The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

No human verification has been conducted of the converted content.
While we strive for accuracy errors or omissions may exist.
This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Audit Quality Review: Key findings and good practice

Introduction

This report sets out the key findings and good practice we identified and reported privately to firms and Audit Committee Chairs in the 2023/24 and 2024/25 inspection cycles. These relate to the audits the Financial Reporting Council's (FRC's) Audit Quality Review team inspected at the twelve largest audit firms. The findings have been anonymised in view of the statutory confidentiality requirements that apply to the individual inspection reports. The report provides a summary of the findings and provides links to the separate Appendix containing the detailed anonymised findings for each section. The audits inspected were from entities that had financial year-ends in the period 30 June 2022 to 31 May 2024 (inclusive). This report builds on our published Annual Review of Audit Quality and the six audit firm reports for both inspection cycles included in this report.

We categorise the audit of each completed inspection into one of four grades:

Grade 1 - Good Grade 2 - Limited improvements required Grade 3 - Improvements required Grade 4 – Significant improvements required

We have only included in this report the findings assessed as being key in an inspection. A key finding relates to the sufficiency or quality of the audit evidence obtained, the appropriateness of key audit judgements or another important matter. One or more key findings will lead to an overall audit quality assessment of 'Improvements required (3)' or 'Significant improvements required (4)', depending on their significance. Any other findings will, on their own, result in an overall quality assessment of 'Limited improvements required (2)' only (regardless of the number). Further details on the audit quality categories can be found on our website.

We typically identify good practice in our individual audit inspections when we observe robust or innovative ways in which an audit team has addressed a requirement or responded to the specific circumstances and challenges of the audit.

By sharing key findings and good practice from our inspections, this report aims to provide audit firms and their teams with recent and relevant inspection findings. These key findings and examples of good practice are intended to support audit firms and their teams in evaluating whether changes may be appropriate to their methodologies or audit practices at an engagement or whole firm process and control level, including their system of quality management ¹. The findings will not be relevant for all audit firms or in every circumstance but may help mitigate the risk of similar issues arising, as identified in the key findings, or enable the adoption of good practices that could enhance the effectiveness and quality of the firm's overall audit approach. We have published additional reports that highlight good practices, common pitfalls, key considerations and illustrative examples of processes within a firm's system of quality management ².

This report will also assist Audit Committee Chairs and other stakeholders in understanding the significance of our key findings, as well as how firms are responding by demonstrating good practices that reinforce audit quality.

Thematic areas

To support clearer insights and more targeted action planning, we have grouped the key findings and good practices identified during our inspections into the thematic areas listed below. This structure is designed to help firms and stakeholders navigate the report more effectively and consider how the observations may inform their own audit approaches and systems of quality management.

Horizontal bar chart showing percentage of good practice and key findings identified by various themes. Themes include Impairment of non-current assets, Provisions including expected credit losses (ECL), Revenue recognition, Valuation of assets and liabilities, Inventory, Quality management, Financial services excluding ECL, Planning and risk assessment, IT testing, Group audit oversight, Journal testing, Going concern, and Disclosures and reporting. Each theme shows bars for "Good practice" and "Key findings" with percentages ranging from 0% to 30%.

Horizontal bar chart showing percentage of good practice and key findings identified by various themes.

Our inspection approach and how we report

Our inspections of individual audits focus on the quality of the audit work performed in the specific areas we select for review. This includes the sufficiency and appropriateness of the audit evidence obtained and the appropriateness of the key audit judgements made by the audit engagement partner and their team.

For each inspection, we issue a confidential report to the audit engagement partner and the Audit Committee Chair, or other person with equivalent governance responsibilities. This sets out the scope of our review, any key or other findings and the actions the firm proposes to take to address these, plus any good practices that we identified in specific areas. In addition to the report, we offer follow-up calls with the Audit Committee Chair to discuss the findings in more detail, provide further context, and support their understanding of the implications for audit quality.

Our inspection reports distinguish between any key findings arising and other findings. They will include good practice if it has been identified.

