The Audit Report Explained: What Every Section Means
Every section of the auditor’s report explained for Maltese directors: opinion, basis, going concern, key audit matters and responsibilities.
The Audit Report Explained: What Every Section Means
By the EGM Assurance Editorial Team . Last reviewed June 2026 . 9 min read
The auditor's report is one of the most widely circulated documents a company produces - filed publicly, read by banks, investors, suppliers and regulators - yet one of the least understood by the directors who receive it. Most read the opinion paragraph and stop. But the report is a carefully structured document in which every section has a defined purpose, and the layout itself was deliberately designed so that the most important information comes first. A director who understands the structure can read any audit report - their own or a counterparty's - and know exactly where to look and what each part is telling them.
This guide walks through the auditor's report section by section, in the order the sections actually appear, explaining what each one means and why it is there. It follows the structure set out in ISA 700 (Revised), the standard that governs the form and content of the auditor's report and which Maltese auditors apply. It is written for directors, not auditors: the aim is to make the report readable rather than to restate the standard. The position reflects general practice as at June 2026.
This article focuses on the structure of the report and the meaning of each section. The detail of the different opinion types - qualified, adverse and disclaimer - is covered in our companion guide on the types of audit opinion, to which we cross-refer.
1. Why the report looks the way it does
Before the 2016 reforms to auditor reporting, the auditor's report buried the opinion at the end, after pages of standard text about scope and responsibilities. Readers had to wade through boilerplate to reach the one thing they cared about. ISA 700 (Revised) changed that. The report now places the opinion first, immediately after the title and addressee, as a deliberate, user-focused design decision: the conclusion readers most need should not require scrolling past standard wording.
The reforms also added structured headings, a dedicated Basis for Opinion section, and - for listed entities - a Key Audit Matters section, all aimed at making the report more informative and more comparable across companies. The result is a report with a consistent, predictable order, which is what makes it possible to teach a director to read one. The sections below follow that order.
The single most useful thing to know about an audit report is that it is ordered by importance, opinion first. If you read nothing else, read the first two sections - the Opinion and the Basis for Opinion. Everything after them is context, responsibilities and standard wording that, while important, rarely changes from one clean report to the next. |
|---|
2. Title and addressee
The report opens with a title that includes the word "Independent" - "Independent Auditor's Report" - which signals that the auditor is independent of the company and distinguishes the report from any other communication in the annual accounts. It is then addressed to the intended readers, ordinarily the shareholders (members) of the company, because the statutory audit is performed on their behalf. The addressee matters: it confirms that the auditor's duty in the report runs to the shareholders as a body, not to management and not to individual third parties.
3. The Opinion section
The Opinion section comes first, by design. It identifies the financial statements that were audited - naming the company, the period, and each statement (the statement of financial position, the statement of comprehensive income, and so on) and the notes - and then states the auditor's conclusion. In an unmodified (clean) report, it states that, in the auditor's opinion, the financial statements give a true and fair view (present fairly, in all material respects) of the company's financial position and performance in accordance with the applicable framework (GAPSME or IFRS) and the Companies Act.
This is the heart of the report. Where the opinion is modified, the heading itself changes - to "Qualified Opinion," "Adverse Opinion" or "Disclaimer of Opinion" - so the nature of the opinion is visible at a glance from the heading alone. The mechanics of those modifications are covered in our companion guide on the types of audit opinion.
Read the heading of the Opinion section first. If it simply says "Opinion," the report is unmodified. If it says "Qualified," "Adverse" or "Disclaimer," the auditor is signalling a problem and you should read the Basis section that follows it with care. The heading does the first level of communication on its own. |
|---|
4. The Basis for Opinion section
ISA 700 (Revised) requires the Basis for Opinion section to follow the Opinion section directly, because it provides the essential context for the opinion just given. In a standard report it makes four points: that the audit was conducted in accordance with International Standards on Auditing; that the auditor is independent of the company in accordance with the relevant ethical requirements (referring to the IESBA Code and any local requirements); that those ethical responsibilities have been fulfilled; and that the auditor believes the audit evidence obtained is sufficient and appropriate to provide a basis for the opinion.
