Audit Readiness
10 Key Differences In Audit Regulations Across Europe And The UK
Successful audits rely on the skills and capabilities of internal auditors, but also compliance and accounting teams, who have to navigate complex policies and procedures, and apply precise controls, under strict deadline pressure. Accountants, in particular, shoulder a heavy administrative burden during the audit – since the daily demands of the finance function must continue as usual.
With those pressures in mind, the UK’s exit from the EU in January 2020 made the audit process even more challenging for European accountants, and especially for companies with an operational presence in both jurisdictions.
Today, the post-Brexit audit landscape requires a broader knowledge of financial regulations, but a more nuanced understanding of how specific rules differ across the regime-divide. While the UK and EU audit frameworks share commonalities, for cross-border organisations they require different approaches to internal audit processes, compliance strategies, and reporting practices.
In this context, it’s critical that UK-EU entities understand how to meet their audit requirements, but also find ways to bridge the regimes. That process may involve hiring accounting teams with sufficient skills and regional expertise, and maintaining audit readiness by aligning people, processes, documents, and reconciliations.
Above all, companies should seek to build their UK-EU audit frameworks on solid regulatory understanding. With that in mind, let’s drill down into the key difference between UK and EU audit regulations, and how audit and compliance teams can navigate disparities.
1) Regulatory Governance Structures
The EU maintains its regional regulations via European Parliament Directives, which set out the various legislative standards that member states need to enforce for compliance. Audit policy and relevant regulatory standards are set out in the EU’s Audit Regulation and Directive. Oversight and enforcement of the Audit Directive is (like other Directives) the responsibility of member states’ national regulators and authorities.
In the UK, the Financial Reporting Council (FRC) is responsible for audit governance, and operates with a mandate to “promote transparency and integrity in business”. The FRC publishes rules and regulations for statutory audits on its website, which includes the UK audit standards, and maintains an Audit & Assurance Sandbox to help companies develop and test audit solutions.
2) Statutory Reporting Standards
In the EU, in order to set and maintain a standardised approach to financial reporting, most companies report in alignment with International Financial Reporting Standards (IFRS). In the UK, reporting standards are mixed, with some companies applying the IFRS and those who do not, apply the Financial Reporting Standard (FRS) 102, which is designed for “general purpose financial statements”.
The UK’s dual reporting options mean that companies should assess the advantages (and disadvantages) of both approaches to find the most efficient option. Certain technology tools and reporting templates, for example, may be better suited to a specific reporting standard.
3) Scope and Thresholds for Statutory Audits
In the EU and the UK, size and revenue thresholds generally determine whether a company must perform a statutory audit.
The EU imposes the following classification thresholds:
| EU size threshold criteria | ||||
| Size classification | Balance sheet total | Net turnover | Employees | Statutory audit requirement? |
| Micro businesses | Up to €450,000 | Up to €900,000 | Up to 10 | No |
| Small businesses | Up to €7,500,000 | Up to €15,000,000 | Up to 50 | No |
| Medium-sized businesses | Up to €25,000,000 | Up to €50,000,000 | Up to 250 | Yes |
| Large businesses | Over €25,000,000 | Over €50,000,000 | More than 250 | Yes |
The UK imposes the following classification thresholds:
| UK size threshold criteria | ||||
| Size classification | Balance sheet total | Net turnover | Employees | Statutory audit requirement? |
| Micro businesses | Up to £316,000 | Up to £623,000 | Up to 10 | No |
| Small businesses | Up to £5,100,000 | Up to £10,200,000 | Up to 50 | No |
| Medium-sized businesses | Up to £18,000,000 | Up to £36,000,000 | Up to 250 | Yes – if at least two medium-size classification criteria are met |
| Large businesses | Over £18,000,000 | Over £36,000,000 | More than 250 | Yes – if at least two medium-size classification criteria are met |
4) Audit Exemptions
Certain businesses in both the EU and UK are exempt from statutory audit requirements under the following circumstances:
The EU: Under the 2013 Accounting Directive, micro and small businesses in the EU are not required to perform audits – making the process mandatory only for medium and large businesses.
National EU governments may choose to impose their own lower threshold limits on companies within their jurisdictions. Accordingly, company size classification criteria may vary between jurisdictions. It’s also worth noting that the EU requires all public interest entities (PIE) to get an annual audit, regardless of their size.
The UK: Like the EU, the UK exempts micro businesses and small businesses from statutory audit requirements. It also only applies audit requirements to medium and large businesses if two medium-size threshold criteria are met during the financial year (see table above).
In practice, this means that some medium-size businesses in the UK may be exempt from statutory audit requirements. However, it’s important to remember that some smaller businesses in the UK are required to get an audit under certain circumstances, including, for example, requirements set out in incorporation documents.
Prior to Brexit, the EU applied an audit exemption for UK subsidiaries of EU companies. The exemption relied on the company within the European Economic Area (EEA) to guarantee the UK subsidiary’s financial data. Post-Brexit, those rules have changed: EU subsidiary entities in the UK must now comply with UK audit requirements.
5) Audit Firm Rotation Policies
Both the EU and the UK require obligated companies to rotate their external auditors after a certain period of engagement.
In the EU, the following rotation rules apply:
- Companies must change their auditor after a maximum engagement period of 10 years.
- Companies may extend the engagement for another 10 years (to 20 years) if they put the audit to public tender after the initial 10 year engagement period.
In the UK, the following rotation rules apply:
- Only large companies in the UK must rotate their auditors after a maximum engagement period of 10 years.
