obtain an understanding of the predecessor auditor’s methodology used to carry out the audit, sufficient to enable the auditor to communicate with those charged with governance those matters required by paragraph 16R-1(g) of the Luxembourg supplement to ISA 260 (Revised). [AR/Article 11.2(g)]8R-2.
For statutory audits of financial statements of public-interest entities, the Audit Regulation imposes a requirement on a predecessor auditor to grant the auditor access to the additional report to the audit committee in respect of previous years. [AR/Article 18]9. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 540 AUDITING ACCOUNTING ESTIMATES, INCLUDING FAIR VALUE ACCOUNTING ESTIMATES, AND RELATED DISCLOSURES 12
Requirements
Indicators of Possible Management Bias
21D-1.
In accordance with the Luxembourg supplement to ISA 200, 13 the auditor shall maintain professional skepticism throughout the audit and in particular when reviewing management estimates relating to fair values, the impairment of assets and provisions. [AL/Article 18]10. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 570 (REVISED) GOING CONCERN
Requirements
Evaluating Management’s Assessment
12D-1.
In accordance with the supplement to ISA 200, 14 the auditor shall maintain professional skepticism throughout the audit and in particular when reviewing future cash flow relevant to the entity’s ability to continue as a going concern. [AL/Article 18]Additional Audit Procedures When Events or Conditions are Identified
16R-1.
For statutory audits of financial statements of public-interest entities, the auditor shall also obtain a summary of all guarantees, comfort letters, undertakings of public intervention and other support measures that management have taken into account when making the going concern assessment [AR/Article 11.2.(i)]11. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 600 SPECIAL CONSIDERATIONS - AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS)
Definitions
9.
[…](n) Group auditor – Defined in Article 1(8) of the Audit Law as the statutory auditor(s) or audit firm(s) carrying out the statutory audit of consolidated accounts.
Requirements
Responsibility
11D-1.
For statutory audits of group financial statements, the group auditor shall bear the full responsibility for the auditor’s report on the group financial statements. [AL/Article 34(1)]Understanding the component auditor
19D-1.
For statutory audits of group financial statements, the group auditor shall request the agreement of the component auditor to the transfer of relevant documentation during the conduct of the audit of the group financial statements, as a condition of the use by the group auditor of the work of the component auditor. [AL/Article 34(3)]Evaluating the sufficiency and Appropriateness of Audit Evidenced Obtained
42D-1.
For statutory audits of group financial statements, the group auditor shall :(a) | Evaluate the work performed by the component auditor for the purpose of the group audit ; and [AL/Article 34(2)] |
(b) | Review the audit work performed by the component auditor for the purpose of the group audit. Where the group engagement team is unable to do so, the group engagement team shall take appropriate measures (including carrying out additional work, either directly or by outsourcing such tasks, in the relevant component) and inform the CSSF. [AL/Article 34(3)] |
Communication with Group Management and Those Charged with Governance of the group
Communication with Those Charged with Governance
49D-1.
For statutory audits of group financial statements of public interest entities, the group auditor shall bear the full responsibility for the additional report to the audit committee 15. [AL/Article 34(1)] (Ref : para. A66-1)Documentation
50D-1.
For statutory audits of group financial statements, the group auditor shall include in the audit documentation the nature, timing and extent of the work performed by the component auditor, including, where applicable, the group auditor’s review of relevant parts of the component auditor’s audit documentation. [AL/Article 34(2)]50D-2.
The group auditor shall retain sufficient and appropriate audit documentation to enable the CSSF to review the work of the auditor of the group financial statements. [AL/Article 34(3)]50D-3.
Where :• | the group engagement team is subject to a quality assurance review or an investigation concerning the group audit ; and |
• | the CSSF is unable to obtain audit documentation of the work carried out by any component auditor from a non-EEA member state ; and |
• | the CSSF requests delivery of any additional documentation of the work performed by that component auditor for the purpose of the group audit (including the component auditor’s working papers relevant to the group audit), |
the group engagement team shall, in order to properly deliver such documentation in accordance with such request, either :
(a) | Retain copies of the documentation of the work carried out by the relevant component auditor for the purpose of the group audit (including the component auditor’s working papers relevant to the group audit) ; or |
(b) | Obtain the agreement of the relevant component auditor that the group engagement team shall have unrestricted access to such documentation on request ; or |
(c) | Retain documentation to show that the group engagement team has undertaken the appropriate procedures in order to gain access to the audit documentation, together with evidence supporting the existence of any impediments to such access ; or |
(d) | Take any other appropriate action. [AL/Article 34(4)] |
12. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 610 (REVISED 2013) USING THE WORK OF INTERNAL AUDITORS
Introduction
Scope of this ISA
5-1.
The use of internal auditors to provide direct assistance is prohibited in a statutory audit of financial statements conducted in accordance with ISAs. For a group audit this prohibition extends to the work of any component auditor which is relied upon by the group auditor, including for overseas components. Accordingly, the requirements set out in paragraphs 27-35 and 37 and related application material set out in paragraphs A32-A41 in this ISA relating to direct assistance are not applicable.13. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR’S EXPERT
Requirements
The Competence, Capabilities and Objectivity of the Auditor’s Expert
9R-1.
For statutory audits of financial statements of public-interest entities, where the auditor uses the work of an auditor’s external expert, the auditor shall obtain a confirmation from the auditor’s external expert regarding his independence. [AR/Article 11.2(c)]Documentation
16D-1.
The auditor shall document any request for advice from an auditor’s expert, together with the advice received. [AL/Article 25(3)]14. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 700 (REVISED) FORMING AN OPINION AND REPORTING ON FINANCIAL STATEMENTS
Introduction
Scope of this ISA
3.
For the purpose of the Luxembourg’s statutory audit of financial statements, this ISA applies to an audit of a complete set of general purpose financial statements and is written in that context. [AL/Article 33(2)]Requirements
Auditor’s Report
20R-1.
The auditor’s report shall be in clear and unambiguous language. [AR/Article 10.3]24e)
For the purpose of Luxembourg’s statutory audit, the Opinion in the auditor’s report shall specify the date of and the period covered by the financial statements. [AL/Article 35(2)a)]28c)
[…] In Luxembourg, auditors are subject to ethical requirements from three sources : the IESBA Code including the Luxembourg supplement, the Audit Regulation and the Audit Law (thereafter the “Luxembourg ethical requirements” or “Luxembourg ethical standards”).Key Audit Matters
30R-1.
For statutory audits of financial statements of public-interest entities the auditor shall communicate key audit matters in the auditor’s report in accordance with ISA 701. [AR/Article 10.2(c)]Auditor’s Responsibilities for the Audit of the Financial Statements
40R-1.
For audits of financial statements of public-interest entities, the auditor’s report shall :(a) | State by whom or which body the auditor(s) was appointed ; [AR/Article 10.2(a)] |
(b) | Indicate the date of the appointment and the period of total uninterrupted engagement including previous renewals and reappointments of the firm ; [AR/Article 10.2(b)] |
(c) | Explain in the Auditor’s Responsibilities for the Audit of the Financial Statements section to what extent the audit was considered capable of detecting irregularities, including fraud ; [AR/Article 10.2(d)] |
(d) | Confirm that the audit opinion is consistent with the additional report to the audit committee16 . Except as required by this paragraph, the auditor’s report shall not contain any cross-references to the additional report to the audit committee. [AR/Article 10.2(e)] |
(e) | Declare that the non-audit services prohibited by the Luxembourg ethical standards were not provided and that the firm remained independent of the entity in conducting the audit ; and[AR/Article 10.2(f)] (Ref : Para A52-1) |
(f) | Indicate any services, in addition to the audit, which were provided by the firm to the entity and its controlled undertaking(s), and which have not been disclosed in the management report or financial statements. [AR/Article 10.2(g)] |
Signature of the statutory auditor
47D-1.