Key aspects of the audit process

The requirements and obligations of an auditor for each phase of the audit are set out in the International Standards on Auditing (UK) and in the Ethical Standard issued by the FRC.

As noted in our What is an audit? publication every audit is different, as every audited entity is different. However, there are some principles that are foundational to all audits, which are explained below.

Independent

To fulfil its primary purpose of enhancing confidence in the financial statements, the auditor must be, and be perceived to be, independent. This gives the intended users confidence that the auditor will have the willingness to challenge management where appropriate, and conduct a robust audit.

Professional scepticism

Professional scepticism is a core part of an auditor's mindset. It is characterised by a willingness to challenge and inquire, to look for contradictory as well as corroborative evidence and to critically assess information.

Risk based

Audits are fundamentally risk based. This means that the auditor will allocate more time and resources to transactions, balances and disclosures that have a higher risk of material misstatement. This principle is the source of most of the proportionality that is inherent in an audit.

The following summary, taken from our What Makes a Good Audit? publication, highlights some of the key aspects that, when done well, contribute significantly to the delivery of a good audit.

Risk assessment and planning

Careful risk assessment
Timely planning
Knowledge and understanding
Informed expectations
Auditors responsibilities relating to fraud
Appropriate resources
Planning analytical review
Planning the group audit
Communicated to those charged with governance

Execution

Fieldwork must execute the agreed audit plan
Appropriate oversight and direction
Proportionate approach to higher risk engagements
Audit documentation tells the story
Professional scepticism and challenge of management
Specialists and experts appropriately involved
Sufficient group oversight
Consultation and oversight

Completion and reporting

Assess that sufficient, appropriate audit evidence has been obtained
Communicate matters of interest

1. Impairment of non-current assets

Importance for audit quality

Non-current assets are expected to generate economic benefits over more than one financial year and are subject to impairment testing. They typically include property, plant and equipment, intangible assets (such as brands, patents and goodwill), right-of-use assets, and investments in subsidiaries, associates and joint ventures.

Impairment of such assets (and their reversal) is inherently subjective, influenced by numerous estimates and inputs. Changes in key assumptions can result in a material impact on an impairment.

As the accuracy of impairment is often assessed as a significant risk and a key audit matter by audit teams, auditors must perform robust procedures to evaluate how management assess impairments, testing the integrity of impairment models prepared by management and corroborate and challenge the key assumptions applied within these. Challenge is needed to ensure management's assumptions are reasonable and supportable, especially in areas such as forecasted revenue growth and margins, terminal growth rates, discount rates applied for value-in-use models, and the robustness of sensitivity analyses and headroom calculations.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Impairment of non-current assets).

Key findings

Pie chart showing the analysis of key findings in the area of impairment of non-current assets: - Challenge and evaluation of management assumptions: 68% - Accuracy of management's impairment models: 18% - Use or evaluation of experts and data: 9% - Recoverability of the parent company's investments in subsidiary undertakings: 5%

Challenge and evaluation of management assumptions

Lack of challenge of management over short-term cash flows, terminal growth rates, corporate asset allocations and cost assumptions in impairment models.
Insufficient assessment of how forecasting risk had been incorporated into management's valuation, either through the discount rate or the cash flows.

Accuracy of management's impairment models

Inadequate testing over the accuracy of management's impairment models and not identifying material errors in them.

Use or evaluation of experts and data

Obtained inadequate reporting from the auditor's expert to be able to challenge, corroborate and conclude on the appropriateness of the key assumptions used in the valuation

Recoverability of the parent company's investments in subsidiary undertakings

Not adequately assessing, nor challenging, the recoverability and carrying value of the parent company's investments in subsidiaries, particularly by not challenging management's assumptions, especially with regards to revenue forecasts against external market data.

Good practice

Pie chart showing the analysis of good practice in the area of impairment of non-current assets: - Robust challenge of management assumptions: 39% - Use of specialists and tools: 28% - Use of external data and benchmarking: 33%

Robust challenge of management assumptions

Strong professional scepticism: Robustly challenged management's assumptions, leading to updates in cash generating unit (CGU) definitions, impairment charges and disclosures.

