Category: Governance

New Requirement for Quoted Companies in Poland


A new provision in the Act on Public Offers (Ustawy o Ofercie Publicznej) has introduced a new obligation on Polish PIEs to prepare an annual report on the remuneration of the management board and supervisory board and to submit this report to the auditor’s assessment.

Art. 90g of the Act on Public Offering, Conditions Governing the Introduction of Financial Instruments to Organized Trading, and Public Companies” introduces the new Remuneration Report. The supervisory board of a public company must prepare a report on the remuneration of the management board and the supervisory board each year. The scope of the report is specified in the provision cited above. The report has to be “assessed” by a statutory auditor to ensure that the information it contains is accurate and complete.

The first such annual Remuneration Report will be prepared jointly for the years 2019-2020 and the audits of them will be carried out for the first time in 2021.

The Remuneration Report will be prepared separately from the financial statements and the company’s annual report, and its “assessment” will be classified technically as “an assurance service, other than an audit of the financial statements”, and considered by the Regulator as part of the auditing business of a licensed firm. Only registered auditors and their companies licensed to audit Public Interest Entities should be engaged to perform these assurance services.  The purpose of the auditor’s assessment is to confirm that the remuneration report contains all the elements required by law. Responsibility for the substantive correctness of the information indicated in the remuneration report rests solely with the members of the company’s supervisory board, and the auditor should be independent to the entity. It may indeed be the same auditor which carries out the audit of the Financial Statements, according to Art. 136 paragraph. 1 of the Act on Statutory Auditors, therefore in most cases it will be the same auditor which you already have.

The above has been confirmed by the Financial Market Development Department at the Ministry of Finance in response to a query by the Chamber of Auditors in Poland (PIBR).

Should you be in a situation where your financial statements auditor is reluctant to carry out this review, they are not obliged to as it is separate to the existing contracts in place currently. You may prefer, for the sake of good corporate governance, to engage a smaller Firm which is able to carry out PIE audits for this task. Please contact us and we will assist you to a good offer from a reputable Firm for the audit, or alternatively if you would like help with the report itself, this ca also be done with Quoracy Consulting and our partners.

For further help, please use the contact form below.  It emails direct to me at the audit firm Grupa Strategia, which has been developing a competence in this area in anticipation of the changes.

What should the relationship of internal and external audit look like?


Not every organisation has both an external audit and internal audit. In some jurisdictions you can get companies that have internal audit but no external audit, while in most countries you get quite a prevalent external audit with far less incidence of internal audits. Russia is a prime example of the latter case.

External audits done under ISAs are supposed to plan and carry out work in order to have a reasonable expectation of detecting fraud and other irregularities, and certainly the expectation of users has traditionally been that external auditors are responsible for finding fraud.

I work both as external auditor and I also carry out internal audits for clients who don’t have their own departments or who do but still need to be beefed up locally by brought-in experts. Therefore I have no particular axe to grind, but I will say this – a lot seems to be expected of external auditors with relation to fraud without giving them the tools necessary to find instances of fraud.

Internal audit departments can, within reason (they cannot supercede data protection law or labour law, etc, or contravene people’s basic human rights when monitoring them) have whatever tools they like if they are within budget. I can just imagine what my clients would think if I as an external would start installing cameras, GPS trackers on company vehicles, doing spot checks for alcohol, lifestyle checks on managers, and all the other things that internals can do. And yet if you take the standards literally I have to do a job not far off that of a policeman as an external auditor.

All we are usually given as external auditors is a couple of generic questionnaires which we try to go through with the client’s management adapting it to the specifics of their business, then we have the duty and hopefully also the ability to map out and analyse the systems of the client, including the controls and to perform walk-through tests and seek to identify key controls. The way an external auditor assesses a key control and the way an internal auditor assesses a key control are also different in a number of ways, and how we define a key control for our respective purposes differs, and then the timing and frequency of checks on that control will differ. Many people who have worked only in external audit won’t know how or why they differ and therefore their ability to get the best from internal if it is even there will be in many cases limited.

Actually most of the fraud questionnaires in use are a good start because they are based in fact on the fraud triangle originally talked about by notable criminologist Donald Cressey back in the 1960s and 70s. This is the triangle of means, motivation and rationalisation or self-justification. It is based on the idea that if a person hasn’t got the opportunity to get around the system, doesn’t really need to and thinks it would be wrong to, then the chances of that person committing fraud are extremely remote. If on the other hand a person thinks that they know how to get away with it, need the money and also think they deserve to do it, then the fraudulent activity by that person is virtually certain. Various permutations of this give varying degrees of likelihood of fraud. The questions in fraud questionnaires would be good at helping to build a “fraud triangle” exercise in a given context, but only as long as the person doing it knows what they are doing both in theory and in practice. Often it is given to quite junior people to carry out and also very often in assessing audits I have seen that the answers don’t necessarily carry through to specific tests relevant to those answers, but instead increase general risk meaning that there is a likelihood that the sample sizes for other detailed substantive tests (by the way the weakest set of tests for detecting fraud) will be higher. And sometimes you are lucky to even get that much of a response.

Externals go on to make their control tests if they do recognise a key control (and on a worldwide scale I would hazard a guess that tests of controls are still done on only a small minority of audits, with most defaulting to the substantive route based really on lack of time or confidence with control work by the external audit team) and also the other big weapon they have in the arsenal is substantive analytical review. But SAR is only as good as the in-depth knowledge of the branch or business, so externals – especially those which are not branch specific as some Big Four externals are – don’t really have the sector knowledge that the internal audit team have and so their chance of noticing something that doesn’t stack up as they go through their analyses of ratios, or building of expectations and confronting to reality is not as good as that of the internal in many cases.

And then auditors finish every section by mopping up whatever needed assurance they could not derive from the earlier procedures by other substantive procedures based if done properly on a statistical sample, which is designed to get them from the assurance they got from less time-consuming procedures through to within their tolerable error (a function of risk and materiality from their perspective, which again differs from the internal auditor’s perspective which may not even be couched in money figures but in non-monetary terms). However the chances of getting at fraud looking through sampled accounting documents is miniscule, and here many external auditors do the bulk of their work.

So naturally if there is an internal audit team, an enlightened external auditor should be ver anxious to understand how they decided their work plan, what they did, and how many key controls have been checked thoroughly and how many risks are still open. If they want to give the organisation real value for money they will design tests that supplement, rather than duplicate the work of internal auditors.

Internal auditors will encourage this – they too will want to see that the organisation’s budget for external audit work goes on procedures that help to improve the risk heat map and the overall picture for the organisation. This call only be done when each side understands the other and “speaks their language”. Many internals have worked as external but not many are continually doing both types and therefore able to think through an assurance issue from both perspectives.