SACC: services other than account certification

Updated April 2026 - SACCs, or services other than the certification of accounts, designate all the services that an auditor (CAC) or its network may or may not provide to an entity subject to a legal audit mandate. This subject is at the heart of audit law in France: it determines where the legitimacy of an ancillary service ends and where the threat to the independence of the auditor begins. Understanding SACCs means understanding why independence is not a formal principle but a concrete operational constraint.

Also find our analysis on the mission of the auditor, the training obligations of CACs and situations where the auditor is obligatory.

A SACC is any service provided by the auditor or by an entity belonging to his professional network, for the benefit of an entity for which this same auditor holds a legal certification mandate, and which does not constitute the certification itself.

The definition is deliberately broad. It also covers:

• the regulated missions provided for by law (report on a capital increase, opinion in the context of a merger-absorption, contribution auditor's report);
• advice, training or assistance services which are not expressly provided for by a text but which are technically possible;
• the tax, legal, social or IT missions that the CAC network could accomplish independently of the CAC itself.

What distinguishes a SACC from an ordinary service is precisely the existence of a certification mandate: it is this mandate which makes the additional service potentially incompatible, and not the nature of the service itself.

The legal framework of SACCs is based on several complementary texts.

Article L822-9 of the Commercial Code establishes the general principle of independence: the auditor must be independent of the person or entity whose accounts he certifies. This independence is appreciated in fact and in appearance. It's not just about avoiding real conflicts of interest — it's about avoiding any situation that could reasonably be perceived as compromising independence. Article L822-11 of the Commercial Code specifies the conditions under which a CAC can provide services other than certification, and regulates situations likely to create threats to independence. It provides for the obligation to identify, document and, if necessary, eliminate these threats.

Article L822-11-1 of the Commercial Code sets out the specific prohibitions applicable to all entities subject to the police, going beyond just EIPs.

EU Regulation No. 537/2014 constitutes the reference text for public interest entities (PIE). It draws up an exhaustive list of non-audit services prohibited for EIPs, with a much more restrictive approach than French common law. This regulation has applied directly in French law since its entry into force.

Independence is not an accessory constraint of the mandate of auditor: it is its reason for being. An auditor who is not independent cannot, by definition, certify accounts in a credible manner. His signature only has value because it is that of an independent third party, with no personal interest in the outcome of his mission.

This independence is assessed according to several simultaneous dimensions:

• independence of mind: the CAC forms its judgment autonomously, without allowing itself to be influenced by considerations unrelated to its mission;
• apparent independence: an objective and informed observer must not have reasonable reason to doubt the independence of the CAC;
• independence from the network: the CAC must verify not only its own situation, but also that of the members of its network who would intervene for the same client.

It is precisely because independence is multidimensional that SACCs pose a structural problem: even a technically permissible service can create a threat to independence in appearance, which is enough to make it incompatible with the mandate.

The Theory of Threats to Independence, as developed by the Standards of Professional Practice and the H3C, identifies several categories of risks specifically applicable to SACCs.

The risk of self-revision

This is the most direct and frequently cited threat. The risk of self-revision arises when the CAC is required to audit or certify elements that it has itself prepared, designed, validated or recommended. For example: if the CAC network designed the inventory depreciation policy, the CAC cannot then certify that this same policy was correctly applied, without its objectivity being structurally compromised.

This risk explains why bookkeeping, the preparation of financial statements or the design of accounting procedures are prohibited or extremely restricted SACCs.

The risk of pleading

The risk of advocacy arises when the CAC or its network takes a position in favor of the audited entity in the context of a dispute, a negotiation or a procedure which could have an impact on the accounts. Providing assistance in the event of a tax dispute when you are the CAC of the entity creates an obvious pleading risk: the CAC becomes defender of the interests of its client, while its role is precisely to assess them with a critical distance.

The risk of familiarity and collusion

The multiplication of additional services with the same client tends to create human and professional links which, progressively, compromise the critical distance necessary for the audit. This risk of familiarity is insidious because it does not result from any specific event, but from an accumulation of relationships.

Personal interest risk

This risk exists when the CAC or its firm derives a significant financial benefit from the non-audit relationship with the audited client. If the share of SACC fees in the firm's total revenue becomes significant, the CAC may unconsciously have an interest in maintaining a commercial relationship rather than issuing an unfavorable opinion on the accounts.

All additional services are not prohibited. Authorized SACCs generally correspond to missions expressly provided for by law and which do not create a risk of self-review.

