35083 REPORT ON THE OBSERVANCE OF STANDARDS AND CODES (ROSC) Republic of Estonia ACCOUNTING AND AUDITING May 25, 2004 Contents Executive Summary I. Introduction II. Institutional Framework III. Accounting Standards as Designed and as Practiced IV. Auditing Standards as Designed and as Practiced V. Perception on the Quality of Financial Reporting VI. Policy Recommendations Executive Summary This report provides an assessment of accounting, financial reporting and auditing requirements and practices within the enterprise and financial sectors in Estonia. The report uses International Financial Reporting Standards (IFRSs), International Standards on Auditing, and the relevant portions of European Union (EU) law (also known as the acquis communautaire) as benchmarks and draws on international experience and good practices in the field of accounting and audit regulation. In the area of financial reporting and auditing law, Estonia implemented the Fourth, Seventh, and Eighth EU Company Law Directives, the EU Regulation on use of International Accounting Standards, and International Standards on Auditing. The law requires that banks, insurance companies, and listed companies prepare legal and consolidated financial statements in conformity with IFRSs from 2005, but permits earlier adoption. Others may continue to apply Estonian Accounting Standards, which are basically summarized from the principles underlying IFRSs and generally meet the identified needs of users of small- and medium-sized enterprises' financial statements. Estonian enterprises face significantly greater audit burdens than enterprises in most EU Member States. While these audit requirements should be conducive to greater compliance with accounting standards, Estonian auditing guidelines are seriously deficient for any regulatory role. This significant weakness in audit standards, however, does not affect the audit of most public interest entities, which must be conducted in accordance with International Standards on Auditing. Audit regulation lags behind and falls short of the European Commission Recommendations on quality assurance and auditor's independence. The authorities have recognized this issue, and audit legislation, currently in discussion, would align audit regulation with EU best practices. As the new regulations come into force, priorities are turning toward building the monitoring, supervisory, and disciplinary regimes necessary to ensure effective compliance. This assessment demonstrates that enforcement of accounting, auditing, and ethical standards in both public interest entities and small- and medium-sized enterprises is the next challenge for Estonia. This report draws upon recent international experience in developed economies and accession countries, as well as expected amendments to the acquis communautaire, and recommends that Estonia enhance audit regulation and practices (e.g., by reviewing professional education, quality assurance, and disciplinary mechanisms) and that the Financial Supervisory Authority pursue its efforts to strengthen the enforcement of auditing and accounting standards in public interest entities. This report was prepared by a team from the World Bank on the basis of the findings from a diagnostic review carried out in Estonia in January 2004. The ROSC team was led by Frédéric Gielen (ECSPS). The review was conducted through a participatory process involving various stakeholders and led by the country authorities. I. INTRODUCTION 1. This assessment of accounting and auditing practices in Estonia is part of a joint initiative of the World Bank and the International Monetary Fund (IMF) to prepare Reports on the Observance of Standards and Codes (ROSCs). The assessment focuses on the strengths and weaknesses of the accounting and auditing environment that influence the quality of corporate financial reporting and involves a review of both mandatory requirements and actual practice. It uses International Financial Reporting Standards (IFRSs),1 International Standards on Auditing (ISAs), and the relevant portions of European Union (EU) law (also known as the acquis communautaire) as benchmarks and draws on international experience and good practices in the field of accounting and audit regulation. 2. Estonia, with a population of 1.4 million, has a Gross Domestic Product (GDP) per capita of US$4,862.2 Estonia's aspirations to modernize its economy and join the European Union have been the driving force for economic reforms. The country has successfully implemented a broad agenda of stabilization and structural reform policies against a backdrop of prudent economic management, including the successful maintenance of a currency board arrangement since 1992.3 The authorities have completed negotiations for EU membership and Estonia joined the EU on May 1, 2004. 3. Given Estonia's increased aging population, the government accepted in the mid-1990s the widely held view that the tax-funded (pay-as-you-go) pension system, if not reformed, would overwhelm the central budget early in the 21st century, unless tax rates were raised or pension entitlements cut. Pension reform started in 1997 with the adoption of the three-pillar concept, consisting of (Pillar 1) a pay-as-you-go state system; (Pillar 2) a financed, privately run compulsory system; and (Pillar 3) a voluntary private system. The third pillar was introduced in 1998, with the first funds licensed the following year. The second pillar started functioning in 2002. 4. Foreign investors control most of the Estonian banking sector, with approximately 90 percent of total banking assets held by three foreign-owned banks. At the end of 2003, Estonia had six commercial banks, one foreign bank branch, and seven foreign bank representative offices. Furthermore, since May 2004, over 20 financial institutions from EU Member States have notified the Financial Supervision Authority (FSA) of their intention to provide cross-border services in Estonia. Mergers and consolidations have strengthened what was once considered a weak and vulnerable sector. Lower interest rates and robust economic growth contributed to a steady expansion in bank lending throughout 2002 and 2003. Over this period, loans to private- sector businesses and financial institutions significantly increased. However, banks interviewed by the ROSC team all indicated that the lack of reliable financial reporting by smaller-scale corporate borrowers impedes lending and results in higher transaction costs. Bankers stressed it 1 International Accounting Standards (IASs) and Interpretations of the Standing Interpretations Committee (SICs) were adopted by the International Accounting Standards Board (IASB) in April 2001. At this time, the IASB endorsed all IASs issued by its predecessor, the International Accounting Standards Committee (IASC). The accounting standards that the IASB develops are called International Financial Reporting Standards (IFRSs) and the interpretations of IFRSs are published as interpretations of the International Financial Reporting Interpretations Committee (IFRICs). For the purpose of this report, those standards and interpretations are referred to as IFRSs. 2 International Monetary Fund, World Economic Outlook Database, September 2003. 3 With the launch of the euro on January 1, 1999, the value of the Estonian kroon (EEK) against the euro was fixed in line with the German mark's conversion rate. All amounts in this report were calculated on the rate applicable on December 31, 2003 (EEK 12.41 = US$1.00). Estonia ­ Accounting and Auditing ROSC Page 1 would be highly desirable to take policy measures that could promote the production and dissemination of more reliable corporate financial statements by small- and medium-sized enterprises. 5. The 17 companies listed on the Tallinn Stock Exchange have market capitalization of US$3.8 billion as of 2003.4 This is more than 55 percent of the 2003 GDP (US$6.8 billion).5 The start-up of the second-pillar pension funds has created a new class of domestic institutional investors. Although they are free to invest overseas, second-pillar pension funds bought local equity in 2002 and 2003. However, the pattern of trading illustrates the problems that face investors in small exchanges, such as the Tallinn Stock Exchange, especially those institutions that are aiming for diversified portfolios. The HEX Group's recent announcement that it plans to merge the Helsinki, Tallinn, and Riga bourses into a single trading entity in May 2004 would thus seem to be facilitating equity financing and investment. 6. In joining the EU, the Estonian Government and market institutions have had to introduce and implement the acquis communautaire for corporate financial reporting within their respective regulatory domains. Necessary though headline regulations may be, a clear lesson from recent corporate scandals is that they need to be effectively enforced and supplemented by the use of incentives and information to maximize the number of well-informed, well-motivated stakeholders. Effective functioning of banking and capital markets requires a supporting infrastructure for financial information disclosure. II. INSTITUTIONAL FRAMEWORK A. Statutory Framework 7. In law, Estonia implemented the acquis communautaire. The existence of a well- developed acquis in the area of accounting and auditing regulation facilitated the choice of appropriate models to follow. However--like EU Member States and other first-wave accession countries--Estonia has to address significant issues in the design and strengthening of suitable institutions to implement and enforce the acquis requirements. In addition, policymakers have to keep abreast with ongoing changes to the acquis, which are part of the international response to recent corporate scandals. 8. Business activities in Estonia are primarily regulated by the Commercial Code, which is based on the acquis communautaire. The Commercial Code recognizes two types of limited companies: private and public. Based on the legal regulation of limited companies, private limited covers companies with a small number of shareholders, and public limited covers companies with a large number of owners. Public limited companies have a three-tier management structure (shareholders, supervisory board, and management board) and most private limited companies, a two-tier management structure (shareholders and management board). 9. The collective responsibility of board members for the probity of financial statements is consistent with EU best practice, but directors may not always act accordingly. Under the Commercial Code, the probity of a company's financial statements is a collective responsibility of the board. In a one-tier structure, this falls to both executive and nonexecutive directors; and in a two-tier structure, this falls to both the managing directors and 4 Tallinn Stock Exchange, Equity Market Capitalization, December 31, 2003. 