Subsection 2: Certification of accounts

Articles in this section · 32

Article A823-8

French Commercial codeIn force

Updated 3 Nov 2023

The professional practice standard relating to the audit procedures performed by the statutory auditor following its risk assessment, approved by the Minister of Justice, is set out below:


. NEP-330. Audit procedures performed by the statutory auditor following its risk assessment


. Introduction


01. Having obtained an understanding of the entity and assessed the risks of material misstatement of the accounts, the statutory auditor adapts his overall approach and designs and performs audit procedures to provide a basis for his opinion on the accounts.


02. The purpose of this standard is to define:


-principles for tailoring its overall approach and designing audit procedures in response to its assessment of the risks of material misstatement;


the audit procedures to be performed independently of that assessment;


- the principles relating to the assessment of the risks of material misstatement -the principles relating to the assessment of the sufficiency and appropriateness of the evidence gathered in order to formulate its opinion.


Definition


03. Audit procedures: all the work carried out during the audit in order to gather the elements needed to reach conclusions on which the statutory auditor bases his opinion.


Response to the assessment of the risk of material misstatement at the level of the accounts taken as a whole


04. In response to his assessment of the risk of material misstatement at the level of the accounts taken as a whole, the statutory auditor adapts his overall approach to the engagement. This may include:


-assign more experienced staff or staff with special skills to the engagement;


-recourse to one or more experts;


strengthen the supervision of the work;


> -introduce an additional degree of accountability -introduce an additional degree of unpredictability for the entity in the audit procedures chosen;


-make changes to the nature, timing or extent of the audit procedures. Thus, for example, if there are weaknesses in the control environment, the statutory auditor may choose to:


-implement substantive controls rather than procedural tests;


-to intervene after the end of the financial year rather than during it; or


-to increase the number of sites to be inspected.


Response to the assessment of the risk of material misstatement at the assertion level


05. In response to its assessment of the risk at the assertion level, the statutory auditor designs and performs audit procedures in addition to those performed for that assessment.


These audit procedures include tests of procedures, substantive procedures, or a mixed approach using both tests of procedures and substantive procedures.


The statutory auditor determines the nature, extent and timing of the audit procedures. The statutory auditor shall determine the nature, timing and extent of audit procedures to be performed by demonstrating the link between those audit procedures and the risks to which they relate.


06. The factors to be considered in determining the procedures to be performed are:


-the level of risk of material misstatement of the assertions considered for the categories of transactions, account balances and information provided in the notes;


-the nature of the controls implemented by the entity over these assertions and whether or not it is possible for the statutory auditor to obtain evidence of the effectiveness of the controls.


07. The determination of the scope of an audit procedure, which corresponds to the number of items tested by that specific procedure, is a matter of the auditor's professional judgement, bearing in mind that the higher the risk of material misstatement, the higher the quantity or quality of the items necessary for the auditor to form an opinion.


. 08. In terms of timing, the statutory auditor may decide to perform audit procedures during the financial year, in addition to those to be performed after the end of the financial year. This choice depends in particular on the level and nature of the risk of material misstatement, the internal control environment and the information available, some of which may only be accessible at certain times, for example for physical observations.


Tests of procedures


09. Among the audit procedures, tests of procedures make it possible to gather evidence with a view to assessing the effectiveness of the controls designed and implemented by the entity to prevent, detect or correct material misstatements at the assertion level.


10. The statutory auditor shall perform tests of procedures to obtain sufficient appropriate evidence that the entity's controls operated effectively during the period under audit in the following cases:


-when it has retained, in its assessment of the risk of material misstatement at the assertion level, the assumption that the entity's controls are operating effectively;


-when it considers that substantive controls alone do not reduce the audit risk to a level sufficiently low to obtain the assurance sought.


11. In order to be able to conclude whether or not the control implemented by the entity is effective, the statutory auditor, in addition to requests for information, uses one or more other control techniques such as, for example, analytical procedures, physical observation, inspection, re-performance of certain controls performed by the entity. Tests of procedures are not limited to requests for information.


12. The more the auditor relies on the effectiveness of internal control in assessing the risk of material misstatement, the more extensive the tests of procedures.


13. When the statutory auditor collects evidence on the effectiveness of the entity's controls during an interim period, the statutory auditor determines the additional evidence to be collected for the remaining period to the end of the financial year.


14. Where the statutory auditor intends to use evidence gathered in previous years on the effectiveness of certain of the entity's controls, the statutory auditor shall perform audit procedures to determine whether there have been any changes in the circumstances that may affect the relevance of that evidence. To do this, it uses requests for information in conjunction with physical observations or inspections to confirm its knowledge of existing controls.


15. Where it detects changes in these controls, it tests their effectiveness for the financial year to which its engagement relates.


16. Where no changes have affected these controls, it tests their effectiveness at least once every three financial years. However, this possibility should not lead the auditor to test all the controls in a single financial year without carrying out tests of procedures in each of the following two financial years.


17. Where, in assessing the risk of material misstatement, the auditor has identified a high inherent risk that requires a particular audit approach and plans to rely on the entity's controls designed to mitigate that risk, the auditor tests the effectiveness of those controls in respect of the financial year to which the engagement relates, even if there have been no changes to those controls that would affect their effectiveness since the previous audit.


Substantive controls


18. Where, in assessing the risk of material misstatement, the auditor has identified a high inherent risk that requires a particular audit approach, the auditor shall implement substantive controls that specifically address that risk.