The audit report shall be signed and dated by the statutory auditor. Where an audit firm carries out the statutory audit, the audit report shall bear the signature of at least the statutory auditor(s) carrying out the statutory audit on behalf of the audit firm. [AL/Article 35(4)]Auditor’s address
48D-1.
For statutory audits of financial statements, the auditor’s report shall identify the place of establishment of the firm. [AL/Article 35.2(g)]15. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 701 COMMUNICATING KEY AUDIT MATTERS IN THE INDEPENDENT AUDITOR’S REPORT
Definitions
5
For the purposes of the Luxembourg, this ISA applies to audits of complete sets of general purpose financial statements of public interest entities and circumstances when the auditor otherwise decides to communicate key audit matters in the auditor’s report. This ISA also applies when the auditor is required by law or regulation to communicate key audit matters in the auditor’s report.8
For the purposes of the Luxembourg supplement to ISAs, the following term has the meaning attributed below :Key audit matters – Those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance. (Ref : Para. A.8-1.). For statutory audits of financial statements of public-interest entities, key audit matters include the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud. [AR/Article 10.2(c)]
Requirements
Communicating Key Audit Matters
11 (a)
Key audit matters are those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements [of the current period] and include for statutory audit of financial statements of public-interest entities, the most significant assessed risks of material misstatement (whether or not due to fraud) identified by the auditor. [AR/Article 10.2(c)]Description of Individual Key Audit Matters
13R-1.
For statutory audit of financial statements of public-interest entities, in describing each of the key audit matters in accordance with paragraph 13, the auditor’s report shall provide, in support of the audit opinion :(a) | A description of the most significant assessed risks of material misstatement (whether or not due to fraud) ; |
(b) | A summary of the auditor’s response to those risks ; and |
(c) | Where relevant, key observations arising with respect to those risks. |
Where relevant to the above information provided in the auditor’s report concerning each significant assessed risk of material misstatement (whether or not due to fraud), the auditor’s report shall include a clear reference to the relevant disclosures in the financial statements. [AR/Article 10.2(c)]
13R-2.
In describing why the matter was determined to be a key audit matter in accordance with paragraph 13R-1, the description shall indicate that the matter was one of the most significant assessed risks of material misstatement (whether or not due to fraud) identified by the auditor.14R-1.
For statutory audits of financial statements of public interest entities the auditor shall describe each key audit matter in the auditor’s report unless law and regulation precludes public disclosures about the matter.16. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 705 (REVISED) MODIFICATIONS TO THE OPINION IN THE INDEPENDENT AUDITOR’S REPORT
Form and Content of the Auditor’s Report When the Opinion Is Modified
Consideration When an Auditor Disclaims an Opinion on the Financial Statements
29.
For Statutory audits of financial statements of public-interest entities, when the auditor disclaims an opinion on the financial statements, the auditor’s report shall include a Key Audit Matter section in accordance with ISA 701. [AR/Article 10.2(c)]17. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 720 (REVISED) THE AUDITOR’S RESPONSIBILITIES RELATING TO OTHER INFORMATION
Introduction
Scope of this ISA
1-1.
For statutory audits of financial statements, this Luxembourg supplement to ISA 720 deals with the obligation imposed by the Luxembourg law on the auditor to report on other statutory information (management report, corporate governance statement …), based on the work undertaken in the course of the audit.Definitions
12 (d).
Other statutory information – For statutory audits of financial statements, those documents or reports that are required to be prepared and issued by the entity in relation to which the auditor is required to report publicly in accordance with law or regulation.Requirements
Reading and Considering the Other Information
14D-1.
For entities that are required to prepare other statutory information , the auditor shall read it, and in doing so shall consider, based on the work undertaken in the course of the audit, whether the other statutory information appears to be materially misstated. (Ref : Para. A36-1-A36-4)14D-2.
For entities that are required to prepare other statutory information , as the basis for the consideration required by paragraphs 14(a), 14(b) and 14D-1, the auditor shall perform such procedures as are necessary in the auditor’s professional judgment to identify :(a) | Any material inconsistencies between the other statutory information and the financial statements ; |
(b) | Any material inconsistencies between the other statutory information and the auditor’s knowledge obtained in the audit, in the context of audit evidence obtained and conclusions reached in the audit ; and |
(c) | Whether the other statutory information appears to be materially misstated in the context of the auditor’s understanding of the legal and regulatory requirements applicable to the other statutory information. |
Reporting
Management’s report
22D-1.
For entities that are required to prepare a management report, the auditor shall in the auditor’s report :(a) | State whether based on the work undertaken in the course of the audit :
|
||||
(b) | State whether, in the light of the knowledge and understanding of the company and its environment obtained in the course of the audit, the auditor has identified material misstatements in the management report ; and | ||||
(c) | If applicable, give an indication of the nature of each of the misstatements referred to in paragraph 22D-1(b). |
[AL / Article 35(2)e)]
Corporate governance statement
22D-2.
For entities that are required to prepare a Corporate governance statement in respect of a financial year, the auditor shall in the auditor’s report :(a) | State whether based on the work undertaken in the course of the audit :
|
||||
(b) | State whether, in the light of the knowledge and understanding of the company and its environment obtained in the course of the audit, the auditor has identified material misstatements in the corporate governance statement referred to in paragraph 22D-2(a) ; and | ||||
(c) | If applicable, give an indication of the nature of each of the misstatements referred to in paragraph 22D-2 (b). |
Annexe 3
Adoption de la norme relative au contrôle interne de qualité des cabinets de révision agréés, en vertu de l’article 36, paragraphe 3, lettre d) de la loi du 23 juillet 2016 relative à la profession de l’audit.
La présente norme est applicable et obligatoire dans le domaine du contrôle interne de qualité des cabinets de révision agréés :
• | International Standard on Quality Control (ISQC) 1, Quality Controls for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements |
• | Complément luxembourgeois à la norme ISQC 1 (Annexe 4) |
• | Complément luxembourgeois à la norme ISQC1 en matière de conservation des documents de travail du réviseur d’entreprises agréé (Annexe 5) |
Annexe 4
Complément luxembourgeois de la norme relative au contrôle interne de qualité des cabinets de révision agréés.
LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON QUALITY CONTROL 1 QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Definitions
12.
In this ISQC 1, the following terms have the meanings attributed below : […](g) | Engagement team – All partners and staff performing the engagement, and any individuals engaged by the firm or a network firm who perform procedures on the engagement. This excludes an auditor’s external experts engaged by the firm or by a network firm. |
(h) | Relevant ethical requirements – Ethical requirements to which the engagement team and engagement quality control reviewer are subject, which ordinarily comprise Parts A and B of the International Ethics Standards Board for Accountants’ Code of Ethics for Professional Accountants (IESBA Code) together with national requirements that are more restrictive. In Luxembourg, the firm and its personnel are subject to ethical requirements from three sources : the IESBA Code including the Luxembourg supplement, the Audit Regulation and the Audit Law (thereafter the “Luxembourg ethical requirements” or “Luxembourg ethical standards”). |
12D-1.