Use of specialists and tools

Effective use of data analytical tools and independent models: Advanced tools and independent valuation models were used to perform comprehensive sensitivity testing across numerous CGUs, ensuring thorough evaluation of key assumptions and scenarios.

Use of external data and benchmarking

Robust and targeted audit procedures: Demonstrated deep understanding of the business and industry, using third-party data, internal specialists and site visits to tailor and substantiate their impairment assessments, including goodwill and brand valuations.

2. Provisions including expected credit loss

Importance for audit quality

The determination of provisions is complex, requiring management judgement that may be subject to conscious or unconscious bias. Similar to impairment and other areas of judgement, it is critical to corroborate inputs and judgements to be able to conclude over the material accuracy of recorded provisions. This may include the use of experts to assess the appropriateness of assumptions and determine whether the recognition criteria under applicable Accounting Standards have been met.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Provisions including expected credit losses).

Key findings

Pie chart showing the analysis of key findings in the area of provisions including expected credit loss: - Provisions: 25% - Insurance technical provisions: 8% - Expected credit loss: 67%

Provisions

Inadequate procedures were performed to assess the completeness, recognition and valuation of provisions. This included a failure to challenge contradictory evidence, evaluate key assumptions, or consider the impact of ongoing disputes, resulting in an unacceptably high risk of material misstatement.

Insurance technical provisions

No confirmation of the completeness and accuracy of members' data due to a lack of understanding of data flows and key reserving inputs. Additionally, there was insufficient challenge of management's assumptions in calculating the expertise provision.

Expected credit losses

Insufficient evidence to support the ECL allowance, with pervasive weaknesses across risk assessment, data testing, model evaluation, assumptions and post-model adjustments.

Good practice

Pie chart showing the analysis of good practice in the area of provisions including expected credit loss: - Use of specialists and experts: 38% - Robust risk assessment: 31% - Thorough process understanding and challenge: 31%

Use of specialists and experts

Effective use of specialists: Forensic, actuarial, tax and credit modelling experts strengthened audit evidence through independent analysis, risk evaluation and model recalculations.

Robust risk assessment

Robust risk assessment and challenge of assumptions: Conducted detailed evaluations of management's assumptions across provisions and ECL models, uncovering material errors and ensuring substantive procedures were appropriately aligned. Group audits also applied benchmarking to assess risks and address global inconsistencies.

Thorough process understanding and challenge

Process understanding and professional scepticism: Demonstrated strong process knowledge through detailed inquiries, walkthroughs and documentation reviews, effectively challenging management and ensuring consistency across components.

3. Revenue recognition

Importance for audit quality

Revenue is typically a material component of the income statement, a key performance indicator and a metric that informs stakeholders about the growth and profitability of an entity. Auditors should undertake sufficient procedures and obtain appropriate supporting evidence to confirm that revenue is not materially misstated. Many entities have complex revenue arrangements with examples including:

Long-term contracts involving multiple performance obligations and variable consideration.
Bundled offerings where software, services and hardware are sold together, requiring careful allocation of transaction price.
Licensing arrangements with usage-based fees or renewal options.
Revenue split between hardware and software components, where timing and pattern of recognition differ.
Principal versus agent considerations, which affect whether revenue is reported gross or net.

In such cases, auditors must obtain sufficient appropriate evidence of management's application of the accounting standards.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Revenue recognition).

Key findings

Pie chart showing the analysis of key findings in the area of revenue recognition: - Contract accounting: 50% - Testing over complex revenue streams and arrangements: 20% - Rebates and deferred revenue: 30%

Contract accounting

Inadequate assessment and challenge of key accounting judgements and a lack of external evidence to substantiate revenue.
Multiple deficiencies in obtaining sufficient, appropriate audit evidence, including a lack of validation of contract revenue, no testing of stage completion, cost allocation and subcontractor costs.

Testing over complex streams and arrangements

Inadequate testing to independent and reliable sources of evidence.

Rebates and deferred revenue

Insufficient assessment or corroboration to independent evidence of the inputs used in management's computation, for either accuracy or reasonableness of rebates or deferred revenue. Additionally, there was no evidence of testing the accuracy of the calculation using the data inputs from the system.
The combination of substantive and controls testing performed did not provide sufficient audit evidence for the accrued rebates balance.