5 International Monetary Fund, World Economic Outlook Database, September 2003. Estonia ­ Accounting and Auditing ROSC Page 2 the supervisory directors.6 This is an appropriate mechanism to avoid that a limited number of board members, in particular certain executive directors whose performance is to be reflected in financial statements, have a decisive role in determining their content. However, in practice, the legacy of the Soviet accounting system--where the chief accountant was responsible for the probity of financial statements--can have an adverse impact: Directors, lacking attention to the task, may not always review the financial statements or the critical accounting policies and practices applied by the company. 10. The Estonian legislation relating to directors' liability is sound but has not yet been tested. In addition to the aforementioned civil liability, the new Penal Code recognizes presentation and submission of false financial statements as a criminal offense. However, observers were unsure of the enforceability of civil and criminal liability due to the lack of landmark higher court decisions on these subjects. 11. The Accounting Act permits all companies to apply either IFRSs or Estonian Accounting Standards (EASs) when preparing their consolidated and legal entity financial statements. A new Estonian Accounting Act, passed in 2002, is effective for accounting periods beginning on or after January 1, 2003. The Act superseded the previous Accounting Act in force since January 1, 1995. A company is free to choose the accounting framework applied to consolidated and legal entity financial statements. If IFRSs are selected, there is no need to prepare a second set of financial statements in accordance with EASs. 12. Taxation rules and regulations in Estonia have less influence on general-purpose financial statements than in most EU Member States. This can have a two-fold impact: (a) reduced incentives to understate reported net income and (b) reduced enforcement of accounting standards in small- and medium-sized enterprises (SMEs). First, in most EU Member States, the option to use either IFRSs or national accounting standards would require tax authorities to ensure that companies that adopt IFRSs for their legal entity financial statements receive broadly equivalent tax treatment as companies that continue to use national accounting standards. For example, tax authorities would have to ensure that financial statements prepared in accordance with either IFRSs or national accounting standards are an acceptable starting point for computing taxable profits, and ensure specific tax rules continue to allow the special relief and credits, whatever the accounting treatment. Since 2000, the payment of corporate income tax in Estonia is deferred until the moment of distributing the profits, and reinvested profits are not taxable. Therefore, companies in Estonia are less pressured to satisfy the accounting requirements of taxation authorities than in most EU Member States. Second, many EU member states currently have a strong linkage between accounting and taxation. Consequently, tax authorities have traditionally played a significant accounting enforcement role in carrying out tax audits to the point that commercial bankers have often used tax returns more than financial statements in their assessment of SMEs' creditworthiness. Estonian tax rules largely removed the need for tax audits that indirectly contribute to enforcing accounting standards. Hence, compliance with accounting standards in unregulated enterprises7 merely rests on two pillars (i.e., the auditing profession, if the entity is subject to a statutory audit, and corporate managers, who prepare financial statements). Therefore the weaknesses regarding corporate management and the audit profession discussed within this report are of particular importance to enhance the quality of financial reporting in unregulated enterprises, which account for the larger portion of GDP. 6 This is reflected in the requirement set out in the Accounting Act that all executive, nonexecutive and supervisory directors sign the financial statements of the company. 7 Within this report, unregulated enterprises are those not under supervision of the Financial Supervisory Authority. Estonia ­ Accounting and Auditing ROSC Page 3 13. The law requires most public interest entities to prepare their consolidated and legal entity financial statements in conformity with IFRSs beginning January 1, 2005.8 Credit institutions, financial holding companies, mixed-activity holding companies or insurers, and companies whose shares or other securities are quoted on a stock exchange in Estonia or EU Member State will be required to apply IFRSs in their consolidated and legal entity financial statements beginning January 1, 2005. In contrast, investment and pension funds will not be required to prepare financial statements in conformity with IFRS, despite being public interest entities. Estonia has considerably extended the scope of EU Regulation 1606/2002 on the use of IFRSs. Currently, the Regulation only mandates the use of IFRSs in consolidated financial statements of listed companies.9 However, the provisions of the Accounting Act requiring listed companies to prepare their consolidated financial statements in conformity with IFRSs10 might eventually conflict with the acquis if a particular standard is not endorsed by the European Commission. Regulation 1606/2002 requires that listed companies prepare their consolidated financial statements in accordance with endorsed IFRSs (i.e., IFRSs adopted by the European Commission). Accordingly, if a standard is not endorsed, it is not required or--in certain instances--not permitted to be applied by a company. Although a theoretical debate, the controversy around International Accounting Standards (IAS) 32 and 39 on financial instruments and the recent comments issued by the European Commission lead the ROSC team to recommend that Estonian authorities amend Accounting Act Article 17.2 to avoid this formal discrepancy with the acquis.11 In fact, the FSA has also recognized this potential problem and has proposed to amend Article 17.2. It should also be noted that the Ministry of Finance is planning to amend a provision of the Accounting Act so that public interest entities will be required to prepare their financial statements according to endorsed IFRSs. This provision has already been drafted and will be submitted to the Government for approval in the near future. 14. Subject to the constraints of the Fourth and Seventh EU Company Law Directives, Estonia imposes simplified reporting requirements on small- and medium-sized enterprises, which generally meet the identified needs of users of SME financial statements. SMEs may continue to apply EASs. The Law requires, however, that EASs be harmonized with IFRSs and cross-referenced to applicable IFRSs paragraphs. Any differences in the local standards compared to IFRSs must be explained and justified. On the other hand, the law allows continued use of EASs by some large enterprises that do not fall under the scope of the companies required to use IFRSs from 2005. The general public may have an interest in having these larger enterprises required to use IFRSs, since EASs may not provide the general public with sufficient information about these enterprises (e.g., large state- or privately-owned enterprises). 8 Within this report, public interest entities are those in which the general public has an interest by virtue of the nature of their business, their size, their number of employees, or their range of stakeholders. Examples include banks, insurance companies, investment funds, pension funds, listed companies, and large enterprises. This definition is consistent with the concept discussed and developed during the preparation of the Recommendations on quality assurance and auditor independence in the EU Committee on Auditing. The proposal for a new Eighth EU Company Law Directive includes further guidance on this matter. 9 Regulation No. 1606/2002 of the European Parliament and of the Council of July 19, 2002, on the application of International Accounting Standards. 10 Refer to article 17.2 of the Accounting Act. 11 Refer to Comments of the European Commission dated November 2003 concerning certain Articles of Regulation No. 1606/2002 and the Fourth and Seventh EU Directives. The Comments set out that "To the extent that a rejected standard conflicts with a standard which has been endorsed ­ for example where an endorsed standard is amended ­ the rejected standard may not be applied. The company must continue to apply fully the standard endorsed by the EU." Estonia ­ Accounting and Auditing ROSC Page 4 15. The Commercial Code includes several provisions whereby dividends available for distribution, legal reserve requirements, and other company law issues may be significantly impacted depending on which accounting standards are used in preparing the legal entity financial statements. The coexistence of legal entity financial statements prepared in conformity with IFRSs or EASs might raise concerns about whether Estonian companies are on a level playing field. 16. Estonian enterprises face significantly greater audit burdens than enterprises in most EU member states. The Commercial Code requires that all public and all private limited companies--whose share capital is greater than EEK 400,000 (equivalent to US$32,232)-- appoint a statutory auditor.12 For companies with a lower share capital, it is still possible to require the appointment of a statutory auditor. This can be mandated by the articles of association of a company, or is prescribed by law in certain cases. Furthermore, the Accounting Act requires that accounting entities that exceed two of three thresholds--balance sheet total of EEK 3 million (equivalent to US$241,740), net turnover or income of EEK 6 million (equivalent to US$483,480), and number of employees (5). These thresholds are considerably lower than those in the Fourth EU Company Law Directive and may result in the audit of financial statements when there is no public interest requirement. Such an over-extensive audit requirement may undermine audit quality, even for the public interest entities, since the entire culture of quality and compliance becomes polluted, with no countervailing safeguards. 