Key points
- The Prüfungsbericht is a confidential document delivered to the supervisory board (Aufsichtsrat) and management. It is not published or filed with the Bundesanzeiger.
- HGB §321.1 sentence 3 requires the auditor to report any facts discovered during the audit that could substantially endanger the entity's continued existence or development.
- IDW PS 450 n.F. prescribes the report structure, including mandatory sections on accounting policies applied and entity-specific findings.
- Omitting or genericising the findings section exposes the signing Wirtschaftsprüfer to personal liability under HGB §323.
The copy-paste problem
A WPK peer reviewer opens a 45-page Prüfungsbericht for a mid-sized manufacturer and recognises full paragraphs from the prior year's report, right down to a reference to a loan facility that the client refinanced eighteen months ago. The findings section contains no current-year observations. At firms like ours, most practitioners have seen this pattern at least once, usually inherited from a predecessor engagement team that treated the report as a compliance exercise rather than a supervisory document. That single copied report can trigger a formal finding under the WPK's quality review system and expose the signing partner to personal liability under HGB §323.1.
This is the core tension with the Prüfungsbericht. It sits at the intersection of two pressures: HGB §321 demands entity-specific, current-year findings that genuinely serve the supervisory board's monitoring function, but the time budget rarely accounts for the hours required to write a 40-page report from scratch when the underlying business hasn't changed much. So teams fall back on templates. The result is a document that satisfies no one: too long for the Aufsichtsrat to read casually, too generic to be useful when they do.
A Prüfungsbericht is the long-form audit report that the statutory auditor (Wirtschaftsprüfer) must prepare under HGB §321, addressed to the supervisory board and management. It covers the audit's scope and findings along with the entity's net assets, financial position, results of operations, and risk exposures. It isn't the opinion itself (that's the Bestätigungsvermerk, governed by ISA [DE] 700). It is a separate, substantially longer document. If the supervisory board commissioned the audit (the usual case for medium and large corporations), HGB §321.5 requires the engagement partner (EP) to present the report to the supervisory board and, where one exists, to the audit committee simultaneously.
What the standard requires
IDW PS 450 n.F. translates the HGB §321 requirements into a detailed reporting framework. The standard prescribes sections on the engagement's subject matter, the accounting policies the entity applied, the auditor's risk assessment, and the procedures performed. §321.1 sentence 3 contains the "existence-threatening facts" clause: the auditor must report any circumstances discovered during the audit that could substantially impair the entity's continued existence or development. This obligation exists regardless of whether those circumstances triggered a going concern modification in the Bestätigungsvermerk.
For group audits, IDW PS 450 n.F. extends the reporting requirements to the Konzernprüfungsbericht (group audit report), including the auditor's assessment of the consolidation process and the work of component auditors under ISA [DE] 600 (Revised).
What actually happens
The standard says the Prüfungsbericht must contain entity-specific findings relevant to the supervisory board's monitoring function. What actually happens is that many reports recycle 80% of their text from the prior year, because the manager who drafts the report is writing it at 11pm during the final week of fieldwork and the path of least resistance is last year's file. In our experience, the sections that get genuinely updated are the financial figures table and the going concern assessment. Everything else (scope description, accounting policy summaries) tends to roll forward unless something went visibly wrong.
I think this is a structural problem, not a laziness problem, because the incentive structure punishes thoroughness. A 50-page report with original, entity-specific observations takes the project manager (PM) twelve to fifteen hours to draft and the EP another four to review. The fee for that work is embedded in the overall audit fee, which the client is already pushing to reduce. Nobody gets rewarded for writing a better Prüfungsbericht. The supervisory board members who receive it often don't read past the summary section.
Worked example: Schäfer Elektrotechnik AG
Client: German electronics manufacturer, FY2025, revenue EUR 310M, IFRS reporter (consolidated), HGB reporter (Einzelabschluss). The statutory audit is performed by a mid-sized WPK-registered firm. The Aufsichtsrat commissioned the audit.
Structure the report per IDW PS 450 n.F.
The EP opens the report with a section on the engagement's subject matter and scope. The Prüfungsbericht covers both the Jahresabschluss (HGB Einzelabschluss) and the Lagebericht (management report). Schäfer's balance sheet total is EUR 195M and revenue is EUR 310M, placing it firmly in the "large" category under HGB §267.3.
Report on accounting policies and key findings
The auditor describes Schäfer's revenue recognition policy (percentage-of-completion on long-term contracts with defence customers, EUR 87M of the EUR 310M total) and the pension provisions of EUR 24M calculated using projected unit credit under HGB §253.1 sentence 2 with a 10-year average discount rate of 1.74%. A separate section covers the capitalised development costs of EUR 6.2M under HGB §248.2. Each area includes the audit procedures performed and the findings.
The complication
The auditor flags that two contracts (combined value EUR 19M) relied on cost estimates from subcontractors that Schäfer had not independently verified. The PM wants to note this as an observation without characterising it as a deficiency, because the client relationship is strong and the controller has already promised to obtain independent quotes next year. The EP disagrees. She includes a finding that Schäfer's cost estimation process for subcontracted components lacks independent verification, and that this creates a risk of material misstatement in the percentage-of-completion revenue recognised on these contracts. The file should tell a story, and in this case the story is that EUR 19M of revenue recognition depends on third-party estimates that nobody at Schäfer has tested.
