Romania’s Audit Market Enters a New Era: Efficiency, Transparency and ESG Drive Change

Romania’s audit and assurance market is undergoing a period of rapid change. Regulatory expectations are rising, investors are demanding deeper transparency, and the introduction of new standards — including the International Standard for Less Complex Entities — is reshaping how small and medium-sized businesses access professional verification. At the same time, digital reporting, ESG data requirements, SAF-T submissions, and new European regulatory frameworks are transforming how auditors work across Central and Eastern Europe.

To understand how these developments are reshaping audit and ESG reporting, CIJ EUROPE turned to one of the sector’s leading voices: Claudia Bratu, FCCA — Audit & Advisory Partner and Head of ESG Services at TPA Romania.

In this Q&A, Bratu explain how the audit market is structured, how firms ensure proportional fees for low-activity companies, what every engagement letter must include to protect both auditor and client, and how the future of assurance will be shaped by technology, ESG reporting, and the new “less complex entity” standard.

1. How is the auditing and assurance market structured in Romania and across CEE? How do professional service providers segment their offerings — from statutory audits and agreed-upon procedures to financial reviews or due diligence — depending on a company’s size, level of activity, and investor expectations?

There is a three-tiered audit and assurance market in Romania, built on a common framework of European regulation and international standards.

Romania’s audit market reflects the broader European structure, grounded in the EU Audit Directive, Law 162/2017 and the International Standards on Auditing (ISA).

Statutory audits are regulated and overseen by ASPAAS -the Statutory Audit Public Oversight Authority and conducted by auditors registered with CAFR – Chamber of Financial Auditors in Romania. It is worth mentioning that in Romania all the entities subject to statutory audit must have an internal audit function implemented and the internal audit reports shall be issued by an active member of CAFR. Noncompliance with the requirement might lead to penalties up to RON 100,000 (approximately EUR 20,000).

At the top, the Big Four dominate the audit of PIEs and large groups, banks and other financial institutions, offering not only statutory audits but also complex assurance services — from IFRS audits to assurance on sustainability reporting and IT controls and due diligence services.

Beneath them, a layer of mid-tier international networks serves medium-sized companies providing statutory audits, audits on the special purpose financial information, IFRS audits, limited reviews and agreed-upon procedures in most cases for subsidiaries of the multinational companies but also for local companies. Internal audit and assurance on sustainability reporting are also included in the offering of these mid -tier companies.

Finally, local and boutique practices often perform audits of local companies, limited reviews, or agreed upon procedures.

2. Cases such as AUDIRE’s offer in Poland — a three-year “financial verification” priced at PLN 34,000 for a small, non-operating company — raise questions about proportionality. How do firms in Romania and CEE determine fair and appropriate fees for engagements involving micro or low-activity entities? Are there professional or ethical standards that guide such assessments to ensure alignment between cost, scope, and client size?

Across CEE, in general auditors base their fees not on company size alone, but on risk, effort, and professional responsibility. Even a dormant company triggers essential procedures: independence checks, risk assessment, documentation, and quality control under ISQM 1 These baseline requirements create a natural cost threshold below which professional quality cannot be maintained.

Ethically, firms are guided by the IESBA Code of Ethics, which requires that fees be reasonable and reflective of the nature and scope of work, without compromising independence or quality. Proportionality, in this sense, means aligning the engagement type with the client’s characteristics and industry in which it operates — not simply lowering prices. For very small entities, the solution often lies in adjusting the level of assurance rather than reducing audit quality: substituting a full audit with a limited review (ISRE 2400) or agreed-upon procedures engagement (ISRS 4400) focused on specific figures or transactions.

3. One recurring issue in smaller due diligence or verification projects is the lack of clearly defined deliverables and methods. From your perspective, what are the minimum elements that a professional engagement letter or addendum should contain — in terms of methodology, liability, and scope definition — to ensure transparency and protect both the client and the auditor?

A well-drafted engagement letter is indispensable — it protects both auditor and client, ensuring that the scope and limitations of the work are understood from the outset.

At minimum, such a document should specify:

-The parties and scope of work of the engagement, including the intended users of the report.

-Applicable standards — whether ISA, ISRE 2400, ISRS 4400, or another framework.

-Deliverables and format of the report, with any confidentiality or distribution restrictions.

–Responsibilities of both management and the auditor, emphasizing that the latter provides assurance, not absolute guarantees.

-Fees, timelines, and liability terms.

An annex listing all agreed-upon procedures can be particularly effective. It transforms what might otherwise be an informal “verification” into a structured, defensible engagement grounded in professional standards.