17. Shareholders appoint the statutory auditor, but unlike in certain EU Member States, the Commercial Code does not include any termination mechanisms that could provide additional safeguards to auditor's independence. Hence, a statutory auditor may resign or be dismissed to avoid an audit qualification. The reasons for dismissal and resignation do not have to be disclosed to the responsible oversight authorities. Also, the Code does not require statutory auditors to attend the annual shareholders' meeting and be available for questions by the shareholders. 18. There are additional legal requirements concerning audit of investment firms, banks, insurance and listed companies. In relation to the external auditors of the licensees of the Financial Supervision Authority, the following apply: ˇ Appointment of statutory auditors subject to additional competence requirements and prior approval. The law requires that the statutory auditor of an investment firm, bank, or insurance company satisfy expertise and experience requirements. However, only the Insurance Activities Act provides that the appointment of an insurance company statutory auditor be subject to prior approval by the FSA. The legislature may consider introducing a right of veto against the appointment of a statutory auditor rather than such prior approval and extending the right of veto to all FSA licensees. Experience with prior approval mechanisms in other countries shows that they may weaken the position of the supervisory authority in the event of an audit failure, since the authority's approval is obviously questioned. ˇ Statutory audit of consolidated financial statements. Investment firms and banks belonging to the same consolidation group shall be audited by at least one common auditor. This rule does not exist in the insurance industry or for listed companies. This provision as formulated might not always result in high quality audit, since it 12 EEK 400,000 is the minimum legal share capital for a public limited company as per Article 222 of the Commercial Code. Estonia ­ Accounting and Auditing ROSC Page 5 might require a company to hire a weak audit firm abroad to audit a foreign subsidiary for the mere reason that it belongs to the same audit network as the mother company's auditor. This legal provision might actually be more effective if it introduced the principle that the group auditor bears full responsibility for the audit report in relation with the consolidated financial statements. ˇ Contribution to the supervisory process. A bank and insurance statutory auditor carries out specific assignments and issues special reports in accordance with statutes to assist the FSA in discharging its supervisory functions. These duties include reporting on whether the systems for maintaining accounting records and the systems of internal control are adequate, allowance for loan losses are adequate (banks), and technical provisions are fairly stated (insurance). In practice, bank auditors do not appear to submit the required long form report. As banking develops in complexity, inspection is proving more and more demanding in terms of supervisory resources. While the FSA conducts on-site inspection, it may want to enforce this requirement and look to the statutory auditor for assistance in those areas for which the auditor's skills may be particularly suited. ˇ Matters of urgent interest to the FSA. In addition the law requires that the statutory auditor communicate certain matters to the FSA. These include instances of fraud, going concern issues, or matters that could result in a qualified or adverse audit opinion. The auditor's duty of confidentiality is overridden by statute, i.e., the supervisory authority is entitled to receive confidential information from the auditors. The FSA has already recognized these potential areas for improvement and is currently working with the Government to take the necessary measures to address them. 19. Recent financial reporting scandals in the United States and the EU have prompted calls in Estonia for further examination of the Authorized Public Accountants Act in force since 1999. Estonia is reconsidering its priorities to improve the quality of statutory audits. Key subjects on the agenda are external quality assurance, auditing standards, auditor independence and improving public oversight over the auditing profession. 20. The Tallinn Stock Exchange and the Company Register use advanced information technology systems for making company information available to the general public. The Commercial Code requires that annual audited financial statements be filed at the Commercial Register no later than six months after the end of the financial year for both private and public limited companies. Banks, insurance companies, and investment firms are subject to yet more stringent filing and publication requirements. B. The Profession 21. Differences in technical proficiency of Estonian auditors result in significant differences in audit quality. In line with the acquis communautaire, the right to conduct statutory audits of financial statements was reserved for members of the Estonian Board of Auditors. The Estonian Board of Auditors, which was established in 1999, has 429 individual members, of which 289 operate as sole practitioners (20 were temporarily suspended) and the balance operate within 58 registered audit firms. Audit firms include local member firms of international audit firm networks, as well as "truly local firms." Institutional users of audited financial statements describe a three-tier audit profession: ˇ High-quality audit delivery can be expected from select audit firms representing approximately 25 percent of profession. Estonia ­ Accounting and Auditing ROSC Page 6 ˇ Adequate-quality audit delivery can be expected from approximately 10 audit firms and select sole practitioners representing another 25 percent of the profession. ˇ Poor-quality audit delivery can be expected from the balance of approximately 50 percent of the profession. While there is little research to substantiate these views, empirical evidence presented in Section IV of this report gives some credit to these perceptions. In addition, public perception alone--that half the profession delivers below standard audits--is harmful and jeopardizes the contribution of statutory audits to well-functioning capital markets and effective banking intermediation. An audit's value is based on the user's confidence. In the discussion on Enforcing Accounting and Auditing Standards (Section I.E.), the Estonian Board of Auditors understands that the present situation requires further initiatives to enhance public trust in the audit function in Estonia. 22. The mandate of the Board of Auditors does not explicitly include serving the public interest. The Authorized Public Accountants Act established the Estonian Board of Auditors as "a self-governing professional association of Estonian auditors, which organizes the professional activities of auditors and protects the rights of auditors." This Act does not impose a distinction for accepting public responsibility on the part of the auditing profession. The auditing profession's "public" consists of clients, credit grantors, governments, employers, employees, investors, the business and financial community, and others who rely on the objectivity and integrity of auditors to maintain the orderly functioning of commerce. 23. The Authorized Public Accountants Act recognizes the profession largely as self- regulated and independent, with the exception of the assessment of an auditor candidate's professional capabilities and competence prior to qualification. Among the duties that the Act requires of the Board of Auditors are organizing continuing professional education; maintaining registers of auditors, including auditing firms and individuals; developing a professional code of ethics for members and controlling the quality of audit activity and members' professional conduct; developing, if necessary, professional audit rules and techniques; and handling complaints against auditors. 24. The Estonian Board of Auditors lacks professional ethics requirements and strict guidelines for auditor independence. The Estonian Board of Auditors has a code of professional conduct for its members, which falls short of the International Federation of Accountants (IFAC) Code of Ethics for Professional Accountants (revised in November 2001). The Authorized Public Accountants Act and the auditing guidelines do not prevent auditors from accepting nonaudit work from audit clients, including financial information systems design, and implementation and appraisal or valuation services.13 Actions against violators of specific independence principles, as provided in the IFAC Code, are difficult to enforce without an adequate code of ethics and independence requirements (in fact and appearance). 25. More stringent requirements govern the statutory audit of banks, insurance companies, and investment firms but not listed enterprises. Statutory audits of banks and insurance companies are required to be performed in accordance with international auditing standards, and hence must comply with the IFAC Code of Ethics for Professional Accountants. Auditors of banks and investment firms are subject to a five-year mandatory rotation period. In practice only an audit firm's key partner responsible for carrying out the statutory audit is rotated. Since an auditor is defined within Article 2 of the Authorized Public Accountants Act as either a natural person or a firm, it is not clear if the legislative intent was to restrict mandatory rotation to 13 Auditing guidelines were issued under Regulation 50 of June 15, 2000, by the Minister of Finance. Estonia ­ Accounting and Auditing ROSC Page 7 the partner only rather than the firm, as interpreted by the Financial Supervision Authority and the audit firms. It is also unclear why the legislation has not extended mandatory rotation to insurance and listed companies. 