Règlement CSSF N° 19-02 du 26 avril 2019 relatif :
1) à l’adoption des normes d’audit dans le domaine du contrôle légal des comptes dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit ;
2) à l’adoption des normes relatives à la déontologie et au contrôle interne de qualité dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit.

Adapter la taille du texte :

Règlement CSSF N° 19-02 du 26 avril 2019 relatif :

1) à l’adoption des normes d’audit dans le domaine du contrôle légal des comptes dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit ;
2) à l’adoption des normes relatives à la déontologie et au contrôle interne de qualité dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit.



La Direction de la Commission de Surveillance du Secteur Financier,

Vu l’article 108bis de la Constitution ;

Vu la loi du 23 décembre 1998 portant création d’une commission de surveillance du secteur financier et notamment son article 9, paragraphe 2 ;

Vu la loi du 23 juillet 2016 relative à la profession de l’audit, et notamment son article 33 et son article 39, paragraphe 3, lettres d) ;

Vu l’avis du Comité consultatif de la profession de l’audit ;

Arrête :

Chapitre 1

: Adoption des normes d’audit dans le domaine du contrôle légal des comptes

Art. 1er.

Sont obligatoires, dans le cadre des activités de contrôle légal des comptes visées par l’article 1er, point 6 de la loi du 23 juillet 2016 relative à la profession de l’audit, les parties « Introduction », « Objective », « Definitions » et « Requirements » des normes internationales d’audit telles qu’établies par l’International Auditing and Assurance Standards Board (IAASB) dans leur version publiée dans le « Handbook of International Quality Control, Auditing, Review, Other Assurance, and Related Services Pronouncements - 2018 Edition » de l’International Federation of Accountants (IFAC) ainsi que les compléments luxembourgeois à ces normes internationales repris en annexe 2 à ce règlement.

Art. 2.

La liste des normes d’audit contenues dans l’Annexe 1 et les compléments luxembourgeois à ces normes contenus dans l’Annexe 2 font partie intégrante du présent chapitre.

Chapitre 2

: Adoption des normes relatives à la déontologie et des normes relatives au contrôle interne de qualité des cabinets de révision agréés

Art. 3.

(1)

Sont obligatoires la norme internationale de contrôle qualité telle qu’établie par l’ International Auditing and Assurance Standard Board (IAASB) dans sa version publiée dans le «  Handbook of International Quality Control, Auditing, Review, Other Assurance, and Related Services Pronouncements – 2018 Edition » de l’International Federation of Accountants (IFAC), ainsi que les compléments luxembourgeois à cette norme.

(2)

Est obligatoire le code de déontologie de la profession de l’audit à Luxembourg, qui correspond au code d’éthique tel qu’émis par l’International Ethics Standards Board for Accountants (IESBA) dans sa version 2018 telle qu’amendée et publiée le 14 août 2018 et à son complément luxembourgeois.

Art. 4.

Les normes contenues dans les Annexes 3 à 6 font partie intégrante du présent chapitre.

Chapitre 3

: Dispositions communes

Art. 5.

Le Règlement CSSF N° 18-02 relatif 1) à l’adoption des normes d’audit dans le domaine du contrôle légal des comptes dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit ; 2) à l’adoption des normes relatives à la déontologie et au contrôle interne de qualité dans le cadre de la loi du 23 juillet 2016 relative à la profession de l’audit, y compris ses annexes, est abrogé.

Art. 6.

Le présent règlement sera publié au Journal officiel du Grand-Duché de Luxembourg et sur le site Internet de la CSSF. Il entre en vigueur à sa date de publication.

Luxembourg, le 26 avril 2019.

COMMISSION DE SURVEILLANCE DU SECTEUR FINANCIER

Claude WAMPACH

Directeur

Marco ZWICK

Directeur

Jean-Pierre FABER

Directeur

Françoise KAUTHEN

Directeur

Claude MARX

Directeur général

Annexe 1

Adoption des normes d’audit dans le domaine du contrôle légal des comptes en vertu de l’article 33, paragraphe 2 de la loi du 23 juillet 2016 relative à la profession de l’audit.

Les présentes normes d’audit sont applicables et obligatoires dans le domaine du contrôle légal des comptes :

200 - 299 GENERAL PRINCIPLES AND RESPONSIBILITIES

ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing

ISA 210, Agreeing the Terms of Audit Engagements

ISA 220, Quality Control for an Audit of Financial Statements

ISA 230, Audit Documentation

ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements

ISA 250 (Revised), Consideration of Laws and Regulations in an Audit of Financial Statements

ISA 260 (Revised), Communication with Those Charged with Governance

ISA 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

300 - 499 RISK ASSESSMENT AND RESPONSE TO ASSESSED RISKS

ISA 300, Planning an Audit of Financial Statements

ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

ISA 320, Materiality in Planning and Performing an Audit

ISA 330, The Auditor’s Responses to Assessed Risks

ISA 402, Audit Considerations Relating to an Entity Using a Service Organization

ISA 450, Evaluation of Misstatements Identified during the Audit

500 - 599 AUDIT EVIDENCE

ISA 500, Audit Evidence

ISA 501, Audit Evidence - Specific Considerations for Selected Items

ISA 505, External Confirmations

ISA 510, Initial Audit Engagements - Opening Balances

ISA 520, Analytical Procedures

ISA 530, Audit Sampling

ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures

ISA 540 (Revised), Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures (effective for audit of financial statements for periods beginning on or after December 15, 2019)

ISA 550, Related Parties

ISA 560, Subsequent Events

ISA 570 (Revised), Going Concern

ISA 580, Written Representations

600 - 699 USING THE WORK OF OTHERS

ISA 600, Special Considerations - Audits of Group Financial Statements (Including the Work of Component Auditors)

ISA 610 (Revised 2013), Using the Work of Internal Auditors

ISA 620, Using the Work of an Auditor’s Expert

700 - 799 AUDIT CONCLUSIONS AND REPORTING

ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements

ISA 701, Communicating Key Audit Matters in the Independent Auditor’s Report

ISA 705 (Revised), Modifications to the Opinion in the Independent Auditor’s Report

ISA 706 (Revised), Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report

ISA 710, Comparative Information - Corresponding Figures and Comparative Financial Statements

ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information in Documents Containing Audited Financial Statements

Annexe 2

Compléments luxembourgeois aux normes d’audit dans le domaine du contrôle légal des comptes en vertu de l’article 33, paragraphe 2 de la loi du 23 juillet 2016 relative à la profession de l’audit.

Les présents compléments aux normes d’audit sont applicables et obligatoires dans le domaine du contrôle légal des comptes :

Remarque :

Les amendements provenant du règlement UE n° 537/2014 relatif aux exigences spécifiques applicables au contrôle légal des comptes des entités d’intérêt public sont généralement marqués par un « R » après le numéro du paragraphe et ne s’appliquent de fait qu’au contrôle légal des comptes d’entités d’intérêt public.

Les amendements provenant de la loi audit respectivement de la directive audit sont généralement marqués par un « D » après le numéro du paragraphe et s’appliquent de fait à tous les contrôles légaux des comptes et s’appliquent à tous les contrôles légaux des comptes.

Les amendements qui ne sont ni marqués par la lettre « D » ou « R » sont des amendements qui viennent soit compléter le paragraphe de la norme (indiqué par […]) soit le modifier et s’appliquent à tous les contrôles légaux des comptes.

1. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON AUDITING

Introduction

An Audit of Financial Statements

3.

[…] The scope of an audit shall not include assurance on the future viability of the audited entity or on the efficiency or effectiveness with which the management or administrative body has conducted or will conduct the affairs of the entity. [AL/ Article 26]

Requirements

Professional Skepticism

15.

[…] The auditor shall maintain professional skepticism throughout the audit, recognising the possibility of a material misstatement due to facts or behaviour indicating irregularities, including fraud , or error, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and of those charged with governance. [AL/Article 18(2)]

23.

[…] Where the ISA requirements reflect the provisions prescribed by the Audit Law or the Audit Regulation, the auditor shall not depart from such relevant requirement.

2. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS

Definitions

7.

For purposes of the ISAs, the following terms have the meanings attributed below : […]

Engagement team – All partners and staff performing the engagement, and any individuals engaged by the firm or a network firm who perform audit procedures on the engagement. This excludes an auditor’s external expert engaged by the firm or by a network firm.1

7D-1.

The following terms have the meanings attributed below :

(a) Audit Regulation [AR] – refers to Regulation (EU) N° 537/2014 of the European Parliament and of the Council of 16 April 2014.
(b) Audit Law [AL] – refers to Law of July 23rd, 2016 related to the audit profession.
(c) Competent authority – is defined in Article 1(2) of the Audit Law as “the authorities designated by law that are in charge of the regulation and/or oversight of statutory auditors and audit firms or of specific aspects thereof.” In Luxembourg the competent authority is the CSSF.
(d) Key audit partner – is defined in the Audit Law [AL/Article 1(1)] as :
(i) the statutory auditor(s) designated by an audit firm for a particular audit engagement as being primarily responsible for carrying out the statutory audit on behalf of the audit firm ; or
(ii) in the case of a group audit, at least the statutory auditor(s) designated by an audit firm as being primarily responsible for carrying out the statutory audit at the level of the group and the statutory auditor(s) designated as being primarily responsible at the level of material subsidiaries ; or
(iii) the statutory auditor(s) who sign(s) the audit report.
(e) Listed entity - is as defined in the Luxembourg supplement to the IESBA Code as entities governed by Luxembourg law whose securities are admitted to trading on a recognized market.
(f) Public-interest entity – is as defined in Article 1(20) of the Audit Law.
(g) Statutory audit – is defined in Article 1(6) of the Audit Law as an audit of financial statements or consolidated financial statements in so far as required by Union law or by national law.

Requirements

Engagement Performance

15D-1.

For statutory audits of financial statements, the key audit partner(s) shall be actively involved in the carrying-out of the audit, devoting sufficient time to the engagement. [AL/Article 25(1)(2)]

19R-1

For statutory audits of financial statements of public-interest entities, the engagement partner shall […]

(c) not date the auditor’s report and the additional report to the audit committee2 until the completion of the engagement quality control review.

21R-1.

