Non-audit services (NAS): independence, self-review risk and the framework statutory auditors must respect

Updated March 2026 - The SACC (services autres que la certification des comptes) — known in international practice as non-audit services, or NAS — are the services beyond statutory account certification that a commissaire aux comptes or its network may or may not provide to a client subject to a statutory audit mandate. The topic is sensitive because it sits at the core of statutory audit independence: an auditor who also provides advisory, consulting or accounting services to the same entity creates risks that directly affect the quality and objectivity of the audit opinion.

See also the statutory auditor's mission and obligations, statutory auditor training requirements and when a statutory auditor is mandatory.

The statutory audit framework is built on a single foundational principle: the auditor must be independent of the entity they audit — in fact, and in appearance. Non-audit services create three types of risk to that independence:

• ▸self-review risk: when the auditor audits something they have themselves prepared, designed or recommended. If a firm drafts the accounting procedures, advises on the chart of accounts, or prepares certain financial statements, and then audits those same elements, the objectivity of the audit opinion is structurally compromised;
• ▸advocacy risk: when the auditor acts as an advocate or representative of the client in a matter that could affect the audit — for example, providing legal or tax defence services in a dispute that implicates the financial statements;
• ▸familiarity and management decision risk: when the advisory relationship becomes close enough that the auditor takes management decisions, or when the non-audit relationship makes genuine critical distance from the client difficult to maintain.

Before a commissaire aux comptes or its network accepts any service engagement for an entity subject to a statutory audit mandate, three questions must be answered clearly:

• ▸is the service authorised? French law and the H3C (Haut Conseil du commissariat aux comptes) regulations define which services are explicitly prohibited (services listed as interdits), which require specific conditions, and which are generally permitted. This verification is not optional;
• ▸does it compromise independence? Even a technically permitted service may compromise independence in the specific circumstances of a mandate — the analysis must be factual, not just formal;
• ▸does it create a self-review risk? If the auditor will later be asked to verify, validate or form an opinion on anything they have also prepared, designed or produced, the self-review risk is real and must be addressed or the service declined.

Hayot Expertise advice: on non-audit services, the real question is not only "is this useful to the client?" — it is "is this compatible with the independence framework?" A service that would be entirely legitimate with a non-audit client becomes problematic when delivered to a statutory audit client. The distinction must be made proactively, before engagement, not after the independence issue has already arisen.

We can help you distinguish between the genuine need, the practical utility and the regulatory compatibility of an additional service alongside an existing statutory audit mandate.

👉 Discover our audit and legal advisory support

In 2026, non-audit services must be assessed through a service logic — but first and foremost through an independence logic. The permitted scope has been defined precisely to protect the quality of the audit opinion, and the rules exist to be applied, not worked around.

Want to check the compatibility of a side service with an existing statutory audit mandate?
We can help you assess it rigorously.

👉 Book an appointment with an expert