In a clean report this section is largely standard wording. Its importance rises sharply in a modified report, where it becomes the "Basis for Qualified/Adverse/Disclaimer of Opinion" section and sets out, specifically, what the problem was and - for misstatements - usually quantifies its effect. When an opinion is modified, this is the section that tells you why.
5. Material Uncertainty Related to Going Concern (where applicable)
Where the going concern basis of accounting is appropriate but a material uncertainty exists about the company's ability to continue as a going concern, and that uncertainty is adequately disclosed in the financial statements, the auditor includes a separate section headed "Material Uncertainty Related to Going Concern." It is placed immediately after the Basis for Opinion section and cross-refers to the relevant disclosure note; where a Key Audit Matters section also appears, it follows this going concern section.
Crucially, the presence of this section does not mean the opinion is modified. With adequate disclosure, the opinion remains unmodified - the section draws the reader's attention to an important uncertainty rather than qualifying the statements. It is one of the most commonly misread parts of a report, which is why it has its own heading and a fixed position. Going concern from the director's side is covered in our dedicated going concern guide.
A "Material Uncertainty Related to Going Concern" section sitting above a clean opinion is not a bad opinion. It is the auditor flagging a genuine uncertainty that the company has properly disclosed. Lenders and counterparties will read it, so the underlying disclosure should be clear - but the opinion itself remains unmodified. |
|---|
6. Key Audit Matters (listed and certain other entities)
For listed entities - and for other entities where law, regulation or the auditor's own decision requires it - the report includes a Key Audit Matters section under ISA 701. It describes the matters that, in the auditor's professional judgement, were of most significance in the audit of the current period, and for each one explains why it was significant and how the auditor addressed it. It is placed after the Basis for Opinion (and any going concern section).
Key Audit Matters are a transparency feature, not a criticism and not a modification of the opinion. They give readers insight into where the audit focused - the areas of higher risk, significant judgement or complexity. Most owner-managed Maltese private companies are not listed and will not have a Key Audit Matters section; directors of such companies will more commonly encounter it when reading the report of a larger counterparty.
7. Other Information
Under ISA 720 (Revised), where the company publishes an annual report containing information beyond the financial statements (a directors' report, a chairman's statement, and so on), the auditor's report includes an Other Information section. In it, the auditor explains that management is responsible for the other information, that the auditor's opinion does not cover it, and that the auditor's responsibility is limited to reading the other information and considering whether it is materially inconsistent with the financial statements or with the auditor's knowledge from the audit.
This section manages a common misunderstanding: that the audit covers everything in the glossy annual report. It does not. The audit opinion covers the financial statements; the other information is read for consistency but is not audited.
8. Responsibilities of management and those charged with governance
Every report includes a section setting out management's responsibilities, headed to reflect the entity's circumstances. It explains that management is responsible for preparing the financial statements and for being satisfied that they give a true and fair view; for the internal control necessary to enable the preparation of financial statements free from material misstatement, whether due to fraud or error; and for assessing the company's ability to continue as a going concern. Where applicable, it identifies the role of those charged with governance in overseeing the financial reporting process.
This section exists to make the division of responsibility explicit. The directors prepare the financial statements; the auditor expresses an opinion on them. It is one of the principal ways the report addresses the so-called expectation gap - the common but mistaken assumption that the auditor, rather than the directors, prepares the accounts or guarantees the absence of fraud.
The responsibilities sections are where the report draws a clear line: directors prepare the financial statements, maintain internal control and assess going concern; the auditor independently expresses an opinion on the result. This division is not a disclaimer - it is the legal architecture of an audit. Understanding it is what stops a director from assuming the auditor "signed off" on management's own work. |
|---|
9. Auditor's responsibilities for the audit
Paired with the management section is a description of the auditor's responsibilities. It states that the auditor's objective is to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue a report that includes the opinion. It explains, in standard wording, what reasonable assurance is and what a risk-based audit involves.
