Understanding the audit process: A step-by-step guide for medium-sized companies

Understanding the audit process: A step-by-step guide for medium-sized companies

Running a medium-sized company is a constant balancing act between growth and governance. Shareholders, lenders and regulators expect reliable financial statements, while leadership teams want insight that drives sharper decisions. A statutory audit is the bridge between those demands – yet it still causes anxiety for many finance teams. Late document requests, unanswered queries and mis-timed site visits can all turn what should be a straightforward engagement into an exhausting scramble.

This article demystifies the audit process from first contact to signed report, focusing on the 2025/26 UK rules and thresholds that matter to medium-sized groups. We draw on our experience auditing businesses across manufacturing, retail, tech and professional services, and we reference fresh data to show why a well-planned audit is worth the effort. For example, there are 37,800 medium-sized businesses (50-249 employees) in the UK (ONS, 2024) – a cohort large enough to attract regulator attention yet diverse enough to need a tailored approach. Meanwhile, 67% of medium businesses reported a cyber breach in the past 12 months (DSIT 2025), highlighting why robust controls testing now includes IT resilience as standard. By understanding the audit process in advance, you can save time, reduce disruption and extract real value from the findings.

Who needs an audit under current thresholds?

The statutory thresholds for an audit have not changed for 2025/26, but medium-sized groups often exceed at least one of the following for two consecutive years:

1. Turnover: more than £10.2 million.
2. Total assets: more than £5.1 million.
3. Average employees: more than 50.

If any UK company within a group breaches two thresholds, the whole group is usually caught. Voluntary audits remain common for investor confidence, complex financing or grant compliance. The Office for Budget Responsibility expects real business investment to grow by an average 1.3% a year to 2029 (OBR, 2025) – growth that will rely on credible, independently-verified accounts to unlock capital.

The audit process: Step-by-step

A successful engagement has five clear phases. Knowing the timetable – and your role at each stage – prevents last-minute surprises and keeps the audit process moving smoothly.

Engagement and scoping

1. We issue an engagement letter, agree materiality and confirm any component auditors. Early scoping avoids later fee creep and lets you schedule staff time sensibly.
2. Planning and risk assessment
   Our team studies prior-year files, board minutes and industry updates to pinpoint the areas most likely to misstate. For example, revenue cut-off and stock valuation remain high-risk in fast-growth e-commerce groups. We share a detailed client-prepared list so you can gather evidence early.
3. Internal controls evaluation
   Testing design and implementation is now mandatory for many medium groups following the FRC’s focus on controls reporting. Where controls are strong, we can reduce substantive testing – saving everyone time.
4. Fieldwork and substantive testing
   Fieldwork combines on-site visits and secure cloud portals. Typical procedures include:

• Bank confirmations
• Revenue sampling
• Stock counts
• Journal entry testing

We maintain open communication through weekly status calls.

5. Completion and reporting
   Once adjustments are posted, we perform final partner review, issue the management letter and sign the audit report. We also brief your board on emerging risks such as cyber resilience or ESG disclosure.

Preparing for your audit

Preparation starts the moment the audit process from last year ends. Our clients who sail through fieldwork usually:

• Hold quarterly file reviews: Ensure reconciliations are up to date before year-end.
• Map group structure changes: Notify us of any new subsidiaries or dormant company closures.
• Archive board minutes digitally: Having them indexed by month speeds up governance testing.
• Refresh IT backups: Strong backups reduce delays when we sample historic transactions.

Common audit findings and how to address them

Medium-sized companies frequently encounter similar points:

• Deferred revenue recognition: SaaS contracts often span year-end and need robust cut-off schedules.
• Intercompany mismatches: Fast-moving groups add entities quickly. A live intercompany matrix avoids post-close headaches.
• Cyber controls gaps: With two-thirds of medium-sized firms facing breaches, missing penetration-test evidence is now a standard observation.
• Going-concern stress testing: Rising interest rates mean lenders scrutinise covenant models more closely.

Addressing these before fieldwork reduces adjustment journals and speeds sign-off.

Beyond compliance – turning audit insight into value

An audit is more than a compliance tick. Because the audit process forces a deep dive into systems and data flows, it often uncovers efficiencies you can monetise: duplicate software licences, manual workarounds ripe for automation, or under-insured assets. Many clients use the post-audit debrief to set KPIs for the year ahead. We regularly loop in our outsourcing and tax specialists through internal referrals so you can action findings quickly.

Ready to start?

A clear grasp of the audit process turns the yearly audit from a box-ticking exercise into a strategic review of how your business creates and protects value. We plan early, agree realistic deadlines and use encrypted portals so your finance team can upload evidence once – not hunt for it twice. Our blended approach means we can keep fieldwork tight without losing the all-important face-to-face context that uncovers process improvements.

We also invest heavily in year-round communication. Clients receive brief monthly updates on regulatory changes, IFRS amendments and evolving FRC guidance, so nothing in the planning meeting comes as a shock. Post-sign-off, we run optional workshops to help managers translate audit findings into practical projects, whether that is tightening cyber controls or refining stock-count procedures. Over time, this continuous-improvement loop shortens audit cycles and lowers total fees because we spend less energy chasing basic reconciliations and more time analysing the numbers that drive decisions.

Our London-based team works across the UK, combining cloud technology with sector knowledge so fieldwork fits around your operations – whether you are manufacturing in the Midlands or delivering SaaS from Scotland.

If you need a statutory audit, a voluntary review for investor assurance or simply an objective health-check of your controls, talk to us about the audit process and book a discovery call today. We will show you how an efficient, insight-rich audit can support your next stage of growth.