In Luxembourg, the following terms have the meanings attributed below :(a) | Audit Regulation [AR] – refers to Regulation (EU) N° 537/2014 of the European Parliament and of the Council of 16 April 2014. | ||||||
(b) | Audit Law [AL] – refers to Law of July 23rd, 2016 related to the audit profession. | ||||||
(c) | Competent authority – is defined in Article 1(2) of the Audit Law as “the authorities designated by law that are in charge of the regulation and/or oversight of statutory auditors and audit firms or of specific aspects thereof”. In Luxembourg, the competent authority is the CSSF. | ||||||
(d) | Key audit partner – is defined in Article 1(1) of the Audit Law as :
|
||||||
(e) | Listed entity - is as defined in the Luxembourg supplement to the IESBA Code as entities governed by Luxembourg law whose securities are admitted to trading on a recognized market. | ||||||
(f) | Public-interest entity – is as defined in Article 1(20) of the Audit Law. | ||||||
(g) | Statutory audit – is defined in Article 1(6) of the Audit Law as an audit of financial statements or consolidated financial statements in so far as required by Union law or by national law. |
Requirements
Applying, and Complying with, Relevant Requirements
15D-1.
The firm shall : [AL/Article 24(2)](a) | Take into consideration the scale and complexity of the firm’s activities when complying with the applicable requirements set out in paragraphs 16D-1, 16D-2, 20D-1, 21D-1, 29D-1, 29D-2, 32D-1 and 48D-1 of this ISQC 1 ; and |
(b) | Be able to demonstrate to the competent authority that the policies and procedures designed to achieve such compliance are appropriate given the scale and complexity of activities of the firm. |
Elements of a System of Quality Control
16D-1.
The firm shall establish appropriate policies and procedures to ensure that its owners or shareholders, as well as the members of the administrative, management and supervisory bodies of the firm, or of a network firm, do not intervene in the carrying out of a statutory audit in any way which jeopardizes the independence and objectivity of the engagement team. [AL/Article 24(1)a)16D-2.
The firm shall have :(a) | Sound administrative and accounting procedures ; |
(b) | Internal quality control mechanisms that shall be designed to secure compliance with decisions and procedures at all levels of the firm’s working structure ; |
(c) | Effective procedures for risk assessment ; and |
(d) | Effective control and safeguard arrangements for the firm’s information processing systems. [AL/Article 24(1)b)] |
Relevant Ethical Requirements
20D-1.
The firm shall establish appropriate and effective organizational and administrative arrangements for dealing with and recording incidents which have, or may have, serious consequences for the integrity of the firm’s activities. [AL/Article 24(1)i)]Independence
21D-1.
The firm shall establish appropriate and effective organizational and administrative arrangements to prevent, identify, eliminate or manage and disclose any threats to the firm’s independence required by the Luxembourg ethical standards. [AL/Article 24(1)e)]Acceptance and continuance of Client Relationships and Specific Engagements
27D-1.
Before accepting or continuing an engagement for a statutory audit engagement, the firm shall assess the following :(a) | Whether the firm complies with relevant independence and objectivity requirements in the Luxembourg ethical standards ; |
(b) | Whether there are threats to the firm’s independence, and the safeguards applied to mitigate those threats ; |
(c) | Whether the firm has the competent personnel, time and resources needed in order to carry out the audit in an appropriate manner ; and |
(d) | Whether the key audit partner is approved as statutory auditor in Luxembourg. [AL/Article 22] |
27R-2.
Before accepting or continuing an engagement for a statutory audit engagement of a public-interest entity, the firm shall assess, in addition to the requirements in paragraph 27D-1, the following :(a) | Whether the firm complies with the audit fees and the prohibition of the provision of non-audit services requirements in the Luxembourg ethical standards ; |
(b) | Whether the conditions for the duration of the audit engagement in accordance with the Audit Regulation are complied with ; and |
(c) | Without prejudice to Luxembourg anti-money laundering requirements17, the integrity of the members of the supervisory, administrative and management bodies of the public-interest entity. [AR/Article 6.1] |
28D-1.
For audits of financial statements, where the auditor ceases to hold office as statutory auditor, or ceases to be eligible for appointment as a statutory auditor, the firm shall provide the successor statutory auditor with access to all relevant information concerning the entity, including information concerning the most recent audit. [AL/Article 28(5)]Human Resources
29D-1.
For statutory audits of financial statements, the firm shall :(a) | Establish appropriate policies and procedures to ensure that the firm’s employees and any other natural persons whose services are placed at the firm’s disposal or under the firm’s control, and who are directly involved in the audit activities, have appropriate knowledge and experience for the duties assigned ; and [AL/Article 24(1)c)] |
(b) | Have in place adequate remuneration policies, including profit sharing policies, providing sufficient performance incentives to secure audit quality. In particular, the amount of revenue that the firm derives from providing non-audit services to the audited entity shall not form part of the performance evaluation and remuneration of any person involved in, or able to influence the carrying out of, the audit. [AL/Article 24(1)j)] |
Outsourcing
29D-2.
For statutory audits of financial statements, the firm shall establish appropriate policies and procedures to ensure that outsourcing of important audit functions is not undertaken in such a way as to impair the quality of the firm’s internal quality control and the ability of the competent authorities to supervise the firm’s compliance with the obligations laid down in the Audit Law and, where applicable, in the Audit Regulation. Any outsourcing of audit functions shall not affect the responsibility of the firm towards the audited entity. [AL/Article 24.1(d)]Assignment of engagement teams
30D-1.
For each statutory audit of financial statements, the firm shall :(a) | Designate at least one key audit partner [AL/Article 25(1)] | ||||||
(b) | Apply as its main criteria in selecting such a key audit partner :
|
31D-1.
For statutory audits of financial statements, the firm shall provide the key audit partner(s) with sufficient resources and with personnel that have the necessary competence and capabilities to carry out the firm’s duties appropriately. [AL/Article 25(1)]Engagement Performance
32D-1.
For statutory audits of financial statements, the firm shall :(a) | Establish an internal quality control system to ensure the quality of the audit which shall at least cover the policies and procedures required by paragraph 32D-1(c) ; [AL/Article 24(1)g)] |
(b) | Ensure that responsibility for the internal quality control system lies with a person who is qualified as a statutory auditor ; [AL/Article 24(1)g)] |
(c) | Establish adequate policies and procedures for carrying out audits, coaching, supervising and reviewing employees activities and organizing the structure of the audit file18 ; and [AL/Article 24(1)f)] |
(d) | Use appropriate systems, resources and procedures to ensure continuity and regularity in the carrying out of the firm’s audit activities. [AL/Article 24(1)h)] |
Engagement Quality Control Review
36R-1.
For statutory audits of financial statements of public-interest entities, before the auditor’s report and the additional report to the audit committee 19 are issued, the firm shall require that an engagement quality control review shall be performed to assess whether the key audit partner(s) could reasonably have come to the opinion and conclusions expressed in the draft of these reports. [AR/Article 8.1]39R-1.
For statutory audits of financial statements of public-interest entities, the engagement quality control review shall be performed by an engagement quality control reviewer who shall :a) | Be a statutory auditor ; and |
b) | Not be involved in the performance of the audit to which the engagement quality control review relates. [AR/Article 8.2] Where the audit is carried out by a firm and all the statutory auditors of that firm were involved in the conduct of the audit, the firm shall arrange for another firm to perform an engagement quality control review. Documents or information disclosed to the engagement quality control reviewer for this purpose shall be subject to professional secrecy. [AR/Article 8.3] |
Differences of Opinion
43R-1.