Two points in this section repay attention. First, reasonable assurance is expressly described as a high level of assurance but not a guarantee - an audit conducted properly will not necessarily detect every misstatement, particularly a well-concealed fraud. Second, the section describes the audit as risk-based and conducted with professional scepticism: the auditor identifies and assesses the risks of material misstatement and designs procedures to respond to them, rather than checking every transaction. To keep the report readable, much of this standard description may be placed in an appendix to the report or by reference to an external source, as the standard permits.
The auditor's responsibilities section is the source of the most important nuance in the whole report: reasonable, not absolute, assurance. An audit is a risk-based examination designed to detect material misstatement - not a guarantee that the figures are flawless or that no fraud exists. Both directors and the users who rely on the report should read the opinion with that calibration in mind. |
|---|
10. Report on other legal and regulatory requirements
In many jurisdictions, including Malta, the auditor has reporting responsibilities beyond the opinion on the financial statements, arising from company law. Where these exist, they are dealt with in a distinct section, separate from the opinion on the financial statements, typically headed "Report on Other Legal and Regulatory Requirements." Under the Companies Act, this commonly covers matters such as whether proper accounting records have been kept, whether the financial statements agree with the accounting records, and whether the information in the directors' report is consistent with the financial statements.
Keeping these matters in a separate section preserves the clarity of the primary opinion while still discharging the auditor's statutory reporting duties. For a Maltese company, this is the part of the report that connects the international auditing standards to the specific requirements of the Companies Act.
11. Signature, name, address and date
The report concludes with several formal elements, each carrying meaning. For listed entities, the name of the engagement partner is stated; for other entities its inclusion depends on law, regulation or the auditor's judgement. The report is signed in the name of the audit firm, the personal name of the auditor, or both, as required. The auditor's address (the location of the office) is given.
Why the date matters more than directors expect
The date of the report is not a formality. The auditor's report is dated no earlier than the date on which the auditor has obtained sufficient appropriate audit evidence on which to base the opinion - including evidence that all the statements making up the financial statements have been prepared and that those with authority have asserted responsibility for them. In practice this means the report cannot be dated before the directors have approved the financial statements. The date also marks the cut-off for the auditor's consideration of subsequent events: events after that date are generally outside the scope of the auditor's work on the report. Directors who understand this know why the auditor will not date the report until board approval and the final evidence are in place.
12. Modified report versus modified opinion - a key distinction
A point that regularly confuses directors is the difference between a modified report and a modified opinion. They are not the same thing. The opinion is the short conclusion in the Opinion section. The report is the whole document - several pages including responsibilities, basis, and possibly Key Audit Matters or an Emphasis of Matter paragraph.
A report can contain extra material - Key Audit Matters, an Emphasis of Matter paragraph, a Material Uncertainty Related to Going Concern section - without the opinion being modified at all. None of those elements change the opinion; they add context or draw attention. The opinion is modified only when the auditor issues a qualified, adverse or disclaimer of opinion, which changes the heading and the wording of the Opinion section itself. So the presence of an additional paragraph does not, by itself, mean anything is wrong with the financial statements. Always check the Opinion heading to see whether the opinion - as opposed to the report - has been modified.
Modified report and modified opinion are different things. The report can carry extra sections - Key Audit Matters, Emphasis of Matter, a going concern uncertainty - while the opinion stays clean. Only a qualified, adverse or disclaimer conclusion modifies the opinion, and that always shows in the Opinion heading. Check the heading before concluding anything is wrong. |
|---|
13. Frequently asked questions
Why does the opinion come first in the audit report?
By deliberate design. The 2016 reforms to auditor reporting (reflected in ISA 700 Revised) moved the opinion to the front, immediately after the title and addressee, so that the conclusion readers most need is reached immediately rather than after pages of standard text. The Basis for Opinion section then follows directly, giving the context for that opinion.
What is the difference between the audit report and the audit opinion?
The opinion is the short conclusion within the Opinion section - typically a single paragraph. The report is the entire document, which also contains the basis for the opinion, the responsibilities of management and the auditor, and possibly Key Audit Matters or an Emphasis of Matter paragraph. The opinion is part of the report. This distinction matters because a report can contain additional sections without the opinion being modified.
