A statutory audit is a legally required independent examination of a company’s financial statements. Thresholds based on revenue, total assets, and employee count determine who must comply. Requirements vary by country, and multinational groups must satisfy both local subsidiary rules and consolidated group audit mandates.
The statutory audit is where accounting meets law: a company above certain size thresholds must have its financial statements independently audited, whether it wants to or not. This guide explains the triggers, the rules across major jurisdictions, what exemptions exist, and how multinational groups manage the complexity of multiple local requirements alongside a consolidated group audit.
What triggers a statutory audit?
Typically exceeding two of three criteria: revenue, total assets, and employee count. Exact thresholds differ by country.
Can small companies be exempt?
Yes. Most jurisdictions exempt companies below threshold, though banks, insurers, and listed companies are always subject to audit regardless of size.
What happens if you fail to file an audited report?
Penalties range from fines and director disqualification to criminal prosecution, depending on the jurisdiction and severity.
What is a statutory audit?
A statutory audit is an independent examination of a company’s annual financial statements required by law. The external auditor — a licensed firm appointed under the applicable companies act — issues an opinion on whether the statements give a true and fair view in accordance with the relevant accounting framework. This opinion is filed publicly alongside the financial statements.
The statutory audit serves the public interest: shareholders, creditors, employees, and tax authorities all rely on audited numbers. It is distinct from a voluntary audit that a company might commission for internal purposes or lender confidence. The legal obligation means the audit must happen on time, to professional standards, and by a registered auditor — with consequences for failure.
How do thresholds work across jurisdictions?
Most countries use size criteria — typically revenue, total assets, and average employee count — to determine which companies need a statutory audit. A company that exceeds two of the three thresholds for two consecutive years is generally caught. Thresholds vary significantly: the EU’s standard thresholds differ from Turkey’s, which differ from the UK’s or the Balkans’.
For example, Turkey’s independent audit obligation under TTK (Turkish Commercial Code) applies to companies meeting criteria set by the Council of Ministers, with different thresholds for full audit versus limited review. In the Balkans, each country — Serbia, North Macedonia, Albania — sets its own local thresholds aligned with EU-harmonized law but with national variations. Managing these differences is a core challenge for any multinational finance team.
Which companies are always subject to audit?
Certain entities face mandatory audit regardless of size: listed companies, banks and financial institutions, insurance companies, pension funds, and state-owned enterprises. Their systemic importance or public accountability demands independent assurance irrespective of revenue or headcount thresholds.
In practice, this means even a small subsidiary of a listed group may need a statutory audit if local law catches it through the parent’s status. Finance teams managing cross-border groups must map each entity against both local threshold rules and sector-specific mandates — a task closely linked to the international finance complexities of multinational operations.
What exemptions exist for small companies?
Small companies below threshold can usually opt out of a statutory audit, though the exemption is often lost if any shareholder holding more than a minimum percentage requests an audit. Some jurisdictions also exempt dormant companies or micro-entities from audit but still require filing abbreviated accounts.
Opting out saves audit fees but has costs: lenders may require audited accounts as a loan covenant, buyers in a sale process expect them, and tax authorities may scrutinize unaudited accounts more closely. For a small company expecting growth or external financing, maintaining a voluntary audit often pays for itself in credibility and smoother future processes.
How do multinational groups handle multiple statutory audits?
A multinational group faces statutory audit requirements in every country where it has a subsidiary above threshold. This creates a coordination challenge: local audits must comply with local standards and timetable, while the group audit needs consistent, timely information for the consolidated financial statements.
Groups typically appoint a global audit firm with local offices to ensure consistency and ease of communication. The group auditor relies on component auditors’ work, with instructions specifying materiality, scope, and reporting format. Internal audit supports this by providing assurance over controls at subsidiaries where the external auditor’s local coverage may be light — exactly the coordination between external and internal audit that a strong audit committee oversees.
What are the consequences of non-compliance?
Failing to obtain a required statutory audit, or filing late, triggers penalties that escalate with severity and jurisdiction. Common consequences include financial fines on the company and its directors, disqualification of directors from holding office, criminal prosecution in serious cases, and public filing of non-compliance that damages the company’s reputation.
In practice, late filing also delays dividend distribution, blocks certain corporate actions, and creates friction with banks and counterparties who rely on audited accounts. For multinational groups, a single subsidiary’s non-compliance can create reputational and regulatory contagion at the group level — a risk that should feature in the group’s risk assessment and internal audit coverage.
How are audit standards evolving?
Audit standards are moving toward greater transparency, enhanced auditor reporting, and closer attention to going concern and fraud. The expanded auditor’s report — now standard in many jurisdictions for public-interest entities — discloses key audit matters, giving stakeholders insight into the auditor’s judgments rather than just a binary opinion.
Regulators are also tightening rules on audit firm rotation, non-audit services, and public oversight of audit quality. These changes aim to address the perception gaps exposed by corporate failures: stakeholders expect auditors to catch fraud and predict failure, but traditional audit standards were not designed for that. The evolution gradually closes the expectation gap, making the statutory audit more relevant to the assurance needs of modern governance.
How do statutory audit requirements interact with tax audit obligations?