26. Estonian legislation relating to auditor's liability has not been tested. Existing law provides a strong deterrent, but a lack of landmark higher court decisions reduces the efficiency of these provisions. Creditors and equity holders tend not to pursue their claims against auditors, in part due to a perception that such claims are too time-consuming and costly. The main issues concerning current Estonian legislation on auditors' activities include the following:14 ˇ Third parties could claim for damages caused by an auditor's breach of his or her duties. Under the Authorized Public Accountants Act, an auditor or an audit firm is obliged to provide auditing services duly and carefully, and observe the rules of the profession. An auditor has so-called "objective liability" for any damages incurred in connection with statutory audit services he or she provides. Any agreement in the audit engagement letter that restricts liability of an auditor is void. Estonian lawyers contend that third parties could prove before an Estonian court that they have legal standing to pursue a claim for damages against the auditor. The statutory auditor owes a duty to the company and third parties who will rely on the auditor's work. One of the defenses to a negligence action would revolve around disproving that the auditor breached his or her duty of care. Although this has not been tested, experience in countries with a similar legal tradition shows that the best evidence that an auditor has met his or her duty of care is that the audit was performed in compliance with applicable auditing standards. Because Estonian auditing guidelines fall short of ISAs and establish a very low threshold of due care, the ROSC team does not believe the existing civil liability system to be a driver of audit quality. Finally, it is not clear whether a court would hold an Estonian statutory auditor to the duty of care required by ISAs--in cases where statutory audits are conducted in accordance with ISAs (e.g., banks)--since language requirements in judicial procedures before courts may require an official Estonian translation of ISAs, which has yet to be published. ˇ The Criminal Code identifies cases where an auditor's criminal liability may apply. Estonian lawyers generally contend that the Criminal Code's terminology is vague. But there are specific circumstances of statutory auditor's liability included in the Criminal Code that could result in up to three years of imprisonment. In this regard, there may be a need to establish clearer linkages between the Criminal Code and the Authorized Public Accountants Act. 27. Audit firms are generally incorporated as a limited liability company with low share capital, which offers little protection to claimants. The Authorized Public Accountants Act requires that auditors take out professional indemnity insurance. The Estonian Board of Auditors establishes the minimum amount of indemnity (approximately US$16,000) and the essential terms and conditions of the professional liability insurance contract. However, the Act is currently in the process of being amended. According to the new draft Authorized Public 14 This report outlines the legal principles applicable with regard to each of the above areas and some miscellaneous issues and does not attempt to give anything more than an introduction to the issues. This report is not meant to be an exhaustive rendition of the law nor is it legal advice to those reading it. Estonia ­ Accounting and Auditing ROSC Page 8 Accountants Act, auditors will be required to take out personal indemnity insurance in the amount of at least 500,000 EEK (equivalent to US$40,290). Still, the FSA has warned that such limitations of liability, despite being used in some EU Member States, may impede the improvement of audit quality in Estonia. C. Professional Education and Training 28. Accounting education and training lag behind the needs of the rapidly developing Estonian economy. The accounting curriculum at leading Estonian universities does adhere to internationally recognized standards. Business ethics is a compulsory course in the third year for all business administration students. Despite these advances, students indicated that some faculty members have not undergone adequate retooling and have not adapted their curriculum to meet the demands of the current Estonian economy. Senior finance personnel in leading Estonian enterprises note that the average level of accounting education lags behind that of the more advanced EU Member States and point to significant differences among universities and business schools. 29. The Authorized Public Accountants Act complies with the Eighth EU Company Law Directive of April 10, 1984 on the approval of persons responsible for carrying out the statutory audits of financial statements.15 The professional qualification committee formed by the Government handles professional examinations. A majority of members on the qualifications committee are independent of the audit profession. The examination program must be approved by the Minister of Finance, and the examination mechanism is funded from the State budget. The Estonian Board of Auditors has not developed a pre-qualification program, including a syllabus and textbooks, covering the subjects listed in the Act. Also, there is no private sector training provider offering candidates help before taking the professional exam. 30. The Estonian Board of Auditors inadequately monitors the pre-qualification work experience and training by individuals (trainees) within audit firms. The work experience, which leads to qualification for membership to the Estonian Board of Auditors, is conducted under the direction of a mentor who is also a member of the Estonian Board of Auditors. However, the Board has not established a mechanism for approving suitable employers for providing the appropriate experience for trainees. The audit trainee selects his or her mentor and coach. The Board does not supervise the quality given in the practical training. 31. The Estonian Board of Auditors requires but does not effectively enforce participation of members in continuing professional education (CPE). In order to retain his or her qualification, an auditor is required to submit an activity report to the management board of the Estonian Board of Auditors at least once every three years. If it becomes apparent that the auditor has not maintained professional competence, the management board may subject the auditor to an aptitude test. A significant portion of the audit profession does not appear to have 15 It should be noted that although the Eighth EU Company Law Directive contains some requirements on registration and professional integrity, it does not include requirements on how a statutory audit should be conducted and the degree of public oversight or external quality assurance that is needed to ensure a high-quality audit. The lack of a harmonized approach to statutory auditing in the EU was the main reason behind the Commission's proposal for a new Eighth EU Company Law Directive (March 2004), which maintains the basic conditions on education and training from the existing Directive but broadens the scope of application of EU legislation by introducing new requirements concerning the manner in which an audit should be carried out and the structures needed to ensure audit quality, as well as ensure trust in the audit function. Estonia ­ Accounting and Auditing ROSC Page 9 maintained sufficient theoretical knowledge and professional skills. And as a consequence, they have not kept pace with recent changes in the accounting and auditing environment. Lax enforcement of CPE requirements contributes to low audit quality and the situation described under paragraph 21 above. D. Setting Accounting and Auditing Standards 32. The Accounting Act provided for establishment of the Estonian Accounting Standards Board (EASB) whose function is to issue accounting guidelines explaining and specifying the Accounting Act. The EASB is an independent committee whose rules of procedure are approved by the Government upon proposal by the Minister of Finance. The EASB consists of seven members who are accounting specialists, theoretical accounting experts, or practicing accountants. 33. The EASB has already re-written most Estonian Accounting Standards and brought them closer to the requirements of IFRSs. The new national standards became effective for accounting periods starting on or after January 1, 2003. The new standards are essentially a simplified summary of IFRSs, cross-referenced to corresponding paragraphs in IFRSs standards, and focusing on 16 standards (300 pages) in areas that are relevant for Estonian small- and medium-sized enterprises (SMEs). Some IFRSs accounting areas are covered only briefly or not at all. In such areas, the IFRSs treatment is recommended, but not mandatory. 34. Lack of resources constrains the activities of the EASB. With a limited budget and no permanent staff, the EASB operates almost voluntarily. This may hamper the timeliness of important EASB activities, which includes translation, guidance, and interpretation, resulting from the adoption of IFRSs and the new Estonian Accounting Standards. For example, the EASB does not review accounting issues that are likely to receive divergent or unacceptable treatment in the absence of authoritative guidance, with a view to reaching consensus as to the appropriate accounting treatment.16 Therefore, preparers generally turn to the audit profession to develop interpretations. As recent scandals have demonstrated, relying solely on the audit profession, at a time where accounting principles allow for interpretations ranging from the conservative to aggressive, may need to be revisited. Developing interpretation capacity within the EASB should obviously reflect the forthcoming EU process and structure for consistent interpretation and application of IFRSs. Also, the Estonian translation of IFRSs has not yet been finalized and published. It is not clear whether language requirements in judicial procedures before courts would hamper the rights of users of IFRSs financial statements currently prepared by most listed companies. 35. The Estonian Board of Auditors has issued auditing (including ethics) guidelines, which were approved by the Minister of Finance as Regulation 50 on June 15, 2000. The 33- page guidelines state that auditors should conduct audits in accordance with ISAs, exercising due care and diligence and complying with the principles of integrity, objectivity, and independence. The guidelines, however, are seriously deficient for any regulatory role (see Section IV, Auditing Standards as Designed and as Practiced). 16 It should however be noted that Estonian Accounting Standards include significantly more examples than IFRS. These examples are obviously a primary source of interpretation for preparers and auditors of financial statements. Estonia ­ Accounting and Auditing ROSC Page 10 E. Enforcing Accounting and Auditing Standards 36. No effective mechanism exists for enforcing financial reporting requirements in unregulated enterprises. As discussed in paragraph 12 above, the tax authorities in Estonia have a diminished enforcement role compared to most EU Member States. Also, directors have yet to change their culture from one where financial reporting is delegated to chief accountants to one where directors must ensure the true and fair preparation of financial statements of the company. Finally, although many SMEs require statutory audits, the quality of audits of SMEs, on average, is poor, resulting in an audit of little value. 