Good practice

Pie chart showing the analysis of good practice in the area of revenue recognition: - Risk assessment: 17% - Contract account testing: 12% - Data analytics and substantive analytic review procedures: 29% - Third party and independent sources of data: 21% - Bespoke procedures: 21%

Risk assessment

Granular contract analysis and testing: Applied detailed risk criteria and used comprehensive workpapers to identify and assess high-risk contracts, enabling tailored testing of financial models and assumptions, which led to the identification of misstatements in onerous contract provisions.

Contract accounting testing

Detailed contract testing and challenge: Performed thorough testing of open contracts at year-end, tracing inputs to supporting evidence, corroborating unsecured costs and challenged management's forecasting accuracy and contract accounting, particularly for significant risk areas.

Data analytics and substantive analytic review procedures

Detailed analytic procedures: Used bespoke and standard data analytics to assess revenue accuracy and completeness, including recalculating income, analysing commission rates and investigating reconciling items.

Third party and independent sources of data

Robust revenue testing and verification: Performed extensive procedures to address the risk of revenue overstatement, including verifying revenue to bank statements, confirming balances with key customers covering over 99% of revenue and validating dividend income against independent sources.

Bespoke procedures

Challenge of deferred revenue: Critically assessed management's methodology and assumptions for deferred revenue and licence income, incorporating a wide range of scenarios and revisiting prior technical consultations to validate complex judgements.

4. Valuation of assets and liabilities

Importance for audit quality

Valuation is the process of determining the value of a company's assets or liabilities – such as investments, deferred tax, intangible assets and financial instruments – at a specific point in time. This valuation can be based on market prices, models or management estimates, depending on the nature of the asset and the availability of observable data. Valuations of assets or liabilities can be complex and subject to significant judgement and estimation. Auditors should obtain sufficient and appropriate evidence to support whether the valuation appropriately reflects the fair value of those assets or liabilities.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Valuations of assets and liabilities).

Key finding

Pie chart showing the analysis of key findings in the area of valuation of assets and liabilities: - Challenge the assumptions for unquoted investments: 20% - Challenge pension assumptions: 20% - Recognition of capitalised costs: 10% - Recoverability of deferred tax: 10% - Business accounting: 20% - Share-based payments: 20%

Challenge the assumptions for unquoted investments

Insufficient audit evidence obtained to support the valuation of investments, including inadequate challenge of co-investment valuations, including not assessing benchmark data comparability and justifying discount/premium levels.

Challenge pension assumptions

Failure to challenge the use of net asset value as a proxy for fair value, despite the underlying loans being accounted for at amortised cost.

Recognition of capitalised costs

Inadequate challenge of capitalisation judgements regarding appropriateness, rates and accuracy of costs.

Recoverability of deferred tax

Insufficient audit evidence over the deferred tax asset recoverability, specifically not adequately evaluating the probability of future taxable profits and performing sensitivity analysis to support recognition of deferred tax assets.

Business combination accounting

Insufficient audit evidence over business combinations, including inadequately evaluating management's cash flow forecasts used in the purchase price allocation, not challenging the provisional accounting for incomplete acquisitions, and overlooking discrepancies in the fair value of acquired assets.

Insufficient audit evidence over equity-settled bonus accrual, in particular not agreeing the bonus calculation against the scheme and approval minutes, not confirming that performance conditions were met, and not verifying the accuracy and consistency of the calculation with other audit work on Directors' Remuneration.

Good practice

Pie chart showing the analysis of good practice in the area of valuation of assets and liabilities: - Risk assessment: 11% - Use of specialists: 52% - Challenge of management: 33% - Reporting: 4%

Risk assessment

Targeted and risk-responsive audit procedures: Conducted a detailed qualitative risk assessment covering complex transactions, financial derivatives and unauthorised trading, leading to tailored audit responses aligned with identified risks.