For statutory audits of financial statements of public-interest entities, the firm shall establish procedures for determining the manner in which any disagreement between the key audit partner(s) and the engagement quality control reviewer are to be resolved. [AR/Article 8.6]Confidentiality, Safe Custody, Integrity, Accessibility and Retrievability of Engagement Documentation
46.
For the purpose of Luxembourg, the paragraph 46 is replaced by the following :The firm shall establish policies and procedures designed to maintain the confidentiality, safe custody, professional secrecy, integrity, accessibility and retrievabiltity of engagement documentation or any information entrusted to the firm, in accordance with applicable laws and regulations. [AL/Article 28]
Monitoring
Monitoring the firm’s quality control policies and procedures
48D-1.
For statutory audits of financial statements, the firm shall :(a) | Monitor and evaluate the adequacy and effectiveness of the firm’s systems, internal quality control mechanisms and arrangements established in accordance with this ISQC 1 and take appropriate measures to address any deficiencies ; |
(b) | Carry out an annual evaluation of the internal quality control system, referred to in paragraph 32D-1(a) ; and |
(c) | Keep records of the findings of the evaluation required by paragraph 48D-1(a) and any proposed measure to modify the internal quality control system. [AL/Article 24(1)k)] |
External monitoring of Group Audits
48D-2.
Where the group auditor is subject to a quality assurance review or an investigation concerning a group audit, the firm shall be responsible for complying with, and shall establish policies and procedures which require the group engagement team to comply with, any request by the competent authority :(a) | For relevant audit documentation retained by the group engagement team concerning the work performed by any component auditor for the purposes of the group audit (including any relevant component auditor’s working papers relevant to the group audit) ; |
(b) | To deliver any additional documentation of the work performed by any component auditor from a non-EEA member state for the purposes of the group audit, including that component auditor’s working papers relevant to the group audit, where the competent authority is unable to obtain audit documentation of the work carried out by that component auditor. [AL/Article 34(4)] |
48D-3.
The firm shall establish policies and procedures, which require that, in order to comply with any request under paragraph 48D-2(b), the group engagement team shall either :(a) | Retain copies of the documentation of the work carried out by the relevant component auditor for the purpose of the group audit (including the component auditor’s working papers relevant to the group audit) ; or |
(b) | Obtain the agreement of the relevant component auditor that the group engagement team shall have unrestricted access to such documentation on request ; or |
(c) | Retain documentation to show that the group engagement team has undertaken the appropriate procedures in order to gain access to the audit documentation, together with evidence supporting the existence of any impediments to such access ; or |
(d) | Take any other appropriate action. [AL/Article 34(4)] |
Complaints and allegations
55D-1.
For statutory audits of financial statements, the firm shall keep records of any complaints made in writing about the performance of the audits carried out. [AL/Article 25(6)]Documentation of the System of Quality Control
57D-1.
For statutory audits of financial statements, the firm shall retain any other data and documents that are of importance for monitoring compliance with this ISQC 1 and other applicable legal requirements. [AL/Article 25(5)]57D-2.
For statutory audits of financial statements, the firm shall document :(a) | Whether the firm complies with the independence and objectivity requirements in the Luxembourg ethical standards ; |
(b) | Whether there are threats to the firm’s independence, and the safeguards applied to mitigate those threats ; |
(c) | Whether the firm has the competent employees, time and resources needed in order to carry out the audit in an appropriate manner ; and |
(d) | Whether the key audit partner(s) is approved as a statutory auditor. [AL/Article 22] |
58R-1.
For statutory audits of financial statements, the firm shall establish policies and procedures that require retention of audit documentation for a period that is not less than any period necessary to satisfy the requirements of any applicable laws or regulation relating to data protection and to meet the requirements for any applicable administrative and judicial proceedings, and that is in any case not less than five years from the date of the auditor’s report. [AR/Article 15]59D-1.
For statutory audits of financial statements, the firm shall :(a) | Keep records of any breaches of professional standards and applicable legal and regulatory requirements ; |
(b) | Keep records of any consequences of any breach recorded in accordance with paragraph 59D-1(a), the measures taken to address such a breach and to modify the firm’s internal quality control system ; and |
(c) | Prepare an annual report containing an overview of any measures taken under paragraph 59D-1(b) and communicate that report internally. [AL/Article 25(3)] |
59D-2.
For statutory audits of financial statements, the firm shall maintain a client account record which include in respect of every statutory audit :(a) | The audited entity’s name, address and place of business ; |
(b) | The name of the key audit partner or, where there is more than one key audit partner, the names of all the key audit partners ; and |
(c) | The fees charged for the statutory audit and fees charged for other services in any financial year. [AL/Article 25(4)] |
Annexe 5
Complément luxembourgeois à la norme ISQC 1 en matière de conservation des documents de travail du réviseur d’entreprises agréé
1. Introduction
La norme ISQC 1 « Contrôle qualité des cabinets réalisant des missions d’audit et d’examen limité d’états financiers, et d’autres missions d’assurance et de services connexes » (ci-après « ISQC 1 ») stipule que :
• | paragraphe 46 : « Le cabinet doit définir des politiques et des procédures destinées à assurer la confidentialité, l’archivage sécurisé, l’intégrité, l’accessibilité et la facilité de recherche de la documentation d’une mission. » |
• | paragraphe 47 : « Le cabinet doit définir des politiques et des procédures pour la conservation de la documentation des missions pendant une période de temps suffisante pour répondre à ses besoins ou aux exigences de la loi ou de la réglementation. » |
Les paragraphes A56 à A63 contiennent des dispositions explicatives complémentaires relatives à ces deux paragraphes.
L’objet du présent complément, qui fait partie intégrante de la norme de contrôle interne de qualité ISQC 1, est de préciser les dispositions particulières de la conservation des dossiers de travail dans le contexte luxembourgeois.
Ce complément ne s’applique pas à la problématique spécifique de la conservation des documents de travail dans le cadre d’un audit de groupe ou lorsque le réviseur d’entreprises agréé implique d’autres auditeurs dans l’audit d’états financiers qui ne sont pas du groupe.
2. Exigences générales
La politique et les procédures élaborées par le réviseur d’entreprises agréé ou le cabinet de révision agréé pour répondre aux exigences de la présente norme de contrôle interne de qualité dépendent d’un certain nombre de facteurs, comme par exemple le volume de missions effectuées, la nature des services fournis, ainsi que de son organisation interne. Tous les principes spécifiques énoncés aux sections suivantes sont à prendre en compte par le réviseur d’entreprises agréé dans la définition de sa politique de conservation des dossiers.
La documentation du travail du réviseur d’entreprises agréé ou du cabinet de révision agréé est constituée par des dossiers physiques, des dossiers électroniques ou une combinaison des deux.
Il appartient également au réviseur d’entreprises agréé ou au cabinet de révision agréé de décider s’il conserve les dossiers physiques et/ou électroniques lui-même ou s’il délègue la conservation de ces dossiers à un tiers. Alors que la première solution est privilégiée, puisqu’elle permet au réviseur d’entreprises agréé de garder la maîtrise des procédures mises en place, la réglementation actuelle n’interdit cependant pas la délégation et le réviseur d’entreprises agréé ou le cabinet de révision agréé peut y recourir sous certaines conditions bien spécifiques, énumérées à la section 3 ci-après.