This is where the Prüfungsbericht earns its weight.
A generic statement ("revenue recognition policies were applied consistently") would have satisfied the template. The specific finding about unverified subcontractor estimates is the kind of observation that actually helps the Aufsichtsrat do its job.
Address existence-threatening facts under §321.1 sentence 3
Schäfer has a EUR 40M syndicated loan maturing in September 2026. The debt-to-equity ratio stands at 2.1x and the interest coverage ratio at 4.8x. The auditor evaluates management's refinancing plan (a term sheet from two banks covering EUR 45M) and concludes that no existence-threatening facts require disclosure under §321.1 sentence 3. The Prüfungsbericht states this conclusion explicitly, including the basis for the assessment, because a bare "no existence-threatening facts identified" without supporting analysis is exactly the kind of sentence a WPK reviewer will circle in red.
Present the report to the Aufsichtsrat
HGB §321.5 requires the auditor to present the Prüfungsbericht to the supervisory board. The EP schedules a presentation to the Aufsichtsrat's audit committee, walking through the key findings and the going concern assessment. The signed report is delivered before the supervisory board meets to approve the financial statements. Two Aufsichtsrat members ask about the subcontractor cost estimates. The EP explains the risk and the recommended remediation. That conversation wouldn't have happened if the finding had been genericised.
Where reasonable practitioners disagree
There's a genuine split among German practitioners on how much detail to include in the Prüfungsbericht's findings section. One camp argues that the report should be exhaustive: every significant audit finding, every management representation that deviates from the auditor's initial expectation, every adjustment proposed whether or not accepted, and every analytical procedure that yielded an unexpected variance. Their reasoning is that HGB §321.1 sentence 2 sets a broad standard ("relevant to the supervisory board's monitoring function") and that erring on the side of completeness protects the auditor if the company later fails. The other camp argues that overwhelming the Aufsichtsrat with fifty pages of findings ensures they read none of them, and that a focused report covering three to five material issues with genuine analysis serves the supervisory board better than a catalogue. Both positions have merit. I lean toward the focused approach because a report nobody reads protects nobody, but I understand the defensive logic of the exhaustive version.
The §321.1 sentence 3 trap
In theory, every Prüfungsbericht contains this assessment. In practice, some firms bury it in the scope section where it reads like boilerplate rather than placing it in a dedicated subsection with the supporting analysis. Appears reasonable. Waive further pursuit. That's the implicit logic, but it's wrong, because the WPK expects the assessment to be visible, specific, and traceable to the auditor's analysis of the entity's financial position.
Why does practice diverge from the standard here? Because the §321.1 sentence 3 assessment feels redundant when the going concern conclusion is clean. Auditors reason that if there's no problem, there's nothing to write about. But HGB §321 doesn't condition the obligation on the outcome. It conditions it on the audit having been performed. The assessment must appear regardless.
Prüfungsbericht vs. Bestätigungsvermerk
| Dimension | Prüfungsbericht (HGB §321 / IDW PS 450 n.F.) | Bestätigungsvermerk (ISA [DE] 700) |
|---|---|---|
| Purpose | Detailed reporting on the audit's scope and findings, plus the entity's financial position, addressed to the supervisory board | Short-form audit opinion on whether the financial statements give a true and fair view |
| Audience | Supervisory board, management, audit committee (confidential) | Public (published with the financial statements and filed with the Bundesanzeiger) |
| Going concern content | Must state whether existence-threatening facts were identified (§321.1 sentence 3), regardless of outcome | Reports going concern modifications or material uncertainty paragraphs per ISA [DE] 570 |
| Typical length | 20 to 80 pages depending on entity size | 2 to 5 pages |
| Legal basis | HGB §321 | HGB §322, ISA [DE] 700 |
This distinction matters when a supervisory board member reads only the Bestätigungsvermerk and assumes the audit is fully documented there. It isn't. The Prüfungsbericht contains the detailed findings and the risk assessment rationale that the short-form opinion omits entirely.
Related terms
Related reading
Frequently asked questions
Is the Prüfungsbericht the same as the Bestätigungsvermerk?
No. The Bestätigungsvermerk is the short-form audit opinion issued under ISA [DE] 700, published alongside the financial statements. The Prüfungsbericht is a confidential long-form report under HGB §321, delivered only to the supervisory board and management. It contains the auditor's detailed findings and the §321.1 sentence 3 going concern assessment, along with the full scope description and accounting policy analysis. Both documents are mandatory for every statutory audit under HGB §316.
Who receives the Prüfungsbericht?
HGB §321.5 requires the auditor to present the Prüfungsbericht to the entity's legal representatives (Geschäftsführung). If the supervisory board (Aufsichtsrat) commissioned the audit, the report goes to the supervisory board and any audit committee simultaneously. The Prüfungsbericht is not filed with the Bundesanzeiger and is not publicly available. Banks and other creditors sometimes request it contractually, but the auditor may only release it with the entity's consent.
Does the IDW PS KMU simplify the Prüfungsbericht for smaller entities?
Yes. IDW PS KMU (March 2025) introduced a condensed Prüfungsbericht format for audits of smaller, less complex entities. The HGB §321 requirements still apply in full, but IDW PS KMU allows the auditor to condense the report structure where the entity's size and complexity do not warrant the full IDW PS 450 n.F. treatment. The auditor must document why the simplified format is appropriate.