Use of specialists

Comprehensive valuation procedures: Independent revaluations, benchmarking and modelling by specialists were used to challenge key assumptions across asset classes, including land, buildings and unlisted investments, leading to material adjustments where necessary.

Challenge of management

Comprehensive and sceptical audit procedures: Applied strong professional scepticism across various investment categories, resulting in well-supported conclusions and adjustments where necessary.
Robust testing of valuation models and assumptions: Performed sensitivity analyses across assets, deferred acquisition costs and investments. Also, challenged key inputs and addressed potential management bias.

Reporting

Informative reporting: Provided the Audit Committee with an evaluation of management's assumptions.

5. Inventory

Importance for audit quality

Inventory can be significant to the entity's balance sheet particularly for manufacturing, retail and distribution entities. Auditors should perform sufficient procedures to verify that the period-end inventory balance is not materially misstated. This includes attending inventory counts, testing inventory movements, assessing costing methods (such as standard costing or first-in first-out) and evaluating net realisable value provisions.

Complexities in the audit of inventory can include the assessment and reliance of controls, perpetual versus year-end inventory counts, the impact of foreign exchange on inventory held in multiple jurisdictions and the presence of consignment or third-party inventory. Additional challenges include ensuring accurate cut-off procedures are applied and verifying the appropriateness of management's cost allocations and valuation adjustments.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Inventory).

Key findings

Pie chart showing the analysis of key findings in the area of inventory: - Inventory cost procedures: 33% - Operating effectiveness of inventory existence controls: 22% - Challenge inventory valuation assumptions: 45%

Inventory cost procedures

Insufficient procedures over inventory costing, in particular not adequately assessing the accuracy of the weighted average cost or standard cost of inventory, failing to evaluate sample differences, absorption of direct costs and the appropriateness of purchase price variance adjustments.
Insufficient evidence over the inventory movements and adjustments, not validating freight, import duties and not testing the application of accounting policies.

Operating effectiveness of inventory existence controls

Insufficient testing of the design, implementation and operating effectiveness of inventory existence controls. Differences in the perpetual inventory counting were not sufficiently evaluated.

Challenge inventory valuation assumptions

Insufficient assessment of impairment risks relating to the business sale or the recoverability of slow-moving and aged inventory.
Inadequate procedures over evaluating the work of management's experts and a lack of challenging management's key assumptions on the impact of discounting and other changes.

Good practice

Pie chart showing the analysis of good practice in the area of inventory: - Inventory cost: 20% - Inventory existence: 60% - Inventory valuation: 20%

Inventory cost

Inventory costing accuracy: Manually recalculating closing balances and testing underlying data to ensure correct application of the first-in, first-out method.

Inventory existence

Inventory existence verification: Taking a comprehensive and risk-aware strategy to verifying existence, including attendance at numerous sites, use of large sample sizes and involvement of senior members of the audit team.
Enhanced stock count procedures: Providing detailed instructions and protocols to audit team members, responding to specific inventory risks and improving the effectiveness and consistency of cross location/business unit inventory counts.

Inventory valuation

Inventory valuation testing: Using data analytics to assess inventory transactions and balances, focusing audit efforts on anomalies in costing, aging and net realisable value.

6. Quality management

Importance for audit quality

Under ISQM (UK) 1, a firm must establish a system of quality management for audit and assurance engagements that ensures:

Compliance with professional, legal and regulatory standards.
Engagement reports are appropriate for the circumstances.

In practice, we typically see quality management processes that involve detailed reviews by more senior team members, oversight from Engagement Quality Reviewers, hot reviews, consultations with internal technical panels and the use of experts for complex areas. Quality management has an influence on every stage of the audit, from planning and risk assessment to execution and reporting. When quality management is weak or inconsistently applied, it can lead to insufficient audit evidence and unsupported conclusions. This, in turn, increases the risk of key findings and inspection being graded as 'Significant improvements required (4)'.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Quality management).

Key findings

The firm's quality review processes, including those by the audit partner and Engagement Quality Reviewer, did not provide sufficient challenge and rigour in relation to the significant risk areas of the audit.
The audit file was not archived within the required 60-day period, or it contained missing or incomplete working papers, with no evidence retained for post-signing changes.