For statutory audits of financial statements of public-interest entities, the engagement quality control reviewer, on performing an engagement quality control review required by ISQC 1 3 , shall at least assess the following elements :

(a) The independence of the firm from the entity ;
(b) The significant risks which are relevant to the audit and which the key audit partner(s) has identified during the performance of the audit and the measures that the key audit partner(s) has taken to adequately manage those risks ;
(c) The reasoning of the key audit partner(s), in particular with regard to the level of materiality and the significant risks referred to in paragraph 21R-1(b) ;
(d) Any request for advice to external experts and the implementation of such advice ;
(e) The nature and scope of the corrected and uncorrected misstatements in the financial statements that were identified during the carrying out of the audit ;
(f) The subjects discussed with the audit committee and the management and/or supervisory bodies of the entity ;
(g) The subjects discussed with competent authorities and, where applicable, with other third parties ; and
(h) Whether the documents and information selected from the file by the engagement quality control reviewer support the opinion of the key audit partner(s) as expressed in the draft of the auditor’s report4 and the additional report to the audit committee5. [AR/Article 8.5]

21R-2.

For statutory audits of financial statements of public-interest entities, the engagement quality control reviewer shall discuss the results of the review , including the elements assessed in paragraph 21R-1 , with the key audit partner(s). [AR/Article 8.6]

Documentation

24D-1.

For statutory audits of financial statements, the auditor shall include in the audit documentation :

(a) All significant threats to the firm’s independence as well as the safeguards applied to mitigate those threats ; and [AL/Article 22]
(b) Those matters it is required to assess before accepting or continuing a statutory audit engagement in accordance with ISQC 16. [AL/Article 25(5)]

25R-1.

For statutory audits of financial statements of public-interest entities, the engagement quality control reviewer shall also record :

(a) The oral and written information provided by the key audit partner(s) to support the significant judgements as well as the main findings of the audit procedures carried out and the conclusions drawn from those findings, whether or not at the request of the engagement quality control reviewer ; and [AR/Article 8.4(a)]
(b) The opinions of the key audit partner(s), as expressed in the draft of the reports required by ISA 260 (Revised) and ISA 700 (Revised). [AR/Article 8.4(b)]

25R-2.

For statutory audits of financial statements of public-interest entities, the auditor shall keep a record of the results of the engagement quality control review, together with the considerations underlying those results in the audit documentation. [AR/Article 8.7] / [AL/Article 25(5)]

3. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION

Requirements

Documentation of the Audit Procedures Performed and Audit Evidence Obtained

Form, Content and Extent of Audit Documentation

8D-1.

For statutory audits of financial statements, the auditor shall retain any other data and documents that are important in supporting the auditor’s report as part of the audit documentation. [AL/Article 25(5)]

Departure from a relevant requirement

12 [...].

Where the ISA requirements reflect the provisions prescribed by the Audit Law or the Audit Regulation, the auditor shall not depart from such relevant requirement.

Assembly of the Final Audit File

14D-1.

For statutory audits of financial statements, the auditor shall retain any other data and documents that are of importance for monitoring compliance with ISAs and other applicable legal requirements. [AL/Article 25(5)]

14D-2.

For statutory audits of financial statements, the audit file shall be closed no later than 60 days after the date of signature of the auditor’s report. [AL/Article 25(5)]

4. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN THE AUDIT OF FINANCIAL STATEMENTS

Requirements

Communications to Management and with Those Charged With Governance

41R-1.

For statutory audits of financial statements of public-interest entities, when an auditor suspects or has reasonable grounds to suspect that fraud with regard to the financial statements of the entity, may occur or have occurred, the auditor shall (unless prohibited by law or regulation) inform the entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future. (Ref : Para. A63-1) [AR/Article 7]

Communications to Regulatory and Enforcement Authorities

43R-1.

For statutory audits of financial statements of public-interest entities, where the entity does not investigate the matter referred to in paragraph 41R-1, the statutory auditor or the audit firm shall inform the authorities responsible for investigating such fraud. (Ref : Para. A65-1) [AR/Article 7]

5. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 250 (REVISED) CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS

Requirements

Communicating and Reporting Identified or Suspected Non-Compliance

Communicating Identified or Suspected Non-Compliance with Those Charged with Governance

23R-1.

For statutory audits of financial statements of public-interest entities, when an auditor suspects or has reasonable grounds to suspect that irregularities with regard to the financial statements of the audited entity, may occur or have occurred, the auditor shall (unless prohibited by law or regulation) inform the audited entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future [AR/ Article 7]

Reporting of Identified or Suspected Non-Compliance to an Appropriate Authority outside the entity

29R-1.

For statutory audits of financial statements of public-interest entities, the auditor shall :

(a) Report promptly to the competent authorities any information concerning that public interest entity of which the auditor has become aware while carrying out the audit and which may bring about any of the following :
(i) A material breach of the laws, regulations or administrative provisions which lay down, where appropriate, the conditions governing authorization or which specifically govern pursuit of the activities of such public-interest entity ; or
(ii) A material threat or doubt concerning the continuous functioning of the public-interest entity ; or
(iii) A refusal to issue an audit opinion on the financial statements or the issuing of an adverse or qualified opinion.
(b) Report any information referred to in paragraph 29R-1(a)(i)-(iii) of which the auditor becomes aware in the course of carrying out the audit of an undertaking having close links7 with the public-interest entity for which they are also carrying out the audit. [AR/Article 12.1]

29R-2.

For statutory audits of financial statements of public-interest entities, where the entity does not investigate the matter referred to in paragraph 23R-1, the statutory auditor or the audit firm shall inform the authorities responsible for investigating such irregularities. (Ref : Para. A33-1) [AR/Article 7]

6. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 260 (REVISED) COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE

Requirements

Those Charged With Governance

11R-1.

For statutory audits of financial statements of public-interest entities, if an entity which does not fall under the exemption criteria set in article 52 paragraph 5) of the law dated 23 July 2016 on the audit profession does not have an audit committee, the additional report to the audit committee required by paragraph 16R-1 shall be submitted to the body performing equivalent functions within the entity. [AR/Article 11(1)]

Matters to Be Communicated

Significant Findings from the Audit

16R-1.

For statutory audits of financial statements of public-interest entities, the auditor shall submit an additional report to the audit committee of the entity explaining the results of the audit carried out and shall at least :

(a) Include the declaration of independence required by paragraph 17R-1(a) ;
(b) Identify each key audit partner(s)8 involved in the audit ;
(c) Where the auditor has made arrangements for any of the auditor’s activities to be conducted by another firm9 that is not a member of the same network, or has used the work of external experts, the report shall indicate that fact and shall confirm that the auditor received a confirmation from the other firm and/or the external expert regarding their independence ;
(d) Describe the nature, frequency and extent of communication with the audit committee or the body performing equivalent functions within the entity, the management body and the administrative or supervisory body of the audited entity, including the dates of meetings with those bodies ;
(e) Include a description of the scope and timing of the audit ;
(f) Where more than one auditor has been appointed, describe the distribution of tasks among the auditors ;
(g) Describe the methodology used, including which categories of the balance sheet have been directly verified and which categories have been verified based on system and compliance testing, including an explanation of any substantial variation in the weighting of system and compliance testing when compared to the previous year, even if the previous year’s audit was carried out by another firm ;
(h) Disclose the quantitative level of materiality applied to perform the audit for the financial statements as a whole and where applicable the materiality level or levels for particular classes of transactions, account balances or disclosures, and disclose the qualitative factors which were considered when setting the level of materiality ;
(i) Report and explain judgements about events or conditions identified in the course of the audit that may cast significant doubt on the entity’s ability to continue as a going concern and whether they constitute a material uncertainty, and provide a summary of all guarantees, comfort letters, undertakings of public intervention and other support measures that have been taken into account when making a going concern assessment ;
(j) Report on any significant deficiencies the entity’s or, in the case of consolidated financial statements, the parent undertaking’s internal financial control system, and/or in the accounting system. For each such significant deficiency, the additional report shall state whether or not the deficiency in question has been resolved by management ;
(k) Report any significant matters involving actual or suspected non-compliance with laws and regulations or articles of association which were identified in the course of the audit, in so far as they are considered to be relevant in order to enable the audit committee to fulfil its tasks ;
(l) Report the valuation methods applied to the various items in the annual or consolidated financial statements including any impact of changes of such methods ;
(m) In the case of an audit of consolidated financial statements, explain the scope of consolidation and the exclusion criteria applied by the entity to the non-consolidated entities, if any, and whether those criteria applied are in accordance with the financial reporting framework ;
(n) Where applicable, identify any audit work performed by in relation to an audit of consolidated financial statements other than by members of the same network to which the auditor of the consolidated financial statements belongs ;
(o) Indicate whether all requested explanations and documents were provided by the entity ;
(p) Report :
(i) Any significant difficulties encountered in the course of the audit
(ii) Any significant matters arising from the audit that were discussed or were the subject of correspondence with management ; and
(iii) Any other matters arising from the audit that in the auditor’s professional judgement, are significant to the oversight of the financial reporting process.

Where more than one auditor has been engaged simultaneously, and any disagreement has arisen between them on auditing procedures, accounting rules or any other issue regarding the conduct of the audit, the reasons for such disagreement shall be explained in the additional report to the audit committee. [AR/Article 11(1) (2) (3)]

Auditor Independence

17R-1.

For statutory audits of financial statements of public-interest entities, the auditor shall :

(a) Disclose to the audit committees when the total fees received from a public-interest entity in each of the last three consecutive financial years are more than 15% of the total fees received by the statutory auditor or the audit firm. [AR/Article 4(3)]
(b) Confirm annually in writing to the audit committee that the statutory auditor, the audit firm and partners, senior managers and managers, conducting the statutory audit are independent from the audited entity ; and
(c) Discuss with the audit committee the threats to the auditor’s independence and the safeguards applied to mitigate those threats. [AR/Article 6(2)]

The Communication Process

Forms of Communication

20R-1.

For statutory audits of financial statements of public-interest entities :

(a) The additional report to the audit committee10 shall be in writing. [AR/Article 11.2]
(b) The additional report to the audit committee shall be signed and dated by the engagement partner. [AR/Article 11.4]
(c) Upon request by either the statutory auditor or the audit committee, the statutory auditor shall discuss key matters arising from the audit, referred to in the additional report to the audit committee, and in particular deficiencies communicated in accordance with paragraph 16R-1(j). [AR/Article 11.2]
(d) Upon request, the statutory auditor shall make available without delay the additional report to the audit committee to the CSSF. [AR/Article 11.5]

Timing of communications

21R-1.

For statutory audits of financial statements of public interest entities, the auditor shall submit the additional report to the audit committee not later than the date of submission of the auditor’s report. [AR/Article 11(1)]

Documentation

23D-1.

For statutory audits of financial statements of public-interest entities, the auditor shall retain any other data and documents that are important in supporting the additional report to the audit committee 11. [AL/Article 25(5)]

7. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR’S RESPONSES TO ASSESSED RISKS

Requirements

Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level

Substantive Procedures

19R-1.