4. With increasing use of digital tools, data analytics, and standardised reporting, how is the audit profession in Romania and the wider region adapting? Is there a noticeable convergence toward regional norms in pricing, timelines, and deliverable formats, or do national markets still differ significantly in how engagements are designed and costed?

It is clear that digitalization is reshaping how audits are performed across CEE. In Romania, most large and mid-sized firms now use audit platforms, data analytics, and secure portals for client communication and document exchange.

This digital shift is also fostering regional convergence. The use of common standards (ISA, ISRE, ISRS) and shared templates by international networks has aligned methodologies, deliverable formats, and reporting styles across borders.

However, significant differences persist in pricing, timelines, and market maturity. While methodologies may now look similar from Warsaw to Bucharest, actual fee levels remain anchored in local cost structures and competitive dynamics.

5. Looking ahead, what do you see as the main trends shaping the future of audit and assurance services for SMEs and micro-enterprises? How can smaller companies — including those with little or no revenue — still access proportionate professional verification without facing corporate-scale costs?

The audit profession faces both challenges and opportunities. As regulatory expectations evolve, the demand for “right-sized assurance” — proportionate, transparent, and technology-enabled — will continue to grow.

In recent years, the audit profession — governed by the International Auditing and Assurance Standards Board (IAASB) — has recognized that the traditional, one-size-fits-all application of International Standards on Auditing (ISAs) can be overly burdensome for small or less complex entities (LCEs). These are companies that have straightforward business models, simple financial reporting, and limited internal control structures — such as family-owned businesses, start-ups, or micro-enterprises with low transaction volumes.

To address this, the IAASB introduced the “International Standard on Auditing for Audits of Financial Statements of Less Complex Entities” (ISA for LCE), finalized in 2023. The standard is designed to maintain the same quality and credibility expected under the full ISAs, but with a simplified, risk-based approach that is scalable and proportionate to smaller businesses. The standard will become effective for audits of financial statements beginning on or after 15 December 2025, in jurisdictions adopting or permitting its use.

In Romania, statutory audits are not mandatory for micro-entities, except for banks, insurance companies, and other regulated financial institutions. Most small companies are not required to undergo a statutory audit of their financial statements. However, many such businesses still face increasing demands for financial credibility — from investors, lenders, or European grant providers — and seek a form of professional verification that is both credible and proportionate.

Under this context, some key trends shaping the future of audit and assurance for SMEs and micro-entities include:

• Modular and scalable assurance services — tailored specifically to smaller businesses through flexible formats such as agreed-upon procedures (AUPs), limited reviews. This enables small and micro-entities to obtain professional services  focused on specific risks or on reporting areas, without the cost of a full audit.
• Standardized and template-based engagements — using structured methodologies and digital templates (such as VSME for voluntary sustainability reporting) to deliver consistent, high-quality outcomes while keeping engagements efficient and affordable.
• Growing demand for ESG and sustainability assurance — even among smaller companies, as banks, investors, and supply chains increasingly require verified sustainability or carbon data to support lending, procurement, or compliance decisions.
• Digital transformation and automation — with cloud accounting, data analytics, and AI-assisted testing allowing auditors to review transactions more efficiently, reduce manual work, and improve the quality of insights provided to Small and micro entities.
• Transparent pricing models — offering micro and small entities clear, tiered service options aligned to their size, complexity, and assurance needs, helping to ensure proportionality and predictability in costs.
• Collaborative based approaches — where professional bodies, regulators, and technology providers develop shared tools, guidance, and digital platforms to support the consistent delivery of proportionate assurance across the SME sector.
• Focus on education and capacity building — as professional organizations invest in training auditors to apply simplified, risk-based standards (like the new ISA for Less Complex Entities) effectively while maintaining the integrity and credibility of the assurance process.
• Use of new data sources introduced through fiscal legislation — such as the SAF-T declaration — is becoming an emerging trend in the Romanian audit landscape. As companies are now required to submit extensive, standardized financial and tax data in electronic format, auditors have access to richer, structured datasets directly from client systems. The SAF-T file (Standard Audit File for Tax) enables more efficient analytical procedures, automated reconciliations, and risk assessments, significantly improving both audit quality and efficiency.

For small and low-revenue companies, proportional assurance need not mean “cheap” — it means fit for purpose. By combining scalable methodologies, digital efficiency, and ethical fee-setting, auditors across Romania and CEE can provide credible verification that aligns with client needs and market realities, without imposing corporate-scale costs.

© 2025 cij.world