We can cite in particular:

• Reports on regulated operations: report of the commissioner for contributions during a constitution or an increase in capital in kind, report of the commissioner for merger, report of the commissioner for demerger. These missions are provided for by law and entrusted to a CAC, but they are distinct from annual certification and do not create a risk of self-revision if they are well defined.

• One-off technical opinions: in certain circumstances, a technical opinion from the CAC on a specific question may be compatible with its mandate, provided that this opinion does not relate to elements that it will be required to certify.

• Professional training: the training actions that the CAC or its network provides to the entity are not, by nature, incompatible with the mandate, provided that they do not involve operational decision-making.

• CSRD reports: as part of the sustainability reporting resulting from the CSRD directive, the auditors are called upon to play a verification role. These missions are specifically supervised and are subject to a normative framework under construction.

Public interest entities — banks, insurance companies, companies listed on a regulated market, and certain other entities designated by law — are subject to a much more restrictive regime. Article 5 of EU Regulation 537/2014 sets out a list of services expressly prohibited for EIPs, which the CAC or its network cannot provide, regardless of the threat analysis.

Among the SACCs prohibited for EIPs, we find in particular:

• tax services: preparation of tax returns, tax advice, aggressive tax planning;
• bookkeeping services and preparation of financial statements;
• design and implementation services for internal control procedures or financial risk management;
• valuation services when the results have a significant impact on the certified accounts;
• legal services, particularly in matters of representation in the event of litigation;
• human resources services: recruitment of management, definition of remuneration policies;
• promotion, brokerage or subscription services for financial securities;
• IT services having a direct impact on accounting and financial information systems.

This list is exhaustive for EIPs. A CAC which provides one of these services to a PIE whose accounts it certifies directly violates European regulations.

The H3C (Haut Conseil du Commissariat aux Comptes) is the independent public authority which supervises the profession of auditor in France. He is responsible for quality control of EIP audit missions, monitoring professional standards and disciplinary power over commissioners. In matters of SACC, the H3C can investigate the compatibility of ancillary services with independence, impose disciplinary sanctions ranging from a simple warning to removal, and issue opinions and recommendations on good practices.

The CNCC (National Company of Auditors) ensures the ordinal supervision of the CACs for non-EIP entities. It publishes professional practice standards (NEP), practical guides and SACC analysis grids which constitute the operational reference for practitioners.

The distinction between the two supervisors is important: for EIPs, the H3C has the last word; for entities outside the EIP, it is the CNCC which supervises in the first place, even if the H3C retains overall supervisory power.

A point often underestimated: the ban on SACCs does not only apply to the auditor himself, but to his entire professional network. A network includes all entities linked to the CAC by a relationship of control, common ownership, common brand or significant sharing of resources or customers.

This means that if the CAC's sister firm, under the same brand and sharing common partners, provides tax services to a PIE audited by the CAC, the prohibition is imposed, even if the CAC personally did not participate in these services.

Management of SACCs at the network level is therefore a discipline in its own right, which requires rigorous internal identification and verification procedures before any mission engagement.

Hayot Expertise Advice: before accepting a side mission for an entity that you are auditing - or before requesting such a service from your CAC - the real question is not "is it useful?", but "is it strictly compatible with the independence framework?". A perfectly legitimate service with an ordinary client can become serious professional misconduct when provided to an audited client. The analysis must be carried out in advance, documented, and if necessary submitted to the opinion of the H3C.

On the side of the audited entity, the question of SACCs has concrete implications:

When choosing the CAC, it is appropriate to check whether the firm or its network already provides services to the entity, and whether these services would be compatible with a future audit mandate. It is best to anticipate these questions before making the appointment. During the mandate, any new service envisaged with the CAC or its network must be subject to prior verification. The analysis grid published by the CNCC constitutes a reference tool: it makes it possible to identify independence risks and to determine whether sufficient safeguards can reduce them to an acceptable level.

In case of doubt, the CAC can and must seek the opinion of the CNCC or the H3C before accepting a side mission. This opinion is not legally binding, but it constitutes an important due diligence which protects the CAC in the event of subsequent dispute.

For companies that change their status — for example a company that goes public and becomes a PIE — previously authorized SACCs may become prohibited. A complete review of current services is then necessary.

To find out more about our support in terms of audit and legal advice, consult our page legal advice Paris.

SACC constitutes one of the most technical and consequential subjects of audit law. Their supervision is not an administrative formality: it guarantees the credibility of the certification report, and therefore the trust that third parties – investors, banks, suppliers, shareholders – place in the certified accounts.

In 2026, with the gradual entry into force of CSRD sustainability reporting and the expansion of the scope of entities subject to audit, questions related to SACCs will multiply. Anticipating these issues means protecting both the audited entity and the quality of the auditor's mission.