19. The higher the auditor's assessment of the risk of material misstatement, the more extensive the substantive procedures performed by the auditor. Furthermore, given that the risk of material misstatement includes the control risk, unsatisfactory results of tests of controls increase the scope of the substantive controls required.


20. Where substantive procedures are performed at an interim date, the statutory auditor shall perform further substantive procedures, whether or not in conjunction with tests of controls, to cover the subsequent period and to enable the statutory auditor to extend the conclusions of the substantive procedures from the interim date to the year-end.


Audit procedures independent of the assessment of the risks of material misstatement


21. Independently of the assessment of the risk of material misstatement, the statutory auditor shall design and perform substantive procedures for each category of transaction, account balance and disclosure in the notes to the financial statements, whenever they are material. 22. In addition, the statutory auditor shall perform the following audit procedures:


-reconciliation of the annual or consolidated financial statements with the accounting documents from which they are derived;


-review of significant accounting entries, including closing adjustments; and


-assessment of whether the presentation of the financial statements, including the information provided in the notes to the financial statements, complies with applicable accounting standards.


Assessment of the sufficiency and appropriateness of the items collected


23. Based on the evidence obtained, the statutory auditor shall assess, throughout the engagement, whether its assessment of the risks of material misstatement at the assertion level remains appropriate.


24. The information gathered may lead the statutory auditor to modify the nature, timing or extent of planned audit procedures, where the information obtained differs from that taken into account for the risk assessment and leads the statutory auditor to revise that assessment.


25. The statutory auditor concludes on the sufficiency and appropriateness of the information gathered in order to reduce the audit risk to a level sufficiently low to obtain the assurance sought. In doing so, the statutory auditor takes into account both evidence that confirms and evidence that contradicts compliance with the assertions.


26. If the statutory auditor has not obtained sufficient appropriate evidence to confirm a material fact in the accounts, he shall seek to obtain further evidence. If the statutory auditor is unable to obtain sufficient appropriate information, he shall issue a qualified opinion or an inability to certify. Documentation


27. The statutory auditor shall record in his file:


a) the adaptation of its general approach in response to the risk of material misstatement at the level of the accounts taken as a whole;


b) the nature, timing and extent of audit procedures designed and performed in response to its assessment of the risks of material misstatement;


c) The relationship of those procedures to the assessed risks at the assertion level; and


> d) The conclusions of the audit procedures performed. d) The conclusions of the audit procedures.


In addition, when the statutory auditor uses elements on the effectiveness of internal controls collected during previous audits, he records in his file his conclusions on the fact that he can rely on these controls.

Mariela Petrova

Need help applying this article to your situation?

A registered French Lawyer explains what applies to your business — in English, fixed fee.

within 48h

Fixed Fee

Talk to a lawyer
Common Questions

Working with a corporate lawyer in France — Q&A

Any time a strategic decision changes how the company is owned, governed or contractually bound — incorporation, fundraising, M&A, restructuring, shareholder agreements, or major commercial contracts. Earlier engagement always costs less than later remediation.

A notary (notaire) is a public officer who authenticates specific deeds (mainly real-estate transfers and certain family-law acts). A corporate lawyer (avocat) advises on strategy, negotiates and drafts company documents, and represents you in disputes. The two roles complement rather than overlap.

Yes — most of our clients are foreign suppliers, investors or holding entities. We bridge the gap between French law and your home jurisdiction's expectations and deliver everything bilingually.

The SAS (Société par Actions Simplifiée) is the default choice for most international structures: flexible governance, single shareholder allowed, no minimum capital, and works cleanly with foreign holding entities. We assess SARL, SA, SCI on the merits when the situation calls for it.

Yes — communications with a French avocat are protected by the secret professionnel (Article 66-5 of the Law of 31 December 1971). This protection is broader than the common-law attorney-client privilege and applies to written and oral exchanges.

We work on fixed fees for clearly scoped engagements (incorporation, contract drafting, audits) and on monthly retainers for ongoing advisory. Hourly billing is the exception, not the default. You always know the cost before work starts.

Typical timeline is 2–3 weeks from KYC kick-off to RCS registration, assuming standard documentation. Holding-company structures, foreign-shareholder identification or in-kind contributions can extend this — we flag the gating items at the first meeting.

Absolutely. We routinely coordinate with your in-house counsel, expert-comptable or notaire — pragmatic collaboration is the norm, not the exception. We send them everything they need to do their part without duplicating work.

Mariela Petrova

Mariela Petrova

Avocate au Barreau de Paris

Toque #C2396

15+ Years In Corporate Practice

English · French · Russian

Ready When You Are

Talk To A Corporate
Lawyer In France.

A 20–30 minute call, in English, to scope the engagement. No obligation, no preliminary fee. You will leave the call with a clear view of what the work will cover and what it will cost.

First EngagementFixed Fee

Talk to a French lawyer.

Reply within 24 hours.

Communications protected by professional secrecy — secret professionnel de l'avocat, Article 66-5 of the Law of 31 December 1971.

Continue Reading

Related corporate services in France

01 / Setup

Setting up a French company

Choose between SAS, SARL, SA or SCI — and structure your first French entity around how you actually plan to operate.

Read More
02 / Operating

French commercial contracts

Distribution, agency, supply, services and IP licences — drafted around the protections French law actually gives.

Read More
03 / Disputes

Business disputes & litigation

Shareholder conflicts, commercial breaches and pre-litigation strategy — handled by the same team that knows the file.

Read More