La section 4 contient des dispositions additionnelles par rapport à la durée de conservation des dossiers de travail.
3. Lieu de conservation des dossiers de travail
3.1. Dossiers physiques
Les dispositions qui suivent s’appliquent aux missions de contrôle légal des comptes visées à l’article 1er, point 34, lettre a) de la loi du 23 juillet 2016 relative à la profession de l’audit (ci-après « loi audit »).
L’établissement professionnel du réviseur d’entreprises agréé doit disposer d’une infrastructure adaptée aux activités exercées et au sein de laquelle un lieu central de conservation des dossiers physiques est aménagé. Conformément aux prescriptions la loi audit, cet établissement professionnel doit être situé au Luxembourg.
Lors de la réalisation de la mission, il y a lieu de limiter à un strict minimum le transport des dossiers physiques de travail entre les différents endroits où ils sont utilisés. Le réviseur d’entreprises agréé veillera à la sécurité des dossiers de travail aux différents endroits où ils sont utilisés et limitera, dans la mesure du possible, l’accès aux seuls membres de son équipe et aux autres personnes devant accéder aux dossiers en fonction des normes. En règle générale, les dossiers de travail ne peuvent être conservés, même temporairement, en dehors du territoire du Luxembourg. Dans le cas où le réviseur d’entreprises agréé doit se déplacer à l’étranger avec ses dossiers de travail, il veillera à en assurer leur confidentialité, leur sécurité et leur intégrité. Dans le cas d’une équipe d’audit, l’associé signataire du rapport est responsable de juger de la nécessité du déplacement des dossiers à l’étranger et du respect de leur confidentialité, de leur sécurité et de leur intégrité.
Après la finalisation de la documentation de la mission et si le réviseur d’entreprises agréé conserve les dossiers physiques lui-même, ces derniers doivent être stockés au lieu central de conservation des dossiers. La gestion des accès à ce lieu de conservation central doit être organisée de façon à assurer la traçabilité de tous les accès aux dossiers physiques.
Une conservation des dossiers de travail par un tiers (qui peut-être le client d’audit lui-même) peut se faire sur le territoire du Luxembourg pour autant que ce tiers garantisse l’application des exigences minimum énoncées aux paragraphes 46, 47 et A56 à A63 de la norme ISQC1 et qu’un dossier soit soumis à la CSSF selon les modalités prévues à la section 3.3. Pour des raisons d’accessibilité et de confidentialité des dossiers physiques, il n’est pas admis que des dossiers physiques soient conservés à l’étranger.
3.2. Dossiers électroniques
La fonction informatique étant très variable d’un réviseur d’entreprises agréé à un autre, il appartient à ce dernier d’assurer l’application appropriée des exigences énoncées aux paragraphes 46, 47 et A56 à A63 de la norme ISQC1 pour les dossiers électroniques et de se doter en interne des compétences informatiques nécessaires pour, au minimum, comprendre la (les) solution(s) informatique(s) de conservation mise(s) en place.
Une conservation des dossiers électroniques par un tiers (qui peut-être le client audit lui-même) peut se faire sur le territoire du Luxembourg et, éventuellement, en-dehors du territoire du Luxembourg, pour autant que ce tiers garantisse l’application des exigences minimum énoncées aux paragraphes 46, 47 et A56 à A63 de la norme ISQC1 et que les conditions énumérées à la section 3.3 soient respectées.
3.3. Sous-traitance en matière de conservation de dossiers de travail
La sous-traitance en matière de conservation des dossiers de travail pose un certain nombre de risques, dont en particulier celui de la confidentialité des données y reprises. En effet, la loi audit ne prévoit la levée de l’obligation au secret professionnel du réviseur d’entreprises agréé que dans un certain nombre de cas limités repris à l’article 28, paragraphes (3), (4) et (5) de la loi précitée. Un tiers (même ayant un statut de PSF au Luxembourg) ou une autre entité du réseau auquel appartient le réviseur d’entreprises agréé (localisée au Luxembourg ou à l’étranger) n’en font pas partie.
Par conséquent, toute sous-traitance est à traiter avec une grande précaution et dans le respect intégral des conditions suivantes :
1) | Le réviseur d’entreprises agréé doit informer la CSSF de chaque projet de sous-traitance qu’il envisage en matière de conservation de dossiers de travail en en décrivant les modalités principales. |
2) | Le réviseur d’entreprises agréé (ou l’organe d’administration du cabinet de révision agréé) doit dûment documenter son analyse des risques du projet de sous-traitance, ainsi que les réponses apportées à ces risques. Il doit notamment se prononcer quant à la réputation, l’expérience et la fiabilité du tiers auquel il compte sous-traiter la conservation des dossiers de travail. |
3) | Toute sous-traitance doit être formalisée par un contrat de services écrit et qui adresse tous les aspects liés à la conservation des dossiers de travail énumérés à la section 2 du présent complément luxembourgeois à la norme ISQC1. L’accès aux dossiers conservés par le réviseur d’entreprises agréé doit être illimité et sans retard indu pour toute personne autorisée. Une attention particulière sera accordée à cet égard aux aspects de continuité, au caractère révocable de la sous-traitance et au maintien de l’intégrité du contrôle interne et externe. En outre, la convention fournira une description claire des responsabilités des deux parties. |
4) | Le réviseur d’entreprises agréé s’assurera, au regard des éventuels risques juridiques ou autres, de la nécessité d’informer ou non ses clients de cette sous-traitance. Les risques à considérer pourraient découler, à titre d’exemple, d’une incompatibilité de la sous-traitance avec certaines clauses contractuelles vis-à-vis de ces tiers ou avec certaines dispositions légales en matière de protection de la vie privée. |
5) | La responsabilité de la gestion de la sous-traitance sera du ressort du réviseur d’entreprises agréé, ou, dans le cas d’un cabinet de révision agréé, de l’associé en charge de la fonction de gestion des risques au sein du cabinet. |
6) | Le réviseur d’entreprises agréé doit être en mesure de continuer à fonctionner normalement en cas d’événements exceptionnels, tels que la rupture des moyens de communication pendant des périodes prolongées. Le réviseur d’entreprises agréé prendra également les précautions qui s’imposent afin d’être à même de transférer de manière adéquate les dossiers conservés à un autre fournisseur ou de les reprendre en conservation propre, chaque fois qu’une des exigences de la section 2 du présent complément luxembourgeois à la norme ISQC1 risque d’être compromise. |
7) | La conservation des dossiers électroniques ne peut se faire que sous forme encryptée et la clé d’encryptage doit être détenue par le réviseur d’entreprises agréé, ou, dans le cas d’un cabinet de révision agréé, par l’associé en charge de la fonction de gestion des risques au sein du cabinet. Cette condition vaut à la fois pour la sous-traitance de la conservation de dossiers électroniques au Luxembourg ou à l’étranger. Le réviseur d’entreprises agréé ou, dans le cas d’un cabinet de révision agréé, l’associé en charge de la fonction de gestion des risques au sein du cabinet, doit explicitement veiller à ce que la qualité de l’encryptage soit à un niveau approprié. Tout autre processus de conservation des dossiers électroniques est soumis à l’accord préalable de la CSSF. |
8) | Pour les dossiers physiques stockés chez un tiers au Luxembourg, aucun accès des dossiers par un tiers ne doit pouvoir avoir lieu sans en informer au préalable le réviseur d’entreprises agréé. |
4. Durée de conservation des dossiers de travail
Pour les besoins de la supervision publique exercée par la CSSF, les réviseurs d’entreprises agréés et les cabinets de révision agréés sont tenus de conserver les dossiers de travail des missions de contrôle légal des comptes pour une période minimale de 7 ans, la fréquence minimale des examens d’assurance qualité prévue par la loi étant de 6 ans.