37. Since 2002, the banking, insurance, and securities markets have been under the control of an integrated Financial Supervision Authority, which enforces accounting standards in banks, investment firms, insurance companies, listed companies, management companies and investment funds. The Market Supervision Department of the FSA employs six lawyers and economists, one of them directly involved with accounting, reporting and auditing matters. Due to insufficient staff, the Market Supervision Department does not monitor financial statements of all entities supervised by the FSA. Rather, it monitors the financial statements of entities quoted on the Tallinn Stock Exchange. Furthermore, the Market Supervision Department does not monitor financial soundness and legal obligations, but the compliance of price-sensitive information disclosure by listed companies with declared accounting principles. There is no standardized procedure for monitoring compliance with IFRSs and ISAs. Also, it is not clear whether the law provides the FSA with authority--under specific circumstances and defined procedures--to request audit work papers and compel the production of documents or the attendance of witnesses. The FSA has already recognized these potential areas for improvement and is currently working with the Government to take the necessary measures to address them. The Tallinn Stock Exchange does not enforce accounting standards. 38. The Estonian Board of Auditors has established procedures for quality control of auditors and audit firms, though its effectiveness remains questionable. The main features and deficiencies of the existing system include the following: ˇ The quality assurance regime focuses on individual auditors rather than audit firms. All members of the Estonian Board of Auditors, including those employed in audit firms, are subjected to the Board's quality assurance system. Hence, the individual auditor rather than the audit firm is subject to review. At least two engagements are chosen (one by the reviewers, one by the reviewee) for review and discussion. The scope of the current quality assurance review does not include an assessment of the internal quality control system of the audit firm, supported by adequate testing of selected audit files for compliance with applicable auditing standards and independence requirements. ˇ The cycle to achieve full coverage of all statutory auditors is too long. The Estonian Board of Auditors reviews only 20 to 40 auditors per year. Given there are over 400 members in the Estonian Board of Auditors, full coverage would take 10 years or more--way above the industry standard and requirements of the acquis. The Board does not shorten the cycle for statutory auditors with public interest entity clients. ˇ The quality assurance system does not have adequate public oversight. The public oversight system does not include a majority of nonauditors. Although the Authorized Public Accountants Act requires that the decisions of the Board of Auditors regarding the suspension and termination of an auditor need to be coordinated with the professional qualifications committee, which does have a Estonia ­ Accounting and Auditing ROSC Page 11 majority of nonauditors, the overall system lacks adequate public oversight. Consequently, the Estonian quality assurance systems do not have the credibility to sustain public confidence and demonstrate to the FSA and other regulators the adequate discharge of self-regulating responsibilities. ˇ Confidentiality arrangements may need to be enhanced. It is not clear whether the provision overriding the auditor's duty of confidentiality in the Act is broad enough to permit the Board to conduct a more thorough quality review. ˇ In spite of the Board's efforts, the quality assurance system has not received adequate resources to make a realistic impact on credibility with the public. 39. The Authorized Public Accountants Act granted authority to the Estonian Board of Auditors to investigate and take sanctions to detect, correct and prevent inadequate execution of the statutory audit, but the system has not been effectively implemented. The law provides effective, dissuasive civil, disciplinary (admonition, reprimand, fine, and temporary or permanent suspension), or criminal penalties in cases where statutory audits are not carried out in conformity with the law. Under the present rules, appeals against disciplinary sanctions (primarily suspensions) by the Estonian Board of Auditors are lodged with the courts, where these sanctions have generally been invalidated. Observers noted that disbarred auditors managed to get the sanction overruled due to lack of evidence in the Board's review file, which may result from the fact that the Board is a young institution and lacks resources. This problem may be compounded by the appeal tribunals' lack of expertise in the specific matter. Finally, it is not clear whether the existing system of investigation and sanctioning complies with the requirements of natural justice and, particularly, the European Convention on Human Rights,17 since there does not appear to be an appropriate separation of functions built into the system. III. ACCOUNTING STANDARDS AS DESIGNED AND AS PRACTICED 40. Estonian Accounting Standards are geared to the needs of SME financial statements. The measurement and recognition principles in the new Estonian Accounting Standards are largely based on IFRSs. In some cases, however, the national standards provide simplified methods and require fewer disclosures than IFRSs. These simplifications are generally based on either the identified needs of users of SME financial statements or a cost-benefit analysis. 41. The ROSC team made assessments of the compliance gap sampling 14 sets of financial statements prepared in accordance with IFRSs and 6 sets prepared in accordance with EASs. For the sample review, the ROSC team selected 14 enterprise sector companies (listed and unlisted) and 6 banks and insurance companies. The quality of the EAS and IFRS financial statements of most public interest entities in the enterprise sector is generally very high with only a few relatively minor issues. The accounting policies and disclosures are generally very clear. Segment and related party disclosures (subject to a few exceptions) are generally of a high standard. Significant issues, arising when there may be material non-compliance with EASs or IFRSs, also raise questions about the audit opinion: 18 17 Incorporated in the 1998 Human Rights Act. 18 The ROSC team used stratified random sampling to select the companies that were analyzed in this report. However, due to the sample's small size, it cannot be considered to be representative of all listed companies. Hence, the findings, although useful for illustrating potential problems in financial reporting, pertain to shortcomings found in the financial statements of specific companies. The findings are not meant to reflect systemic problems that would apply to listed companies in general. Estonia ­ Accounting and Auditing ROSC Page 12 ˇ Inappropriate accounting for and disclosures about investment property resulting in overstated net income. In a few instances, entities reclassified properties from "property, plant and equipment" to "investment property" and included the surplus, which resulted from the change from the IAS 16, Property, Plant, and Equipment model to the IAS 40, Investment Property fair value model in the income statement. However, IAS 40 requires that the surplus arising from the reclassification should be credited to equity, in accordance with IAS 16, rather than to the income statement. In addition, several significant IAS 40 disclosures are missing in the financial statements (e.g., disclosure of the methods and significant assumptions applied in determining the fair value of investment property). ˇ Some noncompliance with IAS 32 and IAS 39 requirements on the classification of compound instruments (convertible debt), hedge accounting, and the measurement of marketable securities and long-term investments, which are indicative of a need for capacity building in this area.19 The ROSC team discussed these issues with management, auditors, and regulatory agencies, who acknowledged the need for capacity building in this area. However, the ROSC team did not observe any noncompliance issue of a material nature as to mislead users of financial statements. ˇ Possible failures to recognize impairment losses on property, plant and equipment, which may result in overstated assets. For example, one annual report describes events that indicate that the long-term assets of the company may be impaired. It is not clear whether the impairment tests required by IAS 36, Impairment of Assets, were carried out, as no impairment losses were recognized, which may result in overstated long-term assets. Bankers corroborated this analysis and pointed to several instances where they believe that the carrying amounts of property, plant, and equipment in audited financial statements are overstated. ˇ Inappropriate use of retrospective accounting adjustments resulting in understated expenses. Changes in lease terms and related changes in business circumstances resulting from management decisions have been treated as changes in accounting policies and recorded against equity rather than as expenses of the current and future periods. These retrospective adjustments result in companies reporting higher profits than allowed by IFRSs and do not comply with IAS 8, Net Profit or Loss for the Period, Fundamental Errors and Changes in Accounting Policies, and IAS 17, Leases. ˇ Possible non-disclosure of related party transactions. While it is particularly difficult to assess the quality of related party disclosures, the ROSC team noted an instance where a listed company controlled by its parent provided only limited information regarding significant transactions with the parent. Almost 80 percent of the company's revenue resulted from sales to its parent, and there were also substantial purchases of services and goods from the parent. The company also transferred one of its departments, accounting for 30 percent of its sales to its parent, and entered into a license agreement with its parent. The related party note does not comply with IAS 24, Related Party Disclosures, since it does not deal with the transfer of that department or the license agreement. While the audit report was duly qualified for non-compliance with IAS 24, the financial statements are not adequate to properly inform minority shareholders. The ROSC team could not establish 19 IAS 32, Financial Instruments: Disclosure and Presentation; IAS 39, Financial Instruments: Recognition and Measurement. Estonia ­ Accounting and Auditing ROSC Page 13 whether the qualified audit opinion triggered any action by the FSA in an effort to protect minority shareholders. 