Preparing for your first external audit is almost a rite of passage for growing companies. It signifies that you have meaningful money flowing in and out of the business.
Whether the audit is initiated by your current investors, potential partners, or the government, it’s essential to prepare fully. You need this process to be (relatively) quick and painless, and you certainly don’t want any unpleasant surprises.
This article shares the most helpful audit preparation steps you can take, and identifies plenty of pitfalls to avoid.
What is an audit?
An audit is an inspection of your financial statements and business practices, usually by an independent body (the auditor). It ensures that your company has the appropriate controls and risk mitigation measures in place, and that what your fiscal reports are accurate.
Audits can be internal or external. Internal audits are just for your company’s own use - there is no obligation to run one and the results don’t need to be shared. External audits are the ones most people worry about, and are legally required in many circumstances.
Types of audit
There are four main types of audit:
Compliance audits: The classic example of being audited, compliance audits are done by tax authorities, regulatory auditors, and other third parties (such as banks). They check that you’re compliant with laws, regulatory requirements, and contracts.
Financial statement audits: Led by CPs, these assess your compliance with key reporting and accounting standards (such as GAAP or IFRS).
Forensic audits: Most likely triggered after an irregularity is identified, these look closely at your financial records and transactions for fraud or other inappropriateness.
Operational audits: Often purely internal, these look at your finance performance and processes to evaluate how effective you are as a business.
The type of audit your business is subject to depends on the regulations you’re subject to, and the reasons why you’re being audited.
When do you need to do an audit?
So when might a company need an audit? That depends on your corporate structure and jurisdiction.
In the UK, the following companies must be audited:
Public companies
Subsidiary companies
Companies involved in insurance or banking
Electronic money issuers, MiFID investment firms, and UCITS management companies
Corporate bodies whose shares have been traded on a regulated market
Pensions and labour relations bodies, and funders of master trust pensions schemes
Special register bodies
Private companies must be audited when two of the following criteria are met:
They have more than 50 employees
Turnover exceeds £10.2 million
Company assets total more than £5.1 million
But audits can arise for a variety of other reasons not listed above.
Common reasons for audit
Mergers and acquisitions. If you’re preparing to be acquired, or to merge with another business, the other party certainly wants to ensure that your finances and processes are in order.
New funding rounds. Seed and early series funding doesn’t usually necessitate an audit - you probably don’t have real finance processes at this point anyway. But as the rounds get larger, VCs need to know that you have the systems to handle a major cash injection without getting into trouble.
Preparing for IPO. Public companies must be audited, which means that companies preparing to go public must as well.
Tax issues or anomalies. If you file tax returns that seem out of the ordinary, the government may trigger an audit for more information. This could include missing or erroneous documents in your return, high levels of unexplained expenses, or simply a very low tax bill against high revenue or profits.
Sudden, rapid growth. Success puts a spotlight on you. If you suddenly see huge revenue growth, the tax inspectors may want to ensure that everything is above board and explainable.
Shareholders require it. Shareholders need to know that their money is in safe hands, and may want an audit as proof. This requires 10% or more of shareholders to request it.
You receive government funding. In some cases, the quid pro quo for extra government funding is that you’re transparent with your finances.
How to prepare for audit
In the vast majority of cases, a successful audit is swift, straightforward, and portrays your company’s financial situation and performance exactly as you expected. In other words, quick and painless.
So it’s in your best interests to ensure that:
Nothing slows the process down
There are no unexpected surprises
Here are a few keys to audit planning to (hopefully) ensure these criteria are met.
1. Understand the purpose and scope of the audit
We saw above the different kinds of audit and the potential reasons for conducting one. Not all audit processes are the same, nor are the expected findings.
The (relatively) simple first step in audit preparation is to clearly determine:
Why you’re being audited
What’s expected to be produced, verified, or examined
When the due date for audit findings is
What time period the audit covers
The standards that your audit should adhere to (more on this below)
Make sure that everyone involved understands the above. It’s an obvious first step in the process, but important nonetheless.
2. Select your auditor
In most cases, your choose your own external auditor. Broadly speaking, you have two options:
The “Big Four”: Deloitte, PwC, EY, and KPMG. Others like Grant Thornton, BDO, and Mazars are right there with them. These are essentially the default choice for many businesses because of their name recognition and long track record.
Local or specialist firms. These might be the right choice either for price reasons, or because they’re particularly suited to companies like yours. You of course need to ensure that they’re a respected, professional organisation, and that they’ll meet the competency requirements for your particular audit.
You’ll be working hand in hand with your firm of choice onsite, for weeks or even months. Be sure that they’re worth the money, but also that you’ll get along and collaborate effectively.