En matière d’actions en responsabilité civile professionnelle, l’article 11 de la loi audit dispose que ces actions dirigées contre un réviseur d’entreprises agréé ou un cabinet de révision agréé se prescrivent par cinq ans à compter de la date du rapport d’audit.
Annexe 6
Adoption de la norme relative à la déontologie, en vertu de l’article 36, paragraphe 3), point b) de la loi du 23 juillet 2016 relative à la profession de l’audit.
La présente norme est applicable et obligatoire dans le domaine de la déontologie professionnelle :
- | Code de déontologie de la profession de l’audit à Luxembourg |
Complément luxembourgeois au code d’éthique tel qu’émis par l’International Ethics Standards Board for Accountants (IESBA) dans sa version en vigueur telle qu’amendée et publiée le 14 août 2018 (ci-après « le code d’éthique »)
L’objectif du présent complément luxembourgeois au code d’éthique est de compiler les obligations légales et réglementaires qui concernent l’éthique et l’indépendance des réviseurs d’entreprises (« RE »), des réviseurs d’entreprises agréés (« REA »), des cabinets de révision (« CR ») et des cabinets de révision agréés (« CRA ») telles qu’elles proviennent de la loi du 23 juillet 2016 relative à la profession de l’audit d’une part et du Règlement UE N° 537/2014 du parlement européen et du conseil relatif aux exigences spécifiques applicables au contrôle légal des comptes des entités d’intérêt public (« EIP ») d’autre part.
Table of contents
|
PART 1 - COMPLYING WITH THE CODE, FUNDAMENTAL PRINCIPLES AND CONCEPTUAL FRAMEWORK
SECTION 110
THE FUNDAMENTAL PRINCIPLES
General
Paragraph R115.1 is completed as follows :
“The exercise by the réviseur d’entreprises (statutory auditor), the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision (audit firm), the cabinet de révision agréé (approved audit firm) or the audit firm of one of their respective activities referred to in Article 1(34)of the Audit Law is incompatible with any activity liable to detract from the principles of independence of the profession.
Where he, she exercises the activities referred to in the previous paragraph, the réviseur d’entreprises (statutory auditor) or the réviseur d’entreprises agréé (approved statutory auditor) may not enter paid employment unless it is with a cabinet de révision (audit firm), a cabinet de révision agréé (approved audit firm) or an audit firm.” (AL/Article 19)
SUBSECTION 115 – PROFESSIONAL BEHAVIOR
Paragraph R115.2 is completed as follows :
“A réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) can advertise or solicit new work for services other than audit engagements that are also offered by other professionals who are not subject to similar standards nor similar ethical rules. Nevertheless, any advertising or solicitation shall be executed in accordance with the principles mentioned in the current section. Advertising or solicitation for audit engagements are strictly forbidden. Factual description of services offered by an audit firm, including audit services, is authorized”.
PART 3 – PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE
SECTION 320
PROFESSIONAL APPOINTMENTS
Requirements and Application Material
Changes in a Professional Appointment
Changes in Audit or Review Appointments
Paragraph R320.8 is completed as follows :
“The réviseur d’entreprises agréé (approved statutory auditor) or cabinet de révision agréé (approved audit firm) being replaced shall provide the successor with free access to all relevant information concerning the audited entity and the most recent audit of that entity.” [AL/Article 28(5)]
Audit Clients that are Public-Interest Entities
In relation with the handover file in the event of a replacement of a REA or CRA by a new REA or CRA, paragraph R320.8 is completed as follows :
“Subject to the provisions in relation with the safekeeping of audit documentation, the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) shall also provide the incoming réviseur d’entreprises agréé (approved statutory auditor) or cabinet de révision agréé (approved audit firm) with the previous years’ additional reports to the audit committee and all information communicated to competent authorities, in relation with :
- | article 12 of Regulation (EU) N° 537/2014 (“Report to supervisors of public-interest entities”), applicable in case of (i) a material breach of the laws, regulations or administrative provisions which lay down, where appropriate, the conditions governing authorization or which specifically govern pursuit of the activities of such public-interest entity ; (ii) a material threat or doubt concerning the continuous functioning of the public-interest entity ; (iii) a refusal to issue an audit opinion on the financial statements or the issuing of an adverse or qualified opinion and |
- | article 13 of Regulation (EU) N° 537/2014 (“Transparency report”) : |
The former réviseur d’entreprises agréé, cabinet de révision agréé or audit firm shall be able to demonstrate to the competent authority that such information has been provided to the incoming statutory auditor or audit firm [AR/Article 18].”
SECTION 350
CUSTODY OF CLIENT ASSETS
Requirements and Application Material
Before Taking Custody
Paragraph R350.3 is completed as follows :
“A réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) shall not assume custody of audit client monies. For a client, other than an audit client, the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) shall inform the concerned credit institution about the nature of the accounts open to hold client monies”.
PART 4A – INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS
SECTION 400
APPLYING THE CONCEPTUAL FRAMEWORK TO INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS
Requirements and Application Material
General
Paragraph R400.11 is completed as follows :
“When carrying out a statutory audit, the réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, and any natural person in a position to directly or indirectly influence the outcome of the statutory audit, shall be independent of the audited entity. They shall not be involved in the decision-taking of the audited entity.
Independence shall be required at least during both the period covered by the financial statements to be audited and the period during which the statutory audit is carried out.
The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms) and the audit firms shall take all reasonable steps to ensure that, when carrying out a statutory audit, their independence is not affected by any existing or potential conflict of interest or business or other direct or indirect relationship involving the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm carrying out the statutory audit and, where appropriate, his, her or its network, managers, auditors, employees, any other natural persons whose services are placed at the disposal or under the control of the réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm, or any person directly or indirectly linked to the réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm by control.
The réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm shall not carry out a statutory audit if there is any threat of self-review, self-interest, advocacy, familiarity or intimidation created by financial, personal, business, employment or other relationships between :
- | the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm), the audit firm, his, her or its network, and any natural person in a position to influence the outcome of the statutory audit, and |
- | the audited entity, as a result of which an objective, reasonable and informed third party, taking into account the safeguards applied, would conclude that the independence of the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm is compromised.” [AL/Article 20(1)]. |
Mergers and acquisitions
When a Client Merger Creates a Threat
In paragraph R400.73 (a), the deadline of six months is shortened to three months [AL/Article 20(6)].