Good practice

Robust challenge of the audit team: The Engagement Quality Review provided robust challenge on significant risk areas, prompting the audit team to enhance audit quality through additional testing and corroboration.

7. Financial services excluding expected credit loss

Importance for audit quality

Financial services audits are specialised and often involve complex, subjective and judgemental areas with high estimation uncertainty. These areas include, but are not limited to, valuation of financial instruments, impairment assessments, and revenue recognition. Management often needs to use judgement in calculating and concluding on material balances and this may be subject to conscious or unconscious bias. Audit teams should sufficiently challenge management on the appropriateness of the methods, the assumptions and data used, and obtain sufficient and appropriate audit evidence to support their conclusions.

Our findings on ECL and insurance technical provisions can be found in the section Provisions including expected credit loss.

Instances of key findings and good practice raised

An overview of the key finding identified and examples of good practice is provided below, and further details are included in the appendix (Financial services excluding expected credit loss).

Key finding

Banking payments process

Performed inadequate procedures to test the cash, settlement and payments process and consequently failed to obtain sufficient, appropriate evidence that the relevant balances were free from material misstatement.

Good practice

Risk assessment

Robust risk assessment and targeted testing: Conducted detailed evaluations of key judgemental areas, identifying significant assumptions in actuarial valuations and loan loss provisions, enabling focused testing and clear communication of sensitivities to the Audit Committee.

Use of specialists

Independent validation and methodology testing: The actuarial specialists demonstrated a strong understanding of the business, applying benchmarking, diagnostics and inflation scenario analysis, while also critically assessing key assumptions and potential management bias. They independently validated models without relying on prior auditors, tested methodologies line-by-line against standards and used internal benchmarking tools to support their conclusions.

Insurance – challenge of management

Robust challenge of key assumptions: Demonstrated strong challenge of management's assumptions, such as mortality, expense allocations and inflation, while explicitly evaluating the risk of management bias and applying benchmarking tools and external comparators.

8. Planning and risk assessment

Importance for audit quality

Effective planning and risk assessment are foundational to delivering an audit. Auditors are required to identify and assess the risks of material misstatement at both the financial statement and assertion level. This should include a clear rationale explaining how the auditor has assessed the significance of the identified risks, and how this assessment has influenced the nature, timing and extent of the audit procedures performed. A well-executed risk assessment enables the auditor to focus their efforts on higher risk areas, apply professional scepticism and tailor audit responses appropriately. It also helps ensure that significant judgements, such as those involving estimates, complex transactions, or management bias are subject to sufficient challenge.

The engagement partner must understand the ethical requirements relevant to the audit, particularly those concerning independence. They are also responsible for ensuring the engagement team is aware of these requirements and the firm's related policies. This includes identifying and addressing threats to ethical compliance, managing breaches of ethical standards and understanding their responsibilities when encountering non-compliance with laws and regulations by the audited entity.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (Planning and risk assessment).

Key findings

Risk assessment

Performed insufficient and inappropriate risk assessment procedures. The risk assessment conclusions, including the risk of fraud, were not supported by robust qualitative and quantitative assessments.

Ethics and independence

Failure to adequately assess or respond to the threats to independence

Good practice

Risk assessment

Professional scepticism: The use of fraud, regulatory and climate specialists enhanced the audit's depth, particularly in high-risk areas such as climate risk, IT controls and lease accounting. Additionally, strong professional judgement was demonstrated through detailed audit approach papers, clear documentation of risk responses and robust stand-back assessments, including the impact of prior year issues and compliance with revised auditing standards.

Fraud

Enhanced fraud risk assessment through specialist involvement: Engaged forensic and fraud specialists at the planning stage, held detailed discussions on fraud risks and clearly documented the assessment and tailored audit responses, demonstrating strong professional scepticism and a thorough approach to fraud risk.

Ethics and independence

Proactive ethical and independence oversight: Promptly consulted the firm's ethics function regarding a perceived independence threat and communicated the agreed actions to the Audit Committee. Bribery and corruption specialists were involved in the risk assessment, leading to a comprehensive group-wide evaluation based on geography and operations.

