Audit assertions: the 7 ISA criteria for reliable financial statements in 2026

Audit assertions are the fundamental criteria that allow an auditor — whether a statutory auditor (commissaire aux comptes) or an external auditor — to assess whether the financial statements are regular, fair and present a true and fair view of the company's financial position. Far from being an abstract formality, they structure the entire audit methodology: risk identification, procedure design, evidence gathering and conclusion formulation.

Codified in ISA 315 (IFAC International Standard on Auditing), transposed in France through NEP 315, assertions are organised around three main categories: transaction flows and events, account balances, and disclosures in the notes to the financial statements.

An audit conducted without an assertion-based approach becomes a series of disconnected tests — without a guiding logic or a structured response to identified risks. Assertions create the essential chain between:

1. ▸The identified risk: where could the financial statements be materially misstated, and why?
2. ▸The threatened assertion: which property of the financial statements does that risk call into question?
3. ▸The appropriate procedure: which tests will generate sufficient and appropriate audit evidence on that assertion?
4. ▸The documented conclusion: what level of assurance can the auditor draw from the evidence obtained?

ISA 315 (Revised 2019) requires the auditor to identify and assess the risks of material misstatement at both the financial statement level and the assertion level. It is at this second level that the methodology becomes truly operational.

1. Existence (or occurrence for transaction flows)

For account balances: assets, liabilities and equity actually exist at the closing date. Inventory on the balance sheet corresponds to goods physically present and owned by the entity.

For transaction flows: recorded transactions have actually taken place and relate to the entity. A posted invoice corresponds to a service actually rendered.

Practical example: for an industrial SME, the existence assertion on inventory will be tested through a physical stock count or observation procedures focused on high-value items.

2. Completeness

All transactions, events and balances that should have been recorded have in fact been recorded. Completeness is often the most difficult assertion to test: the auditor is searching for what is absent — by definition invisible in the accounting data.

Practical example: testing completeness of trade payables requires searching for invoices received but not yet posted (accrued liabilities) and circularising strategic suppliers. NEP 505 governs these direct confirmation procedures.

3. Rights and obligations

The entity holds or controls the rights attached to recorded assets (ownership, right-of-use under IFRS 16), and liabilities represent genuine obligations of the entity. This assertion is particularly important for fixed assets, intangible assets and lease agreements.

4. Valuation and allocation

Assets, liabilities, revenues and expenses are recorded at appropriate amounts, in accordance with applicable standards (French Plan Comptable Général, or IFRS where applicable). This covers the correct valuation of securities, provisions, goodwill and financial instruments.

Practical example: valuing a litigation provision requires an updated legal analysis, a review of correspondence with lawyers and an assessment of the probable outflow of resources — consistent with the applicable accounting framework.

5. Cut-off

Transactions are recorded in the correct accounting period. Cut-off is particularly sensitive at year-end, for purchases and sales close to the closing date, and for accrued charges or accrued income.

Practical example: an auditor will examine the last deliveries of December and first of January to confirm that revenues and costs are attributed to the correct period, consistent with the matching principle.

6. Presentation and disclosure

Items are correctly classified, described and presented in the financial statements. Information required by applicable standards (Code de commerce, ANC regulations, IFRS) is included and intelligible. This assertion covers the entire notes section: off-balance-sheet commitments, executive remuneration, related-party transactions.

7. Accuracy

Amounts and other data relating to transactions are recorded correctly. This assertion differs from valuation: it concerns arithmetic fidelity and contractual parameter compliance, rather than value judgements.

ISA 330 (The Auditor's Responses to Assessed Risks) distinguishes two main families of procedures:

Tests of controls: these verify that internal controls designed to prevent or detect misstatements are operating effectively. They are relevant when the auditor intends to rely on internal controls to reduce the scope of substantive procedures.

Substantive procedures: these include tests of detail (confirmations, invoice inspection, physical counts) and analytical procedures (comparisons, ratios, variance analysis). Their design must be directly linked to the assertion being tested and the risk assessed.

For significant risks — those requiring special audit consideration under ISA 315 — the IFAC handbook specifies that the auditor cannot rely solely on tests of controls: specific substantive procedures are mandatory.

For an SME subject to statutory audit, the most frequently critical assertions are:

• ▸Completeness of liabilities and accruals, particularly in high-growth contexts where period-end closing is less formalised
• ▸Valuation of inventory in manufacturing or trading companies (AVCO/FIFO methods, write-down provisions)
• ▸Revenue cut-off, particularly sensitive in service businesses or businesses with partial deliveries
• ▸Disclosure of off-balance-sheet commitments, frequently incomplete in SMEs (guarantees, pledges, operating leases)

Hayot Expertise advice: audit assertions are not abstract theory. In practice, they allow your statutory auditor to focus work on the genuinely exposed areas of your accounts — and to deliver targeted assurance rather than a surface-level review. A well-structured audit file reads like a risk map connected to reasoned responses.

ISA 315 (Revised 2019), transposed as NEP 315, requires the auditor to assess risks of material misstatement at two levels: the overall financial statement level, and the individual assertion level. This dual analysis is fundamental:

• ▸A risk at the financial statement level (e.g., deficient accounting system, earnings pressure) calls for an overall response to the conduct of the engagement.
• ▸A risk at a specific assertion level (e.g., existence risk on trade receivables of a service company) requires a targeted procedure, calibrated to the exposure.

See also what is an audit?, statutory auditor mission and SME financial audit overview.

👉 Discover our statutory audit service

👉 Book an appointment with an expert

What is the difference between audit assertions and ISA standards?

ISA standards (International Standards on Auditing), published by IFAC, constitute the global framework for conducting audit engagements. Audit assertions are a conceptual tool defined within those standards — primarily ISA 315 and ISA 330 — to structure risk assessment and procedure design. In France, the NEP (Normes d'Exercice Professionnel) transpose the ISAs with minor adaptations to French accounting law.

How many audit assertions are there in practice?

The ISA/NEP framework generally identifies 5 assertions for transaction flows (occurrence, completeness, accuracy, cut-off, classification) and 5 for account balances (existence, rights and obligations, completeness, valuation, presentation). Some firms consolidate these into 7 main categories to simplify risk-assertion mapping. There is no single mandatory list: practice varies across frameworks and audit firms.

How does a statutory auditor decide which assertions to prioritise?

The starting point is the assessment of material misstatement risk. For each financial statement line item, the auditor identifies the assertion most exposed in the context of the entity (sector, size, internal control quality, history of misstatements). Assertions linked to significant risks under ISA 315 must receive specific substantive procedures, regardless of internal control quality.

Do audit assertions apply to unlisted SMEs?

Yes. Assertions apply whenever a statutory audit (commissariat aux comptes) or contractual audit is conducted on an entity's financial statements, regardless of size. For SMEs, the most sensitive assertion areas typically relate to completeness of liabilities, inventory valuation and revenue cut-off.