SECTION 410
FEES
Introduction
Paragraph 410.1 is completed as follows :
“The fees for statutory audit cannot be influenced or determined by the provision of additional services to the audited entity and cannot be based on any form of contingency.” [AL/Article 27]
Requirements and Application Material
Fees – Relative size
Audit Clients that are Public-Interest Entities
Provisions of paragraph R410.4 and R410.5 are replaced by the following provision :
“When the total fees received from a public-interest entity in each of the last three consecutive financial years are more than 15 % of the total fees received by the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) or, where applicable, by the group auditor carrying out the statutory audit, in each of those financial years, such a réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) or, as the case may be, group auditor, shall disclose that fact to the audit committee and discuss with the audit committee the threats to their independence and the safeguards applied to mitigate those threats. The audit committee shall consider whether the audit engagement should be subject to an engagement quality control review by another statutory auditor or audit firm prior to the issuance of the audit report”. [AR/Article 4(3)]
Provisions of paragraph R410.6 is replaced by the following provision :
“Where the fees received from such a public-interest entity continue to exceed 15 % of the total fees received by such the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) or, as the case may be, by a group auditor carrying out the statutory audit, the audit committee shall decide on the basis of objective grounds whether the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) or the group auditor, of such an entity or group of entities may continue to carry out the statutory audit for an additional period which shall not, in any case, exceed two years.”
Fees – Cap of 70 % for non-audit services
Audit Clients that are Public-Interest Entities
The section is completed as followed :
“When the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) provides to the audited entity, its parent undertaking or its controlled undertakings, for a period of three or more consecutive financial years, non-audit services other than those referred to in Article 5(1) of Regulation (EU) N° 537/2014, the total fees for such services shall be limited to no more than 70 % of the average of the fees paid in the last three consecutive financial years for the statutory audit(s) of the audited entity and, where applicable, of its parent undertaking, of its controlled undertakings and of the consolidated financial statements of that group of undertakings.
For the purposes of the limits specified above, non-audit services (other than those referred to in Article 5(1) of Regulation (EU) N° 537/2014) required by Union or Luxembourg legislation shall be excluded.
On reasoned request, the CSSF may exceptionally relieve the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) from the obligation to comply with the limits set in the first subparagraph of this paragraph for a maximum period of two financial years”. [AR/Article 4(2) and AL/Article 49]
SECTION 420
GIFTS AND HOSPITALITY
Requirements and Application Material
Paragraph R420.3 is completed as follows :
“The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, their key audit partners, their employees, and any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 3(1) point 26 of Regulation (EU) N° 596/2014 of the European Parliament and the council on market abuse of 16 April 2014 (market abuse regulation), shall not solicit or accept pecuniary and non-pecuniary gifts or favours from the audited entity or any entity related to an audited entity unless an objective, reasonable and informed third party would consider the value thereof as trivial or inconsequential.” [AL/Article 20(5)]
SECTION 510
FINANCIAL INTERESTS
Requirements and Application Material
Financial Interests – Other Circumstances
Provisions of paragraph 510.10.A1 to 510.10.A12 are replaced by the following provision :
“The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, their key audit partners, their employees, and any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 3(1) point 26 of Regulation (EU) N° 596/2014 of the European Parliament and the council on market abuse of 16 April 2014 (market abuse regulation) :
- | do not hold or have a material and direct beneficial interest in, or engage in any transaction in any financial instrument issued, guaranteed, or otherwise supported by, any audited entity within their area of statutory audit activities, other than interests owned indirectly through diversified undertakings for collective investment, including managed funds such as pension funds or life insurance.” [AL/Article 20(2)] | ||||
- | shall not participate in or otherwise influence the outcome of a statutory audit of any particular audited entity if they :
|
SECTION 520
BUSINESS RELATIONSHIPS
Requirements and Application Material
Firm, Network Firm, Audit Team Member or Immediate Family Business Relationships
’Paragraph R520.4 is completed as follows :
“The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, their key audit partners, their employees, and any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 3(1) point 26 of Regulation (EU) N° 596/2014 of the European Parliament and the council on market abuse of 16 April 2014 (market abuse regulation) shall not participate in or otherwise influence the outcome of a statutory audit of any particular audited entity if they have had an employment, or a business or other relationship with that audited entity within the period referred in paragraph R400.30 that may cause, or may be generally perceived as causing, a conflict of interest” [AL/Article 20(4)].
SECTION 524
EMPLOYMENT WITH AN AUDIT CLIENT
Requirements and Application Material
All Audit Clients
Former Partner or Audit Team Member Restrictions
Paragraph R524.4 is completed as follows :
“A réviseur d’entreprises agréé (approved statutory auditor) or a key audit partner who carries out a statutory audit on behalf of a cabinet de révision agréé (approved audit firm) or an audit firm shall not, before a period of at least one year, has elapsed since he or she ceased to act as réviseur d’entreprises agréé (approved statutory auditor) or key audit partner in connection with the audit engagement :
- | take up a key management position in the audited entity ; |
- | where applicable, become a member of the audit committee of the audited entity or, where such committee does not exist, of the body performing equivalent functions to an audit committee ; |
- | become a non-executive member of the administrative body or a member of the supervisory body of the audited entity. |
Employees and partners other than key audit partners of a réviseur d’entreprises agréé (approved statutory auditor) or of a cabinet de révision agréé (approved audit firm) carrying out a statutory audit, as well as any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor) or cabinet de révision agréé (approved audit firm), shall not, when such employees, partners or other natural persons are personally approved as réviseurs d’entreprises agréés (approved statutory auditors), take up any of the duties referred to in the previous paragraph before a period of at least one year has elapsed since he or she was directly involved in the statutory audit engagement.” [AL/Article 21]
Audit clients that are Public Interest Entities
Key Audit Partners
Paragraph R524.6 is completed as follows :
“A réviseur d’entreprises agréé (approved statutory auditor) or a key audit partner who carries out a statutory audit of Public Interest Entities on behalf of a cabinet de révision agréé (approved audit firm) or an audit firm shall not, before a period of at least two years, has elapsed since he or she ceased to act as réviseur d’entreprises agréé (approved statutory auditor) or key audit partner in connection with the audit engagement :
- | take up a key management position in the audited entity ; |
- | where applicable, become a member of the audit committee of the audited entity or, where such committee does not exist, of the body performing equivalent functions to an audit committee ; |
- | become a non-executive member of the administrative body or a member of the supervisory body of the audited entity.” [AL/Article 21] |
SECTION 540
LONG ASSOCIATION OF PERSONNEL (INCLUDING PARTNER ROTATION) WITH AN AUDIT CLIENT
Requirements and Application Material
All Audit Clients
Audit Clients that are Public-Interest Entities
Provisions of paragraph R540.7 are repealed.
Cooling-off period
The delay of 2 years as per paragraph R540.13 is extended to 3 years in order to participate again in the statutory audit of the audited entity. [AR/Article 17(7)]
The section is completed as followed :
External rotation
Audit Clients that are Public-Interest Entities
“In relation with statutory audits of Public-Interest Entities :
• | Neither the initial engagement of a particular réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm, nor this in combination with any renewed engagements therewith shall exceed a maximum duration of 10 years ; nevertheless |
• | The maximum duration of a statutory audit of a public-interest entity may be of 20 years, where a public tendering process for the statutory audit is conducted in accordance with paragraphs 2 to 5 of Article 16 of Regulation (EU) N° 537/2014. |
The maximum duration shall be extended only if, upon a recommendation of the audit committee, the administrative or supervisory body, proposes to the general meeting of shareholders or members, in accordance with Luxembourg law, that the engagement be renewed and that proposal is approved.
After the expiry of the maximum duration, the public-interest entity may, on an exceptional basis, request that the CSSF grant an extension to re-appoint the statutory auditor or the audit firm for a further engagement where the conditions in points (a) or (b) of paragraph 4 of Regulation (EU) N° 537/2014 are met. Such an additional engagement shall not exceed two years.