9. IT testing

Importance for audit quality

Information technology (IT) and the security controls over it, are virtually certain to be integral to providing completeness and accuracy to the financial reporting process. Underpinning many financial systems are automated processes and controls that, if not properly tested, can undermine the reliability of audit evidence. Auditors should perform sufficient and appropriate risk assessment procedures to ensure that an appropriate audit approach is designed to address risks arising from the use of IT. Inadequate risk assessment and testing of General IT Controls (GITCs), including those related to system access controls, change management and IT operations, increases the risk that inappropriate changes made to IT systems and data, are not identified. Such changes may impact the integrity of system records, the operation of automated controls and the accuracy of financial reporting.

An overview of the key findings and good practice identified is provided below, and further details are included in the appendix (IT testing).

Key finding

Segregation of duties and privileged user access

Inadequate procedures to assess segregation of duties and privileged user access within key systems, nor justifying reliance without a service organisation controls report or sufficiently addressing the resulting risks in their audit approach.

Good practice

Risk assessment: Both audit teams and IT specialists demonstrated a strong understanding of the entity's IT environment through well-evidenced procedures, including assessments of privileged access management, data migration risks and prior year GITC deficiencies, which informed a tailored audit approach.

10. Group audit oversight

Importance for audit quality

Group audits often involve multiple components across different locations, business lines or jurisdictions, making them inherently complex and higher risk. The group auditor is responsible for the direction, supervision and performance of the group audit, including work at a component level. The group auditor should design an appropriate audit strategy and approach for components, and review and evaluate the appropriateness of the work performed, audit evidence obtained and conclusions reached by component auditors.

An overview of the key finding identified and examples of good practice is provided below, and further details are included in the appendix (Group audit oversight).

Key finding

Oversight

Not obtaining sufficient, appropriate audit evidence over a financially significant component due to deficiencies in audit strategy, limited involvement in the component auditor's work and inadequate direction, supervision and evaluation.

Good practice

Scoping and risk assessment

Thorough group audit planning and oversight: Issued detailed instructions, held inclusive planning workshops with component auditors (including the Audit Committee Chair) and conducted site visits. The audit team conducted reviews and reperformed key audit procedures to ensure alignment with both UK and International auditing standards.
Strong execution and coordination across components: Developed tailored tools such as template revenue workpapers and performed a stand-back assessment of consolidation entries. These efforts supported consistent execution and enhanced understanding of group-level risks and strategy across all audit teams.

Oversight

Oversight and engagement: Demonstrated strong involvement with component auditors through frequent communication, site visits and detailed reviews of working papers, ensuring consistent audit quality across all components.
Targeted supervision and challenge: Issued supplemental instructions for newly acquired entities, performed stand-back reviews and used tracking tools to document and resolve issues, showing robust supervision and challenge of component auditors.

11. Journal testing

Importance for audit quality

Journal testing is performed to address the risk of management override of controls. Auditors should test the appropriateness of journal entries, including examining the supporting evidence for the items selected. To enhance audit quality and efficiency, many auditors use data analytics to test entire populations of journal entries. These tools help identify unusual patterns, such as entries posted at odd times by senior personnel or those with unusual account combinations. Effective journal testing also requires a robust assessment of a sampling strategy and risk profiling, ensuring that selections are not only representative, but also focused on areas of heightened risk. Auditors must also verify the completeness and accuracy of the journal entry population obtained from the entity's systems.

An overview of the key finding identified and examples of good practice are provided below, and further details are included in the appendix (Journal testing).

Key finding

Insufficient evidence obtained to address the risk of management override of controls. This was due to inadequate journal entry testing and insufficient procedures over material consolidation and elimination journals, including unrealised profit eliminations, translation reserves and amortisation charges.

Good practice

Management override and journal entry testing

Enhanced journal entry risk assessment: Used data analytics and tailored risk criteria to identify high-risk journals, refining the testing strategy through analytical reviews and unusual movement detection across the full audit period.