For statutory audits of financial statements of public interest entities, the auditor shall assess the valuation methods applied to the various items in the financial statements including any impact of changes of such methods. (Ref : Para. A51-1). [AR / Article 11.2(l)]

8. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 510 INITIAL AUDIT ENGAGEMENTS - OPENING BALANCES

Requirements

Audit Procedures

Required Understanding of Prior Year Responses to Risks

8R-1.

For statutory audits of financial statements of public-interest entities, the auditor shall obtain an understanding of the predecessor auditor’s methodology used to carry out the audit, sufficient to enable the auditor to communicate with those charged with governance those matters required by paragraph 16R-1(g) of the Luxembourg supplement to ISA 260 (Revised). [AR/Article 11.2(g)]

8R-2.

For statutory audits of financial statements of public-interest entities, the Audit Regulation imposes a requirement on a predecessor auditor to grant the auditor access to the additional report to the audit committee in respect of previous years. [AR/Article 18]

9. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 540 AUDITING ACCOUNTING ESTIMATES, INCLUDING FAIR VALUE ACCOUNTING ESTIMATES, AND RELATED DISCLOSURES 12

Requirements

Indicators of Possible Management Bias

21D-1.

In accordance with the Luxembourg supplement to ISA 200, 13 the auditor shall maintain professional skepticism throughout the audit and in particular when reviewing management estimates relating to fair values, the impairment of assets and provisions. [AL/Article 18]

10. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 570 (REVISED) GOING CONCERN

Requirements

Evaluating Management’s Assessment

12D-1.

In accordance with the supplement to ISA 200, 14 the auditor shall maintain professional skepticism throughout the audit and in particular when reviewing future cash flow relevant to the entity’s ability to continue as a going concern. [AL/Article 18]

Additional Audit Procedures When Events or Conditions are Identified

16R-1.

For statutory audits of financial statements of public-interest entities, the auditor shall also obtain a summary of all guarantees, comfort letters, undertakings of public intervention and other support measures that management have taken into account when making the going concern assessment [AR/Article 11.2.(i)]

11. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 600 SPECIAL CONSIDERATIONS - AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS)

Definitions

9. 

[…]
(n) Group auditor – Defined in Article 1(8) of the Audit Law as the statutory auditor(s) or audit firm(s) carrying out the statutory audit of consolidated accounts.

Requirements

Responsibility

11D-1.

For statutory audits of group financial statements, the group auditor shall bear the full responsibility for the auditor’s report on the group financial statements. [AL/Article 34(1)]

Understanding the component auditor

19D-1.

For statutory audits of group financial statements, the group auditor shall request the agreement of the component auditor to the transfer of relevant documentation during the conduct of the audit of the group financial statements, as a condition of the use by the group auditor of the work of the component auditor. [AL/Article 34(3)]

Evaluating the sufficiency and Appropriateness of Audit Evidenced Obtained

42D-1.

For statutory audits of group financial statements, the group auditor shall :

(a) Evaluate the work performed by the component auditor for the purpose of the group audit ; and [AL/Article 34(2)]
(b) Review the audit work performed by the component auditor for the purpose of the group audit. Where the group engagement team is unable to do so, the group engagement team shall take appropriate measures (including carrying out additional work, either directly or by outsourcing such tasks, in the relevant component) and inform the CSSF. [AL/Article 34(3)]

Communication with Group Management and Those Charged with Governance of the group

Communication with Those Charged with Governance

49D-1.

For statutory audits of group financial statements of public interest entities, the group auditor shall bear the full responsibility for the additional report to the audit committee 15. [AL/Article 34(1)] (Ref : para. A66-1)

Documentation

50D-1.

For statutory audits of group financial statements, the group auditor shall include in the audit documentation the nature, timing and extent of the work performed by the component auditor, including, where applicable, the group auditor’s review of relevant parts of the component auditor’s audit documentation. [AL/Article 34(2)]

50D-2.

The group auditor shall retain sufficient and appropriate audit documentation to enable the CSSF to review the work of the auditor of the group financial statements. [AL/Article 34(3)]

50D-3.

Where :

the group engagement team is subject to a quality assurance review or an investigation concerning the group audit ; and
the CSSF is unable to obtain audit documentation of the work carried out by any component auditor from a non-EEA member state ; and
the CSSF requests delivery of any additional documentation of the work performed by that component auditor for the purpose of the group audit (including the component auditor’s working papers relevant to the group audit),

the group engagement team shall, in order to properly deliver such documentation in accordance with such request, either :

(a) Retain copies of the documentation of the work carried out by the relevant component auditor for the purpose of the group audit (including the component auditor’s working papers relevant to the group audit) ; or
(b) Obtain the agreement of the relevant component auditor that the group engagement team shall have unrestricted access to such documentation on request ; or
(c) Retain documentation to show that the group engagement team has undertaken the appropriate procedures in order to gain access to the audit documentation, together with evidence supporting the existence of any impediments to such access ; or
(d) Take any other appropriate action. [AL/Article 34(4)]

12. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 610 (REVISED 2013) USING THE WORK OF INTERNAL AUDITORS

Introduction

Scope of this ISA

5-1.

The use of internal auditors to provide direct assistance is prohibited in a statutory audit of financial statements conducted in accordance with ISAs. For a group audit this prohibition extends to the work of any component auditor which is relied upon by the group auditor, including for overseas components. Accordingly, the requirements set out in paragraphs 27-35 and 37 and related application material set out in paragraphs A32-A41 in this ISA relating to direct assistance are not applicable.

13. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR’S EXPERT

Requirements

The Competence, Capabilities and Objectivity of the Auditor’s Expert

9R-1.

For statutory audits of financial statements of public-interest entities, where the auditor uses the work of an auditor’s external expert, the auditor shall obtain a confirmation from the auditor’s external expert regarding his independence. [AR/Article 11.2(c)]

Documentation

16D-1.

The auditor shall document any request for advice from an auditor’s expert, together with the advice received. [AL/Article 25(3)]

14. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 700 (REVISED) FORMING AN OPINION AND REPORTING ON FINANCIAL STATEMENTS

Introduction

Scope of this ISA

3.

For the purpose of the Luxembourg’s statutory audit of financial statements, this ISA applies to an audit of a complete set of general purpose financial statements and is written in that context. [AL/Article 33(2)]

Requirements

Auditor’s Report

20R-1.

The auditor’s report shall be in clear and unambiguous language. [AR/Article 10.3]

24e)

For the purpose of Luxembourg’s statutory audit, the Opinion in the auditor’s report shall specify the date of and the period covered by the financial statements. [AL/Article 35(2)a)]

28c)

[…] In Luxembourg, auditors are subject to ethical requirements from three sources : the IESBA Code including the Luxembourg supplement, the Audit Regulation and the Audit Law (thereafter the “Luxembourg ethical requirements” or “Luxembourg ethical standards”).

Key Audit Matters

30R-1.

For statutory audits of financial statements of public-interest entities the auditor shall communicate key audit matters in the auditor’s report in accordance with ISA 701. [AR/Article 10.2(c)]

Auditor’s Responsibilities for the Audit of the Financial Statements

40R-1.

For audits of financial statements of public-interest entities, the auditor’s report shall :

(a) State by whom or which body the auditor(s) was appointed ; [AR/Article 10.2(a)]
(b) Indicate the date of the appointment and the period of total uninterrupted engagement including previous renewals and reappointments of the firm ; [AR/Article 10.2(b)]
(c) Explain in the Auditor’s Responsibilities for the Audit of the Financial Statements section to what extent the audit was considered capable of detecting irregularities, including fraud ; [AR/Article 10.2(d)]
(d) Confirm that the audit opinion is consistent with the additional report to the audit committee16 . Except as required by this paragraph, the auditor’s report shall not contain any cross-references to the additional report to the audit committee. [AR/Article 10.2(e)]
(e) Declare that the non-audit services prohibited by the Luxembourg ethical standards were not provided and that the firm remained independent of the entity in conducting the audit ; and[AR/Article 10.2(f)] (Ref : Para A52-1)
(f) Indicate any services, in addition to the audit, which were provided by the firm to the entity and its controlled undertaking(s), and which have not been disclosed in the management report or financial statements. [AR/Article 10.2(g)]

Signature of the statutory auditor

47D-1.

The audit report shall be signed and dated by the statutory auditor. Where an audit firm carries out the statutory audit, the audit report shall bear the signature of at least the statutory auditor(s) carrying out the statutory audit on behalf of the audit firm. [AL/Article 35(4)]

Auditor’s address

48D-1.

For statutory audits of financial statements, the auditor’s report shall identify the place of establishment of the firm. [AL/Article 35.2(g)]

15. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 701 COMMUNICATING KEY AUDIT MATTERS IN THE INDEPENDENT AUDITOR’S REPORT

Definitions

5

For the purposes of the Luxembourg, this ISA applies to audits of complete sets of general purpose financial statements of public interest entities and circumstances when the auditor otherwise decides to communicate key audit matters in the auditor’s report. This ISA also applies when the auditor is required by law or regulation to communicate key audit matters in the auditor’s report.

8

For the purposes of the Luxembourg supplement to ISAs, the following term has the meaning attributed below :

Key audit matters – Those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance. (Ref : Para. A.8-1.). For statutory audits of financial statements of public-interest entities, key audit matters include the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud. [AR/Article 10.2(c)]

Requirements

Communicating Key Audit Matters

11 (a)

Key audit matters are those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements [of the current period] and include for statutory audit of financial statements of public-interest entities, the most significant assessed risks of material misstatement (whether or not due to fraud) identified by the auditor. [AR/Article 10.2(c)]

Description of Individual Key Audit Matters

13R-1.

For statutory audit of financial statements of public-interest entities, in describing each of the key audit matters in accordance with paragraph 13, the auditor’s report shall provide, in support of the audit opinion :

(a) A description of the most significant assessed risks of material misstatement (whether or not due to fraud) ;
(b) A summary of the auditor’s response to those risks ; and
(c) Where relevant, key observations arising with respect to those risks.

Where relevant to the above information provided in the auditor’s report concerning each significant assessed risk of material misstatement (whether or not due to fraud), the auditor’s report shall include a clear reference to the relevant disclosures in the financial statements. [AR/Article 10.2(c)]

13R-2.

In describing why the matter was determined to be a key audit matter in accordance with paragraph 13R-1, the description shall indicate that the matter was one of the most significant assessed risks of material misstatement (whether or not due to fraud) identified by the auditor.

14R-1.

For statutory audits of financial statements of public interest entities the auditor shall describe each key audit matter in the auditor’s report unless law and regulation precludes public disclosures about the matter.

16. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 705 (REVISED) MODIFICATIONS TO THE OPINION IN THE INDEPENDENT AUDITOR’S REPORT

Form and Content of the Auditor’s Report When the Opinion Is Modified

Consideration When an Auditor Disclaims an Opinion on the Financial Statements

29.

For Statutory audits of financial statements of public-interest entities, when the auditor disclaims an opinion on the financial statements, the auditor’s report shall include a Key Audit Matter section in accordance with ISA 701. [AR/Article 10.2(c)]

17. LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON AUDITING 720 (REVISED) THE AUDITOR’S RESPONSIBILITIES RELATING TO OTHER INFORMATION

Introduction

Scope of this ISA

1-1.

For statutory audits of financial statements, this Luxembourg supplement to ISA 720 deals with the obligation imposed by the Luxembourg law on the auditor to report on other statutory information (management report, corporate governance statement …), based on the work undertaken in the course of the audit.

Definitions

12 (d).

Other statutory information – For statutory audits of financial statements, those documents or reports that are required to be prepared and issued by the entity in relation to which the auditor is required to report publicly in accordance with law or regulation.

Requirements

Reading and Considering the Other Information

14D-1.

For entities that are required to prepare other statutory information , the auditor shall read it, and in doing so shall consider, based on the work undertaken in the course of the audit, whether the other statutory information appears to be materially misstated. (Ref : Para. A36-1-A36-4)

14D-2.

For entities that are required to prepare other statutory information , as the basis for the consideration required by paragraphs 14(a), 14(b) and 14D-1, the auditor shall perform such procedures as are necessary in the auditor’s professional judgment to identify :

(a) Any material inconsistencies between the other statutory information and the financial statements ;
(b) Any material inconsistencies between the other statutory information and the auditor’s knowledge obtained in the audit, in the context of audit evidence obtained and conclusions reached in the audit ; and
(c) Whether the other statutory information appears to be materially misstated in the context of the auditor’s understanding of the legal and regulatory requirements applicable to the other statutory information.

Reporting

Management’s report

22D-1.

For entities that are required to prepare a management report, the auditor shall in the auditor’s report :

(a) State whether based on the work undertaken in the course of the audit :
(i) The information given in the management report for the financial year for which the accounts are prepared is consistent with those accounts ; and
(ii) The management report has been prepared in accordance with applicable legal requirements ;
(b) State whether, in the light of the knowledge and understanding of the company and its environment obtained in the course of the audit, the auditor has identified material misstatements in the management report ; and
(c) If applicable, give an indication of the nature of each of the misstatements referred to in paragraph 22D-1(b).

[AL / Article 35(2)e)]

Corporate governance statement

22D-2.

For entities that are required to prepare a Corporate governance statement in respect of a financial year, the auditor shall in the auditor’s report :

(a) State whether based on the work undertaken in the course of the audit :
(i) the information required by article 68ter (1) c) and d) of the accounting of the law of December 19, 2002 on the register of commerce and companies and the accounting and annual accounts of undertakings, as amended, given in the corporate governance statement is consistent with those accounts ; and
(ii) the information required by article 68ter (1) c) and d) of the law of December 19, 2002 on the register of commerce and companies and the accounting and annual accounts of undertakings, as amended, given in the corporate governance statement has been prepared in accordance with applicable legal requirements ;
(b) State whether, in the light of the knowledge and understanding of the company and its environment obtained in the course of the audit, the auditor has identified material misstatements in the corporate governance statement referred to in paragraph 22D-2(a) ; and
(c) If applicable, give an indication of the nature of each of the misstatements referred to in paragraph 22D-2 (b).


1

ISA 620, Using the Work of an Auditor’s Expert, paragraph 6(a), defines the term ‘‘auditor’s expert.’’

2

ISA 260 (Revised) Communication with those charges with governance, paragraph 16R-1

3

ISQC 1, paragraph 36 R-1

4

ISA 700 (Revised), “Forming an Opinion and Reporting on Financial Statements.”

5

ISA 260 (Revised), “Communication with Those Charged with Governance,” paragraph 16R-1

6

ISQC 1, paragraph 27D-1 and 27R-2

7

‘Close links’ shall have the meaning assigned to that term in point (38) of Article 4(1) of Regulation (EU) N° 575/2013 of the European Parliament and of the Council.

8

“Key audit partner” is defined in paragraph 7D-1(d) of the Luxembourg supplement to ISA 220 .

9

“Firm” is defined in ISA 220 as a sole practitioner, partnership or corporation or other entity of professional accountants.

10

Paragraph 16R-1 deals with the auditor’s responsibilities to prepare an additional report to the audit committee.

11

Paragraph 16R-1 deals with the auditor’s responsibilities to prepare an additional report to the audit committee.

12

This supplement is not applicable to ISA 540 (Revised) effective for audit of financial statements for periods beginning on or after December 15, 2019 as emphasis has been put in the revised ISA on professional skepticism.

13

ISA 200, “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing” paragraph 15.

14

ISA 200, “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing” paragraph 15.

15

ISA 260 (Revised), paragraph 16R-1 deals with the auditor’s responsibilities to prepare an additional report to the audit committee.

16

ISA 260 (Revised), “Communication with Those Charged with Governance,” paragraph 16R-1.

Annexe 3

Adoption de la norme relative au contrôle interne de qualité des cabinets de révision agréés, en vertu de l’article 36, paragraphe 3, lettre d) de la loi du 23 juillet 2016 relative à la profession de l’audit.

La présente norme est applicable et obligatoire dans le domaine du contrôle interne de qualité des cabinets de révision agréés :

International Standard on Quality Control (ISQC) 1, Quality Controls for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements
Complément luxembourgeois à la norme ISQC 1 (Annexe 4)
Complément luxembourgeois à la norme ISQC1 en matière de conservation des documents de travail du réviseur d’entreprises agréé (Annexe 5)

Annexe 4

Complément luxembourgeois de la norme relative au contrôle interne de qualité des cabinets de révision agréés.

LUXEMBOURG SUPPLEMENT TO INTERNATIONAL STANDARD ON QUALITY CONTROL 1 QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS

Definitions

12.

In this ISQC 1, the following terms have the meanings attributed below : […]

(g) Engagement team – All partners and staff performing the engagement, and any individuals engaged by the firm or a network firm who perform procedures on the engagement. This excludes an auditor’s external experts engaged by the firm or by a network firm.
(h) Relevant ethical requirements – Ethical requirements to which the engagement team and engagement quality control reviewer are subject, which ordinarily comprise Parts A and B of the International Ethics Standards Board for Accountants’ Code of Ethics for Professional Accountants (IESBA Code) together with national requirements that are more restrictive.

In Luxembourg, the firm and its personnel are subject to ethical requirements from three sources : the IESBA Code including the Luxembourg supplement, the Audit Regulation and the Audit Law (thereafter the “Luxembourg ethical requirements” or “Luxembourg ethical standards”).

12D-1.

In Luxembourg, the following terms have the meanings attributed below :

(a) Audit Regulation [AR] – refers to Regulation (EU) N° 537/2014 of the European Parliament and of the Council of 16 April 2014.
(b) Audit Law [AL] – refers to Law of July 23rd, 2016 related to the audit profession.
(c) Competent authority – is defined in Article 1(2) of the Audit Law as “the authorities designated by law that are in charge of the regulation and/or oversight of statutory auditors and audit firms or of specific aspects thereof”. In Luxembourg, the competent authority is the CSSF.
(d) Key audit partner – is defined in Article 1(1) of the Audit Law as :
(i) The statutory auditor designated by an audit firm for a particular audit engagement as being primarily responsible for carrying out the statutory audit on behalf of the audit firm ; or
(ii) In the case of a group audit, at least the statutory auditor designated by an audit firm as being primarily responsible for carrying out the statutory audit at the level of the group and the statutory auditor(s) designated as being primarily responsible at the level of material subsidiaries ; or
(iii) The statutory auditor who sign(s) the audit report.
(e) Listed entity - is as defined in the Luxembourg supplement to the IESBA Code as entities governed by Luxembourg law whose securities are admitted to trading on a recognized market.
(f) Public-interest entity – is as defined in Article 1(20) of the Audit Law.
(g) Statutory audit – is defined in Article 1(6) of the Audit Law as an audit of financial statements or consolidated financial statements in so far as required by Union law or by national law.

Requirements

Applying, and Complying with, Relevant Requirements

15D-1.

The firm shall : [AL/Article 24(2)]

(a) Take into consideration the scale and complexity of the firm’s activities when complying with the applicable requirements set out in paragraphs 16D-1, 16D-2, 20D-1, 21D-1, 29D-1, 29D-2, 32D-1 and 48D-1 of this ISQC 1 ; and
(b) Be able to demonstrate to the competent authority that the policies and procedures designed to achieve such compliance are appropriate given the scale and complexity of activities of the firm.

Elements of a System of Quality Control

16D-1.

The firm shall establish appropriate policies and procedures to ensure that its owners or shareholders, as well as the members of the administrative, management and supervisory bodies of the firm, or of a network firm, do not intervene in the carrying out of a statutory audit in any way which jeopardizes the independence and objectivity of the engagement team. [AL/Article 24(1)a)

16D-2.

The firm shall have :

(a) Sound administrative and accounting procedures ;
(b) Internal quality control mechanisms that shall be designed to secure compliance with decisions and procedures at all levels of the firm’s working structure ;
(c) Effective procedures for risk assessment ; and
(d) Effective control and safeguard arrangements for the firm’s information processing systems. [AL/Article 24(1)b)]

Relevant Ethical Requirements

20D-1.

The firm shall establish appropriate and effective organizational and administrative arrangements for dealing with and recording incidents which have, or may have, serious consequences for the integrity of the firm’s activities. [AL/Article 24(1)i)]

Independence

21D-1.

The firm shall establish appropriate and effective organizational and administrative arrangements to prevent, identify, eliminate or manage and disclose any threats to the firm’s independence required by the Luxembourg ethical standards. [AL/Article 24(1)e)]

Acceptance and continuance of Client Relationships and Specific Engagements

27D-1.

Before accepting or continuing an engagement for a statutory audit engagement, the firm shall assess the following :

(a) Whether the firm complies with relevant independence and objectivity requirements in the Luxembourg ethical standards ;
(b) Whether there are threats to the firm’s independence, and the safeguards applied to mitigate those threats ;
(c) Whether the firm has the competent personnel, time and resources needed in order to carry out the audit in an appropriate manner ; and
(d) Whether the key audit partner is approved as statutory auditor in Luxembourg. [AL/Article 22]

27R-2.