• | After the expiry of the maximum 10-year duration of engagements (20 years in case of a public tendering process for the statutory audit is conducted in accordance with paragraphs 2 to 5 of Article 16 of Regulation (EU) N° 537/2014), neither the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm nor, where applicable, any members of their networks within the Union shall undertake the statutory audit of the same public-interest entity within the following four-year period. |
For the purposes of this Article, the duration of the audit engagement shall be calculated as from the first financial year covered in the audit engagement letter in which the statutory auditor or the audit firm (including other firms that the audit firm has acquired or that have merged with it) has been appointed for the first time for the carrying-out of consecutive statutory audits for the same public-interest entity.” [AR/Article 17(1)-(6) and (8) and AL/Article 51]
SECTION 600
PROVISION OF NON-ASSURANCE SERVICES TO AN AUDIT CLIENT
Requirements and Application Material
General
The section is completed as followed :
Audit Clients that are Public-Interest Entities
Prohibition to provide non-audit services
“The réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm carrying out the statutory audit of a public-interest entity, or any member of the network to which the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) belongs, shall not directly or indirectly provide to the audited entity, to its parent undertaking or to its controlled undertakings within the Union any prohibited non-audit services in :
• | the period between the beginning of the period audited and the issuing of the audit report ; and |
• | the financial year immediately preceding the period referred to in above-mentioned point in relation to the services listed in point (e) of the below list”. [AR/Article 5 (1)] |
List of prohibited non-audit services [AR/Article 5 (1) and AL/Article 50]
(a) | tax services relating to :
|
||||||||||||||
(b) | services that involve playing any part in the management or decision-making of the audited entity ; | ||||||||||||||
(c) | bookkeeping and preparing accounting records and financial statements ; | ||||||||||||||
(d) | payroll services ; | ||||||||||||||
(e) | designing and implementing internal control or risk management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems ; | ||||||||||||||
(f) | valuation services (*), including valuations performed in connection with actuarial services or litigation support services ; | ||||||||||||||
(g) | legal services, with respect to :
|
||||||||||||||
(h) | services related to the audited entity’s internal audit function ; | ||||||||||||||
(i) | services linked to the financing, capital structure and allocation, and investment strategy of the audited entity, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with prospectuses issued by the audited entity ; | ||||||||||||||
(j) | promoting, dealing in, or underwriting shares in the audited entity ; | ||||||||||||||
(k) | human resources services, with respect to :
|
(*): by way of derogation the provision of the services are allowed, provided that the following requirements are complied with :
• | they have no direct or have immaterial effect, separately or in the aggregate on the audited financial statements ; |
• | the estimation of the effect on the audited financial statements is comprehensively documented and explained in the additional report to the audit committee; and |
• | the principles of independence laid down in the law concerning the audit profession are complied with by the statutory auditor or the audit firm. |
Prohibited non-audit services provided by an affiliate within the network to an entity registered in a third-country and under control of the audited public-interest entity
“When a member of a network to which the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm carrying out a statutory audit of a public-interest entity belongs provides any of the non-audit services, referred to in the above-mentioned paragraph, to an undertaking incorporated in a third country which is controlled by the audited public-interest entity, the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm concerned shall assess whether his, her or its independence would be compromised by such provision of services by the member of the network.
If his, her or its independence is affected, the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm shall apply safeguards where applicable in order to mitigate the threats caused by such provision of services in a third country. The réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm may continue to carry out the statutory audit of the public-interest entity only if he, she or it can justify, in accordance with Article 6 of Regulation (EU) N° 537/2014 and Article 22 of the Law of 23 July 2016 concerning the audit profession, that such provision of services does not affect his, her or its professional judgement and the audit report."
For the purposes of this paragraph :
(a) | being involved in the decision-taking of the audited entity and the provision of the services referred to in points b), c) and e) of the above-mentioned list shall be deemed to affect such independence in all cases and to be incapable of mitigation by any safeguards. |
(b) | provision of the services referred to in the above-mentioned list other than points b), c) and e) thereof shall be deemed to affect such independence and therefore to require safeguards to mitigate the threats caused thereby.” [AR/Article 5(5)] |
Approval of non-audit services by the audit committees
“A réviseur d’entreprises agréé (approved statutory auditor), a cabinet de révision agréé (approved audit firm) or an audit firm, carrying out statutory audits of public-interest entities, and when the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm belongs to a network, any member of such network may provide to the audited entity, to its parent undertaking or to its controlled undertakings non-audit services other than the prohibited non-audit services referred to in the current section (refer to the above-mentioned list) subject to the approval of the audit committee after it has properly assessed threats to independence and the safeguards applied in accordance with Article 22 of Law of 23 July 2016 concerning the audit profession.
The audit committee shall, where applicable, issue guidelines with regard to the authorized services upon the condition that they have been identified by an asterisk in the above-mentioned list of prohibited non-audit services”. [AR/Article 5(4)]
GLOSSARY
« Audit client » : An entity in respect of which a réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) conducts a statutory audit in the meaning of article 1 (6) of the Law of 23 July 2016 concerning the audit profession.
« Competent authority » : In Luxembourg, the competent authority for the public oversight of the audit profession is the CSSF.
« Key audit partner » : In Luxembourg, it corresponds to the definition of « key audit partner » as per article 1 (1) of the Law of 23 July 2016 concerning the audit profession. The individual responsible for the engagement quality review must be included in such definition.
« Listed Entity » : In Luxembourg, it means entities governed by the Luxembourg law whose transferable securities are admitted to trading on a recognized market.
« Network » : In Luxembourg, it corresponds to the definition as per article 1 (32) of the Law of 23 July 2016 concerning the audit profession.
« Professional Accountant » : In the context of the code of ethics of the audit profession in Luxembourg as adopted by the current regulation, this term corresponds to a natural person or a legal person, which has obtained the title of “réviseur d’entreprises (statutory auditor)” or “cabinet de révision (audit firm)” as per the meaning article 3 of the Law of 23 July 2016 concerning the audit profession.
« Professional Accountant in Public Practice » : In the context of the code of ethics of the audit profession in Luxembourg as adopted by the current regulation, this term corresponds to a natural person or a legal person that is member of the IRE and employed by a cabinet de révision agréé (approved audit firm) or a réviseur d’entreprises agréé (approved statutory auditor) exercising as self-employed the audit profession.
« Public-Interest Entity » : This notion shall be understood in Luxembourg as per the definition in article 1 (20) of the Law of 23 July 2016 concerning the audit profession.
-
Règlement CSSF N° 18-02 relatif :
1) à l’adoption des normes d’audit dans le domaine du contrôle légal des (...) (Mémorial A n° 274 de 2018)
- Loi du 19 décembre 2002 concernant le registre de commerce et des sociétés ainsi que la comptabilité et les comptes (...) (Mémorial A n° 149 de 2002)
- Constitution du 9 juillet 1848 du Grand-Duché de Luxembourg. (Mémorial A n° 52 de 1848)
- Directive 2005/60/CE du Parlement européen et du Conseil, du 26 octobre 2005, relative à la prévention de l'utilisation (...)
- Règlement (UE) n ° 537/2014 du Parlement européen et du Conseil du 16 avril 2014 relatif aux exigences spécifiques (...)
- Règlement (UE) n ° 596/2014 du Parlement européen et du Conseil du 16 avril 2014 sur les abus de marché (règlement (...)
Retour
haut de page