In many jurisdictions, including Turkey and the Balkans, tax authorities have their own audit and inspection powers that run parallel to the statutory financial audit. A company may face both a statutory audit of its financial statements and a separate tax audit examining compliance with corporate income tax, VAT, and withholding obligations.
The two audits use different standards and serve different purposes, but they draw on overlapping data. Discrepancies between statutory financial statements and tax returns invite scrutiny from both auditors. Finance teams managing both processes should ensure the financial statements and tax filings are reconciled and consistent, a discipline that links directly to the broader auditing and KPIs framework this hub covers.
What are the special rules for group audits under ISA 600?
ISA 600 governs how a group auditor manages the audit of consolidated financial statements when component auditors (local firms) audit individual subsidiaries. The group auditor must evaluate component auditors’ work, set materiality for each component, and take responsibility for the group opinion, even when relying on local firm results.
For multinational groups, ISA 600 creates a quality control layer: the group auditor sends detailed instructions to component auditors specifying scope, materiality, and reporting requirements, then reviews their work before signing the consolidated opinion. Where component auditor quality is uncertain — common in jurisdictions with less mature audit markets — the group auditor may perform additional procedures or visit the subsidiary, adding time and cost that should be budgeted for.
How are statutory audit deadlines enforced?
Most jurisdictions set filing deadlines — typically three to six months after year-end for financial statements and the auditor’s report. Late filing triggers automatic penalties that escalate with delay: fines, late filing notices on public records, and in serious cases, court proceedings or director disqualification.
For multinational groups, the challenge is that subsidiary deadlines may fall before the group deadline, creating a sequential dependency: if a subsidiary misses its local deadline, the group consolidation and audit are disrupted. A finance calendar that maps every entity’s statutory deadlines, aligns with the group close timetable, and builds in buffer time is essential. This planning mirrors the broader audit preparation discipline that controls cost and stress across the annual cycle.
How do audit requirements differ for public-interest entities?
Public-interest entities (PIEs) — typically listed companies, banks, and insurers — face the strictest statutory audit rules: mandatory firm rotation, expanded auditor reporting with key audit matters, tighter restrictions on non-audit services, and oversight by a public audit regulator rather than the profession alone. These enhanced requirements reflect the entities’ systemic importance.
For finance teams at PIEs, compliance is not optional and failures are public: regulatory inspection reports are published, audit committee reports are filed, and deviations from standards attract enforcement action. Even subsidiaries of a PIE may be pulled into enhanced requirements by association. Understanding which entities in a group qualify as PIEs — and which rules cascade — is a compliance mapping exercise that finance leaders should revisit annually.
What practical steps ensure compliance across a group?
Compliance across a multinational group starts with a statutory audit compliance matrix: each entity listed against its jurisdiction, the applicable audit requirement, the threshold status, the assigned auditor, and the filing deadline. This matrix is maintained centrally by group finance and reviewed by the audit committee quarterly.
Ownership changes, growth past thresholds, and regulatory updates all change the matrix, so it must be dynamic. Assigning a named responsible person for each entity’s statutory obligations prevents the common failure where a subsidiary misses its filing because nobody at the group level was tracking it. This discipline is the statutory-audit equivalent of the risk-based planning that governs internal audit coverage.
How should companies prepare for threshold changes?
Governments periodically revise statutory audit thresholds — sometimes raising them to reduce compliance burden on small businesses, sometimes lowering them to increase transparency. Companies near the threshold should monitor regulatory developments in every jurisdiction where they operate and model the impact of proposed changes on their audit obligations.
Proactive monitoring prevents two costly surprises: losing an exemption unexpectedly (triggering the need for an auditor mid-year) or gaining one without realizing it (paying for an audit that is no longer required). For multinational groups, this monitoring extends to each subsidiary independently, since threshold changes are national and may not be announced with much lead time. Including threshold tracking in the statutory audit compliance matrix described earlier ensures nothing falls through the cracks.
How does the audit obligation relate to corporate governance codes?
Corporate governance codes in many countries go beyond the minimum legal audit obligation, recommending or requiring listed and large companies to establish audit committees, conduct annual external quality assessments, and disclose the auditor’s non-audit fees. These codes create a higher bar than the statutory minimum and signal to investors that the company takes governance seriously.
For multinational groups, governance codes vary by listing jurisdiction but increasingly converge on core principles: independent audit committee oversight, auditor rotation, and transparent disclosure. Compliance is typically “comply or explain,” meaning the company can deviate but must publicly justify doing so. Finance leaders should understand which codes apply to each entity and how local governance obligations interact with the group’s own standards, building this into the compliance matrix alongside statutory audit thresholds.
Frequently Asked Questions
What accounting standards apply to statutory audits?
Local GAAP or IFRS depending on the jurisdiction and entity type. EU-listed groups must use IFRS for consolidated accounts; subsidiaries may use local GAAP.
How long does a statutory audit take?
Typically six to twelve weeks of elapsed time for a medium-sized company, though planning starts months before year-end.
Can a company change its statutory auditor?
Yes, subject to notice periods and shareholder approval. Mandatory rotation rules apply in some jurisdictions for public-interest entities.
What is the difference between audit and review?
An audit provides reasonable assurance (high); a review provides limited assurance (moderate). The procedures and depth of evidence differ significantly.
Discover more from Kurums | Business Intelligence
Subscribe to get the latest posts sent to your email.