12. Going concern

Importance for audit quality

The going concern assumption is a fundamental principle in the preparation of financial statements. Auditors should assess the appropriateness of management's use of the going concern basis of accounting and whether there are any material uncertainties that should be disclosed to the users of the financial statements and included within their auditor's report. This assessment is particularly important in periods of economic uncertainty, financial distress or operational disruption. Auditors must critically evaluate management's forecasts, assumptions and mitigation plans, and consider both internal and external factors that could affect the entity's viability.

An overview of the key finding identified and examples of good practice are provided below, and further details are included in the appendix (Going concern).

Key finding

Insufficient procedures were performed over management's going concern assessment, including not challenging or testing the assumptions underlying the assessment.

Good practice

Challenge of management's forecast assumptions

Thorough evaluation and challenge of going concern assessment: Conducted a robust review of management's going concern assessment, including developing more severe downside scenarios, challenging loan covenant assumptions and convening technical panels to support their conclusions.
Enhanced transparency and disclosure: Rigorously assessed the adequacy of going concern disclosures, incorporating historical uncertainties and working capital trends, and enhanced the key audit matter to improve clarity for users of the financial statements.

Involvement of specialists and consultations

Use of specialists: Collaborated closely with industry and valuation and debt advisory specialists across the firm's network, using external publications and investor discussions to identify and assess going concern and viability risks with heightened professional scepticism.
Holding going concern panels: Performed extensive procedures, including holding two independent going concern panels and challenged management's forecasts, resulting in enhanced disclosures in the financial statements.

13. Disclosures and reporting

Importance for audit quality

A well-run company with accounts signed off by directors and assured through a quality audit gives investors and the public confidence, enabling access to capital and supporting economic growth. Clear disclosures and transparent reporting are essential to this process, ensuring financial statements provide relevant and reliable information to influence decisions. Disclosures provide context for interpreting the numbers in the financial statements, particularly in areas involving significant judgement, estimation uncertainty or complex transactions. Auditors should perform sufficient procedures over the completeness, accuracy and appropriateness of such disclosures. This includes evaluating whether disclosures are consistent with the underlying evidence, aligned with the applicable financial reporting framework, and tailored to the specific circumstances of the entity.

An overview of the good practice identified is provided below and further details are included in the appendix (Disclosures and reporting).

Good practice

Challenge of disclosures

Robust review of disclosures: Performed extensive procedures to corroborate both financial and non-financial disclosures in the annual report. This included a detailed review of accounting policies, climate-related disclosures and share-based payments, resulting in material corrections and improved transparency.
Providing insight: Provided valuable suggestions to enhance reporting, supported by peer benchmarking. In addition, considered external commentary and third-party insights to strengthen climate-related risk disclosures and other qualitative aspects.

Reporting

Effective and transparent Audit Committee reporting: Reports to the Group Audit Committee were clear, insightful and visually engaging, addressing audit challenges, FRC findings and control observations. Collaboration with component teams and the timely sharing of draft reports supported efficient communication and helped meet reporting deadlines.

Legal Disclaimer and Copyright

The FRC does not accept any liability to any party for any loss, damage or costs however arising, whether directly or indirectly, whether in contract, tort or otherwise from action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.

The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368.

Financial Reporting Council Contact Information

London office: 13th Floor, 1 Harbour Exchange Square, London, E14 9GE

Birmingham office: 5th Floor, 3 Arena Central, Bridge Street, Birmingham, B1 2AX

+44 (0)20 7492 2300 www.frc.org.uk

Footnotes

Our Future of Audit Supervision Strategy project is evolving our supervisory approach and proposing to place more reliance on firms' systems of quality management, backed up by file inspections. In this approach, while Responsible Individuals (RIs) retain responsibility for quality at the engagement level, a firm's leaders are explicitly tasked with promoting an environment in which quality is foundational. You can see a discussion paper on this on our website. ↩
Annual evaluation processes and Monitoring processes ISQM (UK) 1. ↩

File

Name Audit Quality Review: Key findings and good practice

Publication date 17 October 2025

Type Report

Format PDF, 6.4 MB

Download original

Audit Quality Review: Key findings and good practice

File

Is this page useful?