Does the auditor's report cover the whole annual report?
No. The audit opinion covers the financial statements and their notes. Where the company publishes an annual report with other information - a directors' report, chairman's statement and the like - the auditor reads that other information for material inconsistency with the financial statements but does not audit it. The Other Information section of the report explains this limit.
What does "reasonable assurance" mean in the report?
Reasonable assurance is a high level of assurance, but not absolute. The auditor's responsibilities section states this expressly. An audit is a risk-based examination designed to detect material misstatement; it is not a 100% check of every transaction and cannot guarantee that all misstatements, especially well-concealed fraud, will be found. A clean opinion is a high level of confidence in the financial statements, not a certificate of perfection.
Is a Key Audit Matters section a sign of a problem?
No. Key Audit Matters describe the areas that required the most auditor attention - higher risk, judgement or complexity - and explain how the auditor addressed them. They are a transparency feature for listed and certain other entities, not a criticism and not a modification of the opinion. Most owner-managed Maltese private companies will not have a Key Audit Matters section at all.
What is the Report on Other Legal and Regulatory Requirements section?
It is a separate section dealing with the auditor's reporting duties under company law, distinct from the opinion on the financial statements. For a Maltese company under the Companies Act, it commonly addresses matters such as whether proper accounting records have been kept, whether the financial statements agree with those records, and whether the directors' report is consistent with the financial statements.
Why can't the auditor date the report whenever they like?
Because the date has technical meaning. The report cannot be dated earlier than the date the auditor obtained sufficient appropriate audit evidence to support the opinion, which in practice cannot precede the directors' approval of the financial statements. The date also fixes the cut-off for the auditor's consideration of events after the reporting period. This is why the auditor will not finalise and date the report until approval and the final evidence are in place.
What does it mean that the report is addressed to the shareholders?
The statutory audit is carried out on behalf of the shareholders (members) as a body, and the report is addressed to them. This defines who the auditor's reporting duty in respect of the opinion runs to. It is not addressed to management, nor, as a general rule, to individual third parties who might happen to read it.
Our report has an Emphasis of Matter paragraph - is that bad?
Not in itself. An Emphasis of Matter paragraph (under ISA 706) draws attention to something already correctly disclosed in the financial statements that the auditor considers fundamental to users' understanding. It does not modify the opinion - the opinion can be, and usually is, clean. It is a signpost to an important note, covered more fully in our guide to the types of audit opinion.
Where should a director look first when reading an audit report?
Read the heading of the Opinion section, then the Opinion paragraph itself, then the Basis for Opinion. Those three tell you whether the opinion is clean or modified and, if modified, why. After that, scan for any Material Uncertainty Related to Going Concern section or Emphasis of Matter paragraph, and read the Report on Other Legal and Regulatory Requirements for the company-law points. The responsibilities sections are largely standard wording.
Related guides from EGM Assurance
Audit Findings and Management Letters in Malta 2026: How to Respond as a Director
Accounting Records in Malta 2026: Companies Act Requirements and Common Pitfalls
Authoritative references
ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements - IAASB
ISA 705 (Revised) and ISA 706 (Revised) - modifications, emphasis of matter and other matter - IAASB
Accountancy Profession Act (Cap. 281) - regulation of auditors in Malta
Need help? EGM Assurance provides statutory audit services in Malta - partner-led, transparent, on time. Get a quote.
Want help reading - or improving - your audit report? EGM Assurance helps directors understand exactly what their auditor's report says, prepare so the audit runs smoothly, and address anything that could affect the opinion. A clear report starts with well-kept records and a well-run audit. |
|---|
This article is prepared by EGM Assurance for general informational purposes and reflects the International Standards on Auditing as applied in Malta and general good practice as at June 2026. It is not legal or professional advice and does not describe the report on any particular set of financial statements. The form and content of an auditor's report depend on the specific facts of each engagement and the applicable requirements. Always discuss your audit report with your auditor.