Auditors also have to meet specific standards. In the UK, these are governed by the Financial Reporting Council and are known as ISQC, ISQM, and ISA standards. In the US, you have standards defined by either the American Institute of Certified Public Accountants (AICPA) or the Public Company Accounting Oversight Board (PCAOB).
Obviously, your auditors need to meet the standard required for your specific audit.
Finally, your auditor can’t be an officer or employee of the company or an associated company, or the partner of someone who is. In other words, they need to be independent.
3. Get your documents in order
At its most basic, a financial audit involves going through a lot of paperwork, spreadsheets, and other financial records. Ideally you’ll have everything in one accounting software or a similar source of truth. The less physical paper an auditor has to handle, the better.
Except for narrow-focus operational audits, the essential documents required will always be the same.
Documents to gather include:
Core financial statements: balance sheets, income statements, cash flow statements.
Your general ledger, with all journal entries reviews and approved before posting.
A clear audit trail for every company transaction, including bank statements and other supporting documentation.
Loan documents and financing agreements.
Shareholder equity records.
Annual budgets and financial forecasts
Obviously you want these to be accurate, up to date, and painting the correct picture of your business. Incomplete or error prone financial documents are at best sloppy, and can uncover significant issues that auditors are obliged to report on.
Again, you need to ensure that these documents are organised well in advance so that the audit can move swiftly.
4. Review your business processes
Another obvious fact: if you’re not clear on how your business is run, auditors will also be confused.
In particular, review and pin down your:
Internal control systems, including who approves transactions and how payments are made
Management system and corporate hierarchy
Obvious process gaps. It may be too late to implement corrective actions before the audit begins, but knowing where you need to focus in future can be helpful. No business is perfectly run, and that’s not what your audit hopes to prove, anyway.
5. Prepare stakeholders
Most companies will have their finance team and especially accountants lead the audit process. Many accountants and CFOs have a background in audit and thus know what to expect. But the same cannot be said for the vast majority of the company.
Senior management, compliance and risk management officers, your legal team, and other “ordinary” employees may be called into the process. These should be subject matter experts on particular aspects of your internal control systems and business processes.
Particularly if it’s their first time, it pays to prepare them for what to expect. And don’t forget: they have their normal jobs to think about.
They should understand:
Why the audit is taking place, and what a successful audit looks like for the company
Why they’re involved, and how their role relates to the audit
What kinds of documents or information they could prepare in advance
You need to avoid costly misstatements, even where these aren’t actively harmful. You may send auditors down a rabbit hole based on a slip of the tongue.
If nothing else, you don’t want to lose time in a long process because stakeholders aren’t ready.
6. [If possible] Conduct an internal audit
This is obviously resource-intensive and may not be required in most cases - particularly if you’re audited regularly. But if your external audit report is truly crucial, the best way to prepare is with a dress rehearsal.
If you have experienced auditors in house (likely in your accounting team), they can walk through the process and highlight anything concerning. You might also bring in a consultant - even a Big Four firm - in advance of the “real” audit to do the same thing.
Ideally, this audit would include all the same rigour and standards as the external audit. The good news is that it’s not legally required and you’re not obliged to publish or share the results.
So if there are some major issues to clear up, you can keep that in house.
How to stay ready for audit
There’s a common saying that applies in many walks of life: “stay ready so you don’t have to get ready.” Avoid the mad dash and audit stress by keeping financial documents up to date at all times, and a clear audit trail of all transactions.
To do this, there are a few crucial factors:
Digitise everything, and go digital native wherever possible. That means no more paper receipts or invoices, no physical in trays, and no filing cabinets. Cloud accounting tools are your best friend.
Reduce manual data entry and eliminate basic errors. Linked to the previous point, if you have to regularly have to copy large amounts of data from source to source - by hand - that should be a serious red flag. Tools with OCR technology can now extract information from scanned documents directly, so you shouldn’t have people manipulating data.
Automate reconciliations. Every finance team finds the year-end accounting period stressful. But it’s far easier and faster if you don’t have to reconcile payments against bank statements line by line.
Integrate your finance tools. The more connected your tool stack is, the less likely you are to have inconsistencies between them. Plus, it’s just easier to find the information you need.
Stay out of process debt. Perhaps the most important point, don’t let small issues grow into major problems. Paper receipts are an obvious example: processing a handful today may be no big deal, but in six months’ time you could have hundreds. As the saying goes, a stitch in time saves nine.
While often scary and draining, an audit is essentially a sanity check. And you probably know whether your business has skeletons in the closet or runs on processes you wouldn’t be proud of.
If that’s true, fix those issues long before the audit arrives. If you don’t know, that’s a good sign that you’re not ready for audit.