42. In a number of samples, it is unclear who has prepared the IFRS-based financial statements. The ROSC team discussed significant accounting policies and disclosures with company management during its due diligence mission. At times, the lack of ownership by management and senior financial personnel suggest that the companies may not have the resources or ability to prepare IFRSs financial statements. It is possible, therefore, that the auditors either prepared or provided significant assistance with the preparation of these financial statements. This raises a significant independence issue--that was subsequently confirmed on a few occasions--as to whether the actual accounting policies followed by the companies comply with the "boilerplate" disclosures in IFRS-based financial statements. A cursory review of financial statements does not allow the ROSC team to conclude on the pervasiveness of that matter, but the external quality assurance process of the audit profession, together with increased monitoring of financial reporting by the FSA, should address these concerns. 43. The quality of audited EAS and IFRS financial statements in the financial sector is generally very high but there may be differences between disclosed accounting policies and actual practices. The accounting policies and disclosures are generally very clear and conform to EASs or IFRSs. A significant issue, arising when there may be material non-compliance with EASs or IFRSs, also raises questions about the audit opinion: ˇ Discrepancies between actual accounting policies followed by financial institutions and the "boilerplate" disclosures in their IFRS financial statements. A number of banks indicated that they calculate impairment in the unsecured portion of loans and receivables on the basis of a provisioning matrix that specifies a range of fixed provisioning rates for the number of days a loan has been classified as nonperforming (for example, 0 percent if less than 30 days, 1 percent if 30-90 days, 20 percent if 90- 180 days, 50 percent if 180-360 days, and 100 percent of more than 360 days). This methodology may not comply with IAS 39, which requires impairment or loan losses to be calculated as the difference between the asset's carrying amount and the present value of estimated future cash flows (excluding future credit losses that have not been incurred), discounted at the financial asset's original effective interest rate. The ROSC team is unable to determine the materiality of such a departure from IAS 39. The ROSC team is also concerned that the disclosed accounting policy is based on compliance with IAS 39 when the banks are, in fact, applying a different policy. IV. AUDITING STANDARDS AS DESIGNED AND AS PRACTICED 44. In law, Estonia seeks to attain maximum compliance with the EU Directives and Recommendations on auditing and to create an environment for implementation of ISAs. The Authorized Public Accountants Act and current practice do not yet comply with all provisions within European Commission Recommendations on auditor's independence (May 16, 2002) and on quality assurance for statutory audits (November 15, 2000). The Commission Recommendations are non-binding instruments. The Commission determined that the Recommendations should not be solely relied upon to deliver the necessary degree of rigorous application required by the present situation and issued a proposal for a new Eighth EU Company Law Directive to provide a comprehensive legal basis for all statutory audits conducted within the EU. Selected areas of difference between Estonian regulations and the Recommendations, and hence the proposed Directive, include the following: Estonia ­ Accounting and Auditing ROSC Page 14 ˇ Public oversight. In 2000, the European Commission recommended that quality assurance systems should have adequate public oversight. This public oversight requirement was meant to ensure that quality assurance is in fact and appearance an exercise with sufficient public integrity. The only public oversight mechanism is via the Ministry of Finance, which may not adequately represent all stakeholders. In addressing this shortcoming, Estonia is considering a change in its oversight system in order to harmonize it with the proposal for a new Eighth EU Company Law Directive. The proposal, if adopted, will significantly enhance the principles of public oversight set out in the Recommendation on quality assurance. The common EU principles proposed on public oversight represent a minimum requirement for an adequate public oversight in Estonia. ˇ Fee disclosure. When a public interest entity has a governance body (e.g., a supervisory board), the European Commission recommended in 2002 that the auditor should disclose--at least annually in writing to the governance body-- the total fees that the auditor, the audit firm, and its network members have charged to the client and its affiliates for the provision of services during the reporting period. This total amount should be broken down into four broad categories of services: statutory audit, further assurance, tax advisory, and other nonaudit. Furthermore, the Commission recommended that such fees be disclosed publicly. At present, this is neither required by the Estonian legislation nor generally accepted by the audit profession. The Estonian Board of Auditors is well aware of the aforementioned shortcomings, and amendments to the Authorized Public Accountants Act are currently being debated to comply with the Recommendations and the proposal for a new Eighth EU Company Law Directive. 45. For most public interest entities that are required to be audited in accordance with ISAs, the concern is obviously one of compliance rather than quality of the standards. This does not hold for audits conducted in accordance with Estonian auditing guidelines. Although the guidelines form a useful introduction to the principles underlying the main ISAs, they are seriously deficient for any regulatory role. 46. In practice, some audit reports are not in compliance with legal requirements. During the review of financial statements, the ROSC team noted that some auditors, including local members of international audit networks, address their reports to the management board rather than to the shareholders. Also, the team noted that some auditors tend to opine on the fair presentation, in all material respects, of the financial statements (the U.S. approach), whereas the EU requires the auditor to opine on the presentation of a true and fair view and compliance with accounting standards. Finally, none of the audit reports reviewed by the ROSC team included a statement that the annual report is consistent with the financial statements. These are departures from the requirements set out in the Fourth and Seventh EU Company Law Directives. 47. While many audit firms make strenuous efforts to carry out audits in accordance with ISAs, it appears that few shareholders, directors, or management understand the purpose of an audit, which makes audit evidence difficult to obtain. While this problem undoubtedly occurs in other countries, including those with developed audit requirements and practice, the extent of some problems is more widespread in Estonia than in other countries. There is an obvious need for more education, which could be addressed under the ROSC corporate governance module. 48. Observers point to a significant improvement in the quality of public interest entities audit over the last five years, but audit quality in SMEs lags behind. Most sole practitioners Estonia ­ Accounting and Auditing ROSC Page 15 and auditors employed in small audit firms do not have access to an audit practice manual. Lacking knowledge about how to apply ISAs, many Estonian auditors only use Estonian auditing guidelines, albeit not properly. Based on discussions conducted by the ROSC team with sole practitioners, small and large audit firms, and the Estonian Board of Auditors problem areas surfaced that adversely impact the average quality of auditing practices in Estonia: ˇ Lack of documentation. The Estonian Board of Auditors noted that some auditors do not document matters that are important in providing evidence to support their audit opinion and evidence that the audit was carried out in accordance with applicable standards. ˇ Fraud and error. Responding to recent international corporate reporting scandals, the international standard on fraud by management has been reinforced by a recent amendment, which has not yet been reflected in Estonian auditing guidelines. More worrying is that few auditors--other than those applying ISAs--appear to understand their responsibility to consider fraud in audits of financial statements. ˇ Internal control systems. Auditors tend to start with substantive testing and do not always seek to obtain an understanding of the accounting and internal control systems. As a result, auditors may not become aware of weaknesses in the systems. As a consequence, they may fail to make management aware of material weaknesses in the design or operation of the accounting and internal control systems. This is a missed opportunity to enhance financial management in Estonian SMEs. ˇ Related parties. Strict application of international good practice on auditing related- party transactions seems to give rise to tension between the auditor and management and may result in inadequate disclosure of related party transactions. ˇ Lack of audit evidence. Some auditors do not appear to systematically attend physical inventory counting even though inventory is material to the financial statements. In addition, some auditors do not appear to use external confirmations (e.g., from banks) even though circumstances may warrant it. V. PERCEPTIONS ON THE QUALITY OF FINANCIAL REPORTING 49. Increased demand for transparent financial statements has developed among potential investors and lenders. The increased demand for financial statements is compounded by the perception of their improved reliability. However, interviews with representatives of institutional investors, foreign and local bankers, analysts, and various other users of corporate financial information revealed a shared view that the improvement in audit quality over the last five years has been limited to a handful of audit firms, and the quality of audits performed by the balance of the profession is perceived to be very low. VI. POLICY RECOMMENDATIONS 50. The recommendations of this ROSC accounting and auditing report are mutually supportive in some obvious ways. For example, superb accounting standards are jeopardized at the beginning if people do not understand how to translate the standards into a journal entry. Without attempting to provide a detailed tactical design for reform, and without pretending to do justice to the true specificity of the country's conditions, this ROSC auditing and accounting report sketches the policy recommendations to enhance the quality of corporate financial reporting. This will contribute to promoting private sector growth and reducing volatility, through: Estonia ­ Accounting and Auditing ROSC Page 16 ˇ strengthening the country's financial architecture and reducing the risk of financial market crises, and their associated negative economic impacts; ˇ contributing to foreign direct investment and helping mobilize domestic savings; ˇ facilitating the access of smaller-scale corporate borrowers to credit from the formal financial sector by lowering the barrier of high information and borrowing costs; ˇ allowing investors to evaluate corporate prospects and make informed investment and voting decisions, which will result in a lower cost of capital and a better allocation of resources; and ˇ facilitating the country's integration into the European Union. Financial reporting is also a building block of a market-based monitoring of companies, which allows shareholders and the public at large to assess management performance, thus influencing its behavior. 