- Companies must carefully consider an auditor’s objectivity and independence after 10 years. If the auditor is not rotated after that period, safeguards must be applied or the company must document their reasoning to the UK government.
- Publicly-listed companies in the UK must rotate their auditor every 5 years, with a minimum 5 year gap before re-engagement.
- All PIEs must conduct a public tender for a new auditor every 10 years, and must rotate to a new auditor every 20 years.
The rotation schedules imposed in the UK and the EU require firms to factor audit compliance into their administrative planning. The rotation process, and the need to deal with a potentially-new auditor approach, may create new logistical challenges.
6) Integration of ESG Auditing Practices
The EU has been proactive in the development and implementation of environmental, social, and governance (ESG) regulations. That regulatory trend includes the introduction of new audit requirements to facilitate public scrutiny of ESG compliance.
A key example of EU ESG regulation is the Corporate Sustainability Reporting Directive (CSRD), which came into effect on 1 January 2024 and replaced the Non-Financial Reporting Directive (NFRD). A landmark sustainability regulation, the CSRD introduces many ESG reporting obligations, which enable public comparison of compliance performance between companies. Notably, under the CSRD, companies in the EU must validate the content of their reports through an annual audit. The first CSRD reports are due in 2025.
The UK does not follow the CSRD and has been more incremental in its adoption of ESG regulations. The UK Corporate Governance Code, for example, imposes reporting regulations and responsibilities on senior corporate executives, although it does not share the CSRD’s focus on sustainability and the environment. The proposed Sustainability Reporting Standards (SRS), likely to come into effect in 2026, will focus on sustainability and climate-related disclosures – which will factor-in to audit verification considerations.
7) Technology and Data Management Compliance
The EU’s General Data Protection Regulation (GDPR) was introduced in 2018, introducing new standards for the collection, storage, and management of personal data. Since it came into effect prior to Brexit, the UK government implemented the GDPR, but has indicated it may diverge in the future.
Both the UK and the EU’s data management rules affect the way companies and their external auditors conduct the audit process, including how personal financial data, for example, is transferred and stored. While the two regimes are similar, companies should pay careful attention to the nuance of relevant rules to ensure they meet expected regulatory standards.
8) Post-Brexit Dual Compliance Challenges
While the effects of Brexit are still changing the way companies in the EU and UK interact, the presence of two parallel compliance regimes has already complicated the collective administrative burden.
That duality may create challenges during an audit, not least due to more complex documentation and communication needs between UK and EU entities. Those issues require more time and resources from both accounting teams and auditors – factors that will inevitably increase costs, especially in environments with many manual processes.
Companies should seek to address dual-compliance inefficiencies by taking the time to review their audit process, identify pain points and find opportunities to streamline. Automated accounting software is an advantage in dual-compliance situations: software tools provide a speed and accuracy boost, but also help companies adjust quickly to new regulatory requirements – a common feature of the post-Brexit landscape.
9) Penalties and Non-Compliance Approaches
The penalties and approaches to audit non-compliance have also diverged post-Brexit. In the UK, for example, FRC has published an updated version of its Ethical Standard for auditors. The new standard, which came into effect in December 2024, aligns the UK with international rules for auditor independence and ethical behaviour. Similarly, in September 2024, the UK’s Chartered Institute of Internal Auditors published a new Internal Audit Code of Practice which is intended to serve as a best practice benchmark for internal audit teams.
While the EU’s audit compliance rules have remained broadly unchanged since Brexit, the introduction of audit requirements for ESG regulations, such as the CSRD, has introduced a new risk consideration for many companies.
10) Adaptability to Evolving Standards
Both UK and EU regulatory landscapes change constantly to adapt to new risks, or to integrate innovations. With that in mind, companies must be ready to meet new audit compliance standards – both in terms of adjusting internal audit workflows and integrating new tools and technologies.
In the EU, for example, the rise of ESG regulation means companies must look beyond financial reporting to a range of new audit-relevant data sets which may include metrics like carbon emissions, employee diversity rates, etc., and find ways to accurately capture this information. Similarly, in the UK, incoming regulations such the updated UK Corporate Governance Code will require firms to facilitate reporting mechanisms for senior employees.
The scope of the new audit responsibilities means companies must find new methods of recording, storing, and accessing financial and non-financial data to ensure audit readiness.
Take On Global Audit Challenges with FloQast
It’s important to acknowledge and understand how Brexit has changed the audit process for companies with UK and EU footprints – but those challenges aren’t insurmountable.
By focusing on clear communication, technology investment, and year-round audit preparedness, CFOs and accounting teams can build a foundation from which to take on compliance risks. Software integration remains the most useful strategy for proactively tackling those challenges. It helps firms remove tedious manual interventions while streamlining critical control workflows.
Beyond speed and efficiency, automation specifically addresses cross-border regulatory complexity: workflows can be moved entirely into the Cloud, for example, to facilitate remote collaboration, while documents and resources can be securely stored in centralised locations to promote version control, and to enable access for internal and external stakeholders. Meanwhile, regulatory compliance itself can be automated, with accountants applying controls at the click of a button, and tracking progress via detailed, high-level dashboards.
FloQast Compliance Management is built for exactly these kinds of cross-border compliance challenges, giving accountants the power to take close control of complex audit tasks – no matter the size of their organisation or its regulatory environment. Find out how we can help your team prepare for, and stay ahead of, your global audit challenges – get in touch with FloQast today.
Related Blog Articles