Before accepting or continuing an engagement for a statutory audit engagement of a public-interest entity, the firm shall assess, in addition to the requirements in paragraph 27D-1, the following :

(a) Whether the firm complies with the audit fees and the prohibition of the provision of non-audit services requirements in the Luxembourg ethical standards ;
(b) Whether the conditions for the duration of the audit engagement in accordance with the Audit Regulation are complied with ; and
(c) Without prejudice to Luxembourg anti-money laundering requirements17, the integrity of the members of the supervisory, administrative and management bodies of the public-interest entity. [AR/Article 6.1]

28D-1.

For audits of financial statements, where the auditor ceases to hold office as statutory auditor, or ceases to be eligible for appointment as a statutory auditor, the firm shall provide the successor statutory auditor with access to all relevant information concerning the entity, including information concerning the most recent audit. [AL/Article 28(5)]

Human Resources

29D-1.

For statutory audits of financial statements, the firm shall :

(a) Establish appropriate policies and procedures to ensure that the firm’s employees and any other natural persons whose services are placed at the firm’s disposal or under the firm’s control, and who are directly involved in the audit activities, have appropriate knowledge and experience for the duties assigned ; and [AL/Article 24(1)c)]
(b) Have in place adequate remuneration policies, including profit sharing policies, providing sufficient performance incentives to secure audit quality. In particular, the amount of revenue that the firm derives from providing non-audit services to the audited entity shall not form part of the performance evaluation and remuneration of any person involved in, or able to influence the carrying out of, the audit. [AL/Article 24(1)j)]

Outsourcing

29D-2.

For statutory audits of financial statements, the firm shall establish appropriate policies and procedures to ensure that outsourcing of important audit functions is not undertaken in such a way as to impair the quality of the firm’s internal quality control and the ability of the competent authorities to supervise the firm’s compliance with the obligations laid down in the Audit Law and, where applicable, in the Audit Regulation. Any outsourcing of audit functions shall not affect the responsibility of the firm towards the audited entity. [AL/Article 24.1(d)]

Assignment of engagement teams

30D-1.

For each statutory audit of financial statements, the firm shall :

(a) Designate at least one key audit partner [AL/Article 25(1)]
(b) Apply as its main criteria in selecting such a key audit partner :
i. Securing audit quality ;
ii. independence ; and
iii. competence. [AL/Article 25(1)]

31D-1.

For statutory audits of financial statements, the firm shall provide the key audit partner(s) with sufficient resources and with personnel that have the necessary competence and capabilities to carry out the firm’s duties appropriately. [AL/Article 25(1)]

Engagement Performance

32D-1.

For statutory audits of financial statements, the firm shall :

(a) Establish an internal quality control system to ensure the quality of the audit which shall at least cover the policies and procedures required by paragraph 32D-1(c) ; [AL/Article 24(1)g)]
(b) Ensure that responsibility for the internal quality control system lies with a person who is qualified as a statutory auditor ; [AL/Article 24(1)g)]
(c) Establish adequate policies and procedures for carrying out audits, coaching, supervising and reviewing employees activities and organizing the structure of the audit file18 ; and [AL/Article 24(1)f)]
(d) Use appropriate systems, resources and procedures to ensure continuity and regularity in the carrying out of the firm’s audit activities. [AL/Article 24(1)h)]

Engagement Quality Control Review

36R-1.

For statutory audits of financial statements of public-interest entities, before the auditor’s report and the additional report to the audit committee 19 are issued, the firm shall require that an engagement quality control review shall be performed to assess whether the key audit partner(s) could reasonably have come to the opinion and conclusions expressed in the draft of these reports. [AR/Article 8.1]

39R-1.

For statutory audits of financial statements of public-interest entities, the engagement quality control review shall be performed by an engagement quality control reviewer who shall :

a) Be a statutory auditor ; and
b) Not be involved in the performance of the audit to which the engagement quality control review relates. [AR/Article 8.2]

Where the audit is carried out by a firm and all the statutory auditors of that firm were involved in the conduct of the audit, the firm shall arrange for another firm to perform an engagement quality control review. Documents or information disclosed to the engagement quality control reviewer for this purpose shall be subject to professional secrecy. [AR/Article 8.3]

Differences of Opinion

43R-1.

For statutory audits of financial statements of public-interest entities, the firm shall establish procedures for determining the manner in which any disagreement between the key audit partner(s) and the engagement quality control reviewer are to be resolved. [AR/Article 8.6]

Confidentiality, Safe Custody, Integrity, Accessibility and Retrievability of Engagement Documentation

46.

For the purpose of Luxembourg, the paragraph 46 is replaced by the following :

The firm shall establish policies and procedures designed to maintain the confidentiality, safe custody, professional secrecy, integrity, accessibility and retrievabiltity of engagement documentation or any information entrusted to the firm, in accordance with applicable laws and regulations. [AL/Article 28]

Monitoring

Monitoring the firm’s quality control policies and procedures

48D-1.

For statutory audits of financial statements, the firm shall :

(a) Monitor and evaluate the adequacy and effectiveness of the firm’s systems, internal quality control mechanisms and arrangements established in accordance with this ISQC 1 and take appropriate measures to address any deficiencies ;
(b) Carry out an annual evaluation of the internal quality control system, referred to in paragraph 32D-1(a) ; and
(c) Keep records of the findings of the evaluation required by paragraph 48D-1(a) and any proposed measure to modify the internal quality control system. [AL/Article 24(1)k)]

External monitoring of Group Audits

48D-2.

Where the group auditor is subject to a quality assurance review or an investigation concerning a group audit, the firm shall be responsible for complying with, and shall establish policies and procedures which require the group engagement team to comply with, any request by the competent authority :

(a) For relevant audit documentation retained by the group engagement team concerning the work performed by any component auditor for the purposes of the group audit (including any relevant component auditor’s working papers relevant to the group audit) ;
(b) To deliver any additional documentation of the work performed by any component auditor from a non-EEA member state for the purposes of the group audit, including that component auditor’s working papers relevant to the group audit, where the competent authority is unable to obtain audit documentation of the work carried out by that component auditor. [AL/Article 34(4)]

48D-3.

The firm shall establish policies and procedures, which require that, in order to comply with any request under paragraph 48D-2(b), the group engagement team shall either :

(a) Retain copies of the documentation of the work carried out by the relevant component auditor for the purpose of the group audit (including the component auditor’s working papers relevant to the group audit) ; or
(b) Obtain the agreement of the relevant component auditor that the group engagement team shall have unrestricted access to such documentation on request ; or
(c) Retain documentation to show that the group engagement team has undertaken the appropriate procedures in order to gain access to the audit documentation, together with evidence supporting the existence of any impediments to such access ; or
(d) Take any other appropriate action. [AL/Article 34(4)]

Complaints and allegations

55D-1.

For statutory audits of financial statements, the firm shall keep records of any complaints made in writing about the performance of the audits carried out. [AL/Article 25(6)]

Documentation of the System of Quality Control

57D-1.

For statutory audits of financial statements, the firm shall retain any other data and documents that are of importance for monitoring compliance with this ISQC 1 and other applicable legal requirements. [AL/Article 25(5)]

57D-2.

For statutory audits of financial statements, the firm shall document :

(a) Whether the firm complies with the independence and objectivity requirements in the Luxembourg ethical standards ;
(b) Whether there are threats to the firm’s independence, and the safeguards applied to mitigate those threats ;
(c) Whether the firm has the competent employees, time and resources needed in order to carry out the audit in an appropriate manner ; and
(d) Whether the key audit partner(s) is approved as a statutory auditor. [AL/Article 22]

58R-1.

For statutory audits of financial statements, the firm shall establish policies and procedures that require retention of audit documentation for a period that is not less than any period necessary to satisfy the requirements of any applicable laws or regulation relating to data protection and to meet the requirements for any applicable administrative and judicial proceedings, and that is in any case not less than five years from the date of the auditor’s report. [AR/Article 15]

59D-1.

For statutory audits of financial statements, the firm shall :

(a) Keep records of any breaches of professional standards and applicable legal and regulatory requirements ;
(b) Keep records of any consequences of any breach recorded in accordance with paragraph 59D-1(a), the measures taken to address such a breach and to modify the firm’s internal quality control system ; and
(c) Prepare an annual report containing an overview of any measures taken under paragraph 59D-1(b) and communicate that report internally. [AL/Article 25(3)]

59D-2.

For statutory audits of financial statements, the firm shall maintain a client account record which include in respect of every statutory audit :

(a) The audited entity’s name, address and place of business ;
(b) The name of the key audit partner or, where there is more than one key audit partner, the names of all the key audit partners ; and
(c) The fees charged for the statutory audit and fees charged for other services in any financial year. [AL/Article 25(4)]


17

Implemented pursuant to Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005.

18

ISA 230, paragraph 14 sets out the requirement to assemble the audit documentation in an audit file. Paragraph 57D-1 of this ISQC 1, paragraphs 24D-1(b) and 25R-2 of ISA 220, paragraphs 8D-1 and 14D-1 of ISA 230 and paragraph 23D-1 of ISA 260 (Revised) set out requirements in respect of documentation for statutory audits.

19

ISA 260 (Revised), “Communication with Those Charged with Governance,” paragraph 16R-1 deals with the auditor’s responsibilities to prepare an additional report to the audit committee.

Annexe 5

Complément luxembourgeois à la norme ISQC 1 en matière de conservation des documents de travail du réviseur d’entreprises agréé

1. Introduction

La norme ISQC 1 « Contrôle qualité des cabinets réalisant des missions d’audit et d’examen limité d’états financiers, et d’autres missions d’assurance et de services connexes » (ci-après « ISQC 1 ») stipule que :

paragraphe 46 : « Le cabinet doit définir des politiques et des procédures destinées à assurer la confidentialité, l’archivage sécurisé, l’intégrité, l’accessibilité et la facilité de recherche de la documentation d’une mission. »
paragraphe 47 : « Le cabinet doit définir des politiques et des procédures pour la conservation de la documentation des missions pendant une période de temps suffisante pour répondre à ses besoins ou aux exigences de la loi ou de la réglementation. »

Les paragraphes A56 à A63 contiennent des dispositions explicatives complémentaires relatives à ces deux paragraphes.

L’objet du présent complément, qui fait partie intégrante de la norme de contrôle interne de qualité ISQC 1, est de préciser les dispositions particulières de la conservation des dossiers de travail dans le contexte luxembourgeois.

Ce complément ne s’applique pas à la problématique spécifique de la conservation des documents de travail dans le cadre d’un audit de groupe ou lorsque le réviseur d’entreprises agréé implique d’autres auditeurs dans l’audit d’états financiers qui ne sont pas du groupe.