51. Minor changes to the statutory framework and its implementation are needed. Accounting and auditing are primarily regulated by the Commercial Code, the Accounting Act, the Authorized Public Accountants Act, the Securities Market Act, the Credit Institutions Act, the Insurance Activities Act, the Investment Funds Act, the Funded Pensions Act, and related secondary legislation. These may need to be amended to incorporate the following legislative recommendations: ˇ Increase the accountability of preparers of financial statements. With a view to enhancing accountability, all company board members should be collectively responsible for the true and fair view of financial statements by law and in practice. To strike a balance, Estonia does not want regulations and practices so stringent that honest, capable people are put off from serving on boards, but equally, the law and practice must be robust to deal fairly with cases where something goes wrong--as a result either of (gross) negligence or dishonesty. The ROSC recommends that a panel of experts from Estonia ensure that the Commercial Code and its implementation (i.e., the judiciary), provide the right framework for companies to do business by ensuring two provisions: (a) Estonian criminal and civil directors' liability provisions conform with company law best practices; and (b) the Commercial Code should make reference to the need to provide appropriate executive and non-executive directors' liability insurance. In addition, the panel may review the Commercial Code in line with the proposal for a new Eighth EU Company Law Directive, which defines minimum standards applicable to the role of audit committees in supervising the audit function, both in its external aspects (e.g., selecting the external auditor for appointment by shareholders, monitoring the relationship with the external auditor including non-audit fees) and its internal aspects (e.g., reviewing the accounting policies). In this context, Estonian authorities may want to conduct the corporate governance module of the ROSC program and agree with the ROSC team that they benchmark Estonian regulations and practices not only against the OECD Principles of Corporate Governance, but also with the acquis communautaire. ˇ Ensure all public interest entities use IFRSs. Estonia has rightly adopted IFRSs for most public interest entities. Estonia uses primarily two criteria to define public relevance: (a) having securities listed and (b) the nature of the business (for example, banks and insurance companies). However, the size of the business (number of people employed) was left out. Estonia may want to enlarge the scope by including, Estonia ­ Accounting and Auditing ROSC Page 17 for instance, large state- or family-owned enterprises, since compliance with EASs may not result in adequate transparency in those large enterprises. ˇ Enhance audit regulation to strengthen audit quality. The panel of experts currently preparing the amendments to the Authorized Public Accountants Act should ensure inclusion of the following: o Take increased advantage of the auditing exemption in the Fourth and Seventh EU Company Law Directives for SMEs when there is no public interest requirement for the audit of financial statements. o Statutory auditors and audit firms must be subject to robust professional ethics. The starting point should be the IFAC Code of Ethics for Professional Accountants. o The authorities should ensure that official translations of ISAs and the Code of Ethics are readily available. o Ensure that the legal provisions regarding the dismissal and resignation of statutory auditors provide adequate safeguards for his or her independence. In line with the forthcoming acquis, the law could introduce the principle that the statutory auditor or audit firm can only be dismissed if there is a significant reason why the statutory auditor cannot finalize the audit. o As a condition of using an international network name, require the local member firms of international audit firm networks to disclose sufficient information about the structure and operation of their respective networks and about their individual relationships with them. This disclosure would enable an audit report user to assess the extent of reliance that can be placed on the implicit quality assertion that underlies the use of a common international network brand name. Such disclosures should describe the quality standards applied by the networks, the quality assurance for enforcement of standards, and details of how frequently the local firm is subject to network review. This would force the networks to exercise a much higher standard of care with respect to the quality of their member firms-- since their procedures would be publicly transparent--and would ensure that quality weaknesses are addressed rapidly. o Require that statutory audit fees and other services be disclosed. This would allow users to assess whether the fees for statutory audits are adequate to allow proper audit quality, and are not influenced or determined by the provision of additional services to the audited entity. o Ensure that audit firms incorporated as a limited liability company have sufficient share capital and professional indemnity insurance, which offer adequate protection to claimants. o Ensure statutory auditors communicate audit matters of governance interest arising from the audit of financial statements with the members of the company's supervisory board. More generally, the legislature should incorporate the provisions within the proposal for a new Eighth EU Company Law Directive. ˇ Enhance regulators' enforcement of accounting and auditing requirements. The FSA may want to harmonize and clarify the legal requirements regarding the Estonia ­ Accounting and Auditing ROSC Page 18 relationship between the auditor and the FSA among industries. In addition, some existing provisions (e.g., the responsibility of group auditors) may need to be revised in the context of the proposal for a new Eighth EU Company Law Directive. In essence, the ROSC team concurs that it is appropriate that more stringent requirements should govern the statutory audit of the entities under the supervision of the FSA and therefore recommends that the law give the FSA more authority over audit firms that carry out statutory audits of public interest entities. ˇ Enhance financial transparency requirements. Estonia may also want to incorporate legally the requirements of the new EU Directive on the harmonization of transparency requirements with regard to information about issuers whose securities are admitted to trading on a regulated market. While financial statements are usually readily available, the Directive will shorten the deadline for submission of annual financial statements and introduce a requirement to present semi-annual and quarterly financial statements. Among key requirements are the following:20 o The final deadline for disclosing an annual financial report, including the statutory audit report, to the public should be three months after fiscal year end. The authorities should therefore ensure that the Commercial Code does not prevent timely disclosure, as would be the case if the annual financial report had to be the final version approved by shareholders in the annual general meeting. o The half-yearly report should be upgraded to an interim report composed of a condensed set of financial statements to be established following IAS 34, Interim Financial Reporting, and a management report on the company activities. The half-yearly financial report should be published within two months of the semester end. o An issuer of listed equity securities should also disclose to the public quarterly financial statements within two months of the quarter end. 52. Enhance the organization of the audit profession. Aside from enhancing audit regulation, the authorities and the Estonian Board of Auditors should also address the following major issues: ˇ Ensure that the Estonian Board of Auditors formally endorses and follows its mandate to serve the public interest. ˇ Ensure the Estonian Board of Auditors has adequate resources to perform its education, training, technical development, research, professional regulation, and other duties. ˇ Ensure the Estonian Board of Auditors develops its quality assurance system to ensure that auditors comply with applicable auditing and ethical standards, and independence requirements. The system should include in-depth quality reviews of audit firms and specific audit engagements based on an established schedule, so that (a) every audit firm or sole practitioner and (b) the audit working papers for every public interest entity would be subject to regular oversight (for example, every three years). 20 The Directive introduces specific financial reporting requirements to issuers of only debt securities who are currently not subject to any interim reporting requirement at all. Estonia ­ Accounting and Auditing ROSC Page 19 ˇ Ensure that Estonia has an effective system of investigations and sanctions to detect, correct, and prevent inadequate statutory audits. The law currently provides the possibility to withdraw approval of statutory auditors, but disbarred auditors have managed to have the courts overrule the disciplinary sanction pronounced by the Estonian Board of Auditors. The Board and the authorities should review the disciplinary process and ensure that it provides a robust framework to impose effective sanctions in the event of an inadequate execution of a statutory audit. In so doing, the requirements of natural justice and, particularly, the European Convention on Human Rights should be taken into due account. ˇ Increase public oversight of the audit profession. Current lack of audit self- regulatory arrangements and power to impose sanctions should be balanced with an adequate oversight system. The scope of the oversight should extend to education, licensing, standard setting, quality assurance, and disciplinary systems, in line with the proposal for a new Eighth EU Company Law Directive. While the FSA and other regulators may be proxies for the public interest, the public oversight body should include other stakeholders. 