Paris Audit Firm — Statutory Audit, Financial Due Diligence & Advisory

An audit that merely ticks a regulatory box is a missed opportunity. When conducted with genuine analytical rigour, an audit provides the management team, shareholders, lenders and investors with something far more valuable: a credible, independent assessment of whether the financial statements are a faithful picture of the business — and an early-warning system for control weaknesses, fraud risks and compliance gaps that could otherwise go undetected for years. Hayot Expertise, located at 58 rue de Monceau, Paris 8, brings that level of rigour to every engagement, combining the technical standards of the CNCC (French statutory auditor body) with data-driven audit analytics and a practical, communication-first approach.

Understanding the regulatory framework helps you commission the right type of engagement. France distinguishes sharply between statutory audit (commissariat aux comptes — CAC) and contractual audit (audit contractuel).

The statutory CAC is a legally mandated appointment governed by Articles L.823-1 et seq. of the French Commercial Code. Since the PACTE Act of 2019, the threshold for mandatory CAC appointment has been raised significantly: SAS and SARL companies below the following two-out-of-three thresholds are now exempt — balance sheet total > €4M, revenue > €8M, headcount > 50. This exempted tens of thousands of SMEs from the legal obligation but has, paradoxically, increased the voluntary take-up of contractual audits — particularly from institutional investors and banks requiring independent financial review as a credit condition.

At the European level, the 2014/56/EU Audit Directive (transposed into French law) introduced mandatory rotation of CAC firms for public interest entities (EIP) every 10 years, reinforced independence requirements and created the Haut Conseil du Commissariat aux Comptes (H3C) as regulator. The CNCC has fully adopted ISA (International Standards on Auditing) translated into French as NEP (Normes d'Exercice Professionnel), making French audit methodology internationally aligned.

What a Mandatory CAC Mission Covers

Our statutory audit missions follow the full NEP framework and cover:

• ▸Audit of annual financial statements (balance sheet, income statement, notes) under a risk-based approach: understanding of the entity and its environment (NEP 315), risk assessment and response (NEP 330), completion and reporting (NEP 700)
• ▸Certification opinion: unqualified, qualified, adverse or disclaimer of opinion, depending on the nature and materiality of findings — we communicate our preliminary conclusions before the final report, avoiding surprises
• ▸Verification of the management report (rapport de gestion) and all shareholder communications for consistency with the certified accounts
• ▸Mandatory disclosure of criminal facts to the public prosecutor if facts constituting a criminal offence are identified during the mission (Article L.823-12 — non-delegable legal obligation)
• ▸Alert procedure (procédure d'alerte) if facts are identified that may jeopardise the going concern of the entity — a structured escalation process to management, supervisory body and ultimately the commercial court if unresolved
• ▸Limited review of interim financial statements (examen limité) for listed groups or their significant subsidiaries

Voluntary CAC Appointment

Even below the mandatory thresholds, voluntary appointment of a statutory auditor is increasingly common:

• ▸Associations receiving public grants above €153,000 annually are legally required to appoint a CAC regardless of their legal form
• ▸LBO/OBO holding companies whose senior and mezzanine lenders typically require contractual audit certification as a financial covenant
• ▸Startups preparing Series B+ funding rounds or IPOs, seeking to demonstrate accounting credibility before institutional investors conduct their own due diligence
• ▸Subsidiaries of foreign listed groups where the parent's audit committee or SEC/FCA obligations require subsidiary-level statutory audit across all material entities
• ▸Non-profit foundations under public utility status, subject to Cour des Comptes oversight

Outside the CAC framework (which carries mandatory independence and incompatibility rules), we conduct contractual audit missions that allow a more advisory relationship:

Financial Due Diligence (Buyer-Side and Vendor)

Financial due diligence is the analytical foundation of any M&A process. For the buyer, it validates the business plan assumptions, uncovers hidden risks (tax disputes, off-balance-sheet commitments, social liabilities, undisclosed litigation) and calibrates the scope of the representations and warranties (R&W) required in the SPA. For the seller, a vendor due diligence (VDD) report commissioned in advance speeds up the process, increases buyer confidence and typically supports a higher valuation multiple.