2. Exigences générales

La politique et les procédures élaborées par le réviseur d’entreprises agréé ou le cabinet de révision agréé pour répondre aux exigences de la présente norme de contrôle interne de qualité dépendent d’un certain nombre de facteurs, comme par exemple le volume de missions effectuées, la nature des services fournis, ainsi que de son organisation interne. Tous les principes spécifiques énoncés aux sections suivantes sont à prendre en compte par le réviseur d’entreprises agréé dans la définition de sa politique de conservation des dossiers.

La documentation du travail du réviseur d’entreprises agréé ou du cabinet de révision agréé est constituée par des dossiers physiques, des dossiers électroniques ou une combinaison des deux.

Il appartient également au réviseur d’entreprises agréé ou au cabinet de révision agréé de décider s’il conserve les dossiers physiques et/ou électroniques lui-même ou s’il délègue la conservation de ces dossiers à un tiers. Alors que la première solution est privilégiée, puisqu’elle permet au réviseur d’entreprises agréé de garder la maîtrise des procédures mises en place, la réglementation actuelle n’interdit cependant pas la délégation et le réviseur d’entreprises agréé ou le cabinet de révision agréé peut y recourir sous certaines conditions bien spécifiques, énumérées à la section 3 ci-après.

La section 4 contient des dispositions additionnelles par rapport à la durée de conservation des dossiers de travail.

3. Lieu de conservation des dossiers de travail

3.1. Dossiers physiques

Les dispositions qui suivent s’appliquent aux missions de contrôle légal des comptes visées à l’article 1er, point 34, lettre a) de la loi du 23 juillet 2016 relative à la profession de l’audit (ci-après « loi audit »).

L’établissement professionnel du réviseur d’entreprises agréé doit disposer d’une infrastructure adaptée aux activités exercées et au sein de laquelle un lieu central de conservation des dossiers physiques est aménagé. Conformément aux prescriptions la loi audit, cet établissement professionnel doit être situé au Luxembourg.

Lors de la réalisation de la mission, il y a lieu de limiter à un strict minimum le transport des dossiers physiques de travail entre les différents endroits où ils sont utilisés. Le réviseur d’entreprises agréé veillera à la sécurité des dossiers de travail aux différents endroits où ils sont utilisés et limitera, dans la mesure du possible, l’accès aux seuls membres de son équipe et aux autres personnes devant accéder aux dossiers en fonction des normes. En règle générale, les dossiers de travail ne peuvent être conservés, même temporairement, en dehors du territoire du Luxembourg. Dans le cas où le réviseur d’entreprises agréé doit se déplacer à l’étranger avec ses dossiers de travail, il veillera à en assurer leur confidentialité, leur sécurité et leur intégrité. Dans le cas d’une équipe d’audit, l’associé signataire du rapport est responsable de juger de la nécessité du déplacement des dossiers à l’étranger et du respect de leur confidentialité, de leur sécurité et de leur intégrité.

Après la finalisation de la documentation de la mission et si le réviseur d’entreprises agréé conserve les dossiers physiques lui-même, ces derniers doivent être stockés au lieu central de conservation des dossiers. La gestion des accès à ce lieu de conservation central doit être organisée de façon à assurer la traçabilité de tous les accès aux dossiers physiques.

Une conservation des dossiers de travail par un tiers (qui peut-être le client d’audit lui-même) peut se faire sur le territoire du Luxembourg pour autant que ce tiers garantisse l’application des exigences minimum énoncées aux paragraphes 46, 47 et A56 à A63 de la norme ISQC1 et qu’un dossier soit soumis à la CSSF selon les modalités prévues à la section 3.3. Pour des raisons d’accessibilité et de confidentialité des dossiers physiques, il n’est pas admis que des dossiers physiques soient conservés à l’étranger.

3.2. Dossiers électroniques

La fonction informatique étant très variable d’un réviseur d’entreprises agréé à un autre, il appartient à ce dernier d’assurer l’application appropriée des exigences énoncées aux paragraphes 46, 47 et A56 à A63 de la norme ISQC1 pour les dossiers électroniques et de se doter en interne des compétences informatiques nécessaires pour, au minimum, comprendre la (les) solution(s) informatique(s) de conservation mise(s) en place.

Une conservation des dossiers électroniques par un tiers (qui peut-être le client audit lui-même) peut se faire sur le territoire du Luxembourg et, éventuellement, en-dehors du territoire du Luxembourg, pour autant que ce tiers garantisse l’application des exigences minimum énoncées aux paragraphes 46, 47 et A56 à A63 de la norme ISQC1 et que les conditions énumérées à la section 3.3 soient respectées.

3.3. Sous-traitance en matière de conservation de dossiers de travail

La sous-traitance en matière de conservation des dossiers de travail pose un certain nombre de risques, dont en particulier celui de la confidentialité des données y reprises. En effet, la loi audit ne prévoit la levée de l’obligation au secret professionnel du réviseur d’entreprises agréé que dans un certain nombre de cas limités repris à l’article 28, paragraphes (3), (4) et (5) de la loi précitée. Un tiers (même ayant un statut de PSF au Luxembourg) ou une autre entité du réseau auquel appartient le réviseur d’entreprises agréé (localisée au Luxembourg ou à l’étranger) n’en font pas partie.

Par conséquent, toute sous-traitance est à traiter avec une grande précaution et dans le respect intégral des conditions suivantes :

1) Le réviseur d’entreprises agréé doit informer la CSSF de chaque projet de sous-traitance qu’il envisage en matière de conservation de dossiers de travail en en décrivant les modalités principales.
2) Le réviseur d’entreprises agréé (ou l’organe d’administration du cabinet de révision agréé) doit dûment documenter son analyse des risques du projet de sous-traitance, ainsi que les réponses apportées à ces risques. Il doit notamment se prononcer quant à la réputation, l’expérience et la fiabilité du tiers auquel il compte sous-traiter la conservation des dossiers de travail.
3) Toute sous-traitance doit être formalisée par un contrat de services écrit et qui adresse tous les aspects liés à la conservation des dossiers de travail énumérés à la section 2 du présent complément luxembourgeois à la norme ISQC1. L’accès aux dossiers conservés par le réviseur d’entreprises agréé doit être illimité et sans retard indu pour toute personne autorisée. Une attention particulière sera accordée à cet égard aux aspects de continuité, au caractère révocable de la sous-traitance et au maintien de l’intégrité du contrôle interne et externe. En outre, la convention fournira une description claire des responsabilités des deux parties.
4) Le réviseur d’entreprises agréé s’assurera, au regard des éventuels risques juridiques ou autres, de la nécessité d’informer ou non ses clients de cette sous-traitance. Les risques à considérer pourraient découler, à titre d’exemple, d’une incompatibilité de la sous-traitance avec certaines clauses contractuelles vis-à-vis de ces tiers ou avec certaines dispositions légales en matière de protection de la vie privée.
5) La responsabilité de la gestion de la sous-traitance sera du ressort du réviseur d’entreprises agréé, ou, dans le cas d’un cabinet de révision agréé, de l’associé en charge de la fonction de gestion des risques au sein du cabinet.
6) Le réviseur d’entreprises agréé doit être en mesure de continuer à fonctionner normalement en cas d’événements exceptionnels, tels que la rupture des moyens de communication pendant des périodes prolongées. Le réviseur d’entreprises agréé prendra également les précautions qui s’imposent afin d’être à même de transférer de manière adéquate les dossiers conservés à un autre fournisseur ou de les reprendre en conservation propre, chaque fois qu’une des exigences de la section 2 du présent complément luxembourgeois à la norme ISQC1 risque d’être compromise.
7) La conservation des dossiers électroniques ne peut se faire que sous forme encryptée et la clé d’encryptage doit être détenue par le réviseur d’entreprises agréé, ou, dans le cas d’un cabinet de révision agréé, par l’associé en charge de la fonction de gestion des risques au sein du cabinet. Cette condition vaut à la fois pour la sous-traitance de la conservation de dossiers électroniques au Luxembourg ou à l’étranger. Le réviseur d’entreprises agréé ou, dans le cas d’un cabinet de révision agréé, l’associé en charge de la fonction de gestion des risques au sein du cabinet, doit explicitement veiller à ce que la qualité de l’encryptage soit à un niveau approprié. Tout autre processus de conservation des dossiers électroniques est soumis à l’accord préalable de la CSSF.
8) Pour les dossiers physiques stockés chez un tiers au Luxembourg, aucun accès des dossiers par un tiers ne doit pouvoir avoir lieu sans en informer au préalable le réviseur d’entreprises agréé.

4. Durée de conservation des dossiers de travail

Pour les besoins de la supervision publique exercée par la CSSF, les réviseurs d’entreprises agréés et les cabinets de révision agréés sont tenus de conserver les dossiers de travail des missions de contrôle légal des comptes pour une période minimale de 7 ans, la fréquence minimale des examens d’assurance qualité prévue par la loi étant de 6 ans.

En matière d’actions en responsabilité civile professionnelle, l’article 11 de la loi audit dispose que ces actions dirigées contre un réviseur d’entreprises agréé ou un cabinet de révision agréé se prescrivent par cinq ans à compter de la date du rapport d’audit.

Annexe 6

Adoption de la norme relative à la déontologie, en vertu de l’article 36, paragraphe 3), point b) de la loi du 23 juillet 2016 relative à la profession de l’audit.

La présente norme est applicable et obligatoire dans le domaine de la déontologie professionnelle :

- Code de déontologie de la profession de l’audit à Luxembourg

Complément luxembourgeois au code d’éthique tel qu’émis par l’International Ethics Standards Board for Accountants (IESBA) dans sa version en vigueur telle qu’amendée et publiée le 14 août 2018 (ci-après « le code d’éthique »)

L’objectif du présent complément luxembourgeois au code d’éthique est de compiler les obligations légales et réglementaires qui concernent l’éthique et l’indépendance des réviseurs d’entreprises (« RE »), des réviseurs d’entreprises agréés (« REA »), des cabinets de révision (« CR ») et des cabinets de révision agréés (« CRA ») telles qu’elles proviennent de la loi du 23 juillet 2016 relative à la profession de l’audit d’une part et du Règlement UE N° 537/2014 du parlement européen et du conseil relatif aux exigences spécifiques applicables au contrôle légal des comptes des entités d’intérêt public (« EIP ») d’autre part.