53. Ensure accounting and auditing standard setting and interpretations. Accounting and auditing standard-setting and interpretation mechanisms should be reviewed to ensure a smooth adoption of IFRSs and ISAs and transparency of due process. ˇ Accounting standards. The adoption of IFRSs for public interest entities requires the establishment of a sustainable system within the Estonian Accounting Standards Board to issue implementation guidelines on individual IFRSs that should link into IFRIC. ˇ Auditing standards. The adoption of ISAs requires the establishment of a sustainable system within the Estonian Board of Auditors to enable (a) immediate translation and adoption of new ISAs and exposure drafts issued by the International Federation of Accountants, and (b) to develop audit guidance related to individual ISAs. It is essential that the translations of IFRSs and ISAs are made official so they conform to any language requirements in judicial procedures before courts. 54. Strengthen oversight of accounting and auditing practices by the FSA. The ROSC review found a significant compliance gap relating to accounting and auditing standards. The ROSC team recommends that the FSA further enhance its monitoring and enforcement arrangements, in line with the requirements expressed in recital 16 within the EU Regulation on the application of IFRSs. Enforcement comprises a cascade of different elements, including (1) clear accounting standards, (2) timely interpretations and implementation guidance, (3) statutory audit, (4) monitoring by supervisors and (5) effective sanctions. Each of these must work efficiently: the system will be as strong as its weakest part in delivering strong investor and creditor protection. The FSA has a critical role in ensuring that its licensees (listed companies, banks, insurance companies, etc.) comply with financial reporting requirements. There is clearly a major interest in ensuring accurate and consistent application of accounting standards in the securities and financial markets the FSA oversees. Therefore the financial reporting enforcement role of the FSA should be enhanced as follows: ˇ FSA's monitoring objectives. In view of the fact that credit institutions, financial holding companies, mixed-activity holding companies or insurers, and companies whose shares or other securities are quoted on a stock exchange in Estonia or an EU Member State will be required to apply IFRSs in their consolidated and legal entity Estonia ­ Accounting and Auditing ROSC Page 20 financial statements beginning January 1, 2005, the ROSC team recommends that compliance by regulated entities with IFRSs should be formally adopted in the FSA's monitoring objectives. ˇ Coordination at the European level. While enforcement of accounting standards is arranged at the national level rather than at the European level, enforcement arrangements should provide for an international coordination mechanism in order to create a level playing field across the EU and to ensure consistent decisions. To that end, the ROSC team recommends that the FSA play a more active role in the Committee of European Securities Regulators (CESR) and adopt/implement the standards on enforcement issued by CESR in March 2003 and April 2004.21 ˇ Definition of enforcement. The completeness, accuracy and truthfulness of the financial information is under the responsibility of the issuer's board of directors. Statutory auditors act as a first external line of defense against misstatements by expressing their opinion on the financial information based on their audit. The FSA should monitor compliance of the financial information presented by its licensees with IFRS, and take appropriate measures in case of infringements discovered in the course of enforcement. ˇ Necessary powers. The necessary powers of the FSA should at least include the power to monitor financial information, require supplementary information from issuers and statutory auditors, and take measures consistent with the purposes of enforcement. The FSA should be responsible for setting up an appropriate due process of enforcement and implementing that due process. The FSA should therefore be provided with resources sufficient to establish and carry out an effective monitoring system. This includes having professionally skilled staff that should be experienced with IFRS and the legal implications of enforcement. ˇ Issuers and documents. Enforcement should apply to financial information provided by the licensees of the FSA, including listed companies, banks, and insurance companies. Financial information should include annual and interim financial statements and reports, prepared on individual and consolidated basis, as well as prospectuses and equivalent documents. ˇ Methods of enforcement. For financial information other than prospectuses, ex-post enforcement is the normal procedure. For prospectuses, ex-ante approval is the normal procedure as specified by the EU Directives, which also identify the nature of the approval. Enforcement of all financial information is normally based on selection of issuers and documents to be examined. The preferred models for selecting financial information for enforcement purposes are mixed models whereby a risk- based approach is combined with a rotation or a sampling approach. Methods of enforcement on selected information cover a wide spectrum of possible checking procedures, ranging from pure formal checks to in-depth substantive in-nature checking. The level of risk should normally determine the intensity of the review to be performed by the enforcers. 21 Standard No. 1 on "Financial Information ­ Enforcement of Standards on Financial Information in Europe" issued on March 12, 2003, and No. 2 on "Financial Information ­ Co-ordination of Enforcement Activities" issued on April 22, 2004 by CESR. Estonia ­ Accounting and Auditing ROSC Page 21 ˇ Actions. Where a material misstatement in the financial information is detected, the FSA should take appropriate actions to achieve an appropriate disclosure and, where relevant, public correction of misstatement (in line with the requirements of IFRS). Non-material departures from the reporting framework will not normally trigger public correction even though they normally deserve an action as well (e.g., statement from the FSA conveyed to the infringer). Actions should be effective, enacted in a timely manner, and proportional to the impact of the detected infringement. ˇ Reporting. The FSA should periodically report to the public on their activities providing at least information on the enforcement policies adopted and decisions taken in individual cases including accounting and disclosure matters. 55. Enhance academic and professional education as well as training. In adopting IFRSs and ISAs Estonia has set challenging and demanding objectives for itself. This calls for related education and training for preparers, auditors, and regulators: ˇ University curriculum. Ensure that there is greater consistency in the accounting curriculum at universities and business schools. The accounting major curriculum should include IFRS training, more business administration, and case studies to best prepare accountants (rather than bookkeepers or tax compliance officers) for careers in corporate Estonia. The ROSC team recommends that a panel of experts review and update the accounting curriculum in order to incorporate IFRSs and ISAs and practical-oriented teaching at the undergraduate level in universities and business schools. The ethical dimensions of business management, corporate finance, and accounting and auditing should be taught with case studies in undergraduate programs. Particular attention needs to be given to increasing critical-thinking skills. To enhance the average capacity of universities and business schools to teach accounting and auditing courses with international components, there may be a need to retool some faculty members. ˇ Regulators. Provide meaningful theoretical and practical training to the staff of the FSA and other regulators so they can enforce accounting, financial reporting, and auditing standards as recommended. The FSA staff should have practical experience in the banking, insurance and securities markets; with legal and compliance issues; and with accounting and auditing and financial issues. In addition, FSA staff should maintain and develop their experience through regular continuous training, including structured learning of IFRSs and ISAs. The FSA has long recognized that hiring young people from university is insufficient, even though they may possess strong theoretical knowledge and be highly motivated and flexible. However, recruitment of experienced professionals with market experience of between five to ten years is challenging in Estonia (as is in other first wave accession countries). Therefore there is a compounded need for regular on the job training. This could be undertaken by internships in leading EU market authorities, in order to achieve a sound market overview, and in order to be aware of market instruments and problems that might encounter the Estonian market and authority at a later point of time. ˇ Professional accounting education program. The Estonian Board of Auditors should review the organization of its professional accounting education program. At a minimum, the Board should prepare a syllabus of the program's courses and textbooks with up-to-date technical information. Alternatively, the Board should ensure that private training providers develop such textbooks and make arrangements Estonia ­ Accounting and Auditing ROSC Page 22 to monitor the quality of practical training. These procedures should be consistent with the IFAC International Education Standards for Professional Accountants. ˇ Continuing professional education (CPE). The Estonian Board of Auditors should make it a priority to at least implement the IFAC guidelines on continuing professional education. The Estonian Board of Auditors may enter into a twinning arrangement with a leading professional body of a EU Member State to leverage their experience. The proposal for a new Eighth EU Company Law Directive makes CPE mandatory beginning 2006. Estonia ­ Accounting and Auditing ROSC Page 23