Our standard due diligence report structure:

• ▸Earnings quality analysis: normalised EBITDA restatements, non-recurring items identification, pro-forma adjustments for acquisitions/disposals completed during the historical period
• ▸Working capital analysis: calculation of the normalised working capital target (for locked-box or closing mechanism purposes), identification of seasonal cash flow patterns, deep-dive into debtor and creditor ageing
• ▸Net debt analysis: definition of net debt for SPA purposes, off-balance-sheet commitments (operating leases pre-IFRS 16, earn-outs, performance bonds), underfunded pension liabilities, deferred revenue
• ▸Tax risk assessment: open tax positions, pending or recently closed audits, compliance gaps in VAT, CIT and social charges, group tax consolidation risks
• ▸Revenue and contract accounting: recognition policy review, milestone billing, contract modifications, churn analysis for SaaS businesses

Audit of IT Financial Systems

Financial data integrity increasingly depends on robust IT general controls. We audit the financial IT environment of your ERP or accounting system (Sage, SAP, Cegid, Pennylane, NetSuite) to assess:

• ▸Access controls and segregation of duties: who can post, approve and pay — and are there compensating controls where segregation is limited?
• ▸Change management: are modifications to financial system parameters (account mappings, tax codes, approval workflows) authorised and tested before deployment?
• ▸Data completeness and accuracy: are transactions from subsidiary systems (sales, inventory, fixed assets) correctly and completely interfaced into the general ledger?
• ▸Audit trail integrity: are journals complete, sequential and unalterable?

Grant and Public Funding Audit

Companies and organisations receiving public or European funding (BPI grants, FEDER/ESF European funds, public research contracts) frequently face mandatory justification audits imposed by the funding authority. We conduct these missions against the specific reference frameworks required (ANR, European Commission, Regional Councils) and produce reports in the required formats, including the ISRS 4400 (agreed-upon procedures) format often stipulated for European funds.

Risk-Based Planning

Before any procedure, we invest heavily in understanding your business, sector dynamics, competitive environment, control environment and accounting system. This planning phase (NEP 315) is what distinguishes a genuinely useful audit from a formulaic one: by identifying the high-risk areas early, we allocate our work precisely where it matters and avoid spending time on low-risk areas.

Audit Data Analytics

We systematically import and analyse your FEC file (Fichier d'Écritures Comptables — the standardised electronic audit trail mandated by French tax law) using data analytics tools. This allows us to:

• ▸Apply Benford's Law to first-digit distributions in monetary amounts to detect statistical anomalies
• ▸Identify duplicate transactions, sequential gaps in invoice or journal numbering
• ▸Flag unusual timing patterns: after-hours postings, weekend transactions, end-of-period manual journals
• ▸Detect intercompany inconsistencies across entities in a group FEC consolidation
• ▸Perform ratio trend analysis across 24–36 months to identify breaks in patterns that warrant explanation

This data-first approach consistently uncovers issues that traditional sampling-based audit procedures would miss.

Communication Throughout — No Surprises at the End

We operate on a principle of continuous communication. Significant findings are discussed with management as they arise, not saved for the final report. This means the audit remains a constructive process rather than a confrontational one, and management has the opportunity to provide context or correct issues before the opinion is formed.

Management Letter — Constructive Recommendations

Every audit concludes with a management letter (lettre de recommandations) accompanying the formal report. It documents internal control weaknesses identified during the audit, rates them by risk level (significant deficiency, material weakness) and provides specific, actionable recommendations for remediation. This is the component of an audit that delivers direct operational value beyond mere compliance.

• ▸Technology and SaaS: IFRS 15 revenue recognition for subscription businesses, capitalisation of internal development costs under IAS 38, BSPCE and BSA equity instrument accounting, consolidation in high-growth group structures
• ▸Real estate and property development: VEFA (off-plan sales) revenue recognition on a percentage-of-completion basis, decennial guarantee provisions, land bank valuation, SCI and OPCI structures
• ▸Retail and distribution: inventory valuation (FIFO vs weighted average cost), supplier rebate and volume discount accounting, franchise agreement treatment
• ▸Professional services firms: work-in-progress recognition, bad debt provisioning, partner remuneration structures, professional liability provisions
• ▸Non-profits and foundations: comptes emploi-ressources, allocation of costs by purpose, public grant accounting, Cour des Comptes reporting requirements

Do I need a statutory auditor (CAC) for my SAS? Only if you exceed two of three thresholds: balance sheet > €4M, revenue > €8M, headcount > 50. However, voluntary appointment is increasingly common for companies backed by institutional investors or with bank financing covenants requiring audit.

Can our statutory auditor also advise us on tax or accounting policy? No — the independence rules are absolute. A registered CAC cannot provide bookkeeping, tax consultancy or financial advisory services to an audit client. The two roles must be performed by entirely separate firms.

How long does a typical SME audit take? For a company with 10–50 employees and revenue of €2–15M, a full CAC mission typically requires 25–60 person-days spread across an interim phase (August–October) and a final phase (January–April, depending on year-end date).

📍 58 rue de Monceau, 75008 Paris | Contact us

See also: Statutory auditor for contributions (CAA) | Business valuation expert