Table of contents

PART 1 - COMPLYING WITH THE CODE, FUNDAMENTAL PRINCIPLES AND CONCEPTUAL FRAMEWORK

110

The Fundamental Principles

PART 3 - PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE

320

Professional appointments

330

Fees and other types of remuneration

350

Custody of client assets

PART 4A – INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS

400

Applying the conceptual framework to independence for audit and review engagements

410

Fees

420

Gifts and hospitality

510

Financial interests

520

Business Relationships

524

Employment with an audit client

540

Long association of senior personnel (including partner rotation) with an audit client

- Internal rotation
- External rotation

600

Provision of non-assurance services to an audit client

- Prohibition to provide non-audit services
- List of prohibited non-audit services
- Prohibited non-audit services provided by an affiliate within the network to an entity registered in a third-country and under control of the audited public-interest entity
- Approval of non-audit services by the audit committees

GLOSSARY

PART 1 - COMPLYING WITH THE CODE, FUNDAMENTAL PRINCIPLES AND CONCEPTUAL FRAMEWORK

SECTION 110

THE FUNDAMENTAL PRINCIPLES

General

Paragraph R115.1 is completed as follows :

“The exercise by the réviseur d’entreprises (statutory auditor), the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision (audit firm), the cabinet de révision agréé (approved audit firm) or the audit firm of one of their respective activities referred to in Article 1(34)of the Audit Law is incompatible with any activity liable to detract from the principles of independence of the profession.

Where he, she exercises the activities referred to in the previous paragraph, the réviseur d’entreprises (statutory auditor) or the réviseur d’entreprises agréé (approved statutory auditor) may not enter paid employment unless it is with a cabinet de révision (audit firm), a cabinet de révision agréé (approved audit firm) or an audit firm.” (AL/Article 19)

SUBSECTION 115 – PROFESSIONAL BEHAVIOR

Paragraph R115.2 is completed as follows :

“A réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) can advertise or solicit new work for services other than audit engagements that are also offered by other professionals who are not subject to similar standards nor similar ethical rules. Nevertheless, any advertising or solicitation shall be executed in accordance with the principles mentioned in the current section. Advertising or solicitation for audit engagements are strictly forbidden. Factual description of services offered by an audit firm, including audit services, is authorized”.

PART 3 – PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE

SECTION 320

PROFESSIONAL APPOINTMENTS

Requirements and Application Material

Changes in a Professional Appointment

Changes in Audit or Review Appointments

Paragraph R320.8 is completed as follows :

“The réviseur d’entreprises agréé (approved statutory auditor) or cabinet de révision agréé (approved audit firm) being replaced shall provide the successor with free access to all relevant information concerning the audited entity and the most recent audit of that entity.” [AL/Article 28(5)]

Audit Clients that are Public-Interest Entities

In relation with the handover file in the event of a replacement of a REA or CRA by a new REA or CRA, paragraph R320.8 is completed as follows :

Subject to the provisions in relation with the safekeeping of audit documentation, the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) shall also provide the incoming réviseur d’entreprises agréé (approved statutory auditor) or cabinet de révision agréé (approved audit firm) with the previous years’ additional reports to the audit committee and all information communicated to competent authorities, in relation with :

- article 12 of Regulation (EU) N° 537/2014 (“Report to supervisors of public-interest entities”), applicable in case of (i) a material breach of the laws, regulations or administrative provisions which lay down, where appropriate, the conditions governing authorization or which specifically govern pursuit of the activities of such public-interest entity ; (ii) a material threat or doubt concerning the continuous functioning of the public-interest entity ; (iii) a refusal to issue an audit opinion on the financial statements or the issuing of an adverse or qualified opinion and
- article 13 of Regulation (EU) N° 537/2014 (“Transparency report”) :

The former réviseur d’entreprises agréé, cabinet de révision agréé or audit firm shall be able to demonstrate to the competent authority that such information has been provided to the incoming statutory auditor or audit firm [AR/Article 18].”

SECTION 350

CUSTODY OF CLIENT ASSETS

Requirements and Application Material

Before Taking Custody

Paragraph R350.3 is completed as follows :

“A réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) shall not assume custody of audit client monies. For a client, other than an audit client, the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) shall inform the concerned credit institution about the nature of the accounts open to hold client monies”.

PART 4A – INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS

SECTION 400

APPLYING THE CONCEPTUAL FRAMEWORK TO INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS

Requirements and Application Material

General

Paragraph R400.11 is completed as follows :

“When carrying out a statutory audit, the réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, and any natural person in a position to directly or indirectly influence the outcome of the statutory audit, shall be independent of the audited entity. They shall not be involved in the decision-taking of the audited entity.

Independence shall be required at least during both the period covered by the financial statements to be audited and the period during which the statutory audit is carried out.

The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms) and the audit firms shall take all reasonable steps to ensure that, when carrying out a statutory audit, their independence is not affected by any existing or potential conflict of interest or business or other direct or indirect relationship involving the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm carrying out the statutory audit and, where appropriate, his, her or its network, managers, auditors, employees, any other natural persons whose services are placed at the disposal or under the control of the réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm, or any person directly or indirectly linked to the réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm by control.

The réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm shall not carry out a statutory audit if there is any threat of self-review, self-interest, advocacy, familiarity or intimidation created by financial, personal, business, employment or other relationships between :

- the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm), the audit firm, his, her or its network, and any natural person in a position to influence the outcome of the statutory audit, and
- the audited entity,

as a result of which an objective, reasonable and informed third party, taking into account the safeguards applied, would conclude that the independence of the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm is compromised.” [AL/Article 20(1)].

Mergers and acquisitions

When a Client Merger Creates a Threat

In paragraph R400.73 (a), the deadline of six months is shortened to three months [AL/Article 20(6)].

SECTION 410

FEES

Introduction

Paragraph 410.1 is completed as follows :

“The fees for statutory audit cannot be influenced or determined by the provision of additional services to the audited entity and cannot be based on any form of contingency.” [AL/Article 27]

Requirements and Application Material

Fees – Relative size

Audit Clients that are Public-Interest Entities

Provisions of paragraph R410.4 and R410.5 are replaced by the following provision :

“When the total fees received from a public-interest entity in each of the last three consecutive financial years are more than 15 % of the total fees received by the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) or, where applicable, by the group auditor carrying out the statutory audit, in each of those financial years, such a réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) or, as the case may be, group auditor, shall disclose that fact to the audit committee and discuss with the audit committee the threats to their independence and the safeguards applied to mitigate those threats. The audit committee shall consider whether the audit engagement should be subject to an engagement quality control review by another statutory auditor or audit firm prior to the issuance of the audit report”. [AR/Article 4(3)]

Provisions of paragraph R410.6 is replaced by the following provision :

“Where the fees received from such a public-interest entity continue to exceed 15 % of the total fees received by such the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) or, as the case may be, by a group auditor carrying out the statutory audit, the audit committee shall decide on the basis of objective grounds whether the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) or the group auditor, of such an entity or group of entities may continue to carry out the statutory audit for an additional period which shall not, in any case, exceed two years.”

Fees – Cap of 70 % for non-audit services

Audit Clients that are Public-Interest Entities

The section is completed as followed :

“When the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) provides to the audited entity, its parent undertaking or its controlled undertakings, for a period of three or more consecutive financial years, non-audit services other than those referred to in Article 5(1) of Regulation (EU) N° 537/2014, the total fees for such services shall be limited to no more than 70 % of the average of the fees paid in the last three consecutive financial years for the statutory audit(s) of the audited entity and, where applicable, of its parent undertaking, of its controlled undertakings and of the consolidated financial statements of that group of undertakings.

For the purposes of the limits specified above, non-audit services (other than those referred to in Article 5(1) of Regulation (EU) N° 537/2014) required by Union or Luxembourg legislation shall be excluded.

On reasoned request, the CSSF may exceptionally relieve the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) from the obligation to comply with the limits set in the first subparagraph of this paragraph for a maximum period of two financial years”. [AR/Article 4(2) and AL/Article 49]

SECTION 420

GIFTS AND HOSPITALITY

Requirements and Application Material

Paragraph R420.3 is completed as follows :

“The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, their key audit partners, their employees, and any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 3(1) point 26 of Regulation (EU) N° 596/2014 of the European Parliament and the council on market abuse of 16 April 2014 (market abuse regulation), shall not solicit or accept pecuniary and non-pecuniary gifts or favours from the audited entity or any entity related to an audited entity unless an objective, reasonable and informed third party would consider the value thereof as trivial or inconsequential.” [AL/Article 20(5)]

SECTION 510

FINANCIAL INTERESTS

Requirements and Application Material

Financial Interests – Other Circumstances

Provisions of paragraph 510.10.A1 to 510.10.A12 are replaced by the following provision :

“The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, their key audit partners, their employees, and any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 3(1) point 26 of Regulation (EU) N° 596/2014 of the European Parliament and the council on market abuse of 16 April 2014 (market abuse regulation) :

- do not hold or have a material and direct beneficial interest in, or engage in any transaction in any financial instrument issued, guaranteed, or otherwise supported by, any audited entity within their area of statutory audit activities, other than interests owned indirectly through diversified undertakings for collective investment, including managed funds such as pension funds or life insurance.” [AL/Article 20(2)]
- shall not participate in or otherwise influence the outcome of a statutory audit of any particular audited entity if they :
own financial instruments of the audited entity, other than interests owned indirectly through diversified undertakings for collective investment ;
own financial instruments of any entity related to an audited entity, the ownership of which may cause, or may be generally perceived as causing, a conflict of interest, other than interests owned indirectly through diversified undertakings for collective investment.” [AL/Article 20(4)]

SECTION 520

BUSINESS RELATIONSHIPS

Requirements and Application Material

Firm, Network Firm, Audit Team Member or Immediate Family Business Relationships

’Paragraph R520.4 is completed as follows :

“The réviseurs d’entreprises agréés (approved statutory auditors), the cabinets de révision agréés (approved audit firms), the audit firms, their key audit partners, their employees, and any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 3(1) point 26 of Regulation (EU) N° 596/2014 of the European Parliament and the council on market abuse of 16 April 2014 (market abuse regulation) shall not participate in or otherwise influence the outcome of a statutory audit of any particular audited entity if they have had an employment, or a business or other relationship with that audited entity within the period referred in paragraph R400.30 that may cause, or may be generally perceived as causing, a conflict of interest” [AL/Article 20(4)].

SECTION 524

EMPLOYMENT WITH AN AUDIT CLIENT

Requirements and Application Material

All Audit Clients

Former Partner or Audit Team Member Restrictions

Paragraph R524.4 is completed as follows :

“A réviseur d’entreprises agréé (approved statutory auditor) or a key audit partner who carries out a statutory audit on behalf of a cabinet de révision agréé (approved audit firm) or an audit firm shall not, before a period of at least one year, has elapsed since he or she ceased to act as réviseur d’entreprises agréé (approved statutory auditor) or key audit partner in connection with the audit engagement :

- take up a key management position in the audited entity ;
- where applicable, become a member of the audit committee of the audited entity or, where such committee does not exist, of the body performing equivalent functions to an audit committee ;
- become a non-executive member of the administrative body or a member of the supervisory body of the audited entity.

Employees and partners other than key audit partners of a réviseur d’entreprises agréé (approved statutory auditor) or of a cabinet de révision agréé (approved audit firm) carrying out a statutory audit, as well as any other natural person whose services are placed at the disposal or under the control of such réviseur d’entreprises agréé (approved statutory auditor) or cabinet de révision agréé (approved audit firm), shall not, when such employees, partners or other natural persons are personally approved as réviseurs d’entreprises agréés (approved statutory auditors), take up any of the duties referred to in the previous paragraph before a period of at least one year has elapsed since he or she was directly involved in the statutory audit engagement.” [AL/Article 21]

Audit clients that are Public Interest Entities

Key Audit Partners

Paragraph R524.6 is completed as follows :

“A réviseur d’entreprises agréé (approved statutory auditor) or a key audit partner who carries out a statutory audit of Public Interest Entities on behalf of a cabinet de révision agréé (approved audit firm) or an audit firm shall not, before a period of at least two years, has elapsed since he or she ceased to act as réviseur d’entreprises agréé (approved statutory auditor) or key audit partner in connection with the audit engagement :

- take up a key management position in the audited entity ;
- where applicable, become a member of the audit committee of the audited entity or, where such committee does not exist, of the body performing equivalent functions to an audit committee ;
- become a non-executive member of the administrative body or a member of the supervisory body of the audited entity.” [AL/Article 21]

SECTION 540

LONG ASSOCIATION OF PERSONNEL (INCLUDING PARTNER ROTATION) WITH AN AUDIT CLIENT

Requirements and Application Material

All Audit Clients

Audit Clients that are Public-Interest Entities

Provisions of paragraph R540.7 are repealed.

Cooling-off period

The delay of 2 years as per paragraph R540.13 is extended to 3 years in order to participate again in the statutory audit of the audited entity. [AR/Article 17(7)]

The section is completed as followed :

External rotation

Audit Clients that are Public-Interest Entities

In relation with statutory audits of Public-Interest Entities :

Neither the initial engagement of a particular réviseur d’entreprises agréé (approved statutory auditor), cabinet de révision agréé (approved audit firm) or audit firm, nor this in combination with any renewed engagements therewith shall exceed a maximum duration of 10 years ; nevertheless
The maximum duration of a statutory audit of a public-interest entity may be of 20 years, where a public tendering process for the statutory audit is conducted in accordance with paragraphs 2 to 5 of Article 16 of Regulation (EU) N° 537/2014.

The maximum duration shall be extended only if, upon a recommendation of the audit committee, the administrative or supervisory body, proposes to the general meeting of shareholders or members, in accordance with Luxembourg law, that the engagement be renewed and that proposal is approved.

After the expiry of the maximum duration, the public-interest entity may, on an exceptional basis, request that the CSSF grant an extension to re-appoint the statutory auditor or the audit firm for a further engagement where the conditions in points (a) or (b) of paragraph 4 of Regulation (EU) N° 537/2014 are met. Such an additional engagement shall not exceed two years.

After the expiry of the maximum 10-year duration of engagements (20 years in case of a public tendering process for the statutory audit is conducted in accordance with paragraphs 2 to 5 of Article 16 of Regulation (EU) N° 537/2014), neither the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm nor, where applicable, any members of their networks within the Union shall undertake the statutory audit of the same public-interest entity within the following four-year period.

For the purposes of this Article, the duration of the audit engagement shall be calculated as from the first financial year covered in the audit engagement letter in which the statutory auditor or the audit firm (including other firms that the audit firm has acquired or that have merged with it) has been appointed for the first time for the carrying-out of consecutive statutory audits for the same public-interest entity.” [AR/Article 17(1)-(6) and (8) and AL/Article 51]

SECTION 600

PROVISION OF NON-ASSURANCE SERVICES TO AN AUDIT CLIENT

Requirements and Application Material

General

The section is completed as followed :

Audit Clients that are Public-Interest Entities

Prohibition to provide non-audit services

“The réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm carrying out the statutory audit of a public-interest entity, or any member of the network to which the réviseur d’entreprises agréé (approved statutory auditor) or the cabinet de révision agréé (approved audit firm) belongs, shall not directly or indirectly provide to the audited entity, to its parent undertaking or to its controlled undertakings within the Union any prohibited non-audit services in :

the period between the beginning of the period audited and the issuing of the audit report ; and
the financial year immediately preceding the period referred to in above-mentioned point in relation to the services listed in point (e) of the below list”. [AR/Article 5 (1)]

List of prohibited non-audit services [AR/Article 5 (1) and AL/Article 50]

(a) tax services relating to :
i. preparation of tax forms (*) ;
ii. payroll tax ;
iii. customs duties ;
iv. identification of public subsidies and tax incentives unless support from the statutory auditor or the audit firm in respect of such services is required by law (*) ;
v. support regarding tax inspections by tax authorities unless support from the statutory auditor or the audit firm in respect of such inspections is required by law (*) ;
vi. calculation of direct and indirect tax and deferred tax (*) ;
vii. provision of tax advice (*) ;
(b) services that involve playing any part in the management or decision-making of the audited entity ;
(c) bookkeeping and preparing accounting records and financial statements ;
(d) payroll services ;
(e) designing and implementing internal control or risk management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems ;
(f) valuation services (*), including valuations performed in connection with actuarial services or litigation support services ;
(g) legal services, with respect to :
i. the provision of general counsel ;
ii. negotiating on behalf of the audited entity ; and
iii. acting in an advocacy role in the resolution of litigation ;
(h) services related to the audited entity’s internal audit function ;
(i) services linked to the financing, capital structure and allocation, and investment strategy of the audited entity, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with prospectuses issued by the audited entity ;
(j) promoting, dealing in, or underwriting shares in the audited entity ;
(k) human resources services, with respect to :
i. management in a position to exert significant influence over the preparation of the accounting records or financial statements which are the subject of the statutory audit, where such services involve :
- searching for or seeking out candidates for such position ; or
- undertaking reference checks of candidates for such positions ;
ii. structuring the organisation design ; and
iii. cost control.

(*): by way of derogation the provision of the services are allowed, provided that the following requirements are complied with :

they have no direct or have immaterial effect, separately or in the aggregate on the audited financial statements ;
the estimation of the effect on the audited financial statements is comprehensively documented and explained in the additional report to the audit committee; and
the principles of independence laid down in the law concerning the audit profession are complied with by the statutory auditor or the audit firm.

Prohibited non-audit services provided by an affiliate within the network to an entity registered in a third-country and under control of the audited public-interest entity

“When a member of a network to which the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm carrying out a statutory audit of a public-interest entity belongs provides any of the non-audit services, referred to in the above-mentioned paragraph, to an undertaking incorporated in a third country which is controlled by the audited public-interest entity, the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm concerned shall assess whether his, her or its independence would be compromised by such provision of services by the member of the network.

If his, her or its independence is affected, the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm shall apply safeguards where applicable in order to mitigate the threats caused by such provision of services in a third country. The réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm may continue to carry out the statutory audit of the public-interest entity only if he, she or it can justify, in accordance with Article 6 of Regulation (EU) N° 537/2014 and Article 22 of the Law of 23 July 2016 concerning the audit profession, that such provision of services does not affect his, her or its professional judgement and the audit report."

For the purposes of this paragraph :

(a) being involved in the decision-taking of the audited entity and the provision of the services referred to in points b), c) and e) of the above-mentioned list shall be deemed to affect such independence in all cases and to be incapable of mitigation by any safeguards.
(b) provision of the services referred to in the above-mentioned list other than points b), c) and e) thereof shall be deemed to affect such independence and therefore to require safeguards to mitigate the threats caused thereby.” [AR/Article 5(5)]

Approval of non-audit services by the audit committees

“A réviseur d’entreprises agréé (approved statutory auditor), a cabinet de révision agréé (approved audit firm) or an audit firm, carrying out statutory audits of public-interest entities, and when the réviseur d’entreprises agréé (approved statutory auditor), the cabinet de révision agréé (approved audit firm) or the audit firm belongs to a network, any member of such network may provide to the audited entity, to its parent undertaking or to its controlled undertakings non-audit services other than the prohibited non-audit services referred to in the current section (refer to the above-mentioned list) subject to the approval of the audit committee after it has properly assessed threats to independence and the safeguards applied in accordance with Article 22 of Law of 23 July 2016 concerning the audit profession.

The audit committee shall, where applicable, issue guidelines with regard to the authorized services upon the condition that they have been identified by an asterisk in the above-mentioned list of prohibited non-audit services”. [AR/Article 5(4)]

GLOSSARY

« Audit client » : An entity in respect of which a réviseur d’entreprises agréé (approved statutory auditor) or a cabinet de révision agréé (approved audit firm) conducts a statutory audit in the meaning of article 1 (6) of the Law of 23 July 2016 concerning the audit profession.

« Competent authority » : In Luxembourg, the competent authority for the public oversight of the audit profession is the CSSF.

« Key audit partner » : In Luxembourg, it corresponds to the definition of « key audit partner » as per article 1 (1) of the Law of 23 July 2016 concerning the audit profession. The individual responsible for the engagement quality review must be included in such definition.

« Listed Entity » : In Luxembourg, it means entities governed by the Luxembourg law whose transferable securities are admitted to trading on a recognized market.

« Network » : In Luxembourg, it corresponds to the definition as per article 1 (32) of the Law of 23 July 2016 concerning the audit profession.

« Professional Accountant » : In the context of the code of ethics of the audit profession in Luxembourg as adopted by the current regulation, this term corresponds to a natural person or a legal person, which has obtained the title of “réviseur d’entreprises (statutory auditor)” or “cabinet de révision (audit firm)” as per the meaning article 3 of the Law of 23 July 2016 concerning the audit profession.

« Professional Accountant in Public Practice » : In the context of the code of ethics of the audit profession in Luxembourg as adopted by the current regulation, this term corresponds to a natural person or a legal person that is member of the IRE and employed by a cabinet de révision agréé (approved audit firm) or a réviseur d’entreprises agréé (approved statutory auditor) exercising as self-employed the audit profession.

« Public-Interest Entity » : This notion shall be understood in Luxembourg as per the definition in article 1 (20) of the Law of 23 July 2016 concerning